fix: add custom repository roles support

mtweeman · mtweeman · commit e869d1353ba1 · 2026-04-14T10:57:59.000Z
diff --git a/main.tf b/main.tf
@@ -378,12 +378,19 @@ resource "github_repository_collaborators" "default" {
 }
 
 locals {
-  organization_roles_map = {
+  base_repository_roles_map = {
     "maintain" = "2"
     "write"    = "4"
     "admin"    = "5"
   }
-
+  custom_repository_roles_map = {
+    for role in data.github_organization_repository_roles.ruleset_rules_repository_roles.roles :
+    role.name => role.role_id
+  }
+  repository_roles_map = merge(
+    local.base_repository_roles_map,
+    local.custom_repository_roles_map,
+  )
   ruleset_rules_teams = flatten([
     for e, c in local.rulesets :
     c.bypass_actors != null ? compact([for b in c.bypass_actors : b.actor_type == "Team" ? b.actor_id : null]) : []
@@ -396,6 +403,8 @@ locals {
   }
 }
 
+data "github_organization_repository_roles" "ruleset_rules_repository_roles" {}
+
 data "github_team" "ruleset_rules_teams" {
   for_each = toset(local.ruleset_rules_teams)
 
@@ -435,7 +444,7 @@ resource "github_repository_ruleset" "default" {
     content {
       bypass_mode = bypass_actors.value.bypass_mode
       actor_id = (bypass_actors.value.actor_type == "OrganizationAdmin" ? "0" :
-        bypass_actors.value.actor_type == "RepositoryRole" ? local.organization_roles_map[bypass_actors.value.actor_id] :
+        bypass_actors.value.actor_type == "RepositoryRole" ? local.repository_roles_map[bypass_actors.value.actor_id] :
         bypass_actors.value.actor_type == "Team" ? data.github_team.ruleset_rules_teams[bypass_actors.value.actor_id].id :
       bypass_actors.value.actor_id)
       actor_type = bypass_actors.value.actor_type
