feat: Add support for code_scanning

Signed-off-by: Ihor Hrytskiv <[email protected]>
google · Sep 3, 2024 · 9c450af · 9c450af
1 parent c96ef95
commit 9c450af
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 0 deletions.
diff --git a/github/repos_rules.go b/github/repos_rules.go
@@ -130,6 +130,18 @@ type RequiredWorkflowsRuleParameters struct {
 	RequiredWorkflows []*RuleRequiredWorkflow `json:"workflows"`
 }
 
+// RuleRequiredCodeScanningTools represents the RequiredCodeScanningTools for the RequiredCodeScanningParameters object.
+type RuleRequiredCodeScanningTools struct {
+	AlertsThreshold         string `json:"alerts_threshold"`
+	SecurityAlertsThreshold string `json:"security_alerts_threshold"`
+	Tool                    string `json:"tool"`
+}
+
+// RequiredCodeScanningRuleParameters represents the code_scanning rule parameters.
+type RequiredCodeScanningRuleParameters struct {
+	RequiredCodeScanningTools []RuleRequiredCodeScanningTools `json:"code_scanning_tools"`
+}
+
 // RepositoryRule represents a GitHub Rule.
 type RepositoryRule struct {
 	Type              string           `json:"type"`
@@ -229,6 +241,15 @@ func (r *RepositoryRule) UnmarshalJSON(data []byte) error {
 		bytes, _ := json.Marshal(params)
 		rawParams := json.RawMessage(bytes)
 
+		r.Parameters = &rawParams
+	case "code_scanning":
+		params := RequiredCodeScanningRuleParameters{}
+		if err := json.Unmarshal(*RepositoryRule.Parameters, &params); err != nil {
+			return err
+		}
+		bytes, _ := json.Marshal(params)
+		rawParams := json.RawMessage(bytes)
+
 		r.Parameters = &rawParams
 	default:
 		r.Type = ""
@@ -406,6 +427,18 @@ func NewRequiredWorkflowsRule(params *RequiredWorkflowsRuleParameters) (rule *Re
 	}
 }
 
+// NewRequiredCodeScanningRule creates a rule to require which tools must provide code scanning results before the reference is updated.
+func NewRequiredCodeScanningRule(params *RequiredCodeScanningRuleParameters) (rule *RepositoryRule) {
+	bytes, _ := json.Marshal(params)
+
+	rawParams := json.RawMessage(bytes)
+
+	return &RepositoryRule{
+		Type:       "code_scanning",
+		Parameters: &rawParams,
+	}
+}
+
 // NewFilePathRestrictionRule creates a rule to restrict file paths from being pushed to.
 func NewFilePathRestrictionRule(params *RuleFileParameters) (rule *RepositoryRule) {
 	bytes, _ := json.Marshal(params)

diff --git a/github/repos_rules_test.go b/github/repos_rules_test.go
@@ -262,6 +262,18 @@ func TestRepositoryRule_UnmarshalJSON(t *testing.T) {
 				},
 			}),
 		},
+		"Required code_scanning params": {
+			data: `{"type":"code_scanning","parameters":{"code_scanning_tools":[{"tool": "CodeQL", "security_alerts_threshold": "high_or_higher", "alerts_threshold": "errors"}]}}`,
+			want: NewRequiredCodeScanningRule(&RequiredCodeScanningRuleParameters{
+				RequiredCodeScanningTools: []RuleRequiredCodeScanningTools{
+					{
+						Tool:                    "CodeQL",
+						SecurityAlertsThreshold: "high_or_higher",
+						AlertsThreshold:         "errors",
+					},
+				},
+			}),
+		},
 		"Invalid type": {
 			data: `{"type":"unknown"}`,
 			want: &RepositoryRule{