integrations · Moser-ss · Aug 6, 2024 · Aug 6, 2024 · Aug 6, 2024 · Sep 13, 2024
diff --git a/github/resource_github_organization_ruleset.go b/github/resource_github_organization_ruleset.go
@@ -84,7 +84,7 @@ func resourceGithubOrganizationRuleset() *schema.Resource {
 				Type:        schema.TypeList,
 				Optional:    true,
 				MaxItems:    1,
-				Description: "Parameters for an organization ruleset condition. `ref_name` is required alongside one of `repository_name` or `repository_id`.",
+				Description: "Parameters for an organization ruleset condition. `ref_name` is required alongside one of `repository_name`, `repository_id`, or `repository_property`.",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"ref_name": {
@@ -112,12 +112,83 @@ func resourceGithubOrganizationRuleset() *schema.Resource {
 								},
 							},
 						},
+						"repository_property": {
+							Type:         schema.TypeList,
+							Optional:     true,
+							MaxItems:     1,
+							ExactlyOneOf: []string{"conditions.0.repository_id", "conditions.0.repository_name"},
+							AtLeastOneOf: []string{"conditions.0.repository_id", "conditions.0.repository_name"},
+							Description:  "Conditions to target repositories by property ",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"include": {
+										Type:        schema.TypeList,
+										Optional:    true,
+										Description: "The repository properties and values to include. All of these properties must match for the condition to pass.",
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+
+												"name": {
+													Type:        schema.TypeString,
+													Required:    true,
+													Description: "The name of the repository property to target.",
+												},
+												"property_values": {
+													Type:        schema.TypeList,
+													Required:    true,
+													Description: "The values to match for the repository property.",
+													Elem: &schema.Schema{
+														Type: schema.TypeString,
+													},
+												},
+												"source": {
+													Type:        schema.TypeString,
+													Optional:    true,
+													Description: "The source of the repository property. Defaults to 'custom' if not specified. Can be one of: custom, system",
+													Default:     "custom",
+												},
+											},
+										},
+									},
+									"exclude": {
+										Type:        schema.TypeList,
+										Optional:    true,
+										Description: "The repository properties and values to exclude. The condition will not pass if any of these properties match.",
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+
+												"name": {
+													Type:        schema.TypeString,
+													Required:    true,
+													Description: "The name of the repository property to target.",
+												},
+												"property_values": {
+													Type:        schema.TypeList,
+													Required:    true,
+													Description: "The values to match for the repository property.",
+													Elem: &schema.Schema{
+														Type: schema.TypeString,
+													},
+												},
+												"source": {
+													Type:         schema.TypeString,
+													Optional:     true,
+													Description:  "The source of the repository property. Defaults to 'custom' if not specified. Can be one of: custom, system",
+													Default:      "custom",
+													ValidateFunc: validation.StringInSlice([]string{"custom", "system"}, false),
+												},
+											},
+										},
+									},
+								},
+							},
+						},
 						"repository_name": {
 							Type:         schema.TypeList,
 							Optional:     true,
 							MaxItems:     1,
-							ExactlyOneOf: []string{"conditions.0.repository_id"},
-							AtLeastOneOf: []string{"conditions.0.repository_id"},
+							ExactlyOneOf: []string{"conditions.0.repository_id", "conditions.0.repository_property"},
+							AtLeastOneOf: []string{"conditions.0.repository_id", "conditions.0.repository_property"},
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									"include": {
@@ -146,9 +217,11 @@ func resourceGithubOrganizationRuleset() *schema.Resource {
 							},
 						},
 						"repository_id": {
-							Type:        schema.TypeList,
-							Optional:    true,
-							Description: "The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass.",
+							Type:         schema.TypeList,
+							Optional:     true,
+							ExactlyOneOf: []string{"conditions.0.repository_name", "conditions.0.repository_property"},
+							AtLeastOneOf: []string{"conditions.0.repository_name", "conditions.0.repository_property"},
+							Description:  "The repository IDs that the ruleset applies to. One of these IDs must match for the condition to pass.",
 							Elem: &schema.Schema{
 								Type: schema.TypeInt,
 							},

diff --git a/github/resource_github_organization_ruleset_test.go b/github/resource_github_organization_ruleset_test.go
@@ -22,7 +22,7 @@ func TestGithubOrganizationRulesets(t *testing.T) {
 
 	t.Run("Creates and updates organization rulesets without errors", func(t *testing.T) {
 
-		config := fmt.Sprintf(`
+		rulesetRefName := fmt.Sprintf(`
 			resource "github_organization_ruleset" "test" {
 				name        = "test-%s"
 				target      = "branch"
@@ -81,6 +81,67 @@ func TestGithubOrganizationRulesets(t *testing.T) {
 			}
 		`, randomID)
 
+		rulesetRepositoryProperty := fmt.Sprintf(`
+		resource "github_organization_ruleset" "test" {
+			name        = "test-%s"
+			target      = "branch"
+			enforcement = "active"
+
+			conditions {
+				repository_property {
+					include = [	{
+						name: "team",
+						property_values: ["blue"],
+					}]
+					exclude = []
+				}
+			}
+
+			rules {
+				creation = true
+
+				update = true
+
+				deletion                = true
+				required_linear_history = true
+
+				required_signatures = false
+
+				pull_request {
+					required_approving_review_count   = 2
+					required_review_thread_resolution = true
+					require_code_owner_review         = true
+					dismiss_stale_reviews_on_push     = true
+					require_last_push_approval        = true
+				}
+
+				required_status_checks {
+
+					required_check {
+						context = "ci"
+					}
+
+					strict_required_status_checks_policy = true
+				}
+
+				required_workflows {
+					required_workflow {
+						path          = "path/to/workflow.yaml"
+						repository_id = 1234
+					}
+				}
+
+				branch_name_pattern {
+					name     = "test"
+					negate   = false
+					operator = "starts_with"
+					pattern  = "test"
+				}
+
+				non_fast_forward = true
+			}
+		}
+	`, randomID)
 		check := resource.ComposeTestCheckFunc(
 			resource.TestCheckResourceAttr(
 				"github_organization_ruleset.test", "name",
@@ -92,7 +153,7 @@ func TestGithubOrganizationRulesets(t *testing.T) {
 			),
 		)
 
-		testCase := func(t *testing.T, mode string) {
+		testCase := func(t *testing.T, mode string, config string) {
 			resource.Test(t, resource.TestCase{
 				PreCheck:  func() { skipUnlessMode(t, mode) },
 				Providers: testAccProviders,
@@ -106,7 +167,8 @@ func TestGithubOrganizationRulesets(t *testing.T) {
 		}
 
 		t.Run("with an enterprise account", func(t *testing.T) {
-			testCase(t, enterprise)
+			testCase(t, enterprise, rulesetRefName)
+			testCase(t, enterprise, rulesetRepositoryProperty)
 		})
 
 	})