From cb469c6a46f7cfdd7d3254dc649cae66f72a3c67 Mon Sep 17 00:00:00 2001
From: "John C. Bland II" <johncblandii@gmail.com>
Date: Thu, 9 Apr 2026 12:26:04 -0500
Subject: [PATCH 1/5] chore(repo): remove deprecated has_downloads support

The GitHub API has deprecated the has_downloads attribute for
repositories. Remove it from the variable definition, resource
configuration, test fixtures, and regenerate docs.
---
 README.md                                       | 2 +-
 src/README.md                                   | 2 +-
 src/main.tf                                     | 1 -
 src/variables.tf                                | 1 -
 test/fixtures/stacks/catalog/usecase/basic.yaml | 1 -
 5 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index a0c2e42..c365439 100644
--- a/README.md
+++ b/README.md
@@ -390,7 +390,7 @@ The following configurations are not supported for import:
 | <a name="input_owner"></a> [owner](#input\_owner) | Owner of the repository | `string` | n/a | yes |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br/>Characters matching the regex will be removed from the ID elements.<br/>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS Region | `string` | n/a | yes |
-| <a name="input_repository"></a> [repository](#input\_repository) | Repository configuration | <pre>object({<br/>    name                                    = string<br/>    description                             = optional(string, null)<br/>    visibility                              = optional(string, "public")<br/>    homepage_url                            = optional(string, null)<br/>    archived                                = optional(bool, false)<br/>    has_issues                              = optional(bool, false)<br/>    has_projects                            = optional(bool, false)<br/>    has_discussions                         = optional(bool, false)<br/>    has_wiki                                = optional(bool, false)<br/>    has_downloads                           = optional(bool, false)<br/>    is_template                             = optional(bool, false)<br/>    allow_auto_merge                        = optional(bool, false)<br/>    allow_squash_merge                      = optional(bool, true)<br/>    squash_merge_commit_title               = optional(string, "PR_TITLE")<br/>    squash_merge_commit_message             = optional(string, "PR_BODY")<br/>    allow_merge_commit                      = optional(bool, true)<br/>    merge_commit_title                      = optional(string, "PR_TITLE")<br/>    merge_commit_message                    = optional(string, "PR_BODY")<br/>    allow_rebase_merge                      = optional(bool, true)<br/>    delete_branch_on_merge                  = optional(bool, false)<br/>    default_branch                          = optional(string, "main")<br/>    web_commit_signoff_required             = optional(bool, false)<br/>    topics                                  = optional(list(string), [])<br/>    license_template                        = optional(string, null)<br/>    gitignore_template                      = optional(string, null)<br/>    auto_init                               = optional(bool, false)<br/>    ignore_vulnerability_alerts_during_read = optional(bool, false)<br/>    enable_vulnerability_alerts             = optional(bool, true)<br/>    allow_update_branch                     = optional(bool, false)<br/>    security_and_analysis = optional(object({<br/>      advanced_security               = bool<br/>      secret_scanning                 = bool<br/>      secret_scanning_push_protection = bool<br/>    }), null)<br/>    archive_on_destroy = optional(bool, false)<br/>  })</pre> | n/a | yes |
+| <a name="input_repository"></a> [repository](#input\_repository) | Repository configuration | <pre>object({<br/>    name                                    = string<br/>    description                             = optional(string, null)<br/>    visibility                              = optional(string, "public")<br/>    homepage_url                            = optional(string, null)<br/>    archived                                = optional(bool, false)<br/>    has_issues                              = optional(bool, false)<br/>    has_projects                            = optional(bool, false)<br/>    has_discussions                         = optional(bool, false)<br/>    has_wiki                                = optional(bool, false)<br/>    is_template                             = optional(bool, false)<br/>    allow_auto_merge                        = optional(bool, false)<br/>    allow_squash_merge                      = optional(bool, true)<br/>    squash_merge_commit_title               = optional(string, "PR_TITLE")<br/>    squash_merge_commit_message             = optional(string, "PR_BODY")<br/>    allow_merge_commit                      = optional(bool, true)<br/>    merge_commit_title                      = optional(string, "PR_TITLE")<br/>    merge_commit_message                    = optional(string, "PR_BODY")<br/>    allow_rebase_merge                      = optional(bool, true)<br/>    delete_branch_on_merge                  = optional(bool, false)<br/>    default_branch                          = optional(string, "main")<br/>    web_commit_signoff_required             = optional(bool, false)<br/>    topics                                  = optional(list(string), [])<br/>    license_template                        = optional(string, null)<br/>    gitignore_template                      = optional(string, null)<br/>    auto_init                               = optional(bool, false)<br/>    ignore_vulnerability_alerts_during_read = optional(bool, false)<br/>    enable_vulnerability_alerts             = optional(bool, true)<br/>    allow_update_branch                     = optional(bool, false)<br/>    security_and_analysis = optional(object({<br/>      advanced_security               = bool<br/>      secret_scanning                 = bool<br/>      secret_scanning_push_protection = bool<br/>    }), null)<br/>    archive_on_destroy = optional(bool, false)<br/>  })</pre> | n/a | yes |
 | <a name="input_rulesets"></a> [rulesets](#input\_rulesets) | A map of rulesets to configure for the repository | <pre>map(object({<br/>    name = string<br/>    # disabled, active<br/>    enforcement = string<br/>    # branch, tag<br/>    target = string<br/>    bypass_actors = optional(list(object({<br/>      # always, pull_request<br/>      bypass_mode = string<br/>      actor_id    = optional(string, null)<br/>      # RepositoryRole, Team, Integration, OrganizationAdmin<br/>      actor_type = string<br/>    })), [])<br/>    conditions = object({<br/>      ref_name = object({<br/>        # Supports ~DEFAULT_BRANCH or ~ALL<br/>        include = optional(list(string), [])<br/>        exclude = optional(list(string), [])<br/>      })<br/>    })<br/>    rules = object({<br/>      branch_name_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      commit_author_email_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      creation         = optional(bool, false),<br/>      deletion         = optional(bool, false),<br/>      non_fast_forward = optional(bool, false),<br/>      required_pull_request_reviews = optional(object({<br/>        dismiss_stale_reviews           = bool<br/>        required_approving_review_count = number<br/>      }), null),<br/>      commit_message_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      committer_email_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      merge_queue = optional(object({<br/>        check_response_timeout_minutes = optional(number, 60)<br/>        # ALLGREEN, HEADGREEN<br/>        grouping_strategy    = string<br/>        max_entries_to_build = optional(number, 5)<br/>        max_entries_to_merge = optional(number, 5)<br/>        # MERGE, SQUASH, REBASE<br/>        merge_method                      = optional(string, "MERGE")<br/>        min_entries_to_merge              = optional(number, 1)<br/>        min_entries_to_merge_wait_minutes = optional(number, 5)<br/>      }), null),<br/>      pull_request = optional(object({<br/>        dismiss_stale_reviews_on_push     = optional(bool, false)<br/>        require_code_owner_review         = optional(bool, false)<br/>        require_last_push_approval        = optional(bool, false)<br/>        required_approving_review_count   = optional(number, 0)<br/>        required_review_thread_resolution = optional(bool, false)<br/>      }), null),<br/>      required_deployments = optional(object({<br/>        required_deployment_environments = optional(list(string), [])<br/>      }), null),<br/>      required_status_checks = optional(object({<br/>        required_check = list(object({<br/>          context        = string<br/>          integration_id = optional(number, null)<br/>        }))<br/>        strict_required_status_checks_policy = optional(bool, false)<br/>        do_not_enforce_on_create             = optional(bool, false)<br/>      }), null),<br/>      tag_name_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      # Unsupported due to drift.<br/>      # https://github.com/integrations/terraform-provider-github/pull/2701<br/>      # required_code_scanning = optional(object({<br/>      #   required_code_scanning_tool = list(object({<br/>      #     // none, errors, errors_and_warnings, all<br/>      #     alerts_threshold          = string<br/>      #     // none, critical, high_or_higher, medium_or_higher, all<br/>      #     security_alerts_threshold = string<br/>      #     tool                      = string<br/>      #   }))<br/>      # }), null),<br/>    }),<br/>  }))</pre> | `{}` | no |
