From c7135897b2214f8d97b0612176ffae850505b978 Mon Sep 17 00:00:00 2001 From: RoseSecurity <72598486+RoseSecurity@users.noreply.github.com> Date: Wed, 9 Oct 2024 17:19:36 -0500 Subject: [PATCH] feat: add additional github repository options for argocd (#1143) --- modules/argocd-repo/main.tf | 3 +++ modules/argocd-repo/variables.tf | 12 ++++++++++++ 2 files changed, 15 insertions(+) diff --git a/modules/argocd-repo/main.tf b/modules/argocd-repo/main.tf index 43a7109d3..4056ecf2c 100644 --- a/modules/argocd-repo/main.tf +++ b/modules/argocd-repo/main.tf @@ -51,6 +51,8 @@ resource "github_repository" "default" { visibility = "private" vulnerability_alerts = var.vulnerability_alerts_enabled + + web_commit_signoff_required = var.web_commit_signoff_required } resource "github_branch_default" "default" { @@ -87,6 +89,7 @@ resource "github_branch_protection" "default" { } restrict_pushes { + blocks_creations = var.restrict_pushes_blocks_creations push_allowances = var.push_restrictions_enabled ? [ join("", data.github_user.automation_user[*].node_id), ] : [] diff --git a/modules/argocd-repo/variables.tf b/modules/argocd-repo/variables.tf index 0f4716517..02fc4e466 100644 --- a/modules/argocd-repo/variables.tf +++ b/modules/argocd-repo/variables.tf @@ -157,6 +157,12 @@ variable "vulnerability_alerts_enabled" { default = false } +variable "restrict_pushes_blocks_creations" { + type = bool + description = "Setting this to `false` allows people, teams, or apps to create new branches matching this rule" + default = true +} + variable "slack_notifications_channel" { type = string default = "" @@ -185,3 +191,9 @@ variable "github_notifications" { The default value given uses the same notification template names as defined in the `eks/argocd` component. If want to add additional notifications, include any existing notifications from this list that you want to keep in addition. EOT } + +variable "web_commit_signoff_required" { + type = bool + description = "Require contributors to sign off on web-based commits" + default = false +}