{"id":26948486,"url":"https://github.com/vmvarela/terraform-github-org","last_synced_at":"2025-04-02T21:18:45.936Z","repository":{"id":283021892,"uuid":"950426387","full_name":"vmvarela/terraform-github-org","owner":"vmvarela","description":"A Terraform module for comprehensive GitHub organization management.","archived":false,"fork":false,"pushed_at":"2025-04-01T08:16:49.000Z","size":49,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-01T09:26:19.876Z","etag":null,"topics":["github-config","terraform-module"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/vmvarela/org/github","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vmvarela.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-18T06:24:43.000Z","updated_at":"2025-04-01T08:16:33.000Z","dependencies_parsed_at":"2025-03-18T07:27:44.630Z","dependency_job_id":"98c71989-cbfc-449a-a0c7-8904ae51beb9","html_url":"https://github.com/vmvarela/terraform-github-org","commit_stats":null,"previous_names":["vmvarela/terraform-github-org"],"tags_count":0,"template":false,"template_full_name":"vmvarela/template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmvarela%2Fterraform-github-org","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmvarela%2Fterraform-github-org/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmvarela%2Fterraform-github-org/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vmvarela%2Fterraform-github-org/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vmvarela","download_url":"https://codeload.github.com/vmvarela/terraform-github-org/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246892847,"owners_count":20850850,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-config","terraform-module"],"created_at":"2025-04-02T21:18:45.249Z","updated_at":"2025-04-02T21:18:45.921Z","avatar_url":"https://github.com/vmvarela.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GitHub Org Terraform module\n\nA Terraform module for comprehensive GitHub organization management. This module enables Infrastructure as Code (IaC) practices for GitHub organization administration, providing complete control over organization settings, members, teams, and security configurations.\n\nThe module offers seamless management of key organizational resources including:\n- Organization settings and profile configuration\n- Member management with role-based access control\n- Team creation and membership administration\n- GitHub Actions organization-level permissions and configuration\n- Secrets and variables management across the organization\n- Security policy enforcement and advanced security features\n- Webhook integration for organization events\n- Custom roles and permissions management\n- Organization-wide project administration\n- Repository creation templates and default settings\n\nDesigned for DevOps teams seeking to standardize GitHub organization management through code, this module supports comprehensive governance while maintaining flexibility for organization-specific requirements.\n\n\n\u003c!-- BEGIN_TF_DOCS --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.6 |\n| \u003ca name=\"requirement_github\"\u003e\u003c/a\u003e [github](#requirement\\_github) | \u003e= 6.6.0 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_github\"\u003e\u003c/a\u003e [github](#provider\\_github) | \u003e= 6.6.0 |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_sub\"\u003e\u003c/a\u003e [sub](#module\\_sub) | vmvarela/suborg/github | n/a |\n| \u003ca name=\"module_webhook\"\u003e\u003c/a\u003e [webhook](#module\\_webhook) | ./modules/webhook | n/a |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [github_actions_organization_secret.encrypted](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_secret) | resource |\n| [github_actions_organization_secret.plaintext](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_secret) | resource |\n| [github_actions_organization_variable.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_organization_variable) | resource |\n| [github_actions_runner_group.