 | <a name="input_secrets"></a> [secrets](#input\_secrets) | Secrets for the repository (if prefixed with nacl: it should be encrypted value using the GitHub public key in Base64 format. Read more: https://docs.github.com/en/actions/security-for-github-actions/encrypted-secrets) | `map(string)` | `{}` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
diff --git a/src/README.md b/src/README.md
index 0c261cd..5d05bf0 100644
--- a/src/README.md
+++ b/src/README.md
@@ -339,7 +339,7 @@ The following configurations are not supported for import:
 | <a name="input_owner"></a> [owner](#input\_owner) | Owner of the repository | `string` | n/a | yes |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br/>Characters matching the regex will be removed from the ID elements.<br/>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS Region | `string` | n/a | yes |
-| <a name="input_repository"></a> [repository](#input\_repository) | Repository configuration | <pre>object({<br/>    name                                    = string<br/>    description                             = optional(string, null)<br/>    visibility                              = optional(string, "public")<br/>    homepage_url                            = optional(string, null)<br/>    archived                                = optional(bool, false)<br/>    has_issues                              = optional(bool, false)<br/>    has_projects                            = optional(bool, false)<br/>    has_discussions                         = optional(bool, false)<br/>    has_wiki                                = optional(bool, false)<br/>    has_downloads                           = optional(bool, false)<br/>    is_template                             = optional(bool, false)<br/>    allow_auto_merge                        = optional(bool, false)<br/>    allow_squash_merge                      = optional(bool, true)<br/>    squash_merge_commit_title               = optional(string, "PR_TITLE")<br/>    squash_merge_commit_message             = optional(string, "PR_BODY")<br/>    allow_merge_commit                      = optional(bool, true)<br/>    merge_commit_title                      = optional(string, "PR_TITLE")<br/>    merge_commit_message                    = optional(string, "PR_BODY")<br/>    allow_rebase_merge                      = optional(bool, true)<br/>    delete_branch_on_merge                  = optional(bool, false)<br/>    default_branch                          = optional(string, "main")<br/>    web_commit_signoff_required             = optional(bool, false)<br/>    topics                                  = optional(list(string), [])<br/>    license_template                        = optional(string, null)<br/>    gitignore_template                      = optional(string, null)<br/>    auto_init                               = optional(bool, false)<br/>    ignore_vulnerability_alerts_during_read = optional(bool, false)<br/>    enable_vulnerability_alerts             = optional(bool, true)<br/>    allow_update_branch                     = optional(bool, false)<br/>    security_and_analysis = optional(object({<br/>      advanced_security               = bool<br/>      secret_scanning                 = bool<br/>      secret_scanning_push_protection = bool<br/>    }), null)<br/>    archive_on_destroy = optional(bool, false)<br/>  })</pre> | n/a | yes |
+| <a name="input_repository"></a> [repository](#input\_repository) | Repository configuration | <pre>object({<br/>    name                                    = string<br/>    description                             = optional(string, null)<br/>    visibility                              = optional(string, "public")<br/>    homepage_url                            = optional(string, null)<br/>    archived                                = optional(bool, false)<br/>    has_issues                              = optional(bool, false)<br/>    has_projects                            = optional(bool, false)<br/>    has_discussions                         = optional(bool, false)<br/>    has_wiki                                = optional(bool, false)<br/>    is_template                             = optional(bool, false)<br/>    allow_auto_merge                        = optional(bool, false)<br/>    allow_squash_merge                      = optional(bool, true)<br/>    squash_merge_commit_title               = optional(string, "PR_TITLE")<br/>    squash_merge_commit_message             = optional(string, "PR_BODY")<br/>    allow_merge_commit                      = optional(bool, true)<br/>    merge_commit_title                      = optional(string, "PR_TITLE")<br/>    merge_commit_message                    = optional(string, "PR_BODY")<br/>    allow_rebase_merge                      = optional(bool, true)<br/>    delete_branch_on_merge                  = optional(bool, false)<br/>    default_branch                          = optional(string, "main")<br/>    web_commit_signoff_required             = optional(bool, false)<br/>    topics                                  = optional(list(string), [])<br/>    license_template                        = optional(string, null)<br/>    gitignore_template                      = optional(string, null)<br/>    auto_init                               = optional(bool, false)<br/>    ignore_vulnerability_alerts_during_read = optional(bool, false)<br/>    enable_vulnerability_alerts             = optional(bool, true)<br/>    allow_update_branch                     = optional(bool, false)<br/>    security_and_analysis = optional(object({<br/>      advanced_security               = bool<br/>      secret_scanning                 = bool<br/>      secret_scanning_push_protection = bool<br/>    }), null)<br/>    archive_on_destroy = optional(bool, false)<br/>  })</pre> | n/a | yes |
 | <a name="input_rulesets"></a> [rulesets](#input\_rulesets) | A map of rulesets to configure for the repository | <pre>map(object({<br/>    name = string<br/>    # disabled, active<br/>    enforcement = string<br/>    # branch, tag<br/>    target = string<br/>    bypass_actors = optional(list(object({<br/>      # always, pull_request<br/>      bypass_mode = string<br/>      actor_id    = optional(string, null)<br/>      # RepositoryRole, Team, Integration, OrganizationAdmin<br/>      actor_type = string<br/>    })), [])<br/>    conditions = object({<br/>      ref_name = object({<br/>        # Supports ~DEFAULT_BRANCH or ~ALL<br/>        include = optional(list(string), [])<br/>        exclude = optional(list(string), [])<br/>      })<br/>    })<br/>    rules = object({<br/>      branch_name_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      commit_author_email_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      creation         = optional(bool, false),<br/>      deletion         = optional(bool, false),<br/>      non_fast_forward = optional(bool, false),<br/>      required_pull_request_reviews = optional(object({<br/>        dismiss_stale_reviews           = bool<br/>        required_approving_review_count = number<br/>      }), null),<br/>      commit_message_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      committer_email_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      merge_queue = optional(object({<br/>        check_response_timeout_minutes = optional(number, 60)<br/>        # ALLGREEN, HEADGREEN<br/>        grouping_strategy    = string<br/>        max_entries_to_build = optional(number, 5)<br/>        max_entries_to_merge = optional(number, 5)<br/>        # MERGE, SQUASH, REBASE<br/>        merge_method                      = optional(string, "MERGE")<br/>        min_entries_to_merge              = optional(number, 1)<br/>        min_entries_to_merge_wait_minutes = optional(number, 5)<br/>      }), null),<br/>      pull_request = optional(object({<br/>        dismiss_stale_reviews_on_push     = optional(bool, false)<br/>        require_code_owner_review         = optional(bool, false)<br/>        require_last_push_approval        = optional(bool, false)<br/>        required_approving_review_count   = optional(number, 0)<br/>        required_review_thread_resolution = optional(bool, false)<br/>      }), null),<br/>      required_deployments = optional(object({<br/>        required_deployment_environments = optional(list(string), [])<br/>      }), null),<br/>      required_status_checks = optional(object({<br/>        required_check = list(object({<br/>          context        = string<br/>          integration_id = optional(number, null)<br/>        }))<br/>        strict_required_status_checks_policy = optional(bool, false)<br/>        do_not_enforce_on_create             = optional(bool, false)<br/>      }), null),<br/>      tag_name_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      # Unsupported due to drift.<br/>      # https://github.com/integrations/terraform-provider-github/pull/2701<br/>      # required_code_scanning = optional(object({<br/>      #   required_code_scanning_tool = list(object({<br/>      #     // none, errors, errors_and_warnings, all<br/>      #     alerts_threshold          = string<br/>      #     // none, critical, high_or_higher, medium_or_higher, all<br/>      #     security_alerts_threshold = string<br/>      #     tool                      = string<br/>      #   }))<br/>      # }), null),<br/>    }),<br/>  }))</pre> | `{}` | no |
 | <a name="input_secrets"></a> [secrets](#input\_secrets) | Secrets for the repository (if prefixed with nacl: it should be encrypted value using the GitHub public key in Base64 format. Read more: https://docs.github.com/en/actions/security-for-github-actions/encrypted-secrets) | `map(string)` | `{}` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
diff --git a/src/main.tf b/src/main.tf
index 43abdc6..8925995 100644
--- a/src/main.tf
+++ b/src/main.tf
@@ -24,7 +24,6 @@ module "repository" {
   is_template = var.repository.is_template
 
