feat: codeScanning for repository rules (#940)

Co-authored-by: Gregor Martynus <39992+gr2m@users.noreply.github.com>

schema.d.ts

@@ -2238,6 +2238,62 @@ export type CodeOfConduct = Node & {
   url?: Maybe<Scalars['URI']['output']>;
 };
 
+/**
+ * Choose which tools must provide code scanning results before the reference is
+ * updated. When configured, code scanning must be enabled and have results for
+ * both the commit and the reference being updated.
+ */
+export type CodeScanningParameters = {
+  __typename?: 'CodeScanningParameters';
+  /** Tools that must provide code scanning results for this rule to pass. */
+  codeScanningTools: Array<CodeScanningTool>;
+};
+
+/**
+ * Choose which tools must provide code scanning results before the reference is
+ * updated. When configured, code scanning must be enabled and have results for
+ * both the commit and the reference being updated.
+ */
+export type CodeScanningParametersInput = {
+  /** Tools that must provide code scanning results for this rule to pass. */
+  codeScanningTools: Array<CodeScanningToolInput>;
+};
+
+/** A tool that must provide code scanning results for this rule to pass. */
+export type CodeScanningTool = {
+  __typename?: 'CodeScanningTool';
+  /**
+   * The severity level at which code scanning results that raise alerts block a
+   * reference update. For more information on alert severity levels, see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)."
+   */
+  alertsThreshold: Scalars['String']['output'];
+  /**
+   * The severity level at which code scanning results that raise security alerts
+   * block a reference update. For more information on security severity levels,
+   * see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)."
+   */
+  securityAlertsThreshold: Scalars['String']['output'];
+  /** The name of a code scanning tool */
+  tool: Scalars['String']['output'];
+};
+
+/** A tool that must provide code scanning results for this rule to pass. */
+export type CodeScanningToolInput = {
+  /**
+   * The severity level at which code scanning results that raise alerts block a
+   * reference update. For more information on alert severity levels, see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)."
+   */
+  alertsThreshold: Scalars['String']['input'];
+  /**
+   * The severity level at which code scanning results that raise security alerts
+   * block a reference update. For more information on security severity levels,
+   * see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)."
+   */
+  securityAlertsThreshold: Scalars['String']['input'];
+  /** The name of a code scanning tool */
+  tool: Scalars['String']['input'];
+};
+
 /** Collaborators affiliation level with a subject. */
 export type CollaboratorAffiliation =
   /** All collaborators the authenticated user can see. */
@@ -22976,6 +23032,12 @@ export type RepositoryRuleType =
   | 'AUTHORIZATION'
   /** Branch name pattern */
   | 'BRANCH_NAME_PATTERN'
+  /**
+   * Choose which tools must provide code scanning results before the reference is
+   * updated. When configured, code scanning must be enabled and have results for
+   * both the commit and the reference being updated.
+   */
+  | 'CODE_SCANNING'
   /** Committer email pattern */
   | 'COMMITTER_EMAIL_PATTERN'
   /** Commit author email pattern */
@@ -23874,12 +23936,14 @@ export type RuleEnforcement =
   | 'EVALUATE';
 
 /** Types which can be parameters for `RepositoryRule` objects. */
-export type RuleParameters = BranchNamePatternParameters | CommitAuthorEmailPatternParameters | CommitMessagePatternParameters | CommitterEmailPatternParameters | FileExtensionRestrictionParameters | FilePathRestrictionParameters | MaxFilePathLengthParameters | MaxFileSizeParameters | PullRequestParameters | RequiredDeploymentsParameters | RequiredStatusChecksParameters | TagNamePatternParameters | UpdateParameters | WorkflowsParameters;
+export type RuleParameters = BranchNamePatternParameters | CodeScanningParameters | CommitAuthorEmailPatternParameters | CommitMessagePatternParameters | CommitterEmailPatternParameters | FileExtensionRestrictionParameters | FilePathRestrictionParameters | MaxFilePathLengthParameters | MaxFileSizeParameters | PullRequestParameters | RequiredDeploymentsParameters | RequiredStatusChecksParameters | TagNamePatternParameters | UpdateParameters | WorkflowsParameters;
 
