diff --git a/modules/internal_repository/README.md b/modules/internal_repository/README.md
index e4b9f31..2288a29 100644
--- a/modules/internal_repository/README.md
+++ b/modules/internal_repository/README.md
@@ -29,6 +29,7 @@ No resources.
| [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
| [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
| [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
+| [archived](#input\_archived) | Specifies if the repository should be archived. Defaults to false. | `bool` | `false` | no |
| [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of GitHub Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
| [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
| [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |
diff --git a/modules/internal_repository/repository.tf b/modules/internal_repository/repository.tf
index 1ca7122..c59a21d 100644
--- a/modules/internal_repository/repository.tf
+++ b/modules/internal_repository/repository.tf
@@ -38,6 +38,7 @@ module "repository_base" {
has_vulnerability_alerts = true
advance_security = var.advance_security
dependabot_security_updates = var.dependabot_security_updates
+ archived = var.archived
codespace_secrets = var.codespace_secrets
dependabot_secrets = var.dependabot_secrets
diff --git a/modules/internal_repository/variables.tf b/modules/internal_repository/variables.tf
index 0bfdeec..086889a 100644
--- a/modules/internal_repository/variables.tf
+++ b/modules/internal_repository/variables.tf
@@ -67,6 +67,12 @@ variable "dependabot_security_updates" {
default = true
}
+variable "archived" {
+ description = "Specifies if the repository should be archived. Defaults to false."
+ type = bool
+ default = false
+}
+
variable "advance_security" {
description = "Enables advance security for the repository. If repository is public `advance_security` is enabled by default and cannot be changed."
type = bool
diff --git a/modules/private_repository/README.md b/modules/private_repository/README.md
index 50d1000..5460b7d 100644
--- a/modules/private_repository/README.md
+++ b/modules/private_repository/README.md
@@ -29,6 +29,7 @@ No resources.
| [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
| [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
| [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
+| [archived](#input\_archived) | Specifies if the repository should be archived. Defaults to false. | `bool` | `false` | no |
| [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of Github Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
| [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
| [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |
diff --git a/modules/private_repository/repository.tf b/modules/private_repository/repository.tf
index 69f193d..9cccf59 100644
--- a/modules/private_repository/repository.tf
+++ b/modules/private_repository/repository.tf
@@ -38,6 +38,7 @@ module "repository_base" {
has_vulnerability_alerts = true
advance_security = var.advance_security
dependabot_security_updates = var.dependabot_security_updates
+ archived = var.archived
codespace_secrets = var.codespace_secrets
dependabot_secrets = var.dependabot_secrets
diff --git a/modules/private_repository/variables.tf b/modules/private_repository/variables.tf
index 9b32d5e..d4aca44 100644
--- a/modules/private_repository/variables.tf
+++ b/modules/private_repository/variables.tf
@@ -67,6 +67,12 @@ variable "dependabot_security_updates" {
default = true
}
+variable "archived" {
+ description = "Specifies if the repository should be archived. Defaults to false."
+ type = bool
+ default = false
+}
+
variable "advance_security" {
description = "Enables advance security for the repository."
type = bool
diff --git a/modules/public_repository/README.md b/modules/public_repository/README.md
index 8cc90f1..09262d2 100644
--- a/modules/public_repository/README.md
+++ b/modules/public_repository/README.md
@@ -29,6 +29,7 @@ No resources.
| [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
| [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
| [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
+| [archived](#input\_archived) | Specifies if the repository should be archived. Defaults to false. | `bool` | `false` | no |
| [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of GitHub Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
| [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
| [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |
diff --git a/modules/public_repository/repository.tf b/modules/public_repository/repository.tf
index 105e184..c743d9a 100644
--- a/modules/public_repository/repository.tf
+++ b/modules/public_repository/repository.tf
@@ -34,6 +34,7 @@ module "repository_base" {
has_vulnerability_alerts = true
advance_security = var.advance_security
dependabot_security_updates = var.dependabot_security_updates
+ archived = var.archived
codespace_secrets = var.codespace_secrets
dependabot_secrets = var.dependabot_secrets
diff --git a/modules/public_repository/variables.tf b/modules/public_repository/variables.tf
index 6e1cc09..1bfbb65 100644
--- a/modules/public_repository/variables.tf
+++ b/modules/public_repository/variables.tf
@@ -67,6 +67,12 @@ variable "dependabot_security_updates" {
default = true
}
+variable "archived" {
+ description = "Specifies if the repository should be archived. Defaults to false."
