1332 workflow restrictions

CONTRIBUTING.md

@@ -34,7 +34,7 @@ Once you have the repository cloned, there's a couple of additional steps you'll
 
 - If you haven't already, [create a GitHub organization you can use for testing](#github-organization).
   - Optional: some may find it beneficial to create a test user as well in order to avoid potential rate-limiting issues on your main account.
-  - Your organization _must_ have a repository called `terraform-module-template`. The [terraformtesting/terraform-template-module](https://github.com/terraformtesting/terraform-template-module) repo is a good, re-usable example.
+  - Your organization _must_ have a repository called `terraform-template-module`. The [terraformtesting/terraform-template-module](https://github.com/terraformtesting/terraform-template-module) repo is a good, re-usable example.
     - You _must_ make sure that the "Template Repository" item in Settings is checked for this repo.
 - If you haven't already, [generate a Personal Access Token (PAT) for authenticating your test runs](#github-personal-access-token).
 - Export the necessary configuration for authenticating your provider with GitHub
@@ -218,7 +218,7 @@ Once the token has been created, it must be exported in your environment as `GIT
 
 If you do not have an organization already that you are comfortable running tests against, you will need to [create one](https://help.github.com/en/articles/creating-a-new-organization-from-scratch). The free "Team for Open Source" org type is fine for these tests. The name of the organization must then be exported in your environment as `GITHUB_ORGANIZATION`.
 
-Make sure that your organization has a `terraform-module-template` repository ([terraformtesting/terraform-template-module](https://github.com/terraformtesting/terraform-template-module) is an example you can clone) and that its "Template repository" item in Settings is checked.
+Make sure that your organization has a `terraform-template-module` repository ([terraformtesting/terraform-template-module](https://github.com/terraformtesting/terraform-template-module) is an example you can clone) and that its "Template repository" item in Settings is checked.
 
 If you are interested in using and/or testing GitHub's [Team synchronization](https://help.github.com/en/github/setting-up-and-managing-organizations-and-teams/synchronizing-teams-between-your-identity-provider-and-github) feature, please contact a maintainer as special arrangements can be made for your convenience.
 

github/resource_github_actions_runner_group.go

@@ -64,6 +64,15 @@ func resourceGithubActionsRunnerGroup() *schema.Resource {
 				Required:     true,
 				ValidateFunc: validation.StringInSlice([]string{"all", "selected", "private"}, false),
 			},
+			"restricted_to_workflows": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"selected_workflows": {
+				Type:     schema.TypeList,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Computed: true,
+			},
 		},
 	}
 }
@@ -118,6 +127,8 @@ func resourceGithubActionsRunnerGroupCreate(d *schema.ResourceData, meta interfa
 	d.Set("selected_repositories_url", runnerGroup.GetSelectedRepositoriesURL())
 	d.Set("visibility", runnerGroup.GetVisibility())
 	d.Set("selected_repository_ids", selectedRepositoryIDs) // Note: runnerGroup has no method to get selected repository IDs
+	d.Set("restricted_to_workflows", runnerGroup.GetRestrictedToWorkflows())
+	d.Set("selected_workflows", runnerGroup.SelectedWorkflows)
 
 	return resourceGithubActionsRunnerGroupRead(d, meta)
 }
@@ -173,6 +184,8 @@ func resourceGithubActionsRunnerGroupRead(d *schema.ResourceData, meta interface
 	d.Set("runners_url", runnerGroup.GetRunnersURL())
 	d.Set("selected_repositories_url", runnerGroup.GetSelectedRepositoriesURL())
 	d.Set("visibility", runnerGroup.GetVisibility())
+	d.Set("restricted_to_workflows", runnerGroup.GetRestrictedToWorkflows())
+	d.Set("selected_workflows", runnerGroup.SelectedWorkflows)
 
 	selectedRepositoryIDs := []int64{}
 	options := github.ListOptions{

github/resource_github_actions_runner_group_test.go

@@ -26,6 +26,8 @@ func TestAccGithubActionsRunnerGroup(t *testing.T) {
 			resource "github_actions_runner_group" "test" {
 			  name       = github_repository.test.name
 			  visibility = "all"
+			  restricted_to_workflows = true
+			  selected_workflows = [".github/workflows/test.yml"]
 			}
 		`, randomID)
 
@@ -41,6 +43,14 @@ func TestAccGithubActionsRunnerGroup(t *testing.T) {
 				"github_actions_runner_group.test", "visibility",
 				"all",
 			),
+			resource.TestCheckResourceAttr(
+				"github_actions_runner_group.test", "restricted_to_workflows",
+				"true",
+			),
+			resource.TestCheckResourceAttr(
+				"github_actions_runner_group.test", "selected_workflows",
+				"[\".github/workflows/test.yml\"]",
+			),
 		)
 
 		testCase := func(t *testing.T, mode string) {

website/docs/r/actions_runner_group.html.markdown

@@ -42,6 +42,8 @@ The following arguments are supported:
 * `selected_repository_ids`    - List of repository IDs that can access the runner group
 * `selected_repositories_url`  - GitHub API URL for the runner group's repositories
 * `visibility`                 - The visibility of the runner group
+* `restricted_to_workflows`    - If true, the runner group will be restricted to running only the workflows specified in the selected_workflows array. Defaults to false.
+* `selected_workflows`         - List of workflows the runner group should be allowed to run. This setting will be ignored unless restricted_to_workflows is set to true.
 
 ## Import
 

website/docs/r/repository.html.markdown

@@ -21,7 +21,7 @@ resource "github_repository" "example" {
 
   template {
     owner                = "github"
-    repository           = "terraform-module-template"
+    repository           = "terraform-template-module"
     include_all_branches = true
   }
 }