feat: modify organization_admin structure

[vedantthapa]

Update organization_admin structure in the rulesets (both repository and organization) to reflect the documented behavior i.e, fixed actor_id to 1 and deprecate the user lookup.

• Modify structure to accept object instead of list of objects, since the actor_id is now fixed
• Update organization_admins to organization_admin to reflect behaviour
• Update tests

[gemini-code-assist]

Summary of Changes

Hello @vedantthapa, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant refactoring of how organization administrators are defined and managed within GitHub rulesets across various Terraform modules. The core change involves transitioning the organization_admins variable from a list of user-specific objects to a single optional object representing the organization admin role. This streamlines the configuration, simplifies the underlying logic for bypass actors, and ensures better alignment with GitHub's API for organization-level bypasses, ultimately making the ruleset definitions more concise and robust.

Highlights

• Refactored Organization Admin Structure: The organization_admins variable, previously defined as a list of objects, has been updated to organization_admin, an optional single object, across all relevant Terraform modules (internal_repository, organization, private_repository, public_repository, repository_base, repository_set, and ruleset). This change simplifies the configuration for specifying organization administrators as bypass actors.
• Simplified Bypass Actor Logic: The logic for handling organization_admin bypass actors in organization_ruleset.tf and repository_ruleset.tf has been streamlined. It now directly checks for the presence of a single organization_admin object and uses a fixed actor_id = 1 for OrganizationAdmin bypasses, aligning with GitHub's documented behavior and removing the need to fetch individual user IDs.
• Removed github_user Data Source: The github_user data source, which was previously used to resolve user IDs for organization administrators, has been removed from modules/organization/rulesets.tf and modules/repository_base/rulesets.tf as it is no longer necessary with the simplified organization_admin structure.
• Updated Test Configurations and Documentation: All associated test files (rulesets.tftest.hcl, organization_ruleset.tftest.hcl, repository_ruleset.tftest.hcl) have been updated to reflect the new organization_admin structure and the removal of the github_user data source. The modules/ruleset/README.md has also been updated to document the revised bypass_actors input variable.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request refactors the organization_admin configuration within ruleset bypass actors, changing it from a list of users to a single object. The changes are applied consistently across all relevant modules, including variable definitions, resource configurations, tests, and documentation, which is great to see. I've added a few suggestions to further improve maintainability and correctness. Overall, this is a solid improvement that simplifies the configuration.

[bzarboni1]

Looks good!

I'm curious though - can an org not have more than 1 admin? I thought that it could.

[vedantthapa]

Looks good!

I'm curious though - can an org not have more than 1 admin? I thought that it could.

@bzarboni1 I believe it certainly can. In this case though, the OrganizationAdmin is based on a role rather than an individual user so any user with that role can bypass the ruleset -