   has_discussions = var.repository.has_discussions
-  has_downloads   = var.repository.has_downloads
   has_issues      = var.repository.has_issues
   has_projects    = var.repository.has_projects
   has_wiki        = var.repository.has_wiki
diff --git a/src/variables.tf b/src/variables.tf
index 4bcebd2..a92ef91 100644
--- a/src/variables.tf
+++ b/src/variables.tf
@@ -21,7 +21,6 @@ variable "repository" {
     has_projects                            = optional(bool, false)
     has_discussions                         = optional(bool, false)
     has_wiki                                = optional(bool, false)
-    has_downloads                           = optional(bool, false)
     is_template                             = optional(bool, false)
     allow_auto_merge                        = optional(bool, false)
     allow_squash_merge                      = optional(bool, true)
diff --git a/test/fixtures/stacks/catalog/usecase/basic.yaml b/test/fixtures/stacks/catalog/usecase/basic.yaml
index 83f2bb9..a2a0ed3 100644
--- a/test/fixtures/stacks/catalog/usecase/basic.yaml
+++ b/test/fixtures/stacks/catalog/usecase/basic.yaml
@@ -30,7 +30,6 @@ components:
           has_discussions: true
           has_projects: true
           has_wiki: true
-          has_downloads: true
 
           allow_merge_commit: true
           allow_squash_merge: true

From 0755487d5c3c6687db0e51371cac502940beb382 Mon Sep 17 00:00:00 2001
From: "John C. Bland II" <johncblandii@gmail.com>
Date: Thu, 9 Apr 2026 12:37:53 -0500
Subject: [PATCH 2/5] chore(repo): remove has_downloads from example defaults

---
 examples/stacks/catalog/github/repo/defaults.yaml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/examples/stacks/catalog/github/repo/defaults.yaml b/examples/stacks/catalog/github/repo/defaults.yaml
index d607ca1..0bc2025 100644
--- a/examples/stacks/catalog/github/repo/defaults.yaml
+++ b/examples/stacks/catalog/github/repo/defaults.yaml
@@ -31,7 +31,6 @@ components:
           has_discussions: false
           has_projects: false
           has_wiki: false
-          has_downloads: false
 
           allow_merge_commit: true
           allow_squash_merge: true

From 5c3c1a0ac9150e6220d699844fc84a7beb11984a Mon Sep 17 00:00:00 2001
From: "John C. Bland II" <johncblandii@gmail.com>
Date: Thu, 9 Apr 2026 14:29:28 -0500
Subject: [PATCH 3/5] chore(repo): remove deprecated default_branch and
 ignore_vulnerability_alerts_during_read

Both attributes are deprecated in the GitHub Terraform provider.
default_branch should use the github_branch_default resource instead,
and ignore_vulnerability_alerts_during_read is no longer needed as the
provider handles permissions automatically.
---
 README.md                                          | 4 +---
 README.yaml                                        | 2 --
 examples/stacks/catalog/github/repo/defaults.yaml  | 2 --
 src/README.md                                      | 4 +---
 src/main.tf                                        | 3 ---
 src/variables.tf                                   | 2 --
 test/component_test.go                             | 7 +------
 test/fixtures/stacks/catalog/usecase/basic.yaml    | 3 ---
 test/fixtures/stacks/catalog/usecase/import.yaml   | 2 --
 test/fixtures/stacks/catalog/usecase/template.yaml | 1 -
 10 files changed, 3 insertions(+), 27 deletions(-)

diff --git a/README.md b/README.md
index c365439..6cba75e 100644
--- a/README.md
+++ b/README.md
@@ -95,7 +95,6 @@ components:
           description: "A basic repository with standard settings"
           homepage_url: "https://github.com/my-organization/my-basic-repo"
           visibility: "private"
-          default_branch: "main"
           topics:
             - terraform
             - github
@@ -143,7 +142,6 @@ components:
           topics:
             - terraform
             - github
-          default_branch: "main"
           visibility: "private"
 