+ type = bool
+ default = false
+}
+
variable "advance_security" {
description = "Enables advance security for the repository. If repository is public `advance_security` is enabled by default and cannot be changed."
type = bool
diff --git a/modules/repository_base/README.md b/modules/repository_base/README.md
index 48790d0..27de03c 100644
--- a/modules/repository_base/README.md
+++ b/modules/repository_base/README.md
@@ -32,6 +32,7 @@
| [github_repository_environment.environment](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_environment) | resource |
| [github_repository_environment_deployment_policy.deployment_policy](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_environment_deployment_policy) | resource |
| [github_repository_ruleset.protected_branch_base_rules](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_ruleset) | resource |
+| [github_repository_vulnerability_alerts.vulnerability_alerts](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_vulnerability_alerts) | resource |
| [github_organization_custom_role.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/organization_custom_role) | data source |
| [github_team.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/team) | data source |
@@ -45,6 +46,7 @@
| [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
| [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
| [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
+| [archived](#input\_archived) | Specifies if the repository should be archived. Defaults to false. | `bool` | `false` | no |
| [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of Github Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
| [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
| [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |
diff --git a/modules/repository_base/repository.tf b/modules/repository_base/repository.tf
index d24f06b..d70f601 100644
--- a/modules/repository_base/repository.tf
+++ b/modules/repository_base/repository.tf
@@ -15,6 +15,7 @@ resource "github_repository" "repository" {
auto_init = true
archive_on_destroy = false
+ archived = var.archived
has_downloads = var.has_downloads
has_issues = var.has_issues
has_projects = var.has_projects
@@ -95,6 +96,11 @@ resource "github_repository_dependabot_security_updates" "automated_security_fix
enabled = true
}
+resource "github_repository_vulnerability_alerts" "vulnerability_alerts" {
+ count = var.has_vulnerability_alerts ? 1 : 0
+ repository = github_repository.repository.name
+}
+
resource "github_branch_default" "default_branch" {
repository = github_repository.repository.name
branch = var.default_branch
diff --git a/modules/repository_base/repository.tftest.hcl b/modules/repository_base/repository.tftest.hcl
index 8c77e5b..af7af88 100644
--- a/modules/repository_base/repository.tftest.hcl
+++ b/modules/repository_base/repository.tftest.hcl
@@ -76,6 +76,10 @@ run "repository_test" {
condition = github_repository.repository.archive_on_destroy == false
error_message = "Repository archive_on_destroy does not match. Expected: false, Actual: ${github_repository.repository.archive_on_destroy}"
}
+ assert {
+ condition = github_repository.repository.archived == var.archived
+ error_message = "Repository archived does not match. Expected: ${var.archived}, Actual: ${github_repository.repository.archived}"
+ }
assert {
condition = github_repository.repository.has_downloads == var.has_downloads
error_message = "Repository has_downloads does not match. Expected: ${var.has_downloads}, Actual: ${github_repository.repository.has_downloads}"
@@ -205,6 +209,17 @@ run "automated_security_fixes_test" {
}
}
+run "vulnerability_alerts_test" {
+ assert {
+ condition = length(github_repository_vulnerability_alerts.vulnerability_alerts) == 1
+ error_message = "Repository vulnerability_alerts count does not match. Expected: 1, Actual: ${length(github_repository_vulnerability_alerts.vulnerability_alerts)}"
+ }
+ assert {
+ condition = github_repository_vulnerability_alerts.vulnerability_alerts[0].repository == var.name
+ error_message = "Repository vulnerability_alerts repository does not match. Expected: ${var.name}, Actual: ${github_repository_vulnerability_alerts.vulnerability_alerts[0].repository}"
+ }
+}
+
run "default_branch_test" {
assert {
condition = github_branch_default.default_branch.repository == var.name
diff --git a/modules/repository_base/variables.tf b/modules/repository_base/variables.tf
index f2185f2..6439d30 100644
--- a/modules/repository_base/variables.tf
+++ b/modules/repository_base/variables.tf
@@ -67,6 +67,12 @@ variable "has_vulnerability_alerts" {
default = true
}
+variable "archived" {
+ description = "Specifies if the repository should be archived. Defaults to false."
