diff --git a/modules/private_repository/README.md b/modules/private_repository/README.md
index 4f6f5d8..9559002 100644
--- a/modules/private_repository/README.md
+++ b/modules/private_repository/README.md
@@ -26,6 +26,9 @@ No resources.
| [action\_secrets](#input\_action\_secrets) | An (Optional) map of GitHub Actions secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
| [advance\_security](#input\_advance\_security) | Enables advance security for the repository. | `bool` | `true` | no |
| [allow\_auto\_merge](#input\_allow\_auto\_merge) | Allow auto-merging pull requests on the repository | `bool` | `true` | no |
+| [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
+| [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
+| [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
| [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of Github Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
| [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
| [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |
@@ -36,12 +39,17 @@ No resources.
| [has\_ghas\_license](#input\_has\_ghas\_license) | If the organization owning the repository has a GitHub Advanced Security license or not. Defaults to false. | `bool` | `false` | no |
| [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
| [license\_template](#input\_license\_template) | The (Optional) license template to use for the repository | `string` | `null` | no |
+| [merge\_commit\_message](#input\_merge\_commit\_message) | (Optional) Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if allow\_merge\_commit is `true`. | `string` | `"PR_TITLE"` | no |
+| [merge\_commit\_title](#input\_merge\_commit\_title) | (Optional) Can be `PR_TITLE` or `MERGE_MESSAGE` for a default merge commit title. Applicable only if allow\_merge\_commit is `true`. | `string` | `"MERGE_MESSAGE"` | no |
| [name](#input\_name) | The name of the repository to create/import. | `string` | n/a | yes |
+| [pages](#input\_pages) | The (Optional) configuration for GitHub Pages for the repository | object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}) | `null` | no |
| [protected\_branches](#input\_protected\_branches) | A list of ref names or patterns that should be protected. Defaults `["main"]` | `list(string)` | [
"main"
]
| no |
| [repository\_team\_permissions](#input\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have in the repository | `map(string)` | n/a | yes |
| [repository\_user\_permissions](#input\_repository\_user\_permissions) | A map where the keys are github usernames and the value is the permissions the user should have in the repository | `map(string)` | n/a | yes |
| [requires\_web\_commit\_signing](#input\_requires\_web\_commit\_signing) | If set commit signatures are required for commits to the organization. Defaults to `false`. | `bool` | `false` | no |
| [rulesets](#input\_rulesets) | n/a | map(object({
bypass_actors = optional(object({
repository_roles = optional(list(object({
role = string
always_bypass = optional(bool)
})))
teams = optional(list(object({
team = string
always_bypass = optional(bool)
})))
integrations = optional(list(object({
installation_id = number
always_bypass = optional(bool)
})))
organization_admins = optional(list(object({
user = string
always_bypass = optional(bool)
})))
}))
conditions = optional(object({
ref_name = object({
include = list(string)
exclude = list(string)
})
}))
rules = object({
branch_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
tag_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_author_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_message_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
committer_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
creation = optional(bool)
deletion = optional(bool)
update = optional(bool)
non_fast_forward = optional(bool)
required_linear_history = optional(bool)
required_signatures = optional(bool)
update_allows_fetch_and_merge = optional(bool)
pull_request = optional(object({
dismiss_stale_reviews_on_push = optional(bool)
require_code_owner_review = optional(bool)
require_last_push_approval = optional(bool)
required_approving_review_count = optional(number)
required_review_thread_resolution = optional(bool)
}))
required_status_checks = optional(object({
required_check = list(object({
context = string
integration_id = optional(number)
}))
strict_required_status_check_policy = optional(bool)
}))
required_deployment_environments = optional(list(string))
})
target = string
enforcement = string
})) | `{}` | no |
+| [squash\_merge\_commit\_message](#input\_squash\_merge\_commit\_message) | (Optional) Can be `PR_BODY`, `COMMIT_MESSAGES`, or `BLANK` for a default squash merge commit message. Applicable only if allow\_squash\_merge is `true`. | `string` | `"PR_BODY"` | no |
