https://github.com/flaconi/terraform-github-repository
Terraform module for maintaining Github repo's
https://github.com/flaconi/terraform-github-repository
github terraform terraform-module
Last synced: about 1 month ago
JSON representation
Terraform module for maintaining Github repo's
- Host: GitHub
- URL: https://github.com/flaconi/terraform-github-repository
- Owner: Flaconi
- License: mit
- Created: 2019-02-20T14:44:14.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2026-04-16T09:18:18.000Z (2 months ago)
- Last Synced: 2026-04-16T11:19:57.079Z (2 months ago)
- Topics: github, terraform, terraform-module
- Language: HCL
- Homepage:
- Size: 113 KB
- Stars: 1
- Watchers: 11
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# GitHub Repository Module
[](https://github.com/flaconi/terraform-github-repository/actions?query=workflow%3Alinting)
[](https://github.com/flaconi/terraform-github-repository/actions?query=workflow%3Atesting)
[](https://github.com/Flaconi/terraform-github-repository/releases)
[](https://registry.terraform.io/modules/Flaconi/repository/github/)
[](http://opensource.org/licenses/MIT)
This Terraform module manages GitHub repositories.
## Example Usage
### Create private repository
```hcl
module "my_pets_website_repo" {
source = "github.com/flaconi/terraform-github-repository.git?ref=master"
name = "my-pets-website"
description = "My pets codebase."
visibility = "private"
gitignore_template = "Node"
default_branch_protection_enabled = false
}
```
### Create public (e.g. open source) repository
```hcl
module "terraform_my_pets_repo" {
source = "github.com/flaconi/terraform-github-repository.git?ref=master"
namespace = "terraform"
tenant = "my"
name = "pets"
description = "Terraform configuration for my pets."
visibility = "public"
gitignore_template = "Terraform"
license_template = "mit"
}
```
### Add collaborators and teams
```hcl
data "github_team" "developers" {
slug = "developers"
}
module "example_repo" {
source = "github.com/flaconi/terraform-github-repository.git?ref=master"
name = "example"
description = "My example codebase"
visibility = "private"
teams = [
{
name = "security"
permisson = "admin"
},
{
# Specify Team ID to use external data source
id = data.github_team.developers.id
name = "developers"
permission = "push"
}
]
}
```
### Set branch protection options
```hcl
module "example_repo" {
source = "github.com/flaconi/terraform-github-repository.git?ref=master"
name = "example"
description = "My example codebase"
visibility = "private"
# Overwrite some settings for default branch
default_branch_protection = {
required_status_checks = {
contexts = ["ci/travis"]
}
required_pull_request_reviews = {
dismiss_stale_reviews = true
dismissal_restrictions = ["team1","team2"]
}
}
}
```
### Add issue labels
```hcl
module "example_repo" {
source = "github.com/flaconi/terraform-github-repository.git?ref=master"
name = "example"
description = "My example codebase"
visibility = "private"
default_branch_protection_enabled = false
issue_labels = [
{
name = "bug"
color = "d73a4a"
description = "This is a bug."
