feat: adds new branch protection options for last reviewer and lockin…

…g branch (integrations#1407)

Co-authored-by: Keegan Campbell <me@kfcampbell.com>

github/resource_github_branch_protection.go

@@ -63,6 +63,11 @@ func resourceGithubBranchProtection() *schema.Resource {
 				Optional: true,
 				Default:  false,
 			},
+			PROTECTION_LOCK_BRANCH: {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  false,
+			},
 			PROTECTION_REQUIRES_APPROVING_REVIEWS: {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -96,6 +101,11 @@ func resourceGithubBranchProtection() *schema.Resource {
 							Optional: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
 						},
+						PROTECTION_REQUIRES_LAST_PUSH_APPROVAL: {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Default:  false,
+						},
 					},
 				},
 			},
@@ -197,6 +207,8 @@ func resourceGithubBranchProtectionCreate(d *schema.ResourceData, meta interface
 		RestrictsPushes:                githubv4.NewBoolean(githubv4.Boolean(data.RestrictsPushes)),
 		RestrictsReviewDismissals:      githubv4.NewBoolean(githubv4.Boolean(data.RestrictsReviewDismissals)),
 		ReviewDismissalActorIDs:        githubv4NewIDSlice(githubv4IDSlice(data.ReviewDismissalActorIDs)),
+		LockBranch:                     githubv4.NewBoolean(githubv4.Boolean(data.LockBranch)),
+		RequireLastPushApproval:        githubv4.NewBoolean(githubv4.Boolean(data.RequireLastPushApproval)),
 	}
 
 	ctx := context.Background()
@@ -299,6 +311,16 @@ func resourceGithubBranchProtectionRead(d *schema.ResourceData, meta interface{}
 		log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_RESTRICTS_PUSHES, protection.Repository.Name, protection.Pattern, d.Id())
 	}
 
+	err = d.Set(PROTECTION_REQUIRES_LAST_PUSH_APPROVAL, protection.RequireLastPushApproval)
+	if err != nil {
+		log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_REQUIRES_LAST_PUSH_APPROVAL, protection.Repository.Name, protection.Pattern, d.Id())
+	}
+
+	err = d.Set(PROTECTION_LOCK_BRANCH, protection.LockBranch)
+	if err != nil {
+		log.Printf("[DEBUG] Problem setting '%s' in %s %s branch protection (%s)", PROTECTION_LOCK_BRANCH, protection.Repository.Name, protection.Pattern, d.Id())
+	}
+
 	return nil
 }
 
@@ -357,6 +379,8 @@ func resourceGithubBranchProtectionUpdate(d *schema.ResourceData, meta interface
 		RestrictsPushes:                githubv4.NewBoolean(githubv4.Boolean(data.RestrictsPushes)),
 		RestrictsReviewDismissals:      githubv4.NewBoolean(githubv4.Boolean(data.RestrictsReviewDismissals)),
 		ReviewDismissalActorIDs:        githubv4NewIDSlice(githubv4IDSlice(data.ReviewDismissalActorIDs)),
+		LockBranch:                     githubv4.NewBoolean(githubv4.Boolean(data.LockBranch)),
+		RequireLastPushApproval:        githubv4.NewBoolean(githubv4.Boolean(data.RequireLastPushApproval)),
 	}
 
 	ctx := context.WithValue(context.Background(), ctxId, d.Id())

github/resource_github_branch_protection_test.go

@@ -51,6 +51,9 @@ func TestAccGithubBranchProtection(t *testing.T) {
 			resource.TestCheckResourceAttr(
 				"github_branch_protection.test", "push_restrictions.#", "0",
 			),
+			resource.TestCheckResourceAttr(
+				"github_branch_protection.test", "lock_branch", "false",
+			),
 		)
 
 		testCase := func(t *testing.T, mode string) {
@@ -139,6 +142,9 @@ func TestAccGithubBranchProtection(t *testing.T) {
 			resource.TestCheckResourceAttr(
 				"github_branch_protection.test", "push_restrictions.#", "0",
 			),
+			resource.TestCheckResourceAttr(
+				"github_branch_protection.test", "lock_branch", "false",
+			),
 		)
 
 		testCase := func(t *testing.T, mode string) {
@@ -275,6 +281,7 @@ func TestAccGithubBranchProtection(t *testing.T) {
 				required_pull_request_reviews {
 						dismiss_stale_reviews      = true
 						require_code_owner_reviews = true
+						require_last_push_approval = true
 				}
 