           # Common features
@@ -390,7 +388,7 @@ The following configurations are not supported for import:
 | <a name="input_owner"></a> [owner](#input\_owner) | Owner of the repository | `string` | n/a | yes |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br/>Characters matching the regex will be removed from the ID elements.<br/>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS Region | `string` | n/a | yes |
-| <a name="input_repository"></a> [repository](#input\_repository) | Repository configuration | <pre>object({<br/>    name                                    = string<br/>    description                             = optional(string, null)<br/>    visibility                              = optional(string, "public")<br/>    homepage_url                            = optional(string, null)<br/>    archived                                = optional(bool, false)<br/>    has_issues                              = optional(bool, false)<br/>    has_projects                            = optional(bool, false)<br/>    has_discussions                         = optional(bool, false)<br/>    has_wiki                                = optional(bool, false)<br/>    is_template                             = optional(bool, false)<br/>    allow_auto_merge                        = optional(bool, false)<br/>    allow_squash_merge                      = optional(bool, true)<br/>    squash_merge_commit_title               = optional(string, "PR_TITLE")<br/>    squash_merge_commit_message             = optional(string, "PR_BODY")<br/>    allow_merge_commit                      = optional(bool, true)<br/>    merge_commit_title                      = optional(string, "PR_TITLE")<br/>    merge_commit_message                    = optional(string, "PR_BODY")<br/>    allow_rebase_merge                      = optional(bool, true)<br/>    delete_branch_on_merge                  = optional(bool, false)<br/>    default_branch                          = optional(string, "main")<br/>    web_commit_signoff_required             = optional(bool, false)<br/>    topics                                  = optional(list(string), [])<br/>    license_template                        = optional(string, null)<br/>    gitignore_template                      = optional(string, null)<br/>    auto_init                               = optional(bool, false)<br/>    ignore_vulnerability_alerts_during_read = optional(bool, false)<br/>    enable_vulnerability_alerts             = optional(bool, true)<br/>    allow_update_branch                     = optional(bool, false)<br/>    security_and_analysis = optional(object({<br/>      advanced_security               = bool<br/>      secret_scanning                 = bool<br/>      secret_scanning_push_protection = bool<br/>    }), null)<br/>    archive_on_destroy = optional(bool, false)<br/>  })</pre> | n/a | yes |
+| <a name="input_repository"></a> [repository](#input\_repository) | Repository configuration | <pre>object({<br/>    name                                    = string<br/>    description                             = optional(string, null)<br/>    visibility                              = optional(string, "public")<br/>    homepage_url                            = optional(string, null)<br/>    archived                                = optional(bool, false)<br/>    has_issues                              = optional(bool, false)<br/>    has_projects                            = optional(bool, false)<br/>    has_discussions                         = optional(bool, false)<br/>    has_wiki                                = optional(bool, false)<br/>    is_template                             = optional(bool, false)<br/>    allow_auto_merge                        = optional(bool, false)<br/>    allow_squash_merge                      = optional(bool, true)<br/>    squash_merge_commit_title               = optional(string, "PR_TITLE")<br/>    squash_merge_commit_message             = optional(string, "PR_BODY")<br/>    allow_merge_commit                      = optional(bool, true)<br/>    merge_commit_title                      = optional(string, "PR_TITLE")<br/>    merge_commit_message                    = optional(string, "PR_BODY")<br/>    allow_rebase_merge                      = optional(bool, true)<br/>    delete_branch_on_merge                  = optional(bool, false)<br/>    web_commit_signoff_required             = optional(bool, false)<br/>    topics                                  = optional(list(string), [])<br/>    license_template                        = optional(string, null)<br/>    gitignore_template                      = optional(string, null)<br/>    auto_init                               = optional(bool, false)<br/>    enable_vulnerability_alerts             = optional(bool, true)<br/>    allow_update_branch                     = optional(bool, false)<br/>    security_and_analysis = optional(object({<br/>      advanced_security               = bool<br/>      secret_scanning                 = bool<br/>      secret_scanning_push_protection = bool<br/>    }), null)<br/>    archive_on_destroy = optional(bool, false)<br/>  })</pre> | n/a | yes |
 | <a name="input_rulesets"></a> [rulesets](#input\_rulesets) | A map of rulesets to configure for the repository | <pre>map(object({<br/>    name = string<br/>    # disabled, active<br/>    enforcement = string<br/>    # branch, tag<br/>    target = string<br/>    bypass_actors = optional(list(object({<br/>      # always, pull_request<br/>      bypass_mode = string<br/>      actor_id    = optional(string, null)<br/>      # RepositoryRole, Team, Integration, OrganizationAdmin<br/>      actor_type = string<br/>    })), [])<br/>    conditions = object({<br/>      ref_name = object({<br/>        # Supports ~DEFAULT_BRANCH or ~ALL<br/>        include = optional(list(string), [])<br/>        exclude = optional(list(string), [])<br/>      })<br/>    })<br/>    rules = object({<br/>      branch_name_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      commit_author_email_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      creation         = optional(bool, false),<br/>      deletion         = optional(bool, false),<br/>      non_fast_forward = optional(bool, false),<br/>      required_pull_request_reviews = optional(object({<br/>        dismiss_stale_reviews           = bool<br/>        required_approving_review_count = number<br/>      }), null),<br/>      commit_message_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      committer_email_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      merge_queue = optional(object({<br/>        check_response_timeout_minutes = optional(number, 60)<br/>        # ALLGREEN, HEADGREEN<br/>        grouping_strategy    = string<br/>        max_entries_to_build = optional(number, 5)<br/>        max_entries_to_merge = optional(number, 5)<br/>        # MERGE, SQUASH, REBASE<br/>        merge_method                      = optional(string, "MERGE")<br/>        min_entries_to_merge              = optional(number, 1)<br/>        min_entries_to_merge_wait_minutes = optional(number, 5)<br/>      }), null),<br/>      pull_request = optional(object({<br/>        dismiss_stale_reviews_on_push     = optional(bool, false)<br/>        require_code_owner_review         = optional(bool, false)<br/>        require_last_push_approval        = optional(bool, false)<br/>        required_approving_review_count   = optional(number, 0)<br/>        required_review_thread_resolution = optional(bool, false)<br/>      }), null),<br/>      required_deployments = optional(object({<br/>        required_deployment_environments = optional(list(string), [])<br/>      }), null),<br/>      required_status_checks = optional(object({<br/>        required_check = list(object({<br/>          context        = string<br/>          integration_id = optional(number, null)<br/>        }))<br/>        strict_required_status_checks_policy = optional(bool, false)<br/>        do_not_enforce_on_create             = optional(bool, false)<br/>      }), null),<br/>      tag_name_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      # Unsupported due to drift.<br/>      # https://github.com/integrations/terraform-provider-github/pull/2701<br/>      # required_code_scanning = optional(object({<br/>      #   required_code_scanning_tool = list(object({<br/>      #     // none, errors, errors_and_warnings, all<br/>      #     alerts_threshold          = string<br/>      #     // none, critical, high_or_higher, medium_or_higher, all<br/>      #     security_alerts_threshold = string<br/>      #     tool                      = string<br/>      #   }))<br/>      # }), null),<br/>    }),<br/>  }))</pre> | `{}` | no |
 | <a name="input_secrets"></a> [secrets](#input\_secrets) | Secrets for the repository (if prefixed with nacl: it should be encrypted value using the GitHub public key in Base64 format. Read more: https://docs.github.com/en/actions/security-for-github-actions/encrypted-secrets) | `map(string)` | `{}` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
diff --git a/README.yaml b/README.yaml
index 3500d9f..897107b 100644
--- a/README.yaml
+++ b/README.yaml
@@ -50,7 +50,6 @@ usage: |-
             description: "A basic repository with standard settings"
             homepage_url: "https://github.com/my-organization/my-basic-repo"
             visibility: "private"
-            default_branch: "main"
             topics:
               - terraform
               - github
@@ -98,7 +97,6 @@ usage: |-
             topics:
               - terraform
               - github
-            default_branch: "main"
             visibility: "private"
 
             # Common features
diff --git a/examples/stacks/catalog/github/repo/defaults.yaml b/examples/stacks/catalog/github/repo/defaults.yaml
index 0bc2025..eee26a4 100644
--- a/examples/stacks/catalog/github/repo/defaults.yaml
+++ b/examples/stacks/catalog/github/repo/defaults.yaml
@@ -17,7 +17,6 @@ components:
           topics:
             - terraform
             - github
-          default_branch: "main"
           visibility: "private"
 
           auto_init: true
@@ -45,7 +44,6 @@ components:
           web_commit_signoff_required: true
           delete_branch_on_merge: true
 
-          ignore_vulnerability_alerts_during_read: true
           allow_update_branch: true
 
           security_and_analysis:
diff --git a/src/README.md b/src/README.md
index 5d05bf0..99d9b00 100644
--- a/src/README.md
+++ b/src/README.md
@@ -56,7 +56,6 @@ components:
           description: "A basic repository with standard settings"
           homepage_url: "https://github.com/my-organization/my-basic-repo"
           visibility: "private"
-          default_branch: "main"
           topics:
             - terraform
             - github
@@ -104,7 +103,6 @@ components:
           topics:
             - terraform
             - github
-          default_branch: "main"
           visibility: "private"
 