},
{
name = "wontfix"
color = "ffffff"
description = null
},
]
}
```
## Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.3 |
| [github](#requirement\_github) | ~> 6.11 |
## Providers
| Name | Version |
|------|---------|
| [github](#provider\_github) | ~> 6.11 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [label](#module\_label) | github.com/cloudposse/terraform-null-label.git | 0.25.0 |
## Resources
| Name | Type |
|------|------|
| [github_actions_environment_secret.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_environment_secret) | resource |
| [github_actions_repository_access_level.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_repository_access_level) | resource |
| [github_actions_secret.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret) | resource |
| [github_branch_default.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_default) | resource |
| [github_branch_protection.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_protection) | resource |
| [github_dependabot_secret.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/dependabot_secret) | resource |
| [github_issue_label.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/issue_label) | resource |
| [github_repository.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository) | resource |
| [github_repository_collaborator.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_collaborator) | resource |
| [github_repository_deploy_key.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_deploy_key) | resource |
| [github_repository_environment.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_environment) | resource |
| [github_repository_ruleset.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_ruleset) | resource |
| [github_repository_webhook.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_webhook) | resource |
| [github_team_repository.this](https://registry.terraform.io/providers/integrations/github/latest/docs/resources/team_repository) | resource |
| [github_team.this](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/team) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [name](#input\_name) | The name of the repository. | `string` | n/a | yes |
| [actions\_repository\_access\_level](#input\_actions\_repository\_access\_level) | This resource allows you to set the access level of a non-public repositories actions and reusable workflows for use in other repositories. | `string` | `null` | no |
| [allow\_auto\_merge](#input\_allow\_auto\_merge) | Set to `true` to allow auto-merging pull requests on the repository. | `bool` | `false` | no |
| [allow\_merge\_commit](#input\_allow\_merge\_commit) | Set to `false` to disable merge commits on the repository. | `bool` | `false` | no |
| [allow\_rebase\_merge](#input\_allow\_rebase\_merge) | Set to `false` to disable rebase merges on the repository. | `bool` | `false` | no |
| [allow\_squash\_merge](#input\_allow\_squash\_merge) | Set to `false` to disable squash merges on the repository. | `bool` | `true` | no |
| [allow\_update\_branch](#input\_allow\_update\_branch) | Set to `true` to always suggest updating pull request branches. | `bool` | `false` | no |
| [archive\_on\_destroy](#input\_archive\_on\_destroy) | Set to `true` to archive the repository instead of deleting on destroy. | `bool` | `false` | no |
| [archived](#input\_archived) | Specifies if the repository should be archived. | `bool` | `false` | no |
| [attributes](#input\_attributes) | Additional attributes (e.g. `policy` or `role`) | `list(string)` | `[]` | no |
| [auto\_init](#input\_auto\_init) | Meaningful only during create; set to `true` to produce an initial commit in the repository. | `bool` | `true` | no |
| [bot\_secrets](#input\_bot\_secrets) | Repository dependabot secrets. |
map(object({
encrypted_value = optional(string)
plaintext_value = optional(string)
})) | `{}` | no |
| [branch\_protection](#input\_branch\_protection) | Branch protection settings. Use to set protection rules for branches different to default branch. | map(object({
enforce_admins = optional(bool, true)
allows_deletions = optional(bool, false)
allows_force_pushes = optional(bool, false)
require_signed_commits = optional(bool, true)
required_linear_history = optional(bool, false)
require_conversation_resolution = optional(bool, false)
restrict_pushes = optional(object({
blocks_creations = optional(bool, false)
push_allowances = optional(list(string), [])
}), {})
required_status_enabled = optional(bool, true)
required_status_checks = optional(object({
