Add test and implementation for User bypass_actor

deiga · deiga · commit b79c3509df65 · 2026-06-02T21:09:59.000+03:00
Signed-off-by: Timo Sand &lt;timo.sand@f-secure.com&gt;
diff --git a/github/resource_github_organization_ruleset.go b/github/resource_github_organization_ruleset.go
@@ -68,8 +68,8 @@ func resourceGithubOrganizationRuleset() *schema.Resource {
 						"actor_type": {
 							Type:             schema.TypeString,
 							Required:         true,
-							ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"Integration", "OrganizationAdmin", "RepositoryRole", "Team", "DeployKey"}, false)),
-							Description:      "The type of actor that can bypass a ruleset. Can be one of: `Integration`, `OrganizationAdmin`, `RepositoryRole`, `Team`, or `DeployKey`.",
+							ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"Integration", "OrganizationAdmin", "RepositoryRole", "Team", "DeployKey", "User"}, false)),
+							Description:      "The type of actor that can bypass a ruleset. Can be one of: `Integration`, `OrganizationAdmin`, `RepositoryRole`, `Team`, `DeployKey`, or `User`.",
 						},
 						"bypass_mode": {
 							Type:             schema.TypeString,
diff --git a/github/resource_github_organization_ruleset_test.go b/github/resource_github_organization_ruleset_test.go
@@ -184,6 +184,102 @@ resource "github_organization_ruleset" "test" {
 		})
 	})
 
+	t.Run("creates_branch_ruleset_with_user_bypass_actor", func(t *testing.T) {
+		randomID := acctest.RandString(5)
+		repoName := fmt.Sprintf("%srepo-org-ruleset-%s", testResourcePrefix, randomID)
+		rulesetName := fmt.Sprintf("%s-branch-ruleset-%s", testResourcePrefix, randomID)
+
+		config := fmt.Sprintf(`
+resource "github_repository" "test" {
+	name = "%s"
+	visibility = "private"
+	auto_init = true
+}
+
+data "github_user" "current" {
+	username = "%[3]s"
+}
+
+resource "github_organization_ruleset" "test" {
+	name        = "%[2]s"
+	target      = "branch"
+	enforcement = "active"
+
+	bypass_actors {
+		actor_type  = "User"
+		bypass_mode = "always"
+		actor_id    = tonumber(data.github_user.current.id)
+	}
+
+	conditions {
+		repository_name {
+			include = ["~ALL"]
+			exclude = []
+		}
+
+		ref_name {
+			include = ["~ALL"]
+			exclude = []
+		}
+	}
+
+	rules {
+		creation = true
+
+		update = true
+
+		deletion                = true
+		required_linear_history = true
+
+		required_signatures = false
+
+		pull_request {
+			required_approving_review_count   = 2
+			required_review_thread_resolution = true
+			require_code_owner_review         = true
+			dismiss_stale_reviews_on_push     = true
+			require_last_push_approval        = true
+		}
+
+		copilot_code_review {
+			review_on_push             = true
+			review_draft_pull_requests = false
+		}
+
+		required_status_checks {
+
+			required_check {
+				context = "ci"
+			}
+
+			strict_required_status_checks_policy = true
+			do_not_enforce_on_create             = true
+		}
+
+		non_fast_forward = true
+	}
+}
+`, repoName, rulesetName, testAccConf.username)
+
+		resource.Test(t, resource.TestCase{
+			PreCheck:          func() { skipUnlessHasPaidOrgs(t) },
+			ProviderFactories: providerFactories,
+			Steps: []resource.TestStep{
+				{
+					Config: config,
+					ConfigStateChecks: []statecheck.StateCheck{
+						statecheck.ExpectKnownValue("github_organization_ruleset.test", tfjsonpath.New("name"), knownvalue.StringExact(rulesetName)),
+						statecheck.ExpectKnownValue("github_organization_ruleset.test", tfjsonpath.New("target"), knownvalue.StringExact("branch")),
+						statecheck.ExpectKnownValue("github_organization_ruleset.test", tfjsonpath.New("enforcement"), knownvalue.StringExact("active")),
+						statecheck.ExpectKnownValue("github_organization_ruleset.test", tfjsonpath.New("bypass_actors").AtSliceIndex(0).AtMapKey("actor_type"), knownvalue.StringExact("User")),
+						statecheck.ExpectKnownValue("github_organization_ruleset.test", tfjsonpath.New("bypass_actors").AtSliceIndex(0).AtMapKey("bypass_mode"), knownvalue.StringExact("always")),
+						statecheck.ExpectKnownValue("github_organization_ruleset.test", tfjsonpath.New("bypass_actors").AtSliceIndex(0).AtMapKey("actor_id"), knownvalue.NotNull()),
+					},
+				},
+			},
+		})
+	})
+
 	t.Run("create_ruleset_with_repository_property", func(t *testing.T) {
 		randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
 		rulesetName := fmt.Sprintf("%s-repo-prop-ruleset-%s", testResourcePrefix, randomID)