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_runner_group) | resource |\n| [github_dependabot_organization_secret.encrypted](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/dependabot_organization_secret) | resource |\n| [github_dependabot_organization_secret.plaintext](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/dependabot_organization_secret) | resource |\n| [github_organization_block.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_block) | resource |\n| [github_organization_custom_role.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_custom_role) | resource |\n| [github_organization_ruleset.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_ruleset) | resource |\n| [github_organization_settings.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/organization_settings) | resource |\n| [github_organization.this](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/organization) | data source |\n| [github_organization_teams.this](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/organization_teams) | data source |\n| [github_repositories.this](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repositories) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_billing_email\"\u003e\u003c/a\u003e [billing\\_email](#input\\_billing\\_email) | Billing email address. This address is not publicized. | `string` | n/a | yes |\n| \u003ca name=\"input_blocked\"\u003e\u003c/a\u003e [blocked](#input\\_blocked) | allows you to create and manage blocks for GitHub organizations. | `set(string)` | `null` | no |\n| \u003ca name=\"input_blog\"\u003e\u003c/a\u003e [blog](#input\\_blog) | URL of organization blog | `string` | `null` | no |\n| \u003ca name=\"input_company\"\u003e\u003c/a\u003e [company](#input\\_company) | The company name. | `string` | `null` | no |\n| \u003ca name=\"input_custom_roles\"\u003e\u003c/a\u003e [custom\\_roles](#input\\_custom\\_roles) | The list of custom roles of the organization (key: role\\_name) | \u003cpre\u003emap(object({\u003cbr/\u003e    description = optional(string)\u003cbr/\u003e    base_role   = string\u003cbr/\u003e    permissions = set(string)\u003cbr/\u003e  }))\u003c/pre\u003e | `null` | no |\n| \u003ca name=\"input_default_repository_permission\"\u003e\u003c/a\u003e [default\\_repository\\_permission](#input\\_default\\_repository\\_permission) | Default permission level members have for organization repositories. Can be one of `read`, `write`, `admin`, or `none`. | `string` | `null` | no |\n| \u003ca name=\"input_defaults\"\u003e\u003c/a\u003e [defaults](#input\\_defaults) | Repositories default configuration (if empty) | `any` | `{}` | no |\n| \u003ca name=\"input_dependabot_copy_secrets\"\u003e\u003c/a\u003e [dependabot\\_copy\\_secrets](#input\\_dependabot\\_copy\\_secrets) | If dependabot uses same repository secrets (plaintext or encrypted). Makes a copy. | `bool` | `false` | no |\n| \u003ca name=\"input_dependabot_secrets\"\u003e\u003c/a\u003e [dependabot\\_secrets](#input\\_dependabot\\_secrets) | The list of dependabot secrets configuration of the organization (key: secret\\_name) | \u003cpre\u003emap(object({\u003cbr/\u003e    encrypted_value = optional(string, null)\u003cbr/\u003e    plaintext_value = optional(string, null)\u003cbr/\u003e    visibility      = optional(string, null)\u003cbr/\u003e    repositories    = optional(set(string), [])\u003cbr/\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_dependabot_secrets_encrypted\"\u003e\u003c/a\u003e [dependabot\\_secrets\\_encrypted](#input\\_dependabot\\_secrets\\_encrypted) | The list of dependabot secrets configuration of the organization (key: secret\\_name) | \u003cpre\u003emap(object({\u003cbr/\u003e    encrypted_value = optional(string, null)\u003cbr/\u003e    plaintext_value = optional(string, null)\u003cbr/\u003e    visibility      = optional(string, null)\u003cbr/\u003e    repositories    = optional(set(string), [])\u003cbr/\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_description\"\u003e\u003c/a\u003e [description](#input\\_description) | The description of the company. The maximum size is 160 characters. | `string` | `null` | no |\n| \u003ca name=\"input_email\"\u003e\u003c/a\u003e [email](#input\\_email) | The publicly visible email address. | `string` | `null` | no |\n| \u003ca name=\"input_enable_advanced_security\"\u003e\u003c/a\u003e [enable\\_advanced\\_security](#input\\_enable\\_advanced\\_security) | Use to enable or disable GitHub Advanced Security for new repositories. | `bool` | `null` | no |\n| \u003ca name=\"input_enable_dependabot_security_updates\"\u003e\u003c/a\u003e [enable\\_dependabot\\_security\\_updates](#input\\_enable\\_dependabot\\_security\\_updates) | Set to `true` to enable the automated security fixes for new repositories. | `bool` | `null` | no |\n| \u003ca name=\"input_enable_secret_scanning\"\u003e\u003c/a\u003e [enable\\_secret\\_scanning](#input\\_enable\\_secret\\_scanning) | Use to enable or disable secret scanning for new repositories. | `bool` | `null` | no |\n| \u003ca name=\"input_enable_secret_scanning_push_protection\"\u003e\u003c/a\u003e [enable\\_secret\\_scanning\\_push\\_protection](#input\\_enable\\_secret\\_scanning\\_push\\_protection) | Use to enable or disable secret scanning push protection for new repositories. If set to `true`, the repository's visibility must be `public` or `enable_advanced_security` must also be `true`. | `bool` | `null` | no |\n| \u003ca name=\"input_enable_vulnerability_alerts\"\u003e\u003c/a\u003e [enable\\_vulnerability\\_alerts](#input\\_enable\\_vulnerability\\_alerts) | Either `true` to enable vulnerability alerts, or `false` to disable vulnerability alerts for new repositories. | `bool` | `null` | no |\n| \u003ca name=\"input_enterprise\"\u003e\u003c/a\u003e [enterprise](#input\\_enterprise) | True if the organization is associated with an enterprise account. | `bool` | `false` | no |\n| \u003ca name=\"input_has_organization_projects\"\u003e\u003c/a\u003e [has\\_organization\\_projects](#input\\_has\\_organization\\_projects) | Whether an organization can use organization projects. | `bool` | `null` | no |\n| \u003ca name=\"input_has_repository_projects\"\u003e\u003c/a\u003e [has\\_repository\\_projects](#input\\_has\\_repository\\_projects) | Whether repositories that belong to the organization can use repository projects. | `bool` | `null` | no |\n| \u003ca name=\"input_location\"\u003e\u003c/a\u003e [location](#input\\_location) | The location. | `string` | `null` | no |\n| \u003ca name=\"input_members_can_create_internal_repositories\"\u003e\u003c/a\u003e [members\\_can\\_create\\_internal\\_repositories](#input\\_members\\_can\\_create\\_internal\\_repositories) | Whether organization members can create internal repositories, which are visible to all enterprise members. You can only allow members to create internal repositories if your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+. | `bool` | `null` | no |\n| \u003ca name=\"input_members_can_create_pages\"\u003e\u003c/a\u003e [members\\_can\\_create\\_pages](#input\\_members\\_can\\_create\\_pages) | Whether organization members can create GitHub Pages sites. Existing published sites will not be impacted. | `bool` | `null` | no |\n| \u003ca name=\"input_members_can_create_private_pages\"\u003e\u003c/a\u003e [members\\_can\\_create\\_private\\_pages](#input\\_members\\_can\\_create\\_private\\_pages) | Whether organization members can create private GitHub Pages sites. Existing published sites will not be impacted. | `bool` | `null` | no |\n| \u003ca name=\"input_members_can_create_private_repositories\"\u003e\u003c/a\u003e [members\\_can\\_create\\_private\\_repositories](#input\\_members\\_can\\_create\\_private\\_repositories) | Whether organization members can create private repositories, which are visible to organization members with permission. | `bool` | `null` | no |\n| \u003ca name=\"input_members_can_create_public_pages\"\u003e\u003c/a\u003e [members\\_can\\_create\\_public\\_pages](#input\\_members\\_can\\_create\\_public\\_pages) | Whether organization members can create public GitHub Pages sites. Existing published sites will not be impacted. | `bool` | `null` | no |\n| \u003ca