 /** Specifies the parameters for a `RepositoryRule` object. Only one of the fields should be specified. */
 export type RuleParametersInput = {
   /** Parameters used for the `branch_name_pattern` rule type */
   branchNamePattern?: InputMaybe<BranchNamePatternParametersInput>;
+  /** Parameters used for the `code_scanning` rule type */
+  codeScanning?: InputMaybe<CodeScanningParametersInput>;
   /** Parameters used for the `commit_author_email_pattern` rule type */
   commitAuthorEmailPattern?: InputMaybe<CommitAuthorEmailPatternParametersInput>;
   /** Parameters used for the `commit_message_pattern` rule type */

schema.graphql

@@ -4279,6 +4279,76 @@ type CodeOfConduct implements Node {
   url: URI
 }
 
+"""
+Choose which tools must provide code scanning results before the reference is
+updated. When configured, code scanning must be enabled and have results for
+both the commit and the reference being updated.
+"""
+type CodeScanningParameters {
+  """
+  Tools that must provide code scanning results for this rule to pass.
+  """
+  codeScanningTools: [CodeScanningTool!]!
+}
+
+"""
+Choose which tools must provide code scanning results before the reference is
+updated. When configured, code scanning must be enabled and have results for
+both the commit and the reference being updated.
+"""
+input CodeScanningParametersInput {
+  """
+  Tools that must provide code scanning results for this rule to pass.
+  """
+  codeScanningTools: [CodeScanningToolInput!]!
+}
+
+"""
+A tool that must provide code scanning results for this rule to pass.
+"""
+type CodeScanningTool {
+  """
+  The severity level at which code scanning results that raise alerts block a
+  reference update. For more information on alert severity levels, see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)."
+  """
+  alertsThreshold: String!
+
+  """
+  The severity level at which code scanning results that raise security alerts
+  block a reference update. For more information on security severity levels,
+  see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)."
+  """
+  securityAlertsThreshold: String!
+
+  """
+  The name of a code scanning tool
+  """
+  tool: String!
+}
+
+"""
+A tool that must provide code scanning results for this rule to pass.
+"""
+input CodeScanningToolInput {
+  """
+  The severity level at which code scanning results that raise alerts block a
+  reference update. For more information on alert severity levels, see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)."
+  """
+  alertsThreshold: String!
+
+  """
+  The severity level at which code scanning results that raise security alerts
+  block a reference update. For more information on security severity levels,
+  see "[About code scanning alerts](${externalDocsUrl}/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels)."
+  """
+  securityAlertsThreshold: String!
+
+  """
+  The name of a code scanning tool
+  """
+  tool: String!
+}
+
 """
 Collaborators affiliation level with a subject.
 """
@@ -46040,6 +46110,13 @@ enum RepositoryRuleType {
   """
   BRANCH_NAME_PATTERN
 
+  """
+  Choose which tools must provide code scanning results before the reference is
+  updated. When configured, code scanning must be enabled and have results for
+  both the commit and the reference being updated.
+  """
+  CODE_SCANNING
+
   """
   Committer email pattern
   """
@@ -47796,7 +47873,7 @@ enum RuleEnforcement {
 """
 Types which can be parameters for `RepositoryRule` objects.
 """
-union RuleParameters = BranchNamePatternParameters | CommitAuthorEmailPatternParameters | CommitMessagePatternParameters | CommitterEmailPatternParameters | FileExtensionRestrictionParameters | FilePathRestrictionParameters | MaxFilePathLengthParameters | MaxFileSizeParameters | PullRequestParameters | RequiredDeploymentsParameters | RequiredStatusChecksParameters | TagNamePatternParameters | UpdateParameters | WorkflowsParameters
+union RuleParameters = BranchNamePatternParameters | CodeScanningParameters | CommitAuthorEmailPatternParameters | CommitMessagePatternParameters | CommitterEmailPatternParameters | FileExtensionRestrictionParameters | FilePathRestrictionParameters | MaxFilePathLengthParameters | MaxFileSizeParameters | PullRequestParameters | RequiredDeploymentsParameters | RequiredStatusChecksParameters | TagNamePatternParameters | UpdateParameters | WorkflowsParameters
 
 """
 Specifies the parameters for a `RepositoryRule` object. Only one of the fields should be specified.
@@ -47807,6 +47884,11 @@ input RuleParametersInput {
   """
   branchNamePattern: BranchNamePatternParametersInput
 
+  """
+  Parameters used for the `code_scanning` rule type
+  """
+  codeScanning: CodeScanningParametersInput
+
   """
   Parameters used for the `commit_author_email_pattern` rule type
   """