Refactor branch protection logic to remove archived repository check …

…and add require_last_push_approval variable for improved clarity and configurability
CSVD · Feb 19, 2025 · a3f229d · a3f229d
1 parent c381b76
commit a3f229d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/branch_protection.tf b/branch_protection.tf
@@ -19,14 +19,10 @@ locals {
   )
 }
 
-locals {
-  archived_repo = var.create_repo ? github_repository.repo[0].archived : data.github_repository.existing[0].archived
-}
 # https://registry.terraform.io/providers/integrations/github/latest/docs/resources/branch_protection
 resource "github_branch_protection" "protection" {
   for_each = {
-    for k, v in local.branch_protection_rules : k => v
-    if var.enforce_prs && !local.archived_repo
+    for k, v in local.branch_protection_rules : k => v if var.enforce_prs 
   }
 
   repository_id = var.create_repo ? github_repository.repo[0].node_id : data.github_repository.existing[0].node_id
@@ -42,7 +38,7 @@ resource "github_branch_protection" "protection" {
     required_approving_review_count = var.github_required_approving_review_count
     dismiss_stale_reviews           = var.github_dismiss_stale_reviews
     require_code_owner_reviews      = var.github_require_code_owner_reviews
-    require_last_push_approval      = false
+    require_last_push_approval      = var.require_last_push_approval
   }
 
   dynamic "required_status_checks" {

diff --git a/variables.tf b/variables.tf
@@ -403,4 +403,10 @@ variable "require_signed_commits" {
   description = "Whether to require signed commits for the default branch"
   type        = bool
   default     = false
+}
+
+variable require_last_push_approval {
+  description = "Require approval from the last pusher"
+  type        = bool
+  default     = false
 }