+| [squash\_merge\_commit\_title](#input\_squash\_merge\_commit\_title) | (Optional) Can be `PR_TITLE` or `COMMIT_OR_PR_TITLE` for a default squash merge commit title. Applicable only if allow\_squash\_merge is `true`. | `string` | `"PR_TITLE"` | no |
| [template\_repository](#input\_template\_repository) | A (Optional) list of template repositories to use for the repository | object({
owner = string
repository = string
include_all_branches = bool
}) | `null` | no |
| [topics](#input\_topics) | The topics to apply to the repository | `list(string)` | `[]` | no |
diff --git a/modules/private_repository/repository.tf b/modules/private_repository/repository.tf
index a7a4008..69f193d 100644
--- a/modules/private_repository/repository.tf
+++ b/modules/private_repository/repository.tf
@@ -23,7 +23,15 @@ module "repository_base" {
protected_branches = var.protected_branches
delete_head_on_merge = var.delete_head_on_merge
allow_auto_merge = var.allow_auto_merge
+ allow_merge_commit = var.allow_merge_commit
+ allow_rebase_merge = var.allow_rebase_merge
+ allow_squash_merge = var.allow_squash_merge
+ squash_merge_commit_message = var.squash_merge_commit_message
+ squash_merge_commit_title = var.squash_merge_commit_title
+ merge_commit_message = var.merge_commit_message
+ merge_commit_title = var.merge_commit_title
requires_web_commit_signing = var.requires_web_commit_signing
+ pages = var.pages
secret_scanning = local.enable_secret_scanning
secret_scanning_on_push = local.enable_secret_scanning
diff --git a/modules/private_repository/variables.tf b/modules/private_repository/variables.tf
index 0f8e468..186329a 100644
--- a/modules/private_repository/variables.tf
+++ b/modules/private_repository/variables.tf
@@ -115,6 +115,61 @@ variable "template_repository" {
default = null
}
+variable "pages" {
+ description = "The (Optional) configuration for GitHub Pages for the repository"
+ type = object({
+ source = optional(object({
+ branch = string
+ path = optional(string)
+ }))
+ build_type = optional(string)
+ cname = optional(string)
+ })
+ default = null
+}
+
+variable "allow_squash_merge" {
+ description = "(Optional) Set to `false` to disable squash merges on the repository."
+ type = bool
+ default = true
+}
+
+variable "allow_rebase_merge" {
+ description = "(Optional) Set to `false` to disable rebase merges on the repository."
+ type = bool
+ default = true
+}
+
+variable "allow_merge_commit" {
+ description = " (Optional) Set to `false` to disable merge commits on the repository."
+ type = bool
+ default = true
+}
+
+variable "squash_merge_commit_title" {
+ description = " (Optional) Can be `PR_TITLE` or `COMMIT_OR_PR_TITLE` for a default squash merge commit title. Applicable only if allow_squash_merge is `true`."
+ type = string
+ default = "PR_TITLE"
+}
+
+variable "squash_merge_commit_message" {
+ description = "(Optional) Can be `PR_BODY`, `COMMIT_MESSAGES`, or `BLANK` for a default squash merge commit message. Applicable only if allow_squash_merge is `true`."
+ type = string
+ default = "PR_BODY"
+}
+
+variable "merge_commit_title" {
+ description = "(Optional) Can be `PR_TITLE` or `MERGE_MESSAGE` for a default merge commit title. Applicable only if allow_merge_commit is `true`."
+ type = string
+ default = "MERGE_MESSAGE"
+}
+
+variable "merge_commit_message" {
+ description = "(Optional) Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if allow_merge_commit is `true`."
+ type = string
+ default = "PR_TITLE"
+}
+
variable "license_template" {
description = "The (Optional) license template to use for the repository"
type = string
diff --git a/modules/public_repository/README.md b/modules/public_repository/README.md
index a04baad..7a41231 100644
--- a/modules/public_repository/README.md
+++ b/modules/public_repository/README.md
@@ -26,6 +26,9 @@ No resources.
| [action\_secrets](#input\_action\_secrets) | An (Optional) map of GitHub Actions secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
| [advance\_security](#input\_advance\_security) | Enables advance security for the repository. If repository is public `advance_security` is enabled by default and cannot be changed. | `bool` | `true` | no |
| [allow\_auto\_merge](#input\_allow\_auto\_merge) | Allow auto-merging pull requests on the repository | `bool` | `true` | no |
+| [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
+| [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
+| [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
| [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of GitHub Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
| [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
| [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |
@@ -35,12 +38,17 @@ No resources.