+ type = bool
+ default = false
+}
+
variable "topics" {
description = "The topics to apply to the repository"
type = list(string)
diff --git a/modules/repository_set/README.md b/modules/repository_set/README.md
index b49db66..d015cc8 100644
--- a/modules/repository_set/README.md
+++ b/modules/repository_set/README.md
@@ -33,9 +33,9 @@
|------|-------------|------|---------|:--------:|
| [default\_repository\_team\_permissions](#input\_default\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have by default for every repository. If an entry exists in `repository_team_permissions_override` for a repository then that will take precedence over this default. Defaults to `{}` giving no team access to the repositories. | `map(string)` | `{}` | no |
| [has\_ghas\_license](#input\_has\_ghas\_license) | If the organization owning the repositories has a GitHub Advanced Security license or not. Defaults to false. | `bool` | `false` | no |
-| [internal\_repositories](#input\_internal\_repositories) | A map of internal repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
dependabot_security_updates = bool
requires_web_commit_signing = bool
allow_auto_merge = optional(bool)
allow_squash_merge = optional(bool)
allow_rebase_merge = optional(bool)
allow_merge_commit = optional(bool)
squash_merge_commit_title = optional(string)
squash_merge_commit_message = optional(string)
merge_commit_title = optional(string)
merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
pages = optional(object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}))
})) | `{}` | no |
-| [private\_repositories](#input\_private\_repositories) | A map of private repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
has_vulnerability_alerts = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
requires_web_commit_signing = bool
dependabot_security_updates = bool
allow_auto_merge = optional(bool)
allow_squash_merge = optional(bool)
allow_rebase_merge = optional(bool)
allow_merge_commit = optional(bool)
squash_merge_commit_title = optional(string)
squash_merge_commit_message = optional(string)
merge_commit_title = optional(string)
merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
pages = optional(object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}))
})) | n/a | yes |
-| [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
dependabot_security_updates = bool
requires_web_commit_signing = bool
allow_auto_merge = optional(bool)
allow_squash_merge = optional(bool)
allow_rebase_merge = optional(bool)
allow_merge_commit = optional(bool)
squash_merge_commit_title = optional(string)
squash_merge_commit_message = optional(string)
merge_commit_title = optional(string)
merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
pages = optional(object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}))
})) | n/a | yes |
+| [internal\_repositories](#input\_internal\_repositories) | A map of internal repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
dependabot_security_updates = bool
requires_web_commit_signing = bool
allow_auto_merge = optional(bool)
allow_squash_merge = optional(bool)
allow_rebase_merge = optional(bool)
allow_merge_commit = optional(bool)
squash_merge_commit_title = optional(string)
squash_merge_commit_message = optional(string)
merge_commit_title = optional(string)
merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
pages = optional(object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}))
archived = optional(bool)
})) | `{}` | no |
+| [private\_repositories](#input\_private\_repositories) | A map of private repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
has_vulnerability_alerts = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
requires_web_commit_signing = bool
dependabot_security_updates = bool
allow_auto_merge = optional(bool)
allow_squash_merge = optional(bool)
allow_rebase_merge = optional(bool)
allow_merge_commit = optional(bool)
squash_merge_commit_title = optional(string)
squash_merge_commit_message = optional(string)
merge_commit_title = optional(string)
merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
pages = optional(object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}))
archived = optional(bool)
})) | n/a | yes |
+| [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