strict = optional(bool, true)
contexts = optional(list(string), [])
}), {})
required_pull_request_enabled = optional(bool, true)
required_pull_request_reviews = optional(object({
dismiss_stale_reviews = optional(bool, true)
restrict_dismissals = optional(bool, false)
dismissal_restrictions = optional(list(string), [])
pull_request_bypassers = optional(list(string), [])
require_code_owner_reviews = optional(bool, true)
required_approving_review_count = optional(number, 1)
}), {})
})) | `{}` | no |
| [collaborators](#input\_collaborators) | Map of users with permissions. | `map(string)` | `{}` | no |
| [default\_branch](#input\_default\_branch) | The repository's default branch. The branch should exist prio to apply. | `string` | `"main"` | no |
| [default\_branch\_protection](#input\_default\_branch\_protection) | Default branch protection settings. | object({
enforce_admins = optional(bool, true)
allows_deletions = optional(bool, false)
allows_force_pushes = optional(bool, false)
require_signed_commits = optional(bool, true)
required_linear_history = optional(bool, false)
require_conversation_resolution = optional(bool, false)
restrict_pushes = optional(object({
blocks_creations = optional(bool, false)
push_allowances = optional(list(string), [])
}), {})
required_status_enabled = optional(bool, true)
required_status_checks = optional(object({
strict = optional(bool, true)
contexts = optional(list(string), [])
}), {})
required_pull_request_enabled = optional(bool, true)
required_pull_request_reviews = optional(object({
dismiss_stale_reviews = optional(bool, true)
restrict_dismissals = optional(bool, false)
dismissal_restrictions = optional(list(string), [])
pull_request_bypassers = optional(list(string), [])
require_code_owner_reviews = optional(bool, true)
required_approving_review_count = optional(number, 1)
}), {})
}) | `{}` | no |
| [default\_branch\_protection\_enabled](#input\_default\_branch\_protection\_enabled) | Set to `false` if you want to disable branch protection for default branch | `bool` | `true` | no |
| [delete\_branch\_on\_merge](#input\_delete\_branch\_on\_merge) | Automatically delete head branch after a pull request is merged. | `bool` | `true` | no |
| [delimiter](#input\_delimiter) | Delimiter to be used between `name`, `namespace`, `tenant`, etc. | `string` | `"-"` | no |
| [deploy\_keys](#input\_deploy\_keys) | List of deploy keys configurations. | list(object({
title = string
key = string
read_only = bool
})) | `[]` | no |
| [description](#input\_description) | A description of the repository. | `string` | `""` | no |
| [environments](#input\_environments) | Repository environments. | map(object({
reviewers = optional(object({
teams = optional(list(string), [])
users = optional(list(string), [])
}))
branch_policy = optional(object({
protected_branches = optional(bool, false)
custom_branch_policies = optional(bool, false)
}))
secrets = optional(map(object({
encrypted_value = optional(string)
plaintext_value = optional(string)
})))
})) | `{}` | no |
| [fork](#input\_fork) | Create a fork of another repository. | object({
owner = string
repository = string
}) | `null` | no |
| [gitignore\_template](#input\_gitignore\_template) | Meaningful only during create, will be ignored after repository creation. Use the name of the template without the extension. For example, "Terraform". | `string` | `""` | no |
| [has\_issues](#input\_has\_issues) | Set to `false` to disable the GitHub Issues features on the repository. | `bool` | `true` | no |
| [has\_projects](#input\_has\_projects) | Set to `true` to enable the GitHub Projects features on the repository. | `bool` | `false` | no |
| [has\_wiki](#input\_has\_wiki) | Set to `true` to enable the GitHub Wiki features on the repository. | `bool` | `false` | no |
| [homepage\_url](#input\_homepage\_url) | URL of a page describing the project. | `string` | `""` | no |
| [is\_template](#input\_is\_template) | Set to `true` to tell GitHub that this is a template repository. | `bool` | `false` | no |
| [issue\_labels](#input\_issue\_labels) | List of issue labels on the repository. | list(object({
name = string
color = string
description = string
})) | `[]` | no |
| [license\_template](#input\_license\_template) | Meaningful only during create, will be ignored after repository creation. Use the name of the template without the extension. For example, "Terraform". | `string` | `""` | no |
| [merge\_commit\_message](#input\_merge\_commit\_message) | Can be `PR_BODY`, `PR_TITLE`, or `BLANK` for a default merge commit message. | `string` | `"PR_TITLE"` | no |
