diff --git a/modules/branch-protection/main.tf b/modules/branch-protection/main.tf index 5cd7041..9c42105 100644 --- a/modules/branch-protection/main.tf +++ b/modules/branch-protection/main.tf @@ -18,11 +18,17 @@ terraform { # --------------------------------------------------------------------------------------------------------------------- resource "github_branch_protection" "branch_protection_rule" { - repository_id = var.repository_id - pattern = var.pattern - enforce_admins = var.enforce_admins - require_signed_commits = var.require_signed_commits - push_restrictions = var.push_restrictions + repository_id = var.repository_id + pattern = var.pattern + enforce_admins = var.enforce_admins + require_signed_commits = var.require_signed_commits + push_restrictions = var.push_restrictions + allows_deletions = var.allows_deletions + blocks_creations = var.blocks_creations + allows_force_pushes = var.allows_force_pushes + lock_branch = var.lock_branch + required_linear_history = var.require_linear_history + require_conversation_resolution = var.require_conversation_resolution required_status_checks { strict = var.strict @@ -34,5 +40,7 @@ resource "github_branch_protection" "branch_protection_rule" { require_code_owner_reviews = var.require_code_owner_reviews dismissal_restrictions = var.review_dismissal_restrictions required_approving_review_count = var.required_approving_review_count + pull_request_bypassers = var.pull_request_bypassers + require_last_push_approval = var.require_last_push_approval } } diff --git a/modules/branch-protection/variables.tf b/modules/branch-protection/variables.tf index fe62692..933f657 100644 --- a/modules/branch-protection/variables.tf +++ b/modules/branch-protection/variables.tf @@ -52,12 +52,49 @@ variable "require_signed_commits" { default = true } +variable "require_linear_history" { + description = "Setting this to `true` enforces a linear commit Git history, which prevents anyone from pushing merge commits to a branch." + type = bool + default = false +} + +variable "require_conversation_resolution" { + description = "Setting this to `true` requires all conversations on code must be resolved before a pull request can be merged." + type = bool + default = true +} + variable "push_restrictions" { description = "A list of actor IDs that are explicitly permitted to push to the branch. Admins have this capability if `enforce_admins` is false." type = set(string) default = [] } +variable "allows_deletions" { + description = "Setting this to `true` allows the branch to be deleted." + type = bool + default = false +} + +variable "blocks_creations" { + description = "Setting this to `true` will prevent creation of the branch." + type = bool + default = false +} + +variable "allows_force_pushes" { + description = "Setting this to `true` allows the branch to accept for pushes." + type = bool + default = true +} + +variable "lock_branch" { + description = "Setting this to `true` will make the branch read-only and prevent any pushes to it." + type = bool + default = false +} + + variable "review_dismissal_restrictions" { description = "The list of actor IDs with dismissal access." type = set(string) @@ -69,3 +106,15 @@ variable "required_approving_review_count" { type = number default = 1 } + +variable "pull_request_bypassers" { + description = "A list of actor names or IDs that are allowed to bypass pull request requirements. Actor names must either begin with a `/` for users or the organization name followed by a `/` for teams." + type = set(string) + default = [] +} + +variable "require_last_push_approval" { + description = "Require that the most recent push must be approved by someone other than the last pusher. Defaults to `false`." + type = bool + default = false +}