| [environments](#input\_environments) | Environments to create for the repository. | map(object({
action_secrets = optional(map(string))
})) | `{}` | no |
| [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
| [license\_template](#input\_license\_template) | The (Optional) license template to apply to the repository | `string` | `null` | no |
+| [merge\_commit\_message](#input\_merge\_commit\_message) | (Optional) Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if allow\_merge\_commit is `true`. | `string` | `"PR_TITLE"` | no |
+| [merge\_commit\_title](#input\_merge\_commit\_title) | (Optional) Can be `PR_TITLE` or `MERGE_MESSAGE` for a default merge commit title. Applicable only if allow\_merge\_commit is `true`. | `string` | `"MERGE_MESSAGE"` | no |
| [name](#input\_name) | The name of the repository to create/import. | `string` | n/a | yes |
+| [pages](#input\_pages) | The (Optional) configuration for GitHub Pages for the repository | object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}) | `null` | no |
| [protected\_branches](#input\_protected\_branches) | A list of ref names or patterns that should be protected. Defaults `["main"]` | `list(string)` | [
"main"
]
| no |
| [repository\_team\_permissions](#input\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have in the repository | `map(string)` | n/a | yes |
| [repository\_user\_permissions](#input\_repository\_user\_permissions) | A map where the keys are github usernames and the value is the permissions the user should have in the repository | `map(string)` | n/a | yes |
| [requires\_web\_commit\_signing](#input\_requires\_web\_commit\_signing) | If set commit signatures are required for commits to the organization. Defaults to `false`. | `bool` | `false` | no |
| [rulesets](#input\_rulesets) | n/a | map(object({
bypass_actors = optional(object({
repository_roles = optional(list(object({
role = string
always_bypass = optional(bool)
})))
teams = optional(list(object({
team = string
always_bypass = optional(bool)
})))
integrations = optional(list(object({
installation_id = number
always_bypass = optional(bool)
})))
organization_admins = optional(list(object({
user = string
always_bypass = optional(bool)
})))
}))
conditions = optional(object({
ref_name = object({
include = list(string)
exclude = list(string)
})
}))
rules = object({
branch_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
tag_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_author_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_message_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
committer_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
creation = optional(bool)
deletion = optional(bool)
update = optional(bool)
non_fast_forward = optional(bool)
required_linear_history = optional(bool)
required_signatures = optional(bool)
update_allows_fetch_and_merge = optional(bool)
pull_request = optional(object({
dismiss_stale_reviews_on_push = optional(bool)
require_code_owner_review = optional(bool)
require_last_push_approval = optional(bool)
required_approving_review_count = optional(number)
required_review_thread_resolution = optional(bool)
}))
required_status_checks = optional(object({
required_check = list(object({
context = string
integration_id = optional(number)
}))
strict_required_status_check_policy = optional(bool)
}))
required_deployment_environments = optional(list(string))
})
target = string
enforcement = string
})) | `{}` | no |
+| [squash\_merge\_commit\_message](#input\_squash\_merge\_commit\_message) | (Optional) Can be `PR_BODY`, `COMMIT_MESSAGES`, or `BLANK` for a default squash merge commit message. Applicable only if allow\_squash\_merge is `true`. | `string` | `"PR_BODY"` | no |
+| [squash\_merge\_commit\_title](#input\_squash\_merge\_commit\_title) | (Optional) Can be `PR_TITLE` or `COMMIT_OR_PR_TITLE` for a default squash merge commit title. Applicable only if allow\_squash\_merge is `true`. | `string` | `"PR_TITLE"` | no |
| [template\_repository](#input\_template\_repository) | A (Optional) list of template repositories to use for the repository | object({
owner = string
repository = string
include_all_branches = bool
}) | `null` | no |
| [topics](#input\_topics) | The topics to apply to the repository | `list(string)` | `[]` | no |
diff --git a/modules/public_repository/repository.tf b/modules/public_repository/repository.tf
index 04a6aec..105e184 100644
--- a/modules/public_repository/repository.tf
+++ b/modules/public_repository/repository.tf
@@ -19,7 +19,15 @@ module "repository_base" {
protected_branches = var.protected_branches
delete_head_on_merge = var.delete_head_on_merge
allow_auto_merge = var.allow_auto_merge
+ allow_merge_commit = var.allow_merge_commit
+ allow_rebase_merge = var.allow_rebase_merge
+ allow_squash_merge = var.allow_squash_merge
+ squash_merge_commit_message = var.squash_merge_commit_message
+ squash_merge_commit_title = var.squash_merge_commit_title
+ merge_commit_message = var.merge_commit_message
+ merge_commit_title = var.merge_commit_title
requires_web_commit_signing = var.requires_web_commit_signing
+ pages = var.pages
secret_scanning = true
secret_scanning_on_push = true
diff --git a/modules/public_repository/variables.tf b/modules/public_repository/variables.tf
index 4c6195f..99b5ee7 100644
--- a/modules/public_repository/variables.tf
+++ b/modules/public_repository/variables.tf
@@ -115,6 +115,61 @@ variable "license_template" {
default = null
}
+variable "pages" {
+ description = "The (Optional) configuration for GitHub Pages for the repository"
+ type = object({
+ source = optional(object({
+ branch = string
+ path = optional(string)
+ }))
+ build_type = optional(string)
+ cname = optional(string)
+ })
+ default = null
+}
+
+variable "allow_squash_merge" {
+ description = "(Optional) Set to `false` to disable squash merges on the repository."
