From c2d573a91f267cd447a3d4053692209d372f8a1e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 28 Apr 2026 12:55:38 +0000
Subject: [PATCH 1/4] Initial plan
From 10e3f2f89b81691293ee35e125913c8f70979611 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 28 Apr 2026 13:02:16 +0000
Subject: [PATCH 2/4] Fix has_vulnerability_alerts default to false and wire
through all modules
Agent-Logs-Url: https://github.com/FociSolutions/github-foundations-modules/sessions/bb4fc58c-b5e1-4998-a5c0-840514ff90b8
Co-authored-by: bzarboni1 <99673202+bzarboni1@users.noreply.github.com>
---
modules/internal_repository/README.md | 1 +
modules/internal_repository/repository.tf | 2 +-
modules/internal_repository/variables.tf | 6 ++++++
modules/private_repository/README.md | 1 +
modules/private_repository/repository.tf | 2 +-
modules/private_repository/variables.tf | 6 ++++++
modules/public_repository/README.md | 1 +
modules/public_repository/repository.tf | 2 +-
modules/public_repository/variables.tf | 6 ++++++
modules/repository_base/README.md | 2 +-
modules/repository_base/variables.tf | 2 +-
modules/repository_set/repositories.tf | 3 +++
12 files changed, 29 insertions(+), 5 deletions(-)
diff --git a/modules/internal_repository/README.md b/modules/internal_repository/README.md
index 2288a29..7ba1ddf 100644
--- a/modules/internal_repository/README.md
+++ b/modules/internal_repository/README.md
@@ -38,6 +38,7 @@ No resources.
| [description](#input\_description) | The description to give to the repository. Defaults to `""` | `string` | `""` | no |
| [environments](#input\_environments) | Environments to create for the repository. | map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})) | `{}` | no |
| [has\_ghas\_license](#input\_has\_ghas\_license) | If the organization owning the repository has a GitHub Advanced Security license or not. Defaults to false. | `bool` | `false` | no |
+| [has\_vulnerability\_alerts](#input\_has\_vulnerability\_alerts) | Enables security alerts for vulnerable dependencies for the repository | `bool` | `false` | no |
| [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
| [license\_template](#input\_license\_template) | The (Optional) license template to apply to the repository | `string` | `null` | no |
| [merge\_commit\_message](#input\_merge\_commit\_message) | (Optional) Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if allow\_merge\_commit is `true`. | `string` | `"PR_TITLE"` | no |
diff --git a/modules/internal_repository/repository.tf b/modules/internal_repository/repository.tf
index c59a21d..615a69f 100644
--- a/modules/internal_repository/repository.tf
+++ b/modules/internal_repository/repository.tf
@@ -35,7 +35,7 @@ module "repository_base" {
secret_scanning = local.enable_secret_scanning
secret_scanning_on_push = local.enable_secret_scanning
- has_vulnerability_alerts = true
+ has_vulnerability_alerts = var.has_vulnerability_alerts
advance_security = var.advance_security
dependabot_security_updates = var.dependabot_security_updates
archived = var.archived
diff --git a/modules/internal_repository/variables.tf b/modules/internal_repository/variables.tf
index 086889a..7db1bf0 100644
--- a/modules/internal_repository/variables.tf
+++ b/modules/internal_repository/variables.tf
@@ -61,6 +61,12 @@ variable "requires_web_commit_signing" {
default = false
}
+variable "has_vulnerability_alerts" {
+ description = "Enables security alerts for vulnerable dependencies for the repository"
+ type = bool
+ default = false
+}
+
variable "dependabot_security_updates" {
description = "Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository."
type = bool
diff --git a/modules/private_repository/README.md b/modules/private_repository/README.md
index 5460b7d..39631db 100644
--- a/modules/private_repository/README.md
+++ b/modules/private_repository/README.md
@@ -38,6 +38,7 @@ No resources.
