v1.6.0

fix: add missing field for autolink reference Michał Tomaszek (@mtweeman) (#22)

## what

Adding missing variable field to the autolink references.

why

is_alphanumeric field exists in autolink_references variable, but is not added in the github_repository_autolink_reference resource. Because of that, default provider's value is used (true) regardless of the value specified by the variable.

v1.5.0

fix: add custom repository roles support Michał Tomaszek (@mtweeman) (#23)

## what

Adding support for custom repository roles.

why

Currently, only base repository roles are supported. I'd be nice to be able to refer to the custom repository roles via name instead of hard-coding their IDs.

v1.4.1

feat: remove deprecated has_downloads and ignore_vulnerability_alerts_during_read variables John C. Bland II (@johncblandii) (#20)

## what

• Remove the has_downloads variable and its deprecation check block
• Remove the ignore_vulnerability_alerts_during_read variable and its resource attribute
• Clean up all references from module root, examples, fixtures, README, and README.yaml

why

• has_downloads was deprecated by GitHub — the feature no longer exists. It was previously marked deprecated in this module via #17 and is now fully removed.
• ignore_vulnerability_alerts_during_read is a no-op — the GitHub provider now handles lack of permissions automatically, making this attribute unnecessary.

references

• #17 (deprecated has_downloads)
• https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository (provider docs confirming deprecations)

🚀 Enhancements

Bump github.com/ulikunitz/xz from 0.5.10 to 0.5.14 in /test/src @[dependabot[bot]](https://github.com/apps/dependabot) (#14)

Bumps [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) from 0.5.10 to 0.5.14.

Commits

• 7184815 Preparation of release v0.5.14
• 88ddf1d Address Security Issue GHSA-jc7w-c686-c4v9
• c8314b8 Add new package xio with WriteCloserStack
• 4f11dce Update README.md and SECURITY.md to address security questions
• f56ebbf TODO.md: fix a typo
• 9d122a6 release version v0.5.11
• 4ce6f08 lzma: fix handling of small dictionary sizes
• 0b7c695 xz: add reader benchmark
• 5535077 xz: add compression reate to Writer benchmark
• 886dc9a xz: add benchmark for Writer
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

🤖 Automatic Updates

Bump github.com/ulikunitz/xz from 0.5.10 to 0.5.14 in /test/src @[dependabot[bot]](https://github.com/apps/dependabot) (#14)

Bumps [github.com/ulikunitz/xz](https://github.com/ulikunitz/xz) from 0.5.10 to 0.5.14.

Commits

• 7184815 Preparation of release v0.5.14
• 88ddf1d Address Security Issue GHSA-jc7w-c686-c4v9
• c8314b8 Add new package xio with WriteCloserStack
• 4f11dce Update README.md and SECURITY.md to address security questions
• f56ebbf TODO.md: fix a typo
• 9d122a6 release version v0.5.11
• 4ce6f08 lzma: fix handling of small dictionary sizes
• 0b7c695 xz: add reader benchmark
• 5535077 xz: add compression reate to Writer benchmark
• 886dc9a xz: add benchmark for Writer
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

v1.4.0

feat: Support github_team_repository Alvaro Gonzalez (@alvarorm22) (#11)

## what

• Support the github_team_repository creation. This resource manages relationships between teams and repositories
• github_team_repository cannot be used in conjunction with github_repository_collaborators, so I've added a check in the resource count.

why

• Organizations may need this resource to manage their teams and permissions

references

closes #10

v1.3.0

feat: support for copilot_code_review thejrose1984 (#21)

## what

• Added copilot_code_review to the rules object in var.rulesets, with two optional boolean attributes: review_on_push (default: false) and review_draft_pull_requests (default: false)
• Added a dynamic "copilot_code_review" block in main.tf to wire the new variable into the github_repository_ruleset resource
• Bumped the minimum required GitHub provider version from >= 6.9.0 to >= 6.10.0, which is the version that introduced copilot_code_review support

why

• Configuring Copilot code review via a repository ruleset caused perpetual drift when the setting was applied manually, because the Terraform module had no way to express it
• GitHub Enterprise users need automated Copilot peer review on PRs without relying on org-level rulesets

references

• closes cloudposse-terraform-components/aws-github-repository#32
• GitHub provider PR that added support: integrations/terraform-provider-github#2965

v1.2.0

Remove `rulesets_etags` output to eliminate permadrift @[copilot-swe-agent[bot]](https://github.com/apps/copilot-swe-agent) (#19)

The GitHub API non-deterministically returns strong vs. weak ETags (`"abc..."` vs `W/"xyz..."`) for the same ruleset resource, causing `rulesets_etags` to show spurious changes on every plan/apply cycle.

Changes

• outputs.tf — removed rulesets_etags output; ETags are HTTP caching internals with no stable semantic value for module consumers
• examples/complete/outputs.tf, examples/minimum/outputs.tf — removed corresponding passthrough outputs
• test/src/examples_complete_test.go — removed etag output fetch and length assertion

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Permadrift from etags</issue_title>
<issue_description>### Describe the Bug

I am noting permadrift with rulesets. For example:

Changes to Outputs:
  ~ rulesets_etags               = {
      ~ main_branch_protection = "\"7e66b1d2703c08ce8ad4fd6c33f02f1fadc029278e88b0a5a189346c6b0386ee\"" -> "W/\"02ffd1a67e695b87303db4ab4fb71ad52d60a76e7c021cca8db01a365e21927a\""
    }

Expected Behavior

No drift on outputs on subsequent plan/applies

Steps to Reproduce

Happens on subsequent plan/applies

Screenshots

No response

Environment

No response

Additional Context

No response</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes #18

---

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

v1.1.0

deprecate: mark has_downloads variable as deprecated John C. Bland II (@johncblandii) (#17)