+ type = bool
+ default = true
+}
+
+variable "allow_rebase_merge" {
+ description = "(Optional) Set to `false` to disable rebase merges on the repository."
+ type = bool
+ default = true
+}
+
+variable "allow_merge_commit" {
+ description = " (Optional) Set to `false` to disable merge commits on the repository."
+ type = bool
+ default = true
+}
+
+variable "squash_merge_commit_title" {
+ description = " (Optional) Can be `PR_TITLE` or `COMMIT_OR_PR_TITLE` for a default squash merge commit title. Applicable only if allow_squash_merge is `true`."
+ type = string
+ default = "PR_TITLE"
+}
+
+variable "squash_merge_commit_message" {
+ description = "(Optional) Can be `PR_BODY`, `COMMIT_MESSAGES`, or `BLANK` for a default squash merge commit message. Applicable only if allow_squash_merge is `true`."
+ type = string
+ default = "PR_BODY"
+}
+
+variable "merge_commit_title" {
+ description = "(Optional) Can be `PR_TITLE` or `MERGE_MESSAGE` for a default merge commit title. Applicable only if allow_merge_commit is `true`."
+ type = string
+ default = "MERGE_MESSAGE"
+}
+
+variable "merge_commit_message" {
+ description = "(Optional) Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if allow_merge_commit is `true`."
+ type = string
+ default = "PR_TITLE"
+}
+
variable "rulesets" {
type = map(object({
bypass_actors = optional(object({
diff --git a/modules/repository_base/README.md b/modules/repository_base/README.md
index ff0ecd4..f7a186e 100644
--- a/modules/repository_base/README.md
+++ b/modules/repository_base/README.md
@@ -42,6 +42,9 @@
| [action\_secrets](#input\_action\_secrets) | An (Optional) map of GitHub Actions secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
| [advance\_security](#input\_advance\_security) | Enables advance security for the repository. If repository is public `advance_security` is enabled by default and cannot be changed. | `bool` | `true` | no |
| [allow\_auto\_merge](#input\_allow\_auto\_merge) | Allow auto-merging pull requests on the repository | `bool` | `true` | no |
+| [allow\_merge\_commit](#input\_allow\_merge\_commit) | (Optional) Set to `false` to disable merge commits on the repository. | `bool` | `true` | no |
+| [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | (Optional) Set to `false` to disable rebase merges on the repository. | `bool` | `true` | no |
+| [allow\_squash\_merge](#input\_allow\_squash\_merge) | (Optional) Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
| [codespace\_secrets](#input\_codespace\_secrets) | An (Optional) map of Github Codespace secrets to create for this repository. The key is the name of the secret and the value is the encrypted value. | `map(string)` | `{}` | no |
| [default\_branch](#input\_default\_branch) | The branch to set as the default branch for this repository. Defaults to "main" | `string` | `"main"` | no |
| [delete\_head\_on\_merge](#input\_delete\_head\_on\_merge) | Sets the delete head on merge option for the repository. If true it will delete pull request branches automatically on merge. Defaults to true | `bool` | `true` | no |
@@ -57,7 +60,10 @@
| [has\_wiki](#input\_has\_wiki) | Enables Github Wiki for the repository | `bool` | `true` | no |
| [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
| [license\_template](#input\_license\_template) | The (Optional) license template to use for the repository | `string` | `null` | no |
+| [merge\_commit\_message](#input\_merge\_commit\_message) | (Optional) Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if allow\_merge\_commit is `true`. | `string` | `"PR_TITLE"` | no |
+| [merge\_commit\_title](#input\_merge\_commit\_title) | (Optional) Can be `PR_TITLE` or `MERGE_MESSAGE` for a default merge commit title. Applicable only if allow\_merge\_commit is `true`. | `string` | `"MERGE_MESSAGE"` | no |
| [name](#input\_name) | The name of the repository to create/import. | `string` | n/a | yes |
+| [pages](#input\_pages) | The (Optional) configuration for GitHub Pages for the repository | object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}) | `null` | no |
| [protected\_branches](#input\_protected\_branches) | A list of ref names or patterns that should be protected. Setting to `[]` means no protection. Defaults `["~DEFAULT_BRANCH"]` | `list(string)` | [
"~DEFAULT_BRANCH"
]
| no |
| [repository\_team\_permissions](#input\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have in the repository | `map(string)` | n/a | yes |
| [repository\_user\_permissions](#input\_repository\_user\_permissions) | A map where the keys are github usernames and the value is the permissions the user should have in the repository | `map(string)` | n/a | yes |
@@ -65,6 +71,8 @@
| [rulesets](#input\_rulesets) | n/a | map(object({
