From 8cda414743b8f4979a63f3728c3835fe6dc8bdd4 Mon Sep 17 00:00:00 2001
From: grahamhar <grahamhar@users.noreply.github.com>
Date: Mon, 7 Oct 2024 20:43:05 +0100
Subject: [PATCH] feat: Add file path protection to rulesets

---
 github/resource_github_repository_ruleset.go   | 18 ++++++++++++++++++
 .../docs/r/repository_ruleset.html.markdown    |  6 ++++++
 2 files changed, 24 insertions(+)

diff --git a/github/resource_github_repository_ruleset.go b/github/resource_github_repository_ruleset.go
index 2eb127061..e14f1f18d 100644
--- a/github/resource_github_repository_ruleset.go
+++ b/github/resource_github_repository_ruleset.go
@@ -409,6 +409,24 @@ func resourceGithubRepositoryRuleset() *schema.Resource {
 								},
 							},
 						},
+						"file_path_restriction": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							MaxItems:    1,
+							Description: "Prevent commits that include changes in specified file paths from being pushed to the commit graph.",
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"restricted_file_paths": {
+										Type:        schema.TypeList,
+										Required:    true,
+										Description: "The file paths that are restricted from being pushed to the commit graph.",
+										Elem: &schema.Schema{
+											Type: schema.TypeString,
+										},
+									},
+								},
+							},
+						},
 					},
 				},
 			},
diff --git a/website/docs/r/repository_ruleset.html.markdown b/website/docs/r/repository_ruleset.html.markdown
index e61e4132d..fdb216386 100644
--- a/website/docs/r/repository_ruleset.html.markdown
+++ b/website/docs/r/repository_ruleset.html.markdown
@@ -101,6 +101,8 @@ The `rules` block supports the following:
 
 * `tag_name_pattern` - (Optional) (Block List, Max: 1) Parameters to be used for the tag_name_pattern rule. This rule only applies to repositories within an enterprise, it cannot be applied to repositories owned by individuals or regular organizations. Conflicts with `branch_name_pattern` as it only applied to rulesets with target `tag`. (see [below for nested schema](#rules.tag_name_pattern))
 
+* `file_path_restriction` -(Optional) (Block List, Max 1) Parameters to be used for the file_path_restriction rule. When enabled restricts access to files within the repository. (See [Below for nested schema](#rules.file_path_restriction))
+
 * `update` - (Optional) (Boolean) Only allow users with bypass permission to update matching refs.
   
 * `update_allows_fetch_and_merge` - (Optional) (Boolean) Branch can pull changes from its upstream repository. This is only applicable to forked repositories. Requires `update` to be set to `true`. Note: behaviour is affected by a known bug on the GitHub side which may cause issues when using this parameter.
@@ -192,6 +194,10 @@ The `rules` block supports the following:
 * `negate` - (Optional) (Boolean) If true, the rule will fail if the pattern matches.
 
 
+#### rules.file_path_restriction ####
+
+* `restricted_file_paths` - (Required) (String) The file paths that are restricted from being pushed to the commit graph.
+
 
 #### bypass_actors ####