FociSolutions · bzarboni1 · Apr 28, 2026 · Apr 27, 2026 · Apr 27, 2026 · Apr 27, 2026
diff --git a/modules/internal_repository/README.md b/modules/internal_repository/README.md
@@ -29,6 +29,7 @@ No resources.
 | <a name="input_allow_merge_commit"></a> [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
 | <a name="input_allow_rebase_merge"></a> [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
 | <a name="input_allow_squash_merge"></a> [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
+| <a name="input_archived"></a> [archived](#input\_archived) | Specifies if the repository should be archived. Defaults to false. | `bool` | `false` | no |
 | <a name="input_codespace_secrets"></a> [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of GitHub Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
 | <a name="input_default_branch"></a> [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
 | <a name="input_delete_head_on_merge"></a> [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |

diff --git a/modules/internal_repository/repository.tf b/modules/internal_repository/repository.tf
@@ -38,6 +38,7 @@ module "repository_base" {
   has_vulnerability_alerts    = true
   advance_security            = var.advance_security
   dependabot_security_updates = var.dependabot_security_updates
+  archived                    = var.archived
 
   codespace_secrets  = var.codespace_secrets
   dependabot_secrets = var.dependabot_secrets

diff --git a/modules/internal_repository/variables.tf b/modules/internal_repository/variables.tf
@@ -67,6 +67,12 @@ variable "dependabot_security_updates" {
   default     = true
 }
 
+variable "archived" {
+  description = "Specifies if the repository should be archived. Defaults to false."
+  type        = bool
+  default     = false
+}
+
 variable "advance_security" {
   description = "Enables advance security for the repository. If repository is public `advance_security` is enabled by default and cannot be changed."
   type        = bool

diff --git a/modules/private_repository/README.md b/modules/private_repository/README.md
@@ -29,6 +29,7 @@ No resources.
 | <a name="input_allow_merge_commit"></a> [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
 | <a name="input_allow_rebase_merge"></a> [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
 | <a name="input_allow_squash_merge"></a> [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
+| <a name="input_archived"></a> [archived](#input\_archived) | Specifies if the repository should be archived. Defaults to false. | `bool` | `false` | no |
 | <a name="input_codespace_secrets"></a> [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of Github Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
 | <a name="input_default_branch"></a> [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
 | <a name="input_delete_head_on_merge"></a> [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |

diff --git a/modules/private_repository/repository.tf b/modules/private_repository/repository.tf
@@ -38,6 +38,7 @@ module "repository_base" {
   has_vulnerability_alerts    = true
   advance_security            = var.advance_security
   dependabot_security_updates = var.dependabot_security_updates
+  archived                    = var.archived
 
   codespace_secrets  = var.codespace_secrets
   dependabot_secrets = var.dependabot_secrets

diff --git a/modules/private_repository/variables.tf b/modules/private_repository/variables.tf
@@ -67,6 +67,12 @@ variable "dependabot_security_updates" {
   default     = true
 }
 
+variable "archived" {
+  description = "Specifies if the repository should be archived. Defaults to false."
+  type        = bool
+  default     = false
+}
+
 variable "advance_security" {
   description = "Enables advance security for the repository."
   type        = bool

diff --git a/modules/public_repository/README.md b/modules/public_repository/README.md
@@ -29,6 +29,7 @@ No resources.
 | <a name="input_allow_merge_commit"></a> [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
 | <a name="input_allow_rebase_merge"></a> [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
 | <a name="input_allow_squash_merge"></a> [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
+| <a name="input_archived"></a> [archived](#input\_archived) | Specifies if the repository should be archived. Defaults to false. | `bool` | `false` | no |
 | <a name="input_codespace_secrets"></a> [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of GitHub Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
 | <a name="input_default_branch"></a> [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
 | <a name="input_delete_head_on_merge"></a> [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |

diff --git a/modules/public_repository/repository.tf b/modules/public_repository/repository.tf
@@ -34,6 +34,7 @@ module "repository_base" {
   has_vulnerability_alerts    = true
   advance_security            = var.advance_security
   dependabot_security_updates = var.dependabot_security_updates
+  archived                    = var.archived
 
   codespace_secrets  = var.codespace_secrets
   dependabot_secrets = var.dependabot_secrets

diff --git a/modules/public_repository/variables.tf b/modules/public_repository/variables.tf
@@ -67,6 +67,12 @@ variable "dependabot_security_updates" {
   default     = true
 }
 
