feat: add repository_property condition support for organization rulesets

[mkushakov]

Summary

Add support for the repository_property condition type in organization rulesets, allowing users to target repositories based on custom or system properties instead of only by name or ID.

Resolves #2137
Resolves #2594

Motivation

Organization rulesets currently only support targeting repositories by repository_name or repository_id. The GitHub API also supports repository_property conditions, which allow matching repositories based on their custom properties (e.g., targeting all repos with team = "platform" or environment = "production").

This is particularly useful for large organizations that use custom properties to categorize repositories, as it enables dynamic ruleset targeting without maintaining explicit name/ID lists.

Changes

Schema (resource_github_organization_ruleset.go)

• Added repository_property block to the conditions schema with:
  • include — list of property targets that must all match
  • exclude — list of property targets that must not match
  • Each target contains property_name (string), property_value (list of strings), and source (optional, "custom" or "system", defaults to "custom")
• Fixed condition constraints: replaced broken ExactlyOneOf/AtLeastOneOf with proper ConflictsWith/AtLeastOneOf across all three condition types (repository_name, repository_id, repository_property) — exactly one of the three must be specified

Expand/Flatten (util_rules.go)

• Added expand logic in expandConditions to convert the repository_property schema block to github.RepositoryRulesetRepositoryPropertyConditionParameters API type
• Added flatten logic in flattenConditions to convert the API response back to the schema format

Example Usage

resource "github_organization_ruleset" "example" {
  name        = "example"
  target      = "branch"
  enforcement = "active"

  conditions {
    ref_name {
      include = ["~DEFAULT_BRANCH"]
      exclude = []
    }
    repository_property {
      include {
        property_name  = "environment"
        property_value = ["production"]
      }
      include {
        property_name  = "team"
        property_value = ["platform", "infrastructure"]
        source         = "custom"
      }
      exclude {
        property_name  = "archived"
        property_value = ["true"]
        source         = "system"
      }
    }
  }

  rules {
    required_signatures = true
  }
}

Testing

• go build ./... — passes
• go vet ./... — passes
• Uses existing go-github v83 types (RepositoryRulesetRepositoryPropertyConditionParameters, RepositoryRulesetRepositoryPropertyTargetParameters)

[github-actions]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