| [description](#input\_description) | The description to give to the repository. Defaults to `""` | `string` | `""` | no |
| [environments](#input\_environments) | Environments to create for the repository. | map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})) | `{}` | no |
| [has\_ghas\_license](#input\_has\_ghas\_license) | If the organization owning the repository has a GitHub Advanced Security license or not. Defaults to false. | `bool` | `false` | no |
+| [has\_vulnerability\_alerts](#input\_has\_vulnerability\_alerts) | Enables security alerts for vulnerable dependencies for the repository | `bool` | `false` | no |
| [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
| [license\_template](#input\_license\_template) | The (Optional) license template to use for the repository | `string` | `null` | no |
| [merge\_commit\_message](#input\_merge\_commit\_message) | (Optional) Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if allow\_merge\_commit is `true`. | `string` | `"PR_TITLE"` | no |
diff --git a/modules/private_repository/repository.tf b/modules/private_repository/repository.tf
index 9cccf59..af26734 100644
--- a/modules/private_repository/repository.tf
+++ b/modules/private_repository/repository.tf
@@ -35,7 +35,7 @@ module "repository_base" {
secret_scanning = local.enable_secret_scanning
secret_scanning_on_push = local.enable_secret_scanning
- has_vulnerability_alerts = true
+ has_vulnerability_alerts = var.has_vulnerability_alerts
advance_security = var.advance_security
dependabot_security_updates = var.dependabot_security_updates
archived = var.archived
diff --git a/modules/private_repository/variables.tf b/modules/private_repository/variables.tf
index d4aca44..fb4941e 100644
--- a/modules/private_repository/variables.tf
+++ b/modules/private_repository/variables.tf
@@ -61,6 +61,12 @@ variable "requires_web_commit_signing" {
default = false
}
+variable "has_vulnerability_alerts" {
+ description = "Enables security alerts for vulnerable dependencies for the repository"
+ type = bool
+ default = false
+}
+
variable "dependabot_security_updates" {
description = "Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository."
type = bool
diff --git a/modules/public_repository/README.md b/modules/public_repository/README.md
index 09262d2..bc087f9 100644
--- a/modules/public_repository/README.md
+++ b/modules/public_repository/README.md
@@ -37,6 +37,7 @@ No resources.
| [dependabot\_security\_updates](#input\_dependabot\_security\_updates) | Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository. | `bool` | `true` | no |
| [description](#input\_description) | The description to give to the repository. Defaults to `""` | `string` | `""` | no |
| [environments](#input\_environments) | Environments to create for the repository. | map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})) | `{}` | no |
+| [has\_vulnerability\_alerts](#input\_has\_vulnerability\_alerts) | Enables security alerts for vulnerable dependencies for the repository | `bool` | `false` | no |
| [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
| [license\_template](#input\_license\_template) | The (Optional) license template to apply to the repository | `string` | `null` | no |
| [merge\_commit\_message](#input\_merge\_commit\_message) | (Optional) Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if allow\_merge\_commit is `true`. | `string` | `"PR_TITLE"` | no |
diff --git a/modules/public_repository/repository.tf b/modules/public_repository/repository.tf
index c743d9a..48995a7 100644
--- a/modules/public_repository/repository.tf
+++ b/modules/public_repository/repository.tf
@@ -31,7 +31,7 @@ module "repository_base" {
secret_scanning = true
secret_scanning_on_push = true
- has_vulnerability_alerts = true
+ has_vulnerability_alerts = var.has_vulnerability_alerts
advance_security = var.advance_security
dependabot_security_updates = var.dependabot_security_updates
archived = var.archived
diff --git a/modules/public_repository/variables.tf b/modules/public_repository/variables.tf
index 1bfbb65..0723804 100644
--- a/modules/public_repository/variables.tf
+++ b/modules/public_repository/variables.tf
@@ -61,6 +61,12 @@ variable "requires_web_commit_signing" {
default = false
}
+variable "has_vulnerability_alerts" {
+ description = "Enables security alerts for vulnerable dependencies for the repository"
+ type = bool
+ default = false
+}
+
variable "dependabot_security_updates" {
description = "Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository."
