feat: Configure github_repository.web_commit_signoff_required

modules/private_repository/repository.tf

@@ -18,6 +18,7 @@ module "repository_base" {
   protected_branches   = var.protected_branches
   delete_head_on_merge = var.delete_head_on_merge
   allow_auto_merge     = var.allow_auto_merge
+  requires_web_commit_signing = var.requires_web_commit_signing
 
   secret_scanning             = true
   secret_scanning_on_push     = true

modules/private_repository/variables.tf

@@ -50,6 +50,12 @@ variable "allow_auto_merge" {
   default     = true
 }
 
+variable "requires_web_commit_signing" {
+  description = "If set commit signatures are required for commits to the organization. Defaults to `false`."
+  type        = bool
+  default     = false
+}
+
 variable "dependabot_security_updates" {
   description = "Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository."
   type        = bool
@@ -188,4 +194,4 @@ variable "rulesets" {
     enforcement = string
   }))
   default = {}
-}
+}

modules/public_repository/repository.tf

@@ -18,6 +18,7 @@ module "repository_base" {
   protected_branches   = var.protected_branches
   delete_head_on_merge = var.delete_head_on_merge
   allow_auto_merge     = var.allow_auto_merge
+  requires_web_commit_signing = var.requires_web_commit_signing
 
   secret_scanning             = true
   secret_scanning_on_push     = true
@@ -35,4 +36,4 @@ module "repository_base" {
   license_template    = var.license_template
 
   rulesets = var.rulesets
-}
+}

modules/public_repository/variables.tf

@@ -50,6 +50,12 @@ variable "allow_auto_merge" {
   default     = true
 }
 
+variable "requires_web_commit_signing" {
+  description = "If set commit signatures are required for commits to the organization. Defaults to `false`."
+  type        = bool
+  default     = false
+}
+
 variable "dependabot_security_updates" {
   description = "Enables dependabot security updates. Only works when `has_vulnerability_alerts` is set because that is required to enable dependabot for the repository."
   type        = bool
@@ -188,4 +194,4 @@ variable "rulesets" {
     enforcement = string
   }))
   default = {}
-}
+}

modules/repository_base/repository.tf

@@ -25,6 +25,7 @@ resource "github_repository" "repository" {
   homepage_url           = var.homepage
   delete_branch_on_merge = var.delete_head_on_merge
   allow_auto_merge       = var.allow_auto_merge
+  web_commit_signoff_required = var.requires_web_commit_signing
   license_template       = var.license_template
 
 

modules/repository_base/variables.tf

@@ -86,6 +86,12 @@ variable "allow_auto_merge" {
   default     = true
 }
 
+variable "requires_web_commit_signing" {
+  description = "If set commit signatures are required for commits to the organization. Defaults to `false`."
+  type        = bool
+  default     = false
+}
+
 variable "visibility" {
   description = "Sets the visibility property of a repository. Defaults to \"private\""
   type        = string
@@ -242,4 +248,4 @@ variable "rulesets" {
     enforcement = string
   }))
   default = {}
-}
+}

modules/repository_set/variables.tf

@@ -10,6 +10,7 @@ variable "private_repositories" {
     homepage                             = string
     delete_head_on_merge                 = bool
     allow_auto_merge                     = bool
+    requires_web_commit_signing          = bool
     dependabot_security_updates          = bool
     organization_action_secrets          = optional(list(string))
     organization_codespace_secrets       = optional(list(string))
@@ -151,4 +152,4 @@ variable "rulesets" {
     repositories = list(string)
   }))
   default = {}
-}
+}