Skip to content

[BUG]: github_organization_ruleset doesn't work with push rulesets #2929

New issue
New issue
Open
#2958
Open
[BUG]: github_organization_ruleset doesn't work with push rulesets#2929
#2958
Assignees
deiga
Labels
Status: TriageThis is being looked at and prioritizedType: BugSomething isn't working as documented
@stefano-franco

Description

@stefano-franco
stefano-franco
opened on Nov 20, 2025

Expected Behavior

github_organization_ruleset should support push rulesets but the github provider (v6.8.3) fails.

using the exact example from the documentation:
https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_ruleset

# Example with push ruleset  
resource "github_organization_ruleset" "example_push" {
  name        = "example_push"
  target      = "push"
  enforcement = "active"

  conditions {
    ref_name {
      include = ["~ALL"]
      exclude = []
    }
    repository_name {
      include = ["~ALL"] 
      exclude = []
    }
  }

  rules {
    file_path_restriction {
      restricted_file_paths = [".github/workflows/*", "*.env"]
    }

    max_file_size {
      max_file_size = 104857600  # 100 MB in bytes
    }

    max_file_path_length {
      max_file_path_length = 255
    }

    file_extension_restriction {
      restricted_file_extensions = ["*.exe", "*.dll", "*.so"]
    }
  }
}

should create a new push ruleset.

Actual Behavior

instead it causes an error or the provider crashes:

│ Error: POST https://api.github.com/orgs/xxx/rulesets: 422 Validation Failed [{Resource: Field: Code: Message:Target ref_name is not supported for push rulesets}]

removing the ref_name object from the condition causes the provider to crash:

Stack trace from the terraform-provider-github_v6.8.3 plugin:

panic: interface conversion: interface {} is nil, not map[string]interface {}

goroutine 52 [running]:
github.com/integrations/terraform-provider-github/v6/github.expandConditions({0xc000559d70, 0xf35f06?, 0x0?}, 0x1)
	github.com/integrations/terraform-provider-github/v6/github/respository_rules_utils.go:105 +0xae8
github.com/integrations/terraform-provider-github/v6/github.resourceGithubRulesetObject(0xc0001fde00, {0xc0003f82c0, 0x10})
	github.com/integrations/terraform-provider-github/v6/github/respository_rules_utils.go:32 +0x27c
github.com/integrations/terraform-provider-github/v6/github.resourceGithubOrganizationRulesetCreate(0xc0001fde00, {0xd49780, 0xc0006da0c0})
	github.com/integrations/terraform-provider-github/v6/github/resource_github_organization_ruleset.go:591 +0x5d
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).create(0x1096870?, {0x1096870?, 0xc000504ba0?}, 0xd?, {0xd49780?, 0xc0006da0c0?})
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:794 +0x15f
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*Resource).Apply(0xc00037b500, {0x1096870, 0xc000504ba0}, 0xc00050a9c0, 0xc0001fdc80, {0xd49780, 0xc0006da0c0})
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/resource.go:937 +0xa89
github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema.(*GRPCProviderServer).ApplyResourceChange(0xc00034c660, {0x1096870?, 0xc000504ae0?}, 0xc0002356d0)
	github.com/hashicorp/terraform-plugin-sdk/[email protected]/helper/schema/grpc_provider.go:1153 +0xd5c
github.com/hashicorp/terraform-plugin-go/tfprotov5/tf5server.(*server).ApplyResourceChange(0xc000249900, {0x1096870?, 0xc000504120?}, 0xc0001f6ee0)
	github.com/hashicorp/[email protected]/tfprotov5/tf5server/server.go:865 +0x3d0
github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/tfplugin5._Provider_ApplyResourceChange_Handler({0xef6da0, 0xc000249900}, {0x1096870, 0xc000504120}, 0xc0001fd180, 0x0)
	github.com/hashicorp/[email protected]/tfprotov5/internal/tfplugin5/tfplugin5_grpc.pb.go:518 +0x1a6
google.golang.org/grpc.(*Server).processUnaryRPC(0xc000173000, {0x1096870, 0xc000504090}, {0x109b280, 0xc00025a300}, 0xc0004fd440, 0xc000293110, 0x173c578, 0x0)
	google.golang.org/[email protected]/server.go:1369 +0xdf8
google.golang.org/grpc.(*Server).handleStream(0xc000173000, {0x109b280, 0xc00025a300}, 0xc0004fd440)
	google.golang.org/[email protected]/server.go:1780 +0xe8b
google.golang.org/grpc.(*Server).serveStreams.func2.1()
	google.golang.org/[email protected]/server.go:1019 +0x8b
created by google.golang.org/grpc.(*Server).serveStreams.func2 in goroutine 15
	google.golang.org/[email protected]/server.go:1030 +0x125

Error: The terraform-provider-github_v6.8.3 plugin crashed!

This is always indicative of a bug within the plugin. It would be immensely
helpful if you could report the crash with the plugin's maintainers so that it
can be fixed. The output above should help diagnose the issue.

Terraform Version

OpenTofu v1.10.6
GitHub Provider v6.8.3

Affected Resource(s)

  • github_organization_ruleset

Terraform Configuration Files

# Example with push ruleset  
resource "github_organization_ruleset" "example_push" {
  name        = "example_push"
  target      = "push"
  enforcement = "active"

  conditions {
    ref_name {
      include = ["~ALL"]
      exclude = []
    }
    repository_name {
      include = ["~ALL"] 
      exclude = []
    }
  }

  rules {
    file_path_restriction {
      restricted_file_paths = [".github/workflows/*", "*.env"]
    }

    max_file_size {
      max_file_size = 104857600  # 100 MB in bytes
    }

    max_file_path_length {
      max_file_path_length = 255
    }

    file_extension_restriction {
      restricted_file_extensions = ["*.exe", "*.dll", "*.so"]
    }
  }
}

Steps to Reproduce

No response

Debug Output



Panic Output




Code of Conduct


    

  •  I agree to follow this project's Code of Conduct
    • 

Metadata
Metadata
Assignees
Labels
Status: TriageThis is being looked at and prioritizedType: BugSomething isn't working as documented
Type
No type
Projects
Terraform Provider
Status
In Progress
Milestone
No milestone
Relationships
None yet
Development
No branches or pull requests
Issue actions