           # Common features
@@ -339,7 +337,7 @@ The following configurations are not supported for import:
 | <a name="input_owner"></a> [owner](#input\_owner) | Owner of the repository | `string` | n/a | yes |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br/>Characters matching the regex will be removed from the ID elements.<br/>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS Region | `string` | n/a | yes |
-| <a name="input_repository"></a> [repository](#input\_repository) | Repository configuration | <pre>object({<br/>    name                                    = string<br/>    description                             = optional(string, null)<br/>    visibility                              = optional(string, "public")<br/>    homepage_url                            = optional(string, null)<br/>    archived                                = optional(bool, false)<br/>    has_issues                              = optional(bool, false)<br/>    has_projects                            = optional(bool, false)<br/>    has_discussions                         = optional(bool, false)<br/>    has_wiki                                = optional(bool, false)<br/>    is_template                             = optional(bool, false)<br/>    allow_auto_merge                        = optional(bool, false)<br/>    allow_squash_merge                      = optional(bool, true)<br/>    squash_merge_commit_title               = optional(string, "PR_TITLE")<br/>    squash_merge_commit_message             = optional(string, "PR_BODY")<br/>    allow_merge_commit                      = optional(bool, true)<br/>    merge_commit_title                      = optional(string, "PR_TITLE")<br/>    merge_commit_message                    = optional(string, "PR_BODY")<br/>    allow_rebase_merge                      = optional(bool, true)<br/>    delete_branch_on_merge                  = optional(bool, false)<br/>    default_branch                          = optional(string, "main")<br/>    web_commit_signoff_required             = optional(bool, false)<br/>    topics                                  = optional(list(string), [])<br/>    license_template                        = optional(string, null)<br/>    gitignore_template                      = optional(string, null)<br/>    auto_init                               = optional(bool, false)<br/>    ignore_vulnerability_alerts_during_read = optional(bool, false)<br/>    enable_vulnerability_alerts             = optional(bool, true)<br/>    allow_update_branch                     = optional(bool, false)<br/>    security_and_analysis = optional(object({<br/>      advanced_security               = bool<br/>      secret_scanning                 = bool<br/>      secret_scanning_push_protection = bool<br/>    }), null)<br/>    archive_on_destroy = optional(bool, false)<br/>  })</pre> | n/a | yes |
+| <a name="input_repository"></a> [repository](#input\_repository) | Repository configuration | <pre>object({<br/>    name                                    = string<br/>    description                             = optional(string, null)<br/>    visibility                              = optional(string, "public")<br/>    homepage_url                            = optional(string, null)<br/>    archived                                = optional(bool, false)<br/>    has_issues                              = optional(bool, false)<br/>    has_projects                            = optional(bool, false)<br/>    has_discussions                         = optional(bool, false)<br/>    has_wiki                                = optional(bool, false)<br/>    is_template                             = optional(bool, false)<br/>    allow_auto_merge                        = optional(bool, false)<br/>    allow_squash_merge                      = optional(bool, true)<br/>    squash_merge_commit_title               = optional(string, "PR_TITLE")<br/>    squash_merge_commit_message             = optional(string, "PR_BODY")<br/>    allow_merge_commit                      = optional(bool, true)<br/>    merge_commit_title                      = optional(string, "PR_TITLE")<br/>    merge_commit_message                    = optional(string, "PR_BODY")<br/>    allow_rebase_merge                      = optional(bool, true)<br/>    delete_branch_on_merge                  = optional(bool, false)<br/>    web_commit_signoff_required             = optional(bool, false)<br/>    topics                                  = optional(list(string), [])<br/>    license_template                        = optional(string, null)<br/>    gitignore_template                      = optional(string, null)<br/>    auto_init                               = optional(bool, false)<br/>    enable_vulnerability_alerts             = optional(bool, true)<br/>    allow_update_branch                     = optional(bool, false)<br/>    security_and_analysis = optional(object({<br/>      advanced_security               = bool<br/>      secret_scanning                 = bool<br/>      secret_scanning_push_protection = bool<br/>    }), null)<br/>    archive_on_destroy = optional(bool, false)<br/>  })</pre> | n/a | yes |
 | <a name="input_rulesets"></a> [rulesets](#input\_rulesets) | A map of rulesets to configure for the repository | <pre>map(object({<br/>    name = string<br/>    # disabled, active<br/>    enforcement = string<br/>    # branch, tag<br/>    target = string<br/>    bypass_actors = optional(list(object({<br/>      # always, pull_request<br/>      bypass_mode = string<br/>      actor_id    = optional(string, null)<br/>      # RepositoryRole, Team, Integration, OrganizationAdmin<br/>      actor_type = string<br/>    })), [])<br/>    conditions = object({<br/>      ref_name = object({<br/>        # Supports ~DEFAULT_BRANCH or ~ALL<br/>        include = optional(list(string), [])<br/>        exclude = optional(list(string), [])<br/>      })<br/>    })<br/>    rules = object({<br/>      branch_name_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      commit_author_email_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      creation         = optional(bool, false),<br/>      deletion         = optional(bool, false),<br/>      non_fast_forward = optional(bool, false),<br/>      required_pull_request_reviews = optional(object({<br/>        dismiss_stale_reviews           = bool<br/>        required_approving_review_count = number<br/>      }), null),<br/>      commit_message_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      committer_email_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      merge_queue = optional(object({<br/>        check_response_timeout_minutes = optional(number, 60)<br/>        # ALLGREEN, HEADGREEN<br/>        grouping_strategy    = string<br/>        max_entries_to_build = optional(number, 5)<br/>        max_entries_to_merge = optional(number, 5)<br/>        # MERGE, SQUASH, REBASE<br/>        merge_method                      = optional(string, "MERGE")<br/>        min_entries_to_merge              = optional(number, 1)<br/>        min_entries_to_merge_wait_minutes = optional(number, 5)<br/>      }), null),<br/>      pull_request = optional(object({<br/>        dismiss_stale_reviews_on_push     = optional(bool, false)<br/>        require_code_owner_review         = optional(bool, false)<br/>        require_last_push_approval        = optional(bool, false)<br/>        required_approving_review_count   = optional(number, 0)<br/>        required_review_thread_resolution = optional(bool, false)<br/>      }), null),<br/>      required_deployments = optional(object({<br/>        required_deployment_environments = optional(list(string), [])<br/>      }), null),<br/>      required_status_checks = optional(object({<br/>        required_check = list(object({<br/>          context        = string<br/>          integration_id = optional(number, null)<br/>        }))<br/>        strict_required_status_checks_policy = optional(bool, false)<br/>        do_not_enforce_on_create             = optional(bool, false)<br/>      }), null),<br/>      tag_name_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      # Unsupported due to drift.<br/>      # https://github.com/integrations/terraform-provider-github/pull/2701<br/>      # required_code_scanning = optional(object({<br/>      #   required_code_scanning_tool = list(object({<br/>      #     // none, errors, errors_and_warnings, all<br/>      #     alerts_threshold          = string<br/>      #     // none, critical, high_or_higher, medium_or_higher, all<br/>      #     security_alerts_threshold = string<br/>      #     tool                      = string<br/>      #   }))<br/>      # }), null),<br/>    }),<br/>  }))</pre> | `{}` | no |
 | <a name="input_secrets"></a> [secrets](#input\_secrets) | Secrets for the repository (if prefixed with nacl: it should be encrypted value using the GitHub public key in Base64 format. Read more: https://docs.github.com/en/actions/security-for-github-actions/encrypted-secrets) | `map(string)` | `{}` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
diff --git a/src/main.tf b/src/main.tf
index 8925995..ef52667 100644
--- a/src/main.tf
+++ b/src/main.tf
@@ -49,9 +49,6 @@ module "repository" {
 
   web_commit_signoff_required = var.repository.web_commit_signoff_required
 
-  ignore_vulnerability_alerts_during_read = var.repository.ignore_vulnerability_alerts_during_read
-
-  default_branch              = var.repository.default_branch
   enable_vulnerability_alerts = var.repository.enable_vulnerability_alerts
   security_and_analysis       = var.repository.security_and_analysis
 
diff --git a/src/variables.tf b/src/variables.tf
index a92ef91..37b55f7 100644
--- a/src/variables.tf
+++ b/src/variables.tf
@@ -31,13 +31,11 @@ variable "repository" {
     merge_commit_message                    = optional(string, "PR_BODY")
     allow_rebase_merge                      = optional(bool, true)
     delete_branch_on_merge                  = optional(bool, false)
-    default_branch                          = optional(string, "main")
     web_commit_signoff_required             = optional(bool, false)
     topics                                  = optional(list(string), [])
     license_template                        = optional(string, null)
     gitignore_template                      = optional(string, null)
     auto_init                               = optional(bool, false)
-    ignore_vulnerability_alerts_during_read = optional(bool, false)
     enable_vulnerability_alerts             = optional(bool, true)
     allow_update_branch                     = optional(bool, false)
     security_and_analysis = optional(object({
diff --git a/test/component_test.go b/test/component_test.go
index bc45263..17771b9 100644
--- a/test/component_test.go
+++ b/test/component_test.go
@@ -45,8 +45,6 @@ func (s *ComponentSuite) TestBasic() {
 			"description":    "Terraform acceptance tests for component",
 			"homepage_url":   "http://example.com/",
 			"topics":         []any{"terraform", "github", "test"},
-			"default_branch": "main",
-
 			"is_template": true,
 