## what

• Deprecate has_downloads variable with backward-compatible warning instead of breaking removal
• Add check block to emit deprecation warning when users set has_downloads = true
• Remove has_downloads attribute from github_repository resource
• Bump minimum Terraform version to >= 1.5 (required for check blocks)

why

• The has_downloads attribute is officially deprecated in the GitHub Terraform provider (v6.10.2) and will be removed in a future version
• Rather than breaking existing configurations by removing the variable, this approach warns users to update their code
• Terraform 1.5+ is required to use check blocks which enable warnings without errors

references

• GitHub Provider Documentation - has_downloads deprecation
• GitHub Community Discussion on Downloads Feature Removal

v1.0.0

Add repository fork, GitHub Pages, and push ruleset support John C. Bland II (@johncblandii) (#16)

## what

• Add fork configuration to enable creating forked repositories
• Add GitHub Pages configuration with build type, CNAME, and source options
• Enable required_code_scanning ruleset rules (drift issue resolved)
• Add push ruleset target with file restrictions and size limits
• Add new ruleset rule types: required_linear_history, required_signatures, update, and update_allows_fetch_and_merge

why

These additions extend the module's capabilities to support more GitHub repository features and provide better control over repository rulesets, enabling enforcement of push-based rules and providing a more complete security analysis configuration.

references

• GitHub Terraform Provider: terraform-provider-github v6.9.0

v0.2.1

🚀 Enhancements

Fix Teams Order of Operations Dan Miller (@milldr) (#13)

## what - Add dependency on repository collaborators resource

why

• The teams must be created for the repositories before creating environment protections rules that require reviewers (teams)

references

│ Error: PUT https://api.github.com/repos/acme/my-bar-app/environments/prod: 422 Failed to create or update the environment protection rule. Required reviewers must have at least one reviewer to set prevent_self_review. []
│
│   with module.repository.github_repository_environment.default["prod"],
│   on .terraform/modules/repository/main.tf line 158, in resource "github_repository_environment" "default":
│  158: resource "github_repository_environment" "default" {
│
╵

v0.2.0

feat: Support `evaluate` for Ruleset Enforcement Dan Miller (@milldr) (#8)

## what - added evaluate enforcement type

enforcement - (Required) (String) Possible values for Enforcement are disabled, active, evaluate. Note: evaluate is currently only supported for owners of type organization.

why

• evaluate is supported as an enforcement type for type organization

references

• https://registry.terraform.io/providers/integrations/github/latest/docs/resources/repository_ruleset

🤖 Automatic Updates

Bump golang.org/x/net from 0.0.0-20220826154423-83b083e8dc8b to 0.38.0 in /test/src @[dependabot[bot]](https://github.com/apps/dependabot) (#4)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.0.0-20220826154423-83b083e8dc8b to 0.38.0.

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

chore(deps): bump google.golang.org/grpc from 1.50.1 to 1.56.3 in /test/src @[dependabot[bot]](https://github.com/apps/dependabot) (#7)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.50.1 to 1.56.3.

Release notes

Sourced from google.golang.org/grpc's releases.

Release 1.56.3

Security

• server: prohibit more than MaxConcurrentStreams handlers from running at once (CVE-2023-44487)

  In addition to this change, applications should ensure they do not leave running tasks behind related to the RPC before returning from method handlers, or should enforce appropriate limits on any such work.

Release 1.56.2

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.56.1

• client: handle empty address lists correctly in addrConn.updateAddrs

Release 1.56.0

New Features

• client: support channel idleness using WithIdleTimeout dial option (#6263)
  • This feature is currently disabled by default, but will be enabled with a 30 minute default in the future.
• client: when using pickfirst, keep channel state in TRANSIENT_FAILURE until it becomes READY (gRFC A62) (#6306)
• xds: Add support for Custom LB Policies (gRFC A52) (#6224)
• xds: support pick_first Custom LB policy (gRFC A62) (#6314) (#6317)
• client: add support for pickfirst address shuffling (gRFC A62) (#6311)
• xds: Add support for String Matcher Header Matcher in RDS (#6313)
• xds/outlierdetection: Add Channelz Logger to Outlier Detection LB (#6145)
  • Special Thanks: @​s-matyukevich
• xds: enable RLS in xDS by default (#6343)
• orca: add support for application_utilization field and missing range checks on several metrics setters
• balancer/weightedroundrobin: add new LB policy for balancing between backends based on their load reports (gRFC A58) (#6241)
• authz: add conversion of json to RBAC Audit Logging config (#6192)
• authz: add support for stdout logger (#6230 and #6298)
• authz: support customizable audit functionality for authorization policy (#6192 #6230 #6298 #6158 #6304 and #6225)

Bug Fixes

• orca: fix a race at startup of out-of-band metric subscriptions that would cause the report interval to request 0 (#6245)
• xds/xdsresource: Fix Outlier Detection Config Handling and correctly set xDS Defaults (#6361)
• xds/outlierdetection: Fix Outlier Detection Config Handling by setting defaults in ParseConfig() (#6361)

API Changes

• orca: allow a ServerMetricsProvider to be passed to the ORCA service and ServerOption (#6223)

Release 1.55.1

• status: To fix a panic, status.FromError now returns an error with codes.Unknown when the error implements the GRPCStatus() method, and calling GRPCStatus() returns nil. (#6374)

Release 1.55.0

Behavior Changes

• xds: enable federation support by default (#6151)
• status: status.Code and status.FromError handle wrapped errors (#6031 and #6150)

... (truncated)

Commits

• 1055b48 Update version.go to 1.56.3 (#6713)
• 5efd7bd server: prohibit more than MaxConcurrentStreams handlers from running at once...
• bd1f038 Upgrade version.go to 1.56.3-dev (