type = bool
diff --git a/modules/repository_base/README.md b/modules/repository_base/README.md
index 27de03c..0e407d0 100644
--- a/modules/repository_base/README.md
+++ b/modules/repository_base/README.md
@@ -58,7 +58,7 @@
| [has\_downloads](#input\_has\_downloads) | Enables downloads for the repository | `bool` | `false` | no |
| [has\_issues](#input\_has\_issues) | Enables Github Issues for the repository | `bool` | `true` | no |
| [has\_projects](#input\_has\_projects) | Enables Github Projects for the repository | `bool` | `true` | no |
-| [has\_vulnerability\_alerts](#input\_has\_vulnerability\_alerts) | Enables security alerts for vulnerable dependencies for the repository | `bool` | `true` | no |
+| [has\_vulnerability\_alerts](#input\_has\_vulnerability\_alerts) | Enables security alerts for vulnerable dependencies for the repository | `bool` | `false` | no |
| [has\_wiki](#input\_has\_wiki) | Enables Github Wiki for the repository | `bool` | `true` | no |
| [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
| [license\_template](#input\_license\_template) | The (Optional) license template to use for the repository | `string` | `null` | no |
diff --git a/modules/repository_base/variables.tf b/modules/repository_base/variables.tf
index 6439d30..d11be9f 100644
--- a/modules/repository_base/variables.tf
+++ b/modules/repository_base/variables.tf
@@ -64,7 +64,7 @@ variable "has_wiki" {
variable "has_vulnerability_alerts" {
description = "Enables security alerts for vulnerable dependencies for the repository"
type = bool
- default = true
+ default = false
}
variable "archived" {
diff --git a/modules/repository_set/repositories.tf b/modules/repository_set/repositories.tf
index 50e3842..610ea20 100644
--- a/modules/repository_set/repositories.tf
+++ b/modules/repository_set/repositories.tf
@@ -28,6 +28,7 @@ module "public_repositories" {
default_branch = each.value.default_branch
protected_branches = each.value.protected_branches
advance_security = each.value.advance_security
+ has_vulnerability_alerts = each.value.has_vulnerability_alerts
topics = each.value.topics
homepage = each.value.homepage
delete_head_on_merge = each.value.delete_head_on_merge
@@ -65,6 +66,7 @@ module "private_repositories" {
protected_branches = each.value.protected_branches
advance_security = each.value.advance_security
has_ghas_license = var.has_ghas_license
+ has_vulnerability_alerts = each.value.has_vulnerability_alerts
topics = each.value.topics
homepage = each.value.homepage
delete_head_on_merge = each.value.delete_head_on_merge
@@ -101,6 +103,7 @@ module "internal_repositories" {
default_branch = each.value.default_branch
protected_branches = each.value.protected_branches
advance_security = each.value.advance_security
+ has_vulnerability_alerts = each.value.has_vulnerability_alerts
topics = each.value.topics
homepage = each.value.homepage
delete_head_on_merge = each.value.delete_head_on_merge
From feeb89fc681fb54769133f10e231add5033b0d64 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 28 Apr 2026 13:10:02 +0000
Subject: [PATCH 3/4] Fix repository_set variables.tf and add
copilot-setup-steps.yml with Terraform
Agent-Logs-Url: https://github.com/FociSolutions/github-foundations-modules/sessions/fef7b18c-080f-4a6d-a01f-93ef4498159a
Co-authored-by: seanpoulter-foci <98067886+seanpoulter-foci@users.noreply.github.com>
---
.github/workflows/copilot-setup-steps.yml | 26 +++++++++++++++++++++++
modules/repository_set/variables.tf | 2 ++
2 files changed, 28 insertions(+)
create mode 100644 .github/workflows/copilot-setup-steps.yml
diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml
new file mode 100644
index 0000000..8cd297b
--- /dev/null
+++ b/.github/workflows/copilot-setup-steps.yml
@@ -0,0 +1,26 @@
+name: "Copilot Setup Steps"
+
+on:
+ workflow_dispatch:
+ push:
+ paths:
+ - .github/workflows/copilot-setup-steps.yml
+ pull_request:
+ paths:
+ - .github/workflows/copilot-setup-steps.yml
+
+jobs:
+ copilot-setup-steps:
+ runs-on: ubuntu-latest
+
+ permissions:
+ contents: read
+
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v3
+ with:
+ terraform_version: 1.9.8
diff --git a/modules/repository_set/variables.tf b/modules/repository_set/variables.tf
index 8479158..a4eae5c 100644
--- a/modules/repository_set/variables.tf
+++ b/modules/repository_set/variables.tf
@@ -66,6 +66,7 @@ variable "public_repositories" {
default_branch = string
protected_branches = list(string)
advance_security = bool
+ has_vulnerability_alerts = optional(bool, false)
topics = list(string)
homepage = string
delete_head_on_merge = bool
@@ -127,6 +128,7 @@ variable "internal_repositories" {
default_branch = string
protected_branches = list(string)
advance_security = bool
+ has_vulnerability_alerts = optional(bool, false)
topics = list(string)
homepage = string
delete_head_on_merge = bool
From 1765e187993ac7806903505ebdc7a25f40f6b823 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
Date: Tue, 28 Apr 2026 13:12:20 +0000
Subject: [PATCH 4/4] terraform-docs: automated action
---
modules/repository_set/README.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/repository_set/README.md b/modules/repository_set/README.md
index d015cc8..c86be95 100644
--- a/modules/repository_set/README.md
+++ b/modules/repository_set/README.md
@@ -33,9 +33,9 @@
|------|-------------|------|---------|:--------:|
| [default\_repository\_team\_permissions](#input\_default\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have by default for every repository. If an entry exists in `repository_team_permissions_override` for a repository then that will take precedence over this default. Defaults to `{}` giving no team access to the repositories. | `map(string)` | `{}` | no |