+variable "archived" {
+  description = "Specifies if the repository should be archived. Defaults to false."
+  type        = bool
+  default     = false
+}
+
 variable "advance_security" {
   description = "Enables advance security for the repository. If repository is public `advance_security` is enabled by default and cannot be changed."
   type        = bool

diff --git a/modules/repository_base/README.md b/modules/repository_base/README.md
@@ -32,6 +32,7 @@
 | [github_repository_environment.environment](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_environment) | resource |
 | [github_repository_environment_deployment_policy.deployment_policy](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_environment_deployment_policy) | resource |
 | [github_repository_ruleset.protected_branch_base_rules](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_ruleset) | resource |
+| [github_repository_vulnerability_alerts.vulnerability_alerts](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_vulnerability_alerts) | resource |
 | [github_organization_custom_role.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/organization_custom_role) | data source |
 | [github_team.branch_ruleset_bypasser](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/team) | data source |
 
@@ -45,6 +46,7 @@
 | <a name="input_allow_merge_commit"></a> [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
 | <a name="input_allow_rebase_merge"></a> [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
 | <a name="input_allow_squash_merge"></a> [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
+| <a name="input_archived"></a> [archived](#input\_archived) | Specifies if the repository should be archived. Defaults to false. | `bool` | `false` | no |
 | <a name="input_codespace_secrets"></a> [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of Github Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
 | <a name="input_default_branch"></a> [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
 | <a name="input_delete_head_on_merge"></a> [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |

diff --git a/modules/repository_base/repository.tf b/modules/repository_base/repository.tf
@@ -15,6 +15,7 @@ resource "github_repository" "repository" {
 
   auto_init                   = true
   archive_on_destroy          = false
+  archived                    = var.archived
   has_downloads               = var.has_downloads
   has_issues                  = var.has_issues
   has_projects                = var.has_projects
@@ -95,6 +96,11 @@ resource "github_repository_dependabot_security_updates" "automated_security_fix
   enabled    = true
 }
 
+resource "github_repository_vulnerability_alerts" "vulnerability_alerts" {
+  count      = var.has_vulnerability_alerts ? 1 : 0
+  repository = github_repository.repository.name
+}
+
 resource "github_branch_default" "default_branch" {
   repository = github_repository.repository.name
   branch     = var.default_branch

diff --git a/modules/repository_base/repository.tftest.hcl b/modules/repository_base/repository.tftest.hcl
@@ -76,6 +76,10 @@ run "repository_test" {
     condition     = github_repository.repository.archive_on_destroy == false
     error_message = "Repository archive_on_destroy does not match. Expected: false, Actual: ${github_repository.repository.archive_on_destroy}"
   }
+  assert {
+    condition     = github_repository.repository.archived == var.archived
+    error_message = "Repository archived does not match. Expected: ${var.archived}, Actual: ${github_repository.repository.archived}"
+  }
   assert {
     condition     = github_repository.repository.has_downloads == var.has_downloads
     error_message = "Repository has_downloads does not match. Expected: ${var.has_downloads}, Actual: ${github_repository.repository.has_downloads}"
@@ -205,6 +209,17 @@ run "automated_security_fixes_test" {
   }
 }
 
+run "vulnerability_alerts_test" {
+  assert {
+    condition     = length(github_repository_vulnerability_alerts.vulnerability_alerts) == 1
+    error_message = "Repository vulnerability_alerts count does not match. Expected: 1, Actual: ${length(github_repository_vulnerability_alerts.vulnerability_alerts)}"
+  }
+  assert {
+    condition     = github_repository_vulnerability_alerts.vulnerability_alerts[0].repository == var.name
+    error_message = "Repository vulnerability_alerts repository does not match. Expected: ${var.name}, Actual: ${github_repository_vulnerability_alerts.vulnerability_alerts[0].repository}"
+  }
+}
+
 run "default_branch_test" {
   assert {
     condition     = github_branch_default.default_branch.repository == var.name

diff --git a/modules/repository_base/variables.tf b/modules/repository_base/variables.tf
@@ -67,6 +67,12 @@ variable "has_vulnerability_alerts" {
   default     = true
 }
 
+variable "archived" {
+  description = "Specifies if the repository should be archived. Defaults to false."
+  type        = bool
+  default     = false
+}
+
 variable "topics" {
   description = "The topics to apply to the repository"
   type        = list(string)