 			"auto_init":          true,
@@ -74,8 +72,7 @@ func (s *ComponentSuite) TestBasic() {
 			"web_commit_signoff_required": true,
 			"delete_branch_on_merge":      true,
 
-			"ignore_vulnerability_alerts_during_read": true,
-			"allow_update_branch":                     true,
+			"allow_update_branch": true,
 
 			"security_and_analysis": map[string]any{
 				"advanced_security":               false,
@@ -161,7 +158,6 @@ func (s *ComponentSuite) TestBasic() {
 	assert.Equal(s.T(), true, repo.GetHasProjects())
 	assert.Equal(s.T(), true, repo.GetHasDiscussions())
 	assert.Equal(s.T(), true, repo.GetHasWiki())
-	assert.Equal(s.T(), false, repo.GetHasDownloads())
 	assert.Equal(s.T(), true, repo.GetIsTemplate())
 	assert.Equal(s.T(), true, repo.GetAllowSquashMerge())
 	assert.Equal(s.T(), "COMMIT_OR_PR_TITLE", repo.GetSquashMergeCommitTitle())
@@ -172,7 +168,6 @@ func (s *ComponentSuite) TestBasic() {
 	assert.Equal(s.T(), true, repo.GetAllowRebaseMerge())
 	assert.Equal(s.T(), true, repo.GetWebCommitSignoffRequired())
 	assert.Equal(s.T(), true, repo.GetDeleteBranchOnMerge())
-	assert.Equal(s.T(), "main", repo.GetDefaultBranch())
 	assert.Equal(s.T(), true, repo.GetAllowUpdateBranch())
 
 	vars, _, err := client.Actions.ListRepoVariables(context.Background(), owner, repoName, nil)
diff --git a/test/fixtures/stacks/catalog/usecase/basic.yaml b/test/fixtures/stacks/catalog/usecase/basic.yaml
index a2a0ed3..c27df27 100644
--- a/test/fixtures/stacks/catalog/usecase/basic.yaml
+++ b/test/fixtures/stacks/catalog/usecase/basic.yaml
@@ -15,8 +15,6 @@ components:
             - terraform
             - github
             - test
-          default_branch: "main"
-
           is_template: true
 
           auto_init: true
@@ -44,7 +42,6 @@ components:
           web_commit_signoff_required: true
           delete_branch_on_merge: true
 
-          ignore_vulnerability_alerts_during_read: true
           allow_update_branch: true
 
           security_and_analysis:
diff --git a/test/fixtures/stacks/catalog/usecase/import.yaml b/test/fixtures/stacks/catalog/usecase/import.yaml
index 69400e8..e739b09 100644
--- a/test/fixtures/stacks/catalog/usecase/import.yaml
+++ b/test/fixtures/stacks/catalog/usecase/import.yaml
@@ -15,8 +15,6 @@ components:
             - terraform
             - github
             - test
-          default_branch: "main"
-
           is_template: true
 
         autolink_references:
diff --git a/test/fixtures/stacks/catalog/usecase/template.yaml b/test/fixtures/stacks/catalog/usecase/template.yaml
index 1a669b8..116fe99 100644
--- a/test/fixtures/stacks/catalog/usecase/template.yaml
+++ b/test/fixtures/stacks/catalog/usecase/template.yaml
@@ -20,4 +20,3 @@ components:
             - terraform
             - github
             - test
-          default_branch: "main"

From 8b50200a6ef611ac353b4b13a9f8ab74a64ffb12 Mon Sep 17 00:00:00 2001
From: "John C. Bland II" <johncblandii@gmail.com>
Date: Thu, 9 Apr 2026 16:26:52 -0500
Subject: [PATCH 4/5] style(repo): fix terraform fmt alignment after removing
 deprecated vars