| [has\_ghas\_license](#input\_has\_ghas\_license) | If the organization owning the repositories has a GitHub Advanced Security license or not. Defaults to false. | `bool` | `false` | no |
-| [internal\_repositories](#input\_internal\_repositories) | A map of internal repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
dependabot_security_updates = bool
requires_web_commit_signing = bool
allow_auto_merge = optional(bool)
allow_squash_merge = optional(bool)
allow_rebase_merge = optional(bool)
allow_merge_commit = optional(bool)
squash_merge_commit_title = optional(string)
squash_merge_commit_message = optional(string)
merge_commit_title = optional(string)
merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
pages = optional(object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}))
archived = optional(bool)
})) | `{}` | no |
+| [internal\_repositories](#input\_internal\_repositories) | A map of internal repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
has_vulnerability_alerts = optional(bool, false)
topics = list(string)
homepage = string
delete_head_on_merge = bool
dependabot_security_updates = bool
requires_web_commit_signing = bool
allow_auto_merge = optional(bool)
allow_squash_merge = optional(bool)
allow_rebase_merge = optional(bool)
allow_merge_commit = optional(bool)
squash_merge_commit_title = optional(string)
squash_merge_commit_message = optional(string)
merge_commit_title = optional(string)
merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
pages = optional(object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}))
archived = optional(bool)
})) | `{}` | no |
| [private\_repositories](#input\_private\_repositories) | A map of private repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
has_vulnerability_alerts = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
requires_web_commit_signing = bool
dependabot_security_updates = bool
allow_auto_merge = optional(bool)
allow_squash_merge = optional(bool)
allow_rebase_merge = optional(bool)
allow_merge_commit = optional(bool)
squash_merge_commit_title = optional(string)
squash_merge_commit_message = optional(string)
merge_commit_title = optional(string)
merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
pages = optional(object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}))
archived = optional(bool)
})) | n/a | yes |
-| [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
dependabot_security_updates = bool
requires_web_commit_signing = bool
allow_auto_merge = optional(bool)
allow_squash_merge = optional(bool)
allow_rebase_merge = optional(bool)
allow_merge_commit = optional(bool)
squash_merge_commit_title = optional(string)
squash_merge_commit_message = optional(string)
merge_commit_title = optional(string)
merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
pages = optional(object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}))
archived = optional(bool)
})) | n/a | yes |
+| [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
has_vulnerability_alerts = optional(bool, false)
topics = list(string)
homepage = string
delete_head_on_merge = bool
dependabot_security_updates = bool
requires_web_commit_signing = bool
allow_auto_merge = optional(bool)
allow_squash_merge = optional(bool)
allow_rebase_merge = optional(bool)
allow_merge_commit = optional(bool)
squash_merge_commit_title = optional(string)
squash_merge_commit_message = optional(string)
merge_commit_title = optional(string)
merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
wait_timer = optional(number)
can_admins_bypass = optional(bool)
prevent_self_review = optional(bool)
action_secrets = optional(map(string))
reviewers = optional(object({
teams = optional(list(string))
users = optional(list(string))
}))
deployment_branch_policy = optional(object({
protected_branches = bool
custom_branch_policies = bool
branch_patterns = list(string)
}))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
pages = optional(object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}))
archived = optional(bool)
})) | n/a | yes |
| [rulesets](#input\_rulesets) | n/a | map(object({
bypass_actors = optional(object({
repository_roles = optional(list(object({
role = string
always_bypass = optional(bool)
})))
teams = optional(list(object({
team = string
always_bypass = optional(bool)
})))
integrations = optional(list(object({
installation_id = number
always_bypass = optional(bool)
})))
organization_admin = optional(object({
always_bypass = optional(bool)
}))
}))
conditions = optional(object({
ref_name = object({
include = list(string)
exclude = list(string)
})
}))
rules = object({
branch_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
tag_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_author_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_message_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
committer_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
creation = optional(bool)
deletion = optional(bool)
update = optional(bool)
non_fast_forward = optional(bool)
required_linear_history = optional(bool)
required_signatures = optional(bool)
update_allows_fetch_and_merge = optional(bool)
pull_request = optional(object({
dismiss_stale_reviews_on_push = optional(bool)
require_code_owner_review = optional(bool)
require_last_push_approval = optional(bool)
required_approving_review_count = optional(number)
required_review_thread_resolution = optional(bool)
}))
required_status_checks = optional(object({
required_check = list(object({
context = string
integration_id = optional(number)
}))
strict_required_status_check_policy = optional(bool)
}))
required_deployment_environments = optional(list(string))
})
target = string
enforcement = string
repositories = list(string)
})) | `{}` | no |
## Outputs