terraform-github-mcaf-repository

Terraform module to create and manage a GitHub repository.

Creating branches

Additional branches can be created and configured using var.branches. Any branches created here are in addition to the default branch (var.default_branch).

You can create branches by either adding them to var.branches:

module "mcaf-repository" {
  source = "schubergphilis/mcaf-repository/github"

  name = "my-repo"

  branches = {
    "develop" = {}
  }
}

Or by specifying the source branch or hash by setting source_branch or source_sha respectively:

module "mcaf-repository" {
  source = "schubergphilis/mcaf-repository/github"

  name = "my-repo"

  branches = {
    "develop" = {
      source_branch = "release"
    }
  }
}

See the github_branch resource for more details

Configuring (additional) branches

The default behaviour is for any branch created by this branch to inherit the default branch protection settings (var.default_branch_protection), but this can be overridden by either settings the branch_protection key or disabling branch protection by setting the use_branch_protection field to false.

To override the default branch protection settings, specify the branch_protection key:

module "mcaf-repository" {
  source = "schubergphilis/mcaf-repository/github"

  name = "my-repo"

  branches = {
    "develop" = {
      branch_protection = {
        enforce_admins         = true
        require_signed_commits = true
      }
    }
  }
}

In the event you want to create branches using Terraform but do not want any branch protection to be configured, you can set use_branch_protection to false:

module "mcaf-repository" {
  source = "schubergphilis/mcaf-repository/github"

  name = "my-repo"

  branches = {
    "develop" = {
      use_branch_protection = false
    }
  }
}

For more examples, see the branches examples.

Requirements

Name	Version
terraform	>= 1.3.0
github	~> 6.0

Providers

Name	Version
github	~> 6.0

Modules

No modules.

Resources

Name	Type
github_actions_environment_secret.secrets	resource
github_actions_environment_variable.default	resource
github_actions_repository_access_level.actions_access_level	resource
github_actions_secret.secrets	resource
github_actions_variable.action_variables	resource
github_branch.default	resource
github_branch_default.default	resource
github_branch_protection.default	resource
github_repository.default	resource
github_repository_environment.default	resource
github_repository_environment_deployment_policy.default	resource
github_repository_file.default	resource
github_repository_ruleset.default	resource
github_team_repository.admins	resource
github_team_repository.maintainers	resource
github_team_repository.readers	resource
github_team_repository.writers	resource

Inputs

Name	Description	Type	Default	Required
name	The name of the repository	string	n/a	yes
actions_access_level	Control how this repository is used by GitHub Actions workflows in other repositories	string	null	no
actions_secrets	An optional map with GitHub action secrets	map(string)	{}	no
actions_variables	An optional map with GitHub Actions variables	map(string)	{}	no
admins	A list of GitHub teams that should have admins access	list(string)	[]	no
allow_auto_merge	Enable to allow auto-merging pull requests on the repository	bool	false	no
allow_rebase_merge	To enable rebase merges on the repository	bool	false	no
allow_squash_merge	To enable squash merges on the repository	bool	false	no
archive_on_destroy	Set to true to archive the repository instead of deleting on destroy	bool	false	no
archived	Specifies if the repository should be archived	bool	false	no
auto_init	Disable to not produce an initial commit in the repository	bool	true	no
branches	An optional map with GitHub branches to create	map(object({ source_branch = optional(string) source_sha = optional(string) use_branch_protection = optional(bool, true) branch_protection = optional(object({ allows_force_pushes = optional(bool, false) enforce_admins = optional(bool, false) require_signed_commits = optional(bool, true) required_checks = optional(object({ strict = optional(bool) contexts = optional(list(string)) })) restrict_pushes = optional(object({ blocks_creations = optional(bool) push_allowances = optional(list(string)) })) required_reviews = optional(object({ dismiss_stale_reviews = optional(bool, true) dismissal_restrictions = optional(list(string)) required_approving_review_count = optional(number, 2) require_code_owner_reviews = optional(bool, true) pull_request_bypassers = optional(list(string)) })) }), null) }))	{}	no
default_branch	Name of the default branch for the GitHub repository	string	"main"	no
default_branch_protection	Default branch protection settings for managed branches	object({ allows_force_pushes = optional(bool, false) enforce_admins = optional(bool, false) require_signed_commits = optional(bool, true) required_checks = optional(object({ strict = optional(bool) contexts = optional(list(string)) })) required_reviews = optional(object({ dismiss_stale_reviews = optional(bool, true) dismissal_restrictions = optional(list(string)) required_approving_review_count = optional(number, 2) require_code_owner_reviews = optional(bool, true) pull_request_bypassers = optional(list(string)) })) restrict_pushes = optional(object({ blocks_creations = optional(bool) push_allowances = optional(list(string)) })) })	{ "enforce_admins": false, "require_signed_commits": true, "required_reviews": { "dismiss_stale_reviews": true, "require_code_owner_reviews": true, "required_approving_review_count": 2 } }	no
delete_branch_on_merge	Automatically delete head branch after a pull request is merged	bool	true	no
description	A description for the GitHub repository	string	null	no
environments	An optional map with GitHub environments to configure	map(object({ secrets = optional(map(string), {}) variables = optional(map(string), {}) wait_timer = optional(number, null) deployment_branch_policy = optional(object( { branch_patterns = optional(list(string), []) custom_branch_policies = optional(bool, false) protected_branches = optional(bool, true) }), { custom_branch_policies = false protected_branches = true } ) reviewers = optional(object({ teams = optional(list(string)) users = optional(list(string)) }), null) }))	{}	no
gitignore_template	The name of the template without the extension	string	null	no
has_downloads	To enable downloads features on the repository	bool	false	no
has_issues	To enable GitHub Issues features on the repository	bool	false	no
has_projects	To enable GitHub Projects features on the repository	bool	false	no
has_wiki	To enable GitHub Wiki features on the repository	bool	false	no
homepage_url	URL of a page describing the project	string	null	no
is_template	To mark this repository as a template repository	bool	false	no
maintainers	A list of GitHub teams that should have maintain access	list(string)	[]	no
readers	A list of GitHub teams that should have read access	list(string)	[]	no
repository_files	A list of GitHub repository files that should be created	map(object({ branch = optional(string) path = string content = string }))	{}	no
squash_merge_commit_message	The default commit message for squash merges	string	"COMMIT_MESSAGES"	no
squash_merge_commit_title	The default commit title for squash merges	string	"COMMIT_OR_PR_TITLE"	no
tag_protection	The repository tag protection pattern	string	null	no
template_repository	The settings of the template repostitory to use on creation	object({ owner = string repository = string })	null	no
visibility	Set the GitHub repository as public, private or internal	string	"private"	no
vulnerability_alerts	To enable security alerts for vulnerable dependencies	bool	false	no
writers	A list of GitHub teams that should have write access	list(string)	[]	no

Outputs

Name	Description
full_name	The full 'organization/repository' name of the repository
name	The name of the repository
repo_id	The id of the repository

Licensing

100% Open Source and licensed under the Apache License Version 2.0. See LICENSE for full details.