bypass_actors = optional(object({
repository_roles = optional(list(object({
role = string
always_bypass = optional(bool)
})))
teams = optional(list(object({
team = string
always_bypass = optional(bool)
})))
integrations = optional(list(object({
installation_id = number
always_bypass = optional(bool)
})))
organization_admins = optional(list(object({
user = string
always_bypass = optional(bool)
})))
}))
conditions = optional(object({
ref_name = object({
include = list(string)
exclude = list(string)
})
}))
rules = object({
branch_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
tag_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_author_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_message_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
committer_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
creation = optional(bool)
deletion = optional(bool)
update = optional(bool)
non_fast_forward = optional(bool)
required_linear_history = optional(bool)
required_signatures = optional(bool)
update_allows_fetch_and_merge = optional(bool)
pull_request = optional(object({
dismiss_stale_reviews_on_push = optional(bool)
require_code_owner_review = optional(bool)
require_last_push_approval = optional(bool)
required_approving_review_count = optional(number)
required_review_thread_resolution = optional(bool)
}))
required_status_checks = optional(object({
required_check = list(object({
context = string
integration_id = optional(number)
}))
strict_required_status_check_policy = optional(bool)
}))
required_deployment_environments = optional(list(string))
})
target = string
enforcement = string
})) | `{}` | no |
| [secret\_scanning](#input\_secret\_scanning) | Enables secret scanning for the repository. If repository is private `advance_security` must also be enabled. | `bool` | `true` | no |
| [secret\_scanning\_on\_push](#input\_secret\_scanning\_on\_push) | Enables secret scanning push protection for the repository. If repository is private `advance_security` must also be enabled. | `bool` | `true` | no |
+| [squash\_merge\_commit\_message](#input\_squash\_merge\_commit\_message) | (Optional) Can be `PR_BODY`, `COMMIT_MESSAGES`, or `BLANK` for a default squash merge commit message. Applicable only if allow\_squash\_merge is `true`. | `string` | `"PR_BODY"` | no |
+| [squash\_merge\_commit\_title](#input\_squash\_merge\_commit\_title) | (Optional) Can be `PR_TITLE` or `COMMIT_OR_PR_TITLE` for a default squash merge commit title. Applicable only if allow\_squash\_merge is `true`. | `string` | `"PR_TITLE"` | no |
| [template\_repository](#input\_template\_repository) | A (Optional) list of template repositories to use for the repository | object({
owner = string
repository = string
include_all_branches = bool
}) | `null` | no |
| [topics](#input\_topics) | The topics to apply to the repository | `list(string)` | `[]` | no |
| [visibility](#input\_visibility) | Sets the visibility property of a repository. Defaults to "private" | `string` | `"private"` | no |
diff --git a/modules/repository_base/repository.tf b/modules/repository_base/repository.tf
index 2ca7fb8..794c705 100644
--- a/modules/repository_base/repository.tf
+++ b/modules/repository_base/repository.tf
@@ -25,6 +25,9 @@ resource "github_repository" "repository" {
homepage_url = var.homepage
delete_branch_on_merge = var.delete_head_on_merge
allow_auto_merge = var.allow_auto_merge
+ allow_squash_merge = var.allow_squash_merge
+ allow_merge_commit = var.allow_merge_commit
+ allow_rebase_merge = var.allow_rebase_merge
web_commit_signoff_required = var.requires_web_commit_signing
license_template = var.license_template
@@ -66,6 +69,20 @@ resource "github_repository" "repository" {
}
}
+ dynamic "pages" {
+ for_each = var.pages == null ? [] : [1]
+ content {
+ dynamic "source" {
+ for_each = var.pages.source == null ? [] : [1]
+ content {
+ branch = var.pages.source.branch
+ path = var.pages.source.path
+ }
+ }
+ build_type = var.pages.build_type
+ cname = var.pages.cname
+ }
+ }
}
resource "github_repository_dependabot_security_updates" "automated_security_fixes" {
diff --git a/modules/repository_base/variables.tf b/modules/repository_base/variables.tf
index 7bd1356..0aa1291 100644
--- a/modules/repository_base/variables.tf
+++ b/modules/repository_base/variables.tf
@@ -169,6 +169,81 @@ variable "license_template" {
default = null
}
+variable "pages" {
+ description = "The (Optional) configuration for GitHub Pages for the repository"
+ type = object({
+ source = optional(object({
+ branch = string
+ path = optional(string)
+ }))
+ build_type = optional(string)
+ cname = optional(string)
+ })
+ default = null
+}
+
+variable "allow_squash_merge" {
+ description = "(Optional) Set to `false` to disable squash merges on the repository."
