Add missing validations to org ruleset attributes

deiga · deiga · commit 02b402ad9b14 · 2026-02-03T17:25:39.000+02:00
diff --git a/github/resource_github_organization_ruleset.go b/github/resource_github_organization_ruleset.go
@@ -237,10 +237,11 @@ func resourceGithubOrganizationRuleset() *schema.Resource {
 										Description: "Whether the most recent reviewable push must be approved by someone other than the person who pushed it. Defaults to `false`.",
 									},
 									"required_approving_review_count": {
-										Type:        schema.TypeInt,
-										Optional:    true,
-										Default:     0,
-										Description: "The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.",
+										Type:             schema.TypeInt,
+										Optional:         true,
+										Default:          0,
+										ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(0, 10)),
+										Description:      "The number of approving reviews that are required before a pull request can be merged. Defaults to `0`.",
 									},
 									"required_review_thread_resolution": {
 										Type:        schema.TypeBool,
@@ -535,14 +536,16 @@ func resourceGithubOrganizationRuleset() *schema.Resource {
 										Elem: &schema.Resource{
 											Schema: map[string]*schema.Schema{
 												"alerts_threshold": {
-													Type:        schema.TypeString,
-													Required:    true,
-													Description: "The severity level at which code scanning results that raise alerts block a reference update. Can be one of: `none`, `errors`, `errors_and_warnings`, `all`.",
+													Description:      "The severity level at which code scanning results that raise alerts block a reference update. Can be one of: `none`, `errors`, `errors_and_warnings`, `all`.",
+													Required:         true,
+													Type:             schema.TypeString,
+													ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"none", "errors", "errors_and_warnings", "all"}, false)),
 												},
 												"security_alerts_threshold": {
-													Type:        schema.TypeString,
-													Required:    true,
-													Description: "The severity level at which code scanning results that raise security alerts block a reference update. Can be one of: `none`, `critical`, `high_or_higher`, `medium_or_higher`, `all`.",
+													Description:      "The severity level at which code scanning results that raise security alerts block a reference update. Can be one of: `none`, `critical`, `high_or_higher`, `medium_or_higher`, `all`.",
+													Required:         true,
+													Type:             schema.TypeString,
+													ValidateDiagFunc: validation.ToDiagFunc(validation.StringInSlice([]string{"none", "critical", "high_or_higher", "medium_or_higher", "all"}, false)),
 												},
 												"tool": {
 													Type:        schema.TypeString,
@@ -598,9 +601,10 @@ func resourceGithubOrganizationRuleset() *schema.Resource {
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									"max_file_path_length": {
-										Type:        schema.TypeInt,
-										Required:    true,
-										Description: "The maximum allowed length of a file path.",
+										Type:             schema.TypeInt,
+										Required:         true,
+										Description:      "The maximum allowed length of a file path.",
+										ValidateDiagFunc: validation.ToDiagFunc(validation.IntBetween(1, 32767)),
 									},
 								},
 							},
