Enable TestGithubOrganizationRulesets/Creates_and_updates_organization_rulesets_without_errors to pass

Signed-off-by: Timo Sand <[email protected]>

Author: deiga

github/resource_github_organization_ruleset_test.go

@@ -13,18 +13,22 @@ func TestGithubOrganizationRulesets(t *testing.T) {
 	t.Run("create_branch_ruleset", func(t *testing.T) {
 		randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
 		repoName := fmt.Sprintf("%srepo-org-ruleset-%s", testResourcePrefix, randomID)
+		rulesetName := fmt.Sprintf("%s-branch-ruleset-%s", testResourcePrefix, randomID)
+
+		workflowFilePath := ".github/workflows/echo.yaml"
 
 		config := fmt.Sprintf(`
 resource "github_repository" "test" {
 	name = "%s"
 	visibility = "private"
 	auto_init = true
+	ignore_vulnerability_alerts_during_read = true
 }
 
 resource "github_repository_file" "workflow_file" {
 	repository          = github_repository.test.name
 	branch              = "main"
-	file                = ".github/workflows/echo.yaml"
+	file                = "%[3]s"
 	content             = "name: Echo Workflow\n\non: [pull_request]\n\njobs:\n    echo:\n      runs-on: linux\n      steps:\n        - run: echo \"Hello, world!\"\n"
 	commit_message      = "Managed by Terraform"
 	commit_author       = "Terraform User"
@@ -37,7 +41,7 @@ resource "github_actions_repository_access_level" "test" {
 }
 
 resource "github_organization_ruleset" "test" {
-	name        = "test-%s"
+	name        = "%[2]s"
 	target      = "branch"
 	enforcement = "active"
 
@@ -81,6 +85,7 @@ resource "github_organization_ruleset" "test" {
 		required_signatures = false
 
 		pull_request {
+			allowed_merge_methods = ["merge", "rebase", "squash"]
 			required_approving_review_count   = 2
 			required_review_thread_resolution = true
 			require_code_owner_review         = true
@@ -101,8 +106,9 @@ resource "github_organization_ruleset" "test" {
 		required_workflows {
 			do_not_enforce_on_create = true
 			required_workflow {
-				path          = ".github/workflows/echo.yaml"
+				path          = "%[3]s"
 				repository_id = github_repository.test.repo_id
+				ref           = "main" # Default ref is master
 			}
 		}
 
@@ -123,8 +129,9 @@ resource "github_organization_ruleset" "test" {
 
 		non_fast_forward = true
 	}
+	depends_on = [github_repository_file.workflow_file]
 }
-`, repoName, randomID)
+`, repoName, rulesetName, workflowFilePath)
 
 		resource.Test(t, resource.TestCase{
 			PreCheck:          func() { skipUnlessHasPaidOrgs(t) },
@@ -133,7 +140,7 @@ resource "github_organization_ruleset" "test" {
 				{
 					Config: config,
 					Check: resource.ComposeTestCheckFunc(
-						resource.TestCheckResourceAttr("github_organization_ruleset.test", "name", "test"),
+						resource.TestCheckResourceAttr("github_organization_ruleset.test", "name", rulesetName),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "target", "branch"),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "enforcement", "active"),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "bypass_actors.#", "3"),
@@ -145,8 +152,8 @@ resource "github_organization_ruleset" "test" {
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "bypass_actors.2.actor_id", "1"),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "bypass_actors.2.actor_type", "OrganizationAdmin"),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "bypass_actors.2.bypass_mode", "always"),
-						resource.TestCheckResourceAttr("github_organization_ruleset.test", "rules.0.required_workflows.0.o_not_enforce_on_create", "true"), resource.TestCheckResourceAttr("github_organization_ruleset.test", "rules.0.required_workflows.0.required_workflow.0.path", "path/to/workflow.yaml"),
-						resource.TestCheckResourceAttr("github_organization_ruleset.test", "rules.0.required_workflows.0.required_workflow.0.repository_id", "1234"),
+						resource.TestCheckResourceAttr("github_organization_ruleset.test", "rules.0.required_workflows.0.do_not_enforce_on_create", "true"),
+						resource.TestCheckResourceAttr("github_organization_ruleset.test", "rules.0.required_workflows.0.required_workflow.0.path", workflowFilePath),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "rules.0.required_code_scanning.0.required_code_scanning_tool.0.alerts_threshold", "errors"),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "rules.0.required_code_scanning.0.required_code_scanning_tool.0.security_alerts_threshold", "high_or_higher"),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "rules.0.required_code_scanning.0.required_code_scanning_tool.0.tool", "CodeQL"),
@@ -158,10 +165,11 @@ resource "github_organization_ruleset" "test" {
 