+ type = bool
+ default = true
+}
+
+variable "allow_rebase_merge" {
+ description = "(Optional) Set to `false` to disable rebase merges on the repository."
+ type = bool
+ default = true
+}
+
+variable "allow_merge_commit" {
+ description = " (Optional) Set to `false` to disable merge commits on the repository."
+ type = bool
+ default = true
+}
+
+variable "squash_merge_commit_title" {
+ description = " (Optional) Can be `PR_TITLE` or `COMMIT_OR_PR_TITLE` for a default squash merge commit title. Applicable only if allow_squash_merge is `true`."
+ type = string
+ default = "PR_TITLE"
+
+ validation {
+ condition = var.squash_merge_commit_title == null || var.squash_merge_commit_title == "PR_TITLE" || var.squash_merge_commit_title == "COMMIT_OR_PR_TITLE"
+ error_message = "Must be `PR_TITLE` or `COMMIT_OR_PR_TITLE` for a default squash merge merge commit title"
+ }
+}
+
+variable "squash_merge_commit_message" {
+ description = "(Optional) Can be `PR_BODY`, `COMMIT_MESSAGES`, or `BLANK` for a default squash merge commit message. Applicable only if allow_squash_merge is `true`."
+ type = string
+ default = "PR_BODY"
+
+ validation {
+ condition = var.squash_merge_commit_message == null || var.squash_merge_commit_message == "PR_BODY" || var.squash_merge_commit_message == "COMMIT_MESSAGES" || var.squash_merge_commit_message == "BLANK"
+ error_message = "Must be `PR_BODY`, `COMMIT_MESSAGES`, or `BLANK` for a default squash merge commit message"
+ }
+}
+
+variable "merge_commit_title" {
+ description = "(Optional) Can be `PR_TITLE` or `MERGE_MESSAGE` for a default merge commit title. Applicable only if allow_merge_commit is `true`."
+ type = string
+ default = "MERGE_MESSAGE"
+
+ validation {
+ condition = var.merge_commit_title == null || var.merge_commit_title == "PR_TITLE" || var.merge_commit_title == "MERGE_MESSAGE"
+ error_message = "Must be `PR_TITLE` or `MERGE_MESSAGE` for a default merge commit title"
+ }
+}
+
+variable "merge_commit_message" {
+ description = "(Optional) Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. Applicable only if allow_merge_commit is `true`."
