fix: required_code_scanning missing from terraform state (#2701)

stricklerxc · nickfloyd · web-flow · commit c568ac14c2c0 · 2025-11-26T14:45:57.000-06:00
* Fix required_code_scanning missing from terraform state

* fix: resolve build errors in respository_rules_utils.go

* adds docs

---------

Co-authored-by: Nick Floyd &lt;nicholas.floyd.info@gmail.com&gt;
diff --git a/github/respository_rules_utils.go b/github/respository_rules_utils.go
@@ -658,6 +658,28 @@ func flattenRules(rules []*github.RepositoryRule, org bool) []any {
 			rule["min_entries_to_merge_wait_minutes"] = params.MinEntriesToMergeWaitMinutes
 			rulesMap[v.Type] = []map[string]any{rule}
 
+		case "required_code_scanning":
+			var params github.RequiredCodeScanningRuleParameters
+
+			err := json.Unmarshal(*v.Parameters, &params)
+			if err != nil {
+				log.Printf("[INFO] Unexpected error unmarshalling rule %s with parameters: %v",
+					v.Type, v.Parameters)
+			}
+
+			requiredCodeScanningToolSlice := make([]map[string]any, 0)
+			for _, tool := range params.RequiredCodeScanningTools {
+				requiredCodeScanningToolSlice = append(requiredCodeScanningToolSlice, map[string]any{
+					"alerts_threshold":          tool.AlertsThreshold,
+					"security_alerts_threshold": tool.SecurityAlertsThreshold,
+					"tool":                      tool.Tool,
+				})
+			}
+
+			rule := make(map[string]any)
+			rule["required_code_scanning_tool"] = requiredCodeScanningToolSlice
+			rulesMap[v.Type] = []map[string]any{rule}
+
 		case "file_path_restriction":
 			var params github.RuleFileParameters
 			err := json.Unmarshal(*v.Parameters, &params)
diff --git a/website/docs/r/organization_ruleset.html.markdown b/website/docs/r/organization_ruleset.html.markdown
@@ -54,6 +54,14 @@ resource "github_organization_ruleset" "example" {
         ref           = "main"
       }
     }
+
+    required_code_scanning {
+      required_code_scanning_tool {
+        alerts_threshold          = "errors"
+        security_alerts_threshold = "high_or_higher"
+        tool                      = "CodeQL"
+      }
+    }
   }
 }
 
diff --git a/website/docs/r/repository_ruleset.html.markdown b/website/docs/r/repository_ruleset.html.markdown
@@ -49,7 +49,13 @@ resource "github_repository_ruleset" "example" {
       required_deployment_environments = ["test"]
     }
 
-
+    required_code_scanning {
+      required_code_scanning_tool {
+        alerts_threshold          = "errors"
+        security_alerts_threshold = "high_or_higher"
+        tool                      = "CodeQL"
+      }
+    }
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -54,6 +54,14 @@ resource "github_organization_ruleset" "example" {`
`54`	`54`	`ref = "main"`
`55`	`55`	`}`
`56`	`56`	`}`
	`57`	`+`
	`58`	`+ required_code_scanning {`
	`59`	`+ required_code_scanning_tool {`
	`60`	`+ alerts_threshold = "errors"`
	`61`	`+ security_alerts_threshold = "high_or_higher"`
	`62`	`+ tool = "CodeQL"`
	`63`	`+ }`
	`64`	`+ }`
`57`	`65`	`}`
`58`	`66`	`}`
`59`	`67`
Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,13 @@ resource "github_repository_ruleset" "example" {`
`49`	`49`	`required_deployment_environments = ["test"]`
`50`	`50`	`}`
`51`	`51`
`52`		`-`
	`52`	`+ required_code_scanning {`
	`53`	`+ required_code_scanning_tool {`
	`54`	`+ alerts_threshold = "errors"`
	`55`	`+ security_alerts_threshold = "high_or_higher"`
	`56`	`+ tool = "CodeQL"`
	`57`	`+ }`
	`58`	`+ }`
`53`	`59`	`}`
`54`	`60`	`}`
`55`	`61`