 	t.Run("create_push_ruleset", func(t *testing.T) {
 		randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
+		rulesetName := fmt.Sprintf("%s-push-ruleset-%s", testResourcePrefix, randomID)
 
 		config := fmt.Sprintf(`
 resource "github_organization_ruleset" "test" {
-	name        = "test-%s"
+	name        = "%s"
 	target      = "push"
 	enforcement = "active"
 
@@ -200,15 +208,15 @@ resource "github_organization_ruleset" "test" {
 		}
 
 		max_file_size {
-			max_file_size = 1048576
+			max_file_size = 99
 		}
 
 		file_extension_restriction {
 			restricted_file_extensions = ["*.zip"]
 		}
 	}
 }
-`, randomID)
+`, rulesetName)
 
 		resource.Test(t, resource.TestCase{
 			PreCheck:          func() { skipUnlessHasPaidOrgs(t) },
@@ -217,7 +225,7 @@ resource "github_organization_ruleset" "test" {
 				{
 					Config: config,
 					Check: resource.ComposeTestCheckFunc(
-						resource.TestCheckResourceAttr("github_organization_ruleset.test", "name", "test"),
+						resource.TestCheckResourceAttr("github_organization_ruleset.test", "name", rulesetName),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "target", "push"),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "enforcement", "active"),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "bypass_actors.#", "3"),
@@ -230,7 +238,7 @@ resource "github_organization_ruleset" "test" {
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "bypass_actors.2.actor_type", "OrganizationAdmin"),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "bypass_actors.2.bypass_mode", "always"),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "rules.0.file_path_restriction.0.restricted_file_paths.0", "test.txt"),
-						resource.TestCheckResourceAttr("github_organization_ruleset.test", "rules.0.max_file_size.0.max_file_size", "1048576"),
+						resource.TestCheckResourceAttr("github_organization_ruleset.test", "rules.0.max_file_size.0.max_file_size", "99"),
 						resource.TestCheckResourceAttr("github_organization_ruleset.test", "rules.0.file_extension_restriction.0.restricted_file_extensions.0", "*.zip"),
 					),
 				},
@@ -289,10 +297,11 @@ resource "github_organization_ruleset" "test" {
 
 	t.Run("update_clear_bypass_actors", func(t *testing.T) {
 		randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)
+		rulesetName := fmt.Sprintf("%s-bypass-ruleset-%s", testResourcePrefix, randomID)
 
 		config := fmt.Sprintf(`
 resource "github_organization_ruleset" "test" {
-	name        = "test-%s"
+	name        = "%s"
 	target      = "branch"
 	enforcement = "active"
 
@@ -329,11 +338,11 @@ resource "github_organization_ruleset" "test" {
 		creation = true
 	}
 }
-`, randomID)
+`, rulesetName)
 
-		configUpdated := `
+		configUpdated := fmt.Sprintf(`
 resource "github_organization_ruleset" "test" {
-	name        = "test-bypass"
+	name        = "%s"
 	target      = "branch"
 	enforcement = "active"
 
@@ -353,7 +362,7 @@ resource "github_organization_ruleset" "test" {
 		creation = true
 	}
 }
-`
+`, rulesetName)
 
 		resource.Test(t, resource.TestCase{
 			PreCheck:  func() { skipUnlessHasPaidOrgs(t) },