+ type = string
+ default = "PR_TITLE"
+
+ validation {
+ condition = var.merge_commit_message == null || var.merge_commit_message == "PR_BODY" || var.merge_commit_message == "PR_TITLE" || var.merge_commit_message == "BLANK"
+ error_message = "Must be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message"
+ }
+}
+
variable "rulesets" {
type = map(object({
bypass_actors = optional(object({
diff --git a/modules/repository_set/README.md b/modules/repository_set/README.md
index 5256b56..6477b43 100644
--- a/modules/repository_set/README.md
+++ b/modules/repository_set/README.md
@@ -32,8 +32,8 @@
|------|-------------|------|---------|:--------:|
| [default\_repository\_team\_permissions](#input\_default\_repository\_team\_permissions) | A map where the keys are github team slugs and the value is the permissions the team should have by default for every repository. If an entry exists in `repository_team_permissions_override` for a repository then that will take precedence over this default. Defaults to `{}` giving no team access to the repositories. | `map(string)` | `{}` | no |
| [has\_ghas\_license](#input\_has\_ghas\_license) | If the organization owning the repositories has a GitHub Advanced Security license or not. Defaults to false. | `bool` | `false` | no |
-| [private\_repositories](#input\_private\_repositories) | A map of private repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
has_vulnerability_alerts = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
allow_auto_merge = bool
requires_web_commit_signing = bool
dependabot_security_updates = bool
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
action_secrets = optional(map(string))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
})) | n/a | yes |
-| [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
allow_auto_merge = bool
dependabot_security_updates = bool
requires_web_commit_signing = bool
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
action_secrets = optional(map(string))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
})) | n/a | yes |
+| [private\_repositories](#input\_private\_repositories) | A map of private repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
has_vulnerability_alerts = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
requires_web_commit_signing = bool
dependabot_security_updates = bool
allow_auto_merge = optional(bool)
allow_squash_merge = optional(bool)
allow_rebase_merge = optional(bool)
allow_merge_commit = optional(bool)
squash_merge_commit_title = optional(string)
squash_merge_commit_message = optional(string)
merge_commit_title = optional(string)
merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
action_secrets = optional(map(string))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
pages = optional(object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}))
})) | n/a | yes |
+| [public\_repositories](#input\_public\_repositories) | A map of public repositories where the key is the repository name and the value is the configuration | map(object({
description = string
default_branch = string
protected_branches = list(string)
advance_security = bool
topics = list(string)
homepage = string
delete_head_on_merge = bool
dependabot_security_updates = bool
requires_web_commit_signing = bool
allow_auto_merge = optional(bool)
allow_squash_merge = optional(bool)
allow_rebase_merge = optional(bool)
allow_merge_commit = optional(bool)
squash_merge_commit_title = optional(string)
squash_merge_commit_message = optional(string)
merge_commit_title = optional(string)
merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
organization_codespace_secrets = optional(list(string))
organization_dependabot_secrets = optional(list(string))
action_secrets = optional(map(string))
codespace_secrets = optional(map(string))
dependabot_secrets = optional(map(string))
environments = optional(map(object({
action_secrets = optional(map(string))
})))
template_repository = optional(object({
owner = string
repository = string
include_all_branches = bool
}))
license_template = optional(string)
pages = optional(object({
source = optional(object({
branch = string
path = optional(string)
}))
build_type = optional(string)
cname = optional(string)
}))
})) | n/a | yes |
| [rulesets](#input\_rulesets) | n/a | map(object({
bypass_actors = optional(object({
repository_roles = optional(list(object({
role = string
always_bypass = optional(bool)
})))
teams = optional(list(object({
team = string
always_bypass = optional(bool)
})))
integrations = optional(list(object({
installation_id = number
always_bypass = optional(bool)
})))
organization_admins = optional(list(object({
user = string
always_bypass = optional(bool)
})))
}))
conditions = optional(object({
ref_name = object({
include = list(string)
exclude = list(string)
})
}))
rules = object({
branch_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
tag_name_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_author_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
commit_message_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
committer_email_pattern = optional(object({
operator = string
pattern = string
name = optional(string)
negate = optional(bool)
}))
creation = optional(bool)
deletion = optional(bool)
update = optional(bool)
non_fast_forward = optional(bool)
required_linear_history = optional(bool)
required_signatures = optional(bool)
update_allows_fetch_and_merge = optional(bool)
