feat: add additional github repository options for argocd (cloudposse/terraform-aws-components#1143)

Author: RoseSecurity

src/main.tf

@@ -51,6 +51,8 @@ resource "github_repository" "default" {
 
   visibility           = "private"
   vulnerability_alerts = var.vulnerability_alerts_enabled
+
+  web_commit_signoff_required = var.web_commit_signoff_required
 }
 
 resource "github_branch_default" "default" {
@@ -87,6 +89,7 @@ resource "github_branch_protection" "default" {
   }
 
   restrict_pushes {
+    blocks_creations = var.restrict_pushes_blocks_creations
     push_allowances = var.push_restrictions_enabled ? [
       join("", data.github_user.automation_user[*].node_id),
     ] : []

src/variables.tf

@@ -157,6 +157,12 @@ variable "vulnerability_alerts_enabled" {
   default     = false
 }
 
+variable "restrict_pushes_blocks_creations" {
+  type        = bool
+  description = "Setting this to `false` allows people, teams, or apps to create new branches matching this rule"
+  default     = true
+}
+
 variable "slack_notifications_channel" {
   type        = string
   default     = ""
@@ -185,3 +191,9 @@ variable "github_notifications" {
     The default value given uses the same notification template names as defined in the `eks/argocd` component. If want to add additional notifications, include any existing notifications from this list that you want to keep in addition.
   EOT
 }
+
+variable "web_commit_signoff_required" {
+  type        = bool
+  description = "Require contributors to sign off on web-based commits"
+  default     = false
+}