From 01395496870a5857b8d02ed01dfc8e2eb1e89a8e Mon Sep 17 00:00:00 2001
From: Ben Zarboni <ben.zarboni@focisolutions.com>
Date: Thu, 29 Feb 2024 17:05:19 -0500
Subject: [PATCH 1/2] Protect the  by default

---
 modules/repository_base/repository.tf | 2 +-
 modules/repository_base/variables.tf  | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/repository_base/repository.tf b/modules/repository_base/repository.tf
index 08c7df1..bedc2e1 100644
--- a/modules/repository_base/repository.tf
+++ b/modules/repository_base/repository.tf
@@ -74,7 +74,7 @@ resource "github_repository_ruleset" "protected_branch_base_rules" {
   conditions {
     ref_name {
       exclude = []
-      include = toset(concat(["~DEFAULT_BRANCH"], local.protected_branches_refs))
+      include = toset(local.protected_branches_refs)
     }
   }
 }
diff --git a/modules/repository_base/variables.tf b/modules/repository_base/variables.tf
index 0907e73..6ebaa59 100644
--- a/modules/repository_base/variables.tf
+++ b/modules/repository_base/variables.tf
@@ -22,8 +22,8 @@ variable "repository_team_permissions" {
 
 variable "protected_branches" {
   type        = list(string)
-  description = "A list of ref names or patterns that should be protected. Defaults `[\"main\"]`"
-  default     = ["main"]
+  description = "A list of ref names or patterns that should be protected. Setting to `[]` means no protection. Defaults `[\"~DEFAULT_BRANCH\"]`"
+  default     = ["~DEFAULT_BRANCH"]
 }
 
 variable "has_downloads" {

From dbcdfdbdb8f7ff02b86850a8c29f00ec04ebaf61 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Thu, 29 Feb 2024 22:06:16 +0000
Subject: [PATCH 2/2] terraform-docs: automated action

---
 modules/repository_base/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/repository_base/README.md b/modules/repository_base/README.md
index b7fd73e..96c38e6 100644
--- a/modules/repository_base/README.md
+++ b/modules/repository_base/README.md
@@ -43,7 +43,7 @@ No modules.
 | <a name="input_has_wiki"></a> [has\_wiki](#input\_has\_wiki) | Enables Github Wiki for the repository | `bool` | `true` | no |
 | <a name="input_homepage"></a> [homepage](#input\_homepage) | The homepage for the repository | `string` | `""` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name of the repository to create/import. | `string` | n/a | yes |
-| <a name="input_protected_branches"></a> [protected\_branches](#input\_protected\_branches) | A list of ref names or patterns that should be protected. Defaults `["main"]` | `list(string)` | <pre>[<br>  "main"<br>]</pre> | no |
+| <a name="input_protected_branches"></a> [protected\_branches](#input\_protected\_branches) | A list of ref names or patterns that should be protected. Setting to `[]` means no protection. Defaults `["~DEFAULT_BRANCH"]` | `list(string)` | <pre>[<br>  "~DEFAULT_BRANCH"<br>]</pre> | no |
 | <a name="input_repository_team_permissions"></a> [repository\_team\_permissions](#input\_repository\_team\_permissions) | A map where the keys are github team ids and the value is the permissions the team should have in the repository | `map(string)` | n/a | yes |
 | <a name="input_secret_scanning"></a> [secret\_scanning](#input\_secret\_scanning) | Enables secret scanning for the repository. If repository is private `advance_security` must also be enabled. | `bool` | `true` | no |
 | <a name="input_secret_scanning_on_push"></a> [secret\_scanning\_on\_push](#input\_secret\_scanning\_on\_push) | Enables secret scanning push protection for the repository. If repository is private `advance_security` must also be enabled. | `bool` | `true` | no |