name=\"input_members_can_create_public_repositories\"\u003e\u003c/a\u003e [members\\_can\\_create\\_public\\_repositories](#input\\_members\\_can\\_create\\_public\\_repositories) | Whether organization members can create public repositories, which are visible to anyone. | `bool` | `null` | no |\n| \u003ca name=\"input_members_can_create_repositories\"\u003e\u003c/a\u003e [members\\_can\\_create\\_repositories](#input\\_members\\_can\\_create\\_repositories) | Whether of non-admin organization members can create repositories. | `bool` | `null` | no |\n| \u003ca name=\"input_members_can_fork_private_repositories\"\u003e\u003c/a\u003e [members\\_can\\_fork\\_private\\_repositories](#input\\_members\\_can\\_fork\\_private\\_repositories) | Whether organization members can fork private organization repositories. | `bool` | `null` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | The shorthand name of the company. | `string` | `null` | no |\n| \u003ca name=\"input_organization\"\u003e\u003c/a\u003e [organization](#input\\_organization) | Org name. | `string` | `null` | no |\n| \u003ca name=\"input_repositories\"\u003e\u003c/a\u003e [repositories](#input\\_repositories) | Repositories | `any` | `{}` | no |\n| \u003ca name=\"input_rulesets\"\u003e\u003c/a\u003e [rulesets](#input\\_rulesets) | Organization rules | \u003cpre\u003emap(object({\u003cbr/\u003e    enforcement = optional(string, \"active\")\u003cbr/\u003e    rules = optional(object({\u003cbr/\u003e      branch_name_pattern = optional(object({\u003cbr/\u003e        operator = optional(string)\u003cbr/\u003e        pattern  = optional(string)\u003cbr/\u003e        name     = optional(string)\u003cbr/\u003e        negate   = optional(bool)\u003cbr/\u003e      }))\u003cbr/\u003e      commit_author_email_pattern = optional(object({\u003cbr/\u003e        operator = optional(string)\u003cbr/\u003e        pattern  = optional(string)\u003cbr/\u003e        name     = optional(string)\u003cbr/\u003e        negate   = optional(bool)\u003cbr/\u003e      }))\u003cbr/\u003e      commit_message_pattern = optional(object({\u003cbr/\u003e        operator = optional(string)\u003cbr/\u003e        pattern  = optional(string)\u003cbr/\u003e        name     = optional(string)\u003cbr/\u003e        negate   = optional(bool)\u003cbr/\u003e      }))\u003cbr/\u003e      committer_email_pattern = optional(object({\u003cbr/\u003e        operator = optional(string)\u003cbr/\u003e        pattern  = optional(string)\u003cbr/\u003e        name     = optional(string)\u003cbr/\u003e        negate   = optional(bool)\u003cbr/\u003e      }))\u003cbr/\u003e      creation         = optional(bool)\u003cbr/\u003e      deletion         = optional(bool)\u003cbr/\u003e      non_fast_forward = optional(bool)\u003cbr/\u003e      pull_request = optional(object({\u003cbr/\u003e        dismiss_stale_reviews_on_push     = optional(bool)\u003cbr/\u003e        require_code_owner_review         = optional(bool)\u003cbr/\u003e        require_last_push_approval        = optional(bool)\u003cbr/\u003e        required_approving_review_count   = optional(number)\u003cbr/\u003e        required_review_thread_resolution = optional(bool)\u003cbr/\u003e      }))\u003cbr/\u003e      required_workflows = optional(list(object({\u003cbr/\u003e        repository = string\u003cbr/\u003e        path       = string\u003cbr/\u003e        ref        = optional(string)\u003cbr/\u003e      })))\u003cbr/\u003e      required_linear_history              = optional(bool)\u003cbr/\u003e      required_signatures                  = optional(bool)\u003cbr/\u003e      required_status_checks               = optional(map(string))\u003cbr/\u003e      strict_required_status_checks_policy = optional(bool)\u003cbr/\u003e      tag_name_pattern = optional(object({\u003cbr/\u003e        operator = optional(string)\u003cbr/\u003e        pattern  = optional(string)\u003cbr/\u003e        name     = optional(string)\u003cbr/\u003e        negate   = optional(bool)\u003cbr/\u003e      }))\u003cbr/\u003e      update = optional(bool)\u003cbr/\u003e    }))\u003cbr/\u003e    target = optional(string, \"branch\")\u003cbr/\u003e    bypass_actors = optional(map(object({\u003cbr/\u003e      actor_type  = string\u003cbr/\u003e      bypass_mode = string\u003cbr/\u003e    })))\u003cbr/\u003e    include      = optional(list(string), [])\u003cbr/\u003e    exclude      = optional(list(string), [])\u003cbr/\u003e    repositories = optional(list(string))\u003cbr/\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_runner_groups\"\u003e\u003c/a\u003e [runner\\_groups](#input\\_runner\\_groups) | The list of runner groups of the organization (key: runner\\_group\\_name) | \u003cpre\u003emap(object({\u003cbr/\u003e    visibility                = optional(string, null)\u003cbr/\u003e    workflows                 = optional(set(string))\u003cbr/\u003e    repositories              = optional(set(string), [])\u003cbr/\u003e    allow_public_repositories = optional(bool)\u003cbr/\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_secrets\"\u003e\u003c/a\u003e [secrets](#input\\_secrets) | The list of secrets configuration of the organization (key: secret\\_name) | \u003cpre\u003emap(object({\u003cbr/\u003e    encrypted_value = optional(string, null)\u003cbr/\u003e    plaintext_value = optional(string, null)\u003cbr/\u003e    visibility      = optional(string, null)\u003cbr/\u003e    repositories    = optional(set(string), [])\u003cbr/\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_secrets_encrypted\"\u003e\u003c/a\u003e [secrets\\_encrypted](#input\\_secrets\\_encrypted) | The list of secrets configuration of the organization (key: secret\\_name) | \u003cpre\u003emap(object({\u003cbr/\u003e    encrypted_value = optional(string, null)\u003cbr/\u003e    plaintext_value = optional(string, null)\u003cbr/\u003e    visibility      = optional(string, null)\u003cbr/\u003e    repositories    = optional(set(string), [])\u003cbr/\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_settings\"\u003e\u003c/a\u003e [settings](#input\\_settings) | Repositories fixed common configuration (cannot be overwritten) | `any` | `{}` | no |\n| \u003ca name=\"input_twitter_username\"\u003e\u003c/a\u003e [twitter\\_username](#input\\_twitter\\_username) | The Twitter username of the company. | `string` | `null` | no |\n| \u003ca name=\"input_variables\"\u003e\u003c/a\u003e [variables](#input\\_variables) | The list of variables configuration of the organization (key: variable\\_name) | \u003cpre\u003emap(object({\u003cbr/\u003e    value        = optional(string, null)\u003cbr/\u003e    visibility   = optional(string, null)\u003cbr/\u003e    repositories = optional(set(string), [])\u003cbr/\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_web_commit_signoff_required\"\u003e\u003c/a\u003e [web\\_commit\\_signoff\\_required](#input\\_web\\_commit\\_signoff\\_required) | Whether contributors to organization repositories are required to sign off on commits they make through GitHub's web interface. | `bool` | `null` | no |\n| \u003ca name=\"input_webhooks\"\u003e\u003c/a\u003e [webhooks](#input\\_webhooks) | The list of webhooks of the organization. See webhook sub-module for details. | `any` | `{}` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_id\"\u003e\u003c/a\u003e [id](#output\\_id) | Github Organization ID |\n| \u003ca name=\"output_organization\"\u003e\u003c/a\u003e [organization](#output\\_organization) | Organization data |\n| \u003ca name=\"output_repositories\"\u003e\u003c/a\u003e [repositories](#output\\_repositories) | All repository IDs |\n| \u003ca name=\"output_teams\"\u003e\u003c/a\u003e [teams](#output\\_teams) | Team data |\n\u003c!-- END_TF_DOCS --\u003e\n\n## Authors\n\nModule is maintained by [Victor M. Varela](https://github.com/vmvarela).\n\n## License\n\nApache 2 Licensed. See [LICENSE](https://github.com/vmvarela/terraform-github-org/tree/master/LICENSE) for full details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmvarela%2Fterraform-github-org","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvmvarela%2Fterraform-github-org","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvmvarela%2Fterraform-github-org/lists"}