| [merge\_commit\_title](#input\_merge\_commit\_title) | Can be `PR_TITLE` or `MERGE_MESSAGE` for a default merge commit title. | `string` | `"MERGE_MESSAGE"` | no |
| [namespace](#input\_namespace) | Namespace, e.g. `terraform`, `product`, `mobile` etc. | `string` | `null` | no |
| [pages](#input\_pages) | The repository's GitHub Pages configuration. | object({
build_type = optional(string, "legacy")
source = optional(object({
branch = string
path = string
}))
}) | `null` | no |
| [rulesets](#input\_rulesets) | n/a | map(object({
required_linear_history = optional(bool, true)
deletion = optional(bool, true)
creation = optional(bool, true)
update = optional(bool, false)
target = optional(string, "branch")
enforcement = optional(string, "active")
includes = optional(list(string), ["~DEFAULT_BRANCH"])
excludes = optional(list(string), [])
non_fast_forward = optional(bool, true)
required_signatures = optional(bool, true)
bypass_actors = optional(map(object({
actor_id = number
actor_type = string
bypass_mode = optional(string, "always")
})), {})
pull_request = optional(object({
enabled = optional(bool, true)
dismiss_stale_reviews_on_push = optional(bool, true)
require_code_owner_review = optional(bool, true)
required_approving_review_count = optional(number, 1)
required_review_thread_resolution = optional(bool, true)
require_last_push_approval = optional(bool, true)
}), {})
required_status_checks = optional(object({
enabled = optional(bool, true)
strict_required_status_checks_policy = optional(bool, false)
contexts = optional(list(object({
integration_id = optional(number, 0)
context = string
})), [])
}))
})) | `{}` | no |
| [secrets](#input\_secrets) | Repository secrets. | map(object({
encrypted_value = optional(string)
plaintext_value = optional(string)
})) | `{}` | no |
| [squash\_merge\_commit\_message](#input\_squash\_merge\_commit\_message) | Can be `PR_BODY`, `COMMIT_MESSAGES`, or `BLANK` for a default squash merge commit message. | `string` | `"COMMIT_MESSAGES"` | no |
| [squash\_merge\_commit\_title](#input\_squash\_merge\_commit\_title) | Can be `PR_TITLE` or `COMMIT_OR_PR_TITLE` for a default squash merge commit title. | `string` | `"COMMIT_OR_PR_TITLE"` | no |
| [tags](#input\_tags) | Additional tags (e.g. `map('BusinessUnit','XYZ')`) | `map(string)` | `{}` | no |
| [teams](#input\_teams) | List of teams with permissions. Specify Team ID to avoid additional requests to GitHub API. | list(object({
id = optional(string)
name = string
permission = string
})) | `[]` | no |
| [template](#input\_template) | Use a template repository to create this repository. | object({
owner = string
repository = string
}) | `null` | no |
| [tenant](#input\_tenant) | A customer identifier, indicating who this instance of a resource is for. Could be used for application grouping. | `string` | `null` | no |
| [topics](#input\_topics) | A list of topics to add to the repository. | `list(string)` | `[]` | no |
| [use\_fullname](#input\_use\_fullname) | Set 'true' to use `namespace-tenant-name` for github repository name, else `name` | `bool` | `true` | no |
| [visibility](#input\_visibility) | Set to `public` to create a public (e.g. open source) repository. | `string` | `"private"` | no |
| [vulnerability\_alerts](#input\_vulnerability\_alerts) | Set to `true` to enable security alerts for vulnerable dependencies. Enabling requires alerts to be enabled on the owner level. | `bool` | `false` | no |
| [webhooks](#input\_webhooks) | List of webhook configurations. | list(object({
ident = string # some unique string to identify this webhook
active = optional(bool, true)
events = list(string)
configuration = object({
url = string
content_type = string
secret = optional(string)
insecure_ssl = optional(bool, false)
})
})) | `[]` | no |
## Outputs
| Name | Description |
|------|-------------|
| [dependabot\_secrets](#output\_dependabot\_secrets) | A map of dependabot secret names |
| [environments](#output\_environments) | A list of created environments |
| [environments\_secrets](#output\_environments\_secrets) | A map of environment secret names |
| [repository](#output\_repository) | Created repository |
| [repository\_branch\_protection](#output\_repository\_branch\_protection) | Default branch protection settings |
| [repository\_secrets](#output\_repository\_secrets) | A map of create secret names |
| [repository\_webhook\_urls](#output\_repository\_webhook\_urls) | Webhook URLs |
## License
[MIT](LICENSE)
Copyright (c) 2019-2022 [Flaconi GmbH](https://github.com/Flaconi)