---
 README.md        |  2 +-
 src/README.md    |  2 +-
 src/variables.tf | 52 ++++++++++++++++++++++++------------------------
 3 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/README.md b/README.md
index 6cba75e..ebe01dd 100644
--- a/README.md
+++ b/README.md
@@ -388,7 +388,7 @@ The following configurations are not supported for import:
 | <a name="input_owner"></a> [owner](#input\_owner) | Owner of the repository | `string` | n/a | yes |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br/>Characters matching the regex will be removed from the ID elements.<br/>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS Region | `string` | n/a | yes |
-| <a name="input_repository"></a> [repository](#input\_repository) | Repository configuration | <pre>object({<br/>    name                                    = string<br/>    description                             = optional(string, null)<br/>    visibility                              = optional(string, "public")<br/>    homepage_url                            = optional(string, null)<br/>    archived                                = optional(bool, false)<br/>    has_issues                              = optional(bool, false)<br/>    has_projects                            = optional(bool, false)<br/>    has_discussions                         = optional(bool, false)<br/>    has_wiki                                = optional(bool, false)<br/>    is_template                             = optional(bool, false)<br/>    allow_auto_merge                        = optional(bool, false)<br/>    allow_squash_merge                      = optional(bool, true)<br/>    squash_merge_commit_title               = optional(string, "PR_TITLE")<br/>    squash_merge_commit_message             = optional(string, "PR_BODY")<br/>    allow_merge_commit                      = optional(bool, true)<br/>    merge_commit_title                      = optional(string, "PR_TITLE")<br/>    merge_commit_message                    = optional(string, "PR_BODY")<br/>    allow_rebase_merge                      = optional(bool, true)<br/>    delete_branch_on_merge                  = optional(bool, false)<br/>    web_commit_signoff_required             = optional(bool, false)<br/>    topics                                  = optional(list(string), [])<br/>    license_template                        = optional(string, null)<br/>    gitignore_template                      = optional(string, null)<br/>    auto_init                               = optional(bool, false)<br/>    enable_vulnerability_alerts             = optional(bool, true)<br/>    allow_update_branch                     = optional(bool, false)<br/>    security_and_analysis = optional(object({<br/>      advanced_security               = bool<br/>      secret_scanning                 = bool<br/>      secret_scanning_push_protection = bool<br/>    }), null)<br/>    archive_on_destroy = optional(bool, false)<br/>  })</pre> | n/a | yes |
+| <a name="input_repository"></a> [repository](#input\_repository) | Repository configuration | <pre>object({<br/>    name                        = string<br/>    description                 = optional(string, null)<br/>    visibility                  = optional(string, "public")<br/>    homepage_url                = optional(string, null)<br/>    archived                    = optional(bool, false)<br/>    has_issues                  = optional(bool, false)<br/>    has_projects                = optional(bool, false)<br/>    has_discussions             = optional(bool, false)<br/>    has_wiki                    = optional(bool, false)<br/>    is_template                 = optional(bool, false)<br/>    allow_auto_merge            = optional(bool, false)<br/>    allow_squash_merge          = optional(bool, true)<br/>    squash_merge_commit_title   = optional(string, "PR_TITLE")<br/>    squash_merge_commit_message = optional(string, "PR_BODY")<br/>    allow_merge_commit          = optional(bool, true)<br/>    merge_commit_title          = optional(string, "PR_TITLE")<br/>    merge_commit_message        = optional(string, "PR_BODY")<br/>    allow_rebase_merge          = optional(bool, true)<br/>    delete_branch_on_merge      = optional(bool, false)<br/>    web_commit_signoff_required = optional(bool, false)<br/>    topics                      = optional(list(string), [])<br/>    license_template            = optional(string, null)<br/>    gitignore_template          = optional(string, null)<br/>    auto_init                   = optional(bool, false)<br/>    enable_vulnerability_alerts = optional(bool, true)<br/>    allow_update_branch         = optional(bool, false)<br/>    security_and_analysis = optional(object({<br/>      advanced_security               = bool<br/>      secret_scanning                 = bool<br/>      secret_scanning_push_protection = bool<br/>    }), null)<br/>    archive_on_destroy = optional(bool, false)<br/>  })</pre> | n/a | yes |
 | <a name="input_rulesets"></a> [rulesets](#input\_rulesets) | A map of rulesets to configure for the repository | <pre>map(object({<br/>    name = string<br/>    # disabled, active<br/>    enforcement = string<br/>    # branch, tag<br/>    target = string<br/>    bypass_actors = optional(list(object({<br/>      # always, pull_request<br/>      bypass_mode = string<br/>      actor_id    = optional(string, null)<br/>      # RepositoryRole, Team, Integration, OrganizationAdmin<br/>      actor_type = string<br/>    })), [])<br/>    conditions = object({<br/>      ref_name = object({<br/>        # Supports ~DEFAULT_BRANCH or ~ALL<br/>        include = optional(list(string), [])<br/>        exclude = optional(list(string), [])<br/>      })<br/>    })<br/>    rules = object({<br/>      branch_name_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      commit_author_email_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      creation         = optional(bool, false),<br/>      deletion         = optional(bool, false),<br/>      non_fast_forward = optional(bool, false),<br/>      required_pull_request_reviews = optional(object({<br/>        dismiss_stale_reviews           = bool<br/>        required_approving_review_count = number<br/>      }), null),<br/>      commit_message_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      committer_email_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      merge_queue = optional(object({<br/>        check_response_timeout_minutes = optional(number, 60)<br/>        # ALLGREEN, HEADGREEN<br/>        grouping_strategy    = string<br/>        max_entries_to_build = optional(number, 5)<br/>        max_entries_to_merge = optional(number, 5)<br/>        # MERGE, SQUASH, REBASE<br/>        merge_method                      = optional(string, "MERGE")<br/>        min_entries_to_merge              = optional(number, 1)<br/>        min_entries_to_merge_wait_minutes = optional(number, 5)<br/>      }), null),<br/>      pull_request = optional(object({<br/>        dismiss_stale_reviews_on_push     = optional(bool, false)<br/>        require_code_owner_review         = optional(bool, false)<br/>        require_last_push_approval        = optional(bool, false)<br/>        required_approving_review_count   = optional(number, 0)<br/>        required_review_thread_resolution = optional(bool, false)<br/>      }), null),<br/>      required_deployments = optional(object({<br/>        required_deployment_environments = optional(list(string), [])<br/>      }), null),<br/>      required_status_checks = optional(object({<br/>        required_check = list(object({<br/>          context        = string<br/>          integration_id = optional(number, null)<br/>        }))<br/>        strict_required_status_checks_policy = optional(bool, false)<br/>        do_not_enforce_on_create             = optional(bool, false)<br/>      }), null),<br/>      tag_name_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      # Unsupported due to drift.<br/>      # https://github.com/integrations/terraform-provider-github/pull/2701<br/>      # required_code_scanning = optional(object({<br/>      #   required_code_scanning_tool = list(object({<br/>      #     // none, errors, errors_and_warnings, all<br/>      #     alerts_threshold          = string<br/>      #     // none, critical, high_or_higher, medium_or_higher, all<br/>      #     security_alerts_threshold = string<br/>      #     tool                      = string<br/>      #   }))<br/>      # }), null),<br/>    }),<br/>  }))</pre> | `{}` | no |
 | <a name="input_secrets"></a> [secrets](#input\_secrets) | Secrets for the repository (if prefixed with nacl: it should be encrypted value using the GitHub public key in Base64 format. Read more: https://docs.github.com/en/actions/security-for-github-actions/encrypted-secrets) | `map(string)` | `{}` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
diff --git a/src/README.md b/src/README.md
index 99d9b00..9594f08 100644
--- a/src/README.md
+++ b/src/README.md
@@ -337,7 +337,7 @@ The following configurations are not supported for import:
 | <a name="input_owner"></a> [owner](#input\_owner) | Owner of the repository | `string` | n/a | yes |
 | <a name="input_regex_replace_chars"></a> [regex\_replace\_chars](#input\_regex\_replace\_chars) | Terraform regular expression (regex) string.<br/>Characters matching the regex will be removed from the ID elements.<br/>If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | AWS Region | `string` | n/a | yes |
-| <a name="input_repository"></a> [repository](#input\_repository) | Repository configuration | <pre>object({<br/>    name                                    = string<br/>    description                             = optional(string, null)<br/>    visibility                              = optional(string, "public")<br/>    homepage_url                            = optional(string, null)<br/>    archived                                = optional(bool, false)<br/>    has_issues                              = optional(bool, false)<br/>    has_projects                            = optional(bool, false)<br/>    has_discussions                         = optional(bool, false)<br/>    has_wiki                                = optional(bool, false)<br/>    is_template                             = optional(bool, false)<br/>    allow_auto_merge                        = optional(bool, false)<br/>    allow_squash_merge                      = optional(bool, true)<br/>    squash_merge_commit_title               = optional(string, "PR_TITLE")<br/>    squash_merge_commit_message             = optional(string, "PR_BODY")<br/>    allow_merge_commit                      = optional(bool, true)<br/>    merge_commit_title                      = optional(string, "PR_TITLE")<br/>    merge_commit_message                    = optional(string, "PR_BODY")<br/>    allow_rebase_merge                      = optional(bool, true)<br/>    delete_branch_on_merge                  = optional(bool, false)<br/>    web_commit_signoff_required             = optional(bool, false)<br/>    topics                                  = optional(list(string), [])<br/>    license_template                        = optional(string, null)<br/>    gitignore_template                      = optional(string, null)<br/>    auto_init                               = optional(bool, false)<br/>    enable_vulnerability_alerts             = optional(bool, true)<br/>    allow_update_branch                     = optional(bool, false)<br/>    security_and_analysis = optional(object({<br/>      advanced_security               = bool<br/>      secret_scanning                 = bool<br/>      secret_scanning_push_protection = bool<br/>    }), null)<br/>    archive_on_destroy = optional(bool, false)<br/>  })</pre> | n/a | yes |