dependabot_security_updates = bool
requires_web_commit_signing = bool
allow_auto_merge = optional(bool)
allow_squash_merge = optional(bool)
allow_rebase_merge = optional(bool)
allow_merge_commit = optional(bool)
squash_merge_commit_title = optional(string)
squash_merge_commit_message = optional(string)
merge_commit_title = optional(string)
merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
pages = optional(object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}))
archived = optional(bool)
})) | n/a | yes |
| [rulesets](#input\_rulesets) | n/a | map(object({
bypass_actors = optional(object({
repository_roles = optional(list(object({
role = string
always_bypass = optional(bool)
})))
teams = optional(list(object({
team = string
always_bypass = optional(bool)
})))
integrations = optional(list(object({
installation_id = number
always_bypass = optional(bool)
})))
organization_admin = optional(object({
always_bypass = optional(bool)
}))
}))
conditions = optional(object({
ref_name = object({
include = list(string)
exclude = list(string)
})
}))
rules = object({
branch_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
tag_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_author_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_message_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
committer_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
creation = optional(bool)
deletion = optional(bool)
update = optional(bool)
non_fast_forward = optional(bool)
required_linear_history = optional(bool)
required_signatures = optional(bool)
update_allows_fetch_and_merge = optional(bool)
pull_request = optional(object({
dismiss_stale_reviews_on_push = optional(bool)
require_code_owner_review = optional(bool)
require_last_push_approval = optional(bool)
required_approving_review_count = optional(number)
required_review_thread_resolution = optional(bool)
}))
required_status_checks = optional(object({
required_check = list(object({
context = string
integration_id = optional(number)
}))
strict_required_status_check_policy = optional(bool)
}))
required_deployment_environments = optional(list(string))
})
target = string
enforcement = string
repositories = list(string)
})) | `{}` | no |
## Outputs
diff --git a/modules/repository_set/repositories.tf b/modules/repository_set/repositories.tf
index fe148e8..50e3842 100644
--- a/modules/repository_set/repositories.tf
+++ b/modules/repository_set/repositories.tf
@@ -49,6 +49,7 @@ module "public_repositories" {
requires_web_commit_signing = each.value.requires_web_commit_signing
rulesets = lookup(local.rulesets_by_public_repository, each.key, {})
pages = each.value.pages
+ archived = each.value.archived
}
module "private_repositories" {
@@ -85,6 +86,7 @@ module "private_repositories" {
requires_web_commit_signing = each.value.requires_web_commit_signing
rulesets = lookup(local.rulesets_by_private_repository, each.key, {})
pages = each.value.pages
+ archived = each.value.archived
}
module "internal_repositories" {
@@ -120,4 +122,5 @@ module "internal_repositories" {
requires_web_commit_signing = each.value.requires_web_commit_signing
rulesets = lookup(local.rulesets_by_internal_repository, each.key, {})
pages = each.value.pages
+ archived = each.value.archived
}
diff --git a/modules/repository_set/variables.tf b/modules/repository_set/variables.tf
index 4b151a0..8479158 100644
--- a/modules/repository_set/variables.tf
+++ b/modules/repository_set/variables.tf
@@ -55,6 +55,7 @@ variable "private_repositories" {
build_type = optional(string)
cname = optional(string)
}))
+ archived = optional(bool)
}))
description = "A map of private repositories where the key is the repository name and the value is the configuration"
}
@@ -115,6 +116,7 @@ variable "public_repositories" {
build_type = optional(string)
cname = optional(string)
}))
+ archived = optional(bool)
}))
description = "A map of public repositories where the key is the repository name and the value is the configuration"
}
@@ -175,6 +177,7 @@ variable "internal_repositories" {
build_type = optional(string)
cname = optional(string)
}))
+ archived = optional(bool)
}))
description = "A map of internal repositories where the key is the repository name and the value is the configuration"
default = {}