terraform-provider-github icon indicating copy to clipboard operation
terraform-provider-github copied to clipboard

Published 20 hours ago verified publisher icon integrations

[FEAT]: Support ruleset `allowed_merge_methods`

Open stevehipwell opened this issue 10 months ago • 8 comments

Describe the need

I want to be able to specify the allowed_merge_methods for both repo and org rulesets. This change depends on https://github.com/google/go-github/pull/3417.

SDK Version

No response

API Version

No response

Relevant log output

No response

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

stevehipwell avatar Jan 07 '25 17:01 stevehipwell

Same issue, it looks like we are both having the same day. 👍

JossWhittle avatar Jan 07 '25 17:01 JossWhittle

@JossWhittle I'll open a PR to implement this once my go-github PR lands and is released. But based on the outstanding PRs here with no review comments on them I wouldn't hold your breath for this to be fixed any time soon.

stevehipwell avatar Jan 07 '25 17:01 stevehipwell

Would love to have this feature in the provider!

nnellanspdl avatar Jan 28 '25 21:01 nnellanspdl

Would love this feature aswell!

LukasMerz avatar Feb 12 '25 14:02 LukasMerz

The change in google/go-github seems have already been released in v69.0.0 (https://github.com/google/go-github/pull/3417)

at-wat avatar Mar 13 '25 02:03 at-wat

@at-wat at this point go-github is a long way ahead of the version used here and upgrading is likely to not be trivial as the broken project v1 REST APIs have been removed (see https://github.com/integrations/terraform-provider-github/issues/2494).

stevehipwell avatar Mar 13 '25 12:03 stevehipwell

I need this feature as well. Please consider adding it.

cmanfre4 avatar Apr 07 '25 21:04 cmanfre4

@kfcampbell @afrazkhan @robabbott42 @kewalaka @EricDales Apologies in tagging you all.

But is there any ETA on when allowed_merge_methods will be added?

I've been migrating our 500 repo GitHub infrastructure to be managed by Terraform, was writing out the code to introduce rulesets and realised at terraform plan stage that I can't, this one single feature is not unavailable on the provider and will block me progressing with rulesets.

doughlass avatar May 31 '25 17:05 doughlass

@kfcampbell @afrazkhan @robabbott42 @kewalaka @EricDales Apologies in tagging you all.

But is there any ETA on when allowed_merge_methods will be added?

I've been migrating our 500 repo GitHub infrastructure to be managed by Terraform, was writing out the code to introduce rulesets and realised at terraform plan stage that I can't, this one single feature is not unavailable on the provider and will block me progressing with rulesets.

Don't think the support is coming anytime soon. Remember seeing that they are going through a major upgrade for the dependent Go package.

In the meantime, below is a workaround I applied to create policy with allowed_merge_methods.

locals {
  prevent_rebase_merge = {
    rules = [
      {
        type = "pull_request"
        parameters = {
          allowed_merge_methods = [
            "merge",
            "squash"
          ]

        # These fields are required by the GitHub API but not directly related to specific rule functionality
        # They are assigned the more relaxed values intentionally.
        required_approving_review_count   = 0
        dismiss_stale_reviews_on_push     = false
        require_code_owner_review         = false
        require_last_push_approval        = false
        required_review_thread_resolution = false
        }
      }
    ]
  }
}

resource "github_organization_ruleset" "unsupported" {
  name        = "foo"
  target      = "branch"
  enforcement = "active"

  conditions {
    ref_name {
      include = ["~DEFAULT_BRANCH"]
      exclude = []
    }
  }

  rules {
  }

  lifecycle {
    ignore_changes = [
      rules,
    ]
  }

  provisioner "local-exec" {
    command = <<-EOT
      echo '${jsonencode(local.prevent_rebase_merge)}' |
        gh api \
        --method PUT \
        -H "Accept: application/vnd.github+json" \
        -H "X-GitHub-Api-Version: 2022-11-28" \
        /orgs/${var.github_organization}/rulesets/${self.ruleset_id} \
        --input -
    EOT
  }
}

yanghua-ola avatar Jun 26 '25 08:06 yanghua-ola

From testing, setting the following on github_repository and github_repository_ruleset

resource "github_repository" "this" {
  ...
  allow_merge_commit = false
  allow_rebase_merge = false
  allow_squash_merge = true
  ...
}

resource "github_repository_ruleset" "main" {
  name        = "main"
  repository  = github_repository.this.name
  target      = "branch"
  enforcement = "active"

  conditions {
    ref_name {
      include = ["~DEFAULT_BRANCH"]
      exclude = []
    }
  }

  rules {
    deletion                = true
    non_fast_forward        = true
    required_signatures     = true
    required_linear_history = true

    pull_request {
      required_approving_review_count   = 1
      dismiss_stale_reviews_on_push     = true
      require_code_owner_review         = true
      require_last_push_approval        = true
      required_review_thread_resolution = true
    }
  }
}

Results in our desired config of squash

Image

jacobwoffenden avatar Sep 03 '25 20:09 jacobwoffenden

@jacobwoffenden this behaviour is well understood. The repo setting in your test is for all PRs while the ruleset configuration requested is targeted and could be at the organization or enterprise scope.

stevehipwell avatar Sep 04 '25 09:09 stevehipwell

Any update on this? Otherwise I will need to migrate to merge queue that supports it... but I don't want to as my team does not require it

joluizquierdo avatar Oct 14 '25 09:10 joluizquierdo

@joluizquierdo I've not seen any movement for any of my open PRs so I don't think a fix is likely to be coming any time soon.

stevehipwell avatar Oct 14 '25 12:10 stevehipwell