pull_request = optional(object({
dismiss_stale_reviews_on_push = optional(bool)
require_code_owner_review = optional(bool)
require_last_push_approval = optional(bool)
required_approving_review_count = optional(number)
required_review_thread_resolution = optional(bool)
}))
required_status_checks = optional(object({
required_check = list(object({
context = string
integration_id = optional(number)
}))
strict_required_status_check_policy = optional(bool)
}))
required_deployment_environments = optional(list(string))
})
target = string
enforcement = string
repositories = list(string)
})) | `{}` | no |
## Outputs
diff --git a/modules/repository_set/repositories.tf b/modules/repository_set/repositories.tf
index 78fec1f..d507dad 100644
--- a/modules/repository_set/repositories.tf
+++ b/modules/repository_set/repositories.tf
@@ -27,6 +27,13 @@ module "public_repositories" {
homepage = each.value.homepage
delete_head_on_merge = each.value.delete_head_on_merge
allow_auto_merge = each.value.allow_auto_merge
+ allow_merge_commit = each.value.allow_merge_commit
+ allow_rebase_merge = each.value.allow_rebase_merge
+ allow_squash_merge = each.value.allow_squash_merge
+ merge_commit_title = each.value.merge_commit_title
+ merge_commit_message = each.value.merge_commit_message
+ squash_merge_commit_title = each.value.squash_merge_commit_title
+ squash_merge_commit_message = each.value.squash_merge_commit_message
dependabot_security_updates = each.value.dependabot_security_updates
action_secrets = each.value.action_secrets
codespace_secrets = each.value.codespace_secrets
@@ -36,6 +43,7 @@ module "public_repositories" {
license_template = each.value.license_template
requires_web_commit_signing = each.value.requires_web_commit_signing
rulesets = lookup(local.rulesets_by_public_repository, each.key, {})
+ pages = each.value.pages
}
module "private_repositories" {
@@ -55,6 +63,13 @@ module "private_repositories" {
homepage = each.value.homepage
delete_head_on_merge = each.value.delete_head_on_merge
allow_auto_merge = each.value.allow_auto_merge
+ allow_merge_commit = each.value.allow_merge_commit
+ allow_rebase_merge = each.value.allow_rebase_merge
+ allow_squash_merge = each.value.allow_squash_merge
+ merge_commit_title = each.value.merge_commit_title
+ merge_commit_message = each.value.merge_commit_message
+ squash_merge_commit_title = each.value.squash_merge_commit_title
+ squash_merge_commit_message = each.value.squash_merge_commit_message
dependabot_security_updates = each.value.dependabot_security_updates
action_secrets = each.value.action_secrets
codespace_secrets = each.value.codespace_secrets
@@ -64,5 +79,5 @@ module "private_repositories" {
license_template = each.value.license_template
requires_web_commit_signing = each.value.requires_web_commit_signing
rulesets = lookup(local.rulesets_by_private_repository, each.key, {})
-
+ pages = each.value.pages
}
diff --git a/modules/repository_set/variables.tf b/modules/repository_set/variables.tf
index fd6bb10..a9ddee6 100644
--- a/modules/repository_set/variables.tf
+++ b/modules/repository_set/variables.tf
@@ -8,9 +8,16 @@ variable "private_repositories" {
topics = list(string)
homepage = string
delete_head_on_merge = bool
- allow_auto_merge = bool
requires_web_commit_signing = bool
dependabot_security_updates = bool
+ allow_auto_merge = optional(bool)
+ allow_squash_merge = optional(bool)
+ allow_rebase_merge = optional(bool)
+ allow_merge_commit = optional(bool)
+ squash_merge_commit_title = optional(string)
+ squash_merge_commit_message = optional(string)
+ merge_commit_title = optional(string)
+ merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
@@ -28,6 +35,14 @@ variable "private_repositories" {
include_all_branches = bool
}))
license_template = optional(string)
+ pages = optional(object({
+ source = optional(object({
+ branch = string
+ path = optional(string)
+ }))
+ build_type = optional(string)
+ cname = optional(string)
+ }))
}))
description = "A map of private repositories where the key is the repository name and the value is the configuration"
}
@@ -41,9 +56,16 @@ variable "public_repositories" {
topics = list(string)
homepage = string
delete_head_on_merge = bool
- allow_auto_merge = bool
dependabot_security_updates = bool
requires_web_commit_signing = bool
+ allow_auto_merge = optional(bool)
+ allow_squash_merge = optional(bool)
+ allow_rebase_merge = optional(bool)
+ allow_merge_commit = optional(bool)
+ squash_merge_commit_title = optional(string)
+ squash_merge_commit_message = optional(string)
+ merge_commit_title = optional(string)
+ merge_commit_message = optional(string)
repository_team_permissions_override = optional(map(string))
user_permissions = optional(map(string))
organization_action_secrets = optional(list(string))
@@ -61,6 +83,14 @@ variable "public_repositories" {
include_all_branches = bool
}))
license_template = optional(string)
+ pages = optional(object({
+ source = optional(object({
+ branch = string
+ path = optional(string)
+ }))
+ build_type = optional(string)
+ cname = optional(string)
+ }))
}))
description = "A map of public repositories where the key is the repository name and the value is the configuration"
}
diff --git a/modules/repository_set/versions.tf b/modules/repository_set/versions.tf
index 1957e13..016e0b9 100644
--- a/modules/repository_set/versions.tf
+++ b/modules/repository_set/versions.tf
@@ -6,4 +6,4 @@ terraform {
version = "~> 6.0"
}
}
-}
+}
\ No newline at end of file