+| <a name="input_repository"></a> [repository](#input\_repository) | Repository configuration | <pre>object({<br/>    name                        = string<br/>    description                 = optional(string, null)<br/>    visibility                  = optional(string, "public")<br/>    homepage_url                = optional(string, null)<br/>    archived                    = optional(bool, false)<br/>    has_issues                  = optional(bool, false)<br/>    has_projects                = optional(bool, false)<br/>    has_discussions             = optional(bool, false)<br/>    has_wiki                    = optional(bool, false)<br/>    is_template                 = optional(bool, false)<br/>    allow_auto_merge            = optional(bool, false)<br/>    allow_squash_merge          = optional(bool, true)<br/>    squash_merge_commit_title   = optional(string, "PR_TITLE")<br/>    squash_merge_commit_message = optional(string, "PR_BODY")<br/>    allow_merge_commit          = optional(bool, true)<br/>    merge_commit_title          = optional(string, "PR_TITLE")<br/>    merge_commit_message        = optional(string, "PR_BODY")<br/>    allow_rebase_merge          = optional(bool, true)<br/>    delete_branch_on_merge      = optional(bool, false)<br/>    web_commit_signoff_required = optional(bool, false)<br/>    topics                      = optional(list(string), [])<br/>    license_template            = optional(string, null)<br/>    gitignore_template          = optional(string, null)<br/>    auto_init                   = optional(bool, false)<br/>    enable_vulnerability_alerts = optional(bool, true)<br/>    allow_update_branch         = optional(bool, false)<br/>    security_and_analysis = optional(object({<br/>      advanced_security               = bool<br/>      secret_scanning                 = bool<br/>      secret_scanning_push_protection = bool<br/>    }), null)<br/>    archive_on_destroy = optional(bool, false)<br/>  })</pre> | n/a | yes |
 | <a name="input_rulesets"></a> [rulesets](#input\_rulesets) | A map of rulesets to configure for the repository | <pre>map(object({<br/>    name = string<br/>    # disabled, active<br/>    enforcement = string<br/>    # branch, tag<br/>    target = string<br/>    bypass_actors = optional(list(object({<br/>      # always, pull_request<br/>      bypass_mode = string<br/>      actor_id    = optional(string, null)<br/>      # RepositoryRole, Team, Integration, OrganizationAdmin<br/>      actor_type = string<br/>    })), [])<br/>    conditions = object({<br/>      ref_name = object({<br/>        # Supports ~DEFAULT_BRANCH or ~ALL<br/>        include = optional(list(string), [])<br/>        exclude = optional(list(string), [])<br/>      })<br/>    })<br/>    rules = object({<br/>      branch_name_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      commit_author_email_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      creation         = optional(bool, false),<br/>      deletion         = optional(bool, false),<br/>      non_fast_forward = optional(bool, false),<br/>      required_pull_request_reviews = optional(object({<br/>        dismiss_stale_reviews           = bool<br/>        required_approving_review_count = number<br/>      }), null),<br/>      commit_message_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      committer_email_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      merge_queue = optional(object({<br/>        check_response_timeout_minutes = optional(number, 60)<br/>        # ALLGREEN, HEADGREEN<br/>        grouping_strategy    = string<br/>        max_entries_to_build = optional(number, 5)<br/>        max_entries_to_merge = optional(number, 5)<br/>        # MERGE, SQUASH, REBASE<br/>        merge_method                      = optional(string, "MERGE")<br/>        min_entries_to_merge              = optional(number, 1)<br/>        min_entries_to_merge_wait_minutes = optional(number, 5)<br/>      }), null),<br/>      pull_request = optional(object({<br/>        dismiss_stale_reviews_on_push     = optional(bool, false)<br/>        require_code_owner_review         = optional(bool, false)<br/>        require_last_push_approval        = optional(bool, false)<br/>        required_approving_review_count   = optional(number, 0)<br/>        required_review_thread_resolution = optional(bool, false)<br/>      }), null),<br/>      required_deployments = optional(object({<br/>        required_deployment_environments = optional(list(string), [])<br/>      }), null),<br/>      required_status_checks = optional(object({<br/>        required_check = list(object({<br/>          context        = string<br/>          integration_id = optional(number, null)<br/>        }))<br/>        strict_required_status_checks_policy = optional(bool, false)<br/>        do_not_enforce_on_create             = optional(bool, false)<br/>      }), null),<br/>      tag_name_pattern = optional(object({<br/>        # starts_with, ends_with, contains, regex<br/>        operator = string<br/>        pattern  = string<br/>        name     = optional(string, null)<br/>        negate   = optional(bool, false)<br/>      }), null),<br/>      # Unsupported due to drift.<br/>      # https://github.com/integrations/terraform-provider-github/pull/2701<br/>      # required_code_scanning = optional(object({<br/>      #   required_code_scanning_tool = list(object({<br/>      #     // none, errors, errors_and_warnings, all<br/>      #     alerts_threshold          = string<br/>      #     // none, critical, high_or_higher, medium_or_higher, all<br/>      #     security_alerts_threshold = string<br/>      #     tool                      = string<br/>      #   }))<br/>      # }), null),<br/>    }),<br/>  }))</pre> | `{}` | no |
 | <a name="input_secrets"></a> [secrets](#input\_secrets) | Secrets for the repository (if prefixed with nacl: it should be encrypted value using the GitHub public key in Base64 format. Read more: https://docs.github.com/en/actions/security-for-github-actions/encrypted-secrets) | `map(string)` | `{}` | no |
 | <a name="input_stage"></a> [stage](#input\_stage) | ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release' | `string` | `null` | no |
diff --git a/src/variables.tf b/src/variables.tf
index 37b55f7..d79cef4 100644
--- a/src/variables.tf
+++ b/src/variables.tf
@@ -12,32 +12,32 @@ variable "import" {
 variable "repository" {
   description = "Repository configuration"
   type = object({
-    name                                    = string
-    description                             = optional(string, null)
-    visibility                              = optional(string, "public")
-    homepage_url                            = optional(string, null)
-    archived                                = optional(bool, false)
-    has_issues                              = optional(bool, false)
-    has_projects                            = optional(bool, false)
-    has_discussions                         = optional(bool, false)
-    has_wiki                                = optional(bool, false)
-    is_template                             = optional(bool, false)
-    allow_auto_merge                        = optional(bool, false)
-    allow_squash_merge                      = optional(bool, true)
-    squash_merge_commit_title               = optional(string, "PR_TITLE")
-    squash_merge_commit_message             = optional(string, "PR_BODY")
-    allow_merge_commit                      = optional(bool, true)
-    merge_commit_title                      = optional(string, "PR_TITLE")
-    merge_commit_message                    = optional(string, "PR_BODY")
-    allow_rebase_merge                      = optional(bool, true)
-    delete_branch_on_merge                  = optional(bool, false)
-    web_commit_signoff_required             = optional(bool, false)
-    topics                                  = optional(list(string), [])
-    license_template                        = optional(string, null)
-    gitignore_template                      = optional(string, null)
-    auto_init                               = optional(bool, false)
-    enable_vulnerability_alerts             = optional(bool, true)
-    allow_update_branch                     = optional(bool, false)
+    name                        = string
+    description                 = optional(string, null)
+    visibility                  = optional(string, "public")
+    homepage_url                = optional(string, null)
+    archived                    = optional(bool, false)
+    has_issues                  = optional(bool, false)
+    has_projects                = optional(bool, false)
+    has_discussions             = optional(bool, false)
+    has_wiki                    = optional(bool, false)
+    is_template                 = optional(bool, false)
+    allow_auto_merge            = optional(bool, false)
+    allow_squash_merge          = optional(bool, true)
+    squash_merge_commit_title   = optional(string, "PR_TITLE")
+    squash_merge_commit_message = optional(string, "PR_BODY")
+    allow_merge_commit          = optional(bool, true)
+    merge_commit_title          = optional(string, "PR_TITLE")
+    merge_commit_message        = optional(string, "PR_BODY")
+    allow_rebase_merge          = optional(bool, true)
+    delete_branch_on_merge      = optional(bool, false)
+    web_commit_signoff_required = optional(bool, false)
+    topics                      = optional(list(string), [])
+    license_template            = optional(string, null)
+    gitignore_template          = optional(string, null)
+    auto_init                   = optional(bool, false)
+    enable_vulnerability_alerts = optional(bool, true)
+    allow_update_branch         = optional(bool, false)
     security_and_analysis = optional(object({
       advanced_security               = bool
       secret_scanning                 = bool

From f017d5b920a1af600d4eddc4183354615ccc9f67 Mon Sep 17 00:00:00 2001
From: Igor Rodionov <496956+goruha@users.noreply.github.com>
Date: Fri, 17 Apr 2026 22:35:56 +0300
Subject: [PATCH 5/5] Update main.tf

---
 src/main.tf | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/main.tf b/src/main.tf
index dbd4b2e..1c4ec8d 100644
--- a/src/main.tf
+++ b/src/main.tf
@@ -49,10 +49,7 @@ module "repository" {
 
   web_commit_signoff_required = var.repository.web_commit_signoff_required
 
-<<<<<<< feat/deprecate-has-downloads
-=======
   default_branch              = var.repository.default_branch
->>>>>>> main
   enable_vulnerability_alerts = var.repository.enable_vulnerability_alerts
   security_and_analysis       = var.repository.security_and_analysis