 			}
@@ -294,6 +301,9 @@ func TestAccGithubBranchProtection(t *testing.T) {
 			resource.TestCheckResourceAttr(
 				"github_branch_protection.test", "required_pull_request_reviews.0.required_approving_review_count", "1",
 			),
+			resource.TestCheckResourceAttr(
+				"github_branch_protection.test", "required_pull_request_reviews.0.require_last_push_approval", "true",
+			),
 		)
 
 		testCase := func(t *testing.T, mode string) {

github/util_v4_branch_protection.go

@@ -76,6 +76,8 @@ type BranchProtectionRule struct {
 	RequiresStrictStatusChecks     githubv4.Boolean
 	RestrictsPushes                githubv4.Boolean
 	RestrictsReviewDismissals      githubv4.Boolean
+	RequireLastPushApproval        githubv4.Boolean
+	LockBranch                     githubv4.Boolean
 }
 
 type BranchProtectionResourceData struct {
@@ -101,6 +103,8 @@ type BranchProtectionResourceData struct {
 	RestrictsPushes                bool
 	RestrictsReviewDismissals      bool
 	ReviewDismissalActorIDs        []string
+	RequireLastPushApproval        bool
+	LockBranch                     bool
 }
 
 func branchProtectionResourceData(d *schema.ResourceData, meta interface{}) (BranchProtectionResourceData, error) {
@@ -193,6 +197,9 @@ func branchProtectionResourceData(d *schema.ResourceData, meta interface{}) (Bra
 					data.BypassPullRequestActorIDs = bypassPullRequestActorIDs
 				}
 			}
+			if v, ok := m[PROTECTION_REQUIRES_LAST_PUSH_APPROVAL]; ok {
+				data.RequireLastPushApproval = v.(bool)
+			}
 		}
 	}
 
@@ -229,6 +236,10 @@ func branchProtectionResourceData(d *schema.ResourceData, meta interface{}) (Bra
 		}
 	}
 
+	if v, ok := d.GetOk(PROTECTION_LOCK_BRANCH); ok {
+		data.LockBranch = v.(bool)
+	}
+
 	return data, nil
 }
 
@@ -387,6 +398,7 @@ func setApprovingReviews(protection BranchProtectionRule, data BranchProtectionR
 			PROTECTION_RESTRICTS_REVIEW_DISMISSALS:     protection.RestrictsReviewDismissals,
 			PROTECTION_RESTRICTS_REVIEW_DISMISSERS:     dismissalActors,
 			PROTECTION_PULL_REQUESTS_BYPASSERS:         bypassPullRequestActors,
+			PROTECTION_REQUIRES_LAST_PUSH_APPROVAL:     protection.RequireLastPushApproval,
 		},
 	}
 

github/util_v4_consts.go

@@ -20,6 +20,8 @@ const (
 	PROTECTION_RESTRICTS_REVIEW_DISMISSALS      = "restrict_dismissals"
 	PROTECTION_RESTRICTS_REVIEW_DISMISSERS      = "dismissal_restrictions"
 	PROTECTION_PULL_REQUESTS_BYPASSERS          = "pull_request_bypassers"
+	PROTECTION_LOCK_BRANCH                      = "lock_branch"
+	PROTECTION_REQUIRES_LAST_PUSH_APPROVAL      = "require_last_push_approval"
 
 	REPOSITORY_ID = "repository_id"
 )

go.mod

@@ -7,7 +7,7 @@ require (
 	github.com/golangci/golangci-lint v1.41.1
 	github.com/google/go-github/v48 v48.1.0
 	github.com/hashicorp/terraform-plugin-sdk v1.17.2
-	github.com/shurcooL/githubv4 v0.0.0-20220520033151-0b4e3294ff00
+	github.com/shurcooL/githubv4 v0.0.0-20221126192849-0b5c4c7994eb
 	golang.org/x/crypto v0.3.0
 	golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5
 	gopkg.in/square/go-jose.v2 v2.6.0

go.sum

@@ -891,6 +891,8 @@ github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAx
 github.com/shirou/gopsutil/v3 v3.21.5/go.mod h1:ghfMypLDrFSWN2c9cDYFLHyynQ+QUht0cv/18ZqVczw=
 github.com/shurcooL/githubv4 v0.0.0-20220520033151-0b4e3294ff00 h1:fiFvD4lT0aWjuuAb64LlZ/67v87m+Kc9Qsu5cMFNK0w=
 github.com/shurcooL/githubv4 v0.0.0-20220520033151-0b4e3294ff00/go.mod h1:hAF0iLZy4td2EX+/8Tw+4nodhlMrwN3HupfaXj3zkGo=
+github.com/shurcooL/githubv4 v0.0.0-20221126192849-0b5c4c7994eb h1:foJysa74+t41fG7adnt+TkfcNxQUWid8R/HlXe+Mmbw=
+github.com/shurcooL/githubv4 v0.0.0-20221126192849-0b5c4c7994eb/go.mod h1:hAF0iLZy4td2EX+/8Tw+4nodhlMrwN3HupfaXj3zkGo=
 github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
 github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ=
 github.com/shurcooL/graphql v0.0.0-20220606043923-3cf50f8a0a29 h1:B1PEwpArrNp4dkQrfxh/abbBAOZBVp0ds+fBEOUOqOc=