mineiros-io
diff --git a/‎CHANGELOG.md
Lines changed: 6 additions & 0 deletions b/‎CHANGELOG.md
Lines changed: 6 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 30 additions & 25 deletions b/‎README.md
Lines changed: 30 additions & 25 deletions
diff --git a/‎README.tfdoc.hcl
Lines changed: 42 additions & 26 deletions b/‎README.tfdoc.hcl
Lines changed: 42 additions & 26 deletions
diff --git a/‎go.sum
Lines changed: 0 additions & 4 deletions b/‎go.sum
Lines changed: 0 additions & 4 deletions
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.19.0]
+
+### Added
+
+- Added support for `security_and_analysis`.
+
 ## [0.18.0]
 
 ### Added
 
@@ -9,11 +9,8 @@
 # terraform-github-repository
 
 A [Terraform] module for creating a public or private repository on [Github].
-
 **_This module supports Terraform v1.x and is compatible with the Official Terraform GitHub Provider v4.20 and above from `integrations/github`._**
-
 **Attention: This module is incompatible with the Hashicorp GitHub Provider! The latest version of this module supporting `hashicorp/github` provider is `~> 0.10.0`**
-
 ** Note: Versions 5.3.0, 5.4.0, and 5.5.0 of the Terraform Github Provider have broken branch protections support and should not be used.**
 
 
@@ -30,6 +27,7 @@ A [Terraform] module for creating a public or private repository on [Github].
     - [Deploy Keys Configuration](#deploy-keys-configuration)
     - [Branch Protections v3 Configuration](#branch-protections-v3-configuration)
     - [Branch Protections v4 Configuration](#branch-protections-v4-configuration)
+    - [Security And Analysis Configuration](#security-and-analysis-configuration)
     - [Issue Labels Configuration](#issue-labels-configuration)
     - [Projects Configuration](#projects-configuration)
     - [Webhooks Configuration](#webhooks-configuration)
@@ -61,26 +59,22 @@ rollouts** and **rollbacks**. It's a comprehensive, ready-to-use blueprint
 maintained by our team of platform engineering experts and saves
 companies such as yours tons of time by building on top of a pre-configured
 solution instead of building and maintaining it yourself.
-
 For details please see [https://mineiros.io/github-as-code][github-as-code].
 
 ## Module Features
 
 In contrast to the plain `github_repository` resource this module enables various other
 features like Branch Protection or Collaborator Management.
-
 - **Default Security Settings**:
   This module creates a `private` repository by default,
   Deploy keys are `read-only` by default
-
 - **Standard Repository Features**:
   Setting basic Metadata,
   Merge Strategy,
   Auto Init,
   License Template,
   Gitignore Template,
   Template Repository
-
 - **Extended Repository Features**:
   Branches,
   Branch Protection,
@@ -91,7 +85,6 @@ features like Branch Protection or Collaborator Management.
   Deploy Keys,
   Projects,
   Repository Webhooks
-
 - _Features not yet implemented_:
   Project Columns support,
   Actions,
@@ -100,12 +93,10 @@ features like Branch Protection or Collaborator Management.
 ## Getting Started
 
 Most basic usage creating a new private github repository.
-
 ```hcl
 module "repository" {
   source  = "mineiros-io/repository/github"
   version = "~> 0.18.0"
-
   name               = "terraform-github-repository"
   license_template   = "apache-2.0"
   gitignore_template = "Terraform"
@@ -616,12 +607,9 @@ This is due to some terraform limitation and we will update the module once terr
 - [**`branch_protections_v4`**](#var-branch_protections_v4): *(Optional `list(branch_protection_v4)`)*<a name="var-branch_protections_v4"></a>
 
   This resource allows you to configure v4 branch protection for repositories in your organization.
-
   Each element in the list is a branch to be protected and the value the corresponding to the desired configuration for the branch.
-
   When applied, the branch will be protected from forced pushes and deletion.
   Additional constraints, such as required status checks or restrictions on users and teams, can also be configured.
-
   **_NOTE:_** May conflict with v3 branch protections if used for the same branch.
 
   Default is `[]`.
@@ -749,6 +737,35 @@ This is due to some terraform limitation and we will update the module once terr
 
       Default is `[]`.
 
+#### Security And Analysis Configuration
+
+- [**`security_and_analysis`**](#var-security_and_analysis): *(Optional `object(security_and_analysis)`)*<a name="var-security_and_analysis"></a>
+
+  (Optional) The repository's [security and analysis](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository) configuration.
+  See [Security and Analysis Configuration](#security-and-analysis-configuration) below for details.
+
+  Default is `{}`.
+
+  The `security_and_analysis` object accepts the following attributes:
+
+  - [**`advanced_security`**](#attr-security_and_analysis-advanced_security): *(**Required** `string`)*<a name="attr-security_and_analysis-advanced_security"></a>
+
+    The advanced security configuration for the repository. See [Advanced Security Configuration](#advanced-security-configuration) below for details.
+
+    Default is `"disabled"`.
+
+  - [**`secret_scanning`**](#attr-security_and_analysis-secret_scanning): *(**Required** `string`)*<a name="attr-security_and_analysis-secret_scanning"></a>
+
+    The secret scanning configuration for the repository. See [Secret Scanning Configuration](#secret-scanning-configuration) below for details.
+
+    Default is `"disabled"`.
+
+  - [**`secret_scanning_push_protection`**](#attr-security_and_analysis-secret_scanning_push_protection): *(**Required** `string`)*<a name="attr-security_and_analysis-secret_scanning_push_protection"></a>
+
+    The secret scanning push protection configuration for the repository. See [Secret Scanning Push Protection Configuration](#secret-scanning-push-protection-configuration) below for details.
+
+    Default is `"disabled"`.
+
 #### Issue Labels Configuration
 
 - [**`issue_labels`**](#var-issue_labels): *(Optional `list(issue_label)`)*<a name="var-issue_labels"></a>
@@ -859,13 +876,9 @@ This is due to some terraform limitation and we will update the module once terr
 - [**`plaintext_secrets`**](#var-plaintext_secrets): *(Optional `map(string)`)*<a name="var-plaintext_secrets"></a>
 
   This map allows you to create and manage secrets for repositories in your organization.
-
   Each element in the map is considered a secret to be managed, being the key map the secret name and the value the corresponding secret in plain text:
-
   When applied, a secret with the given key and value will be created in the repositories.
-
   The value of the secrets must be given in plain text, GitHub provider is in charge of encrypting it.
-
   **Attention:** You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the encrypted_value using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction.
 
   Default is `{}`.
@@ -882,9 +895,7 @@ This is due to some terraform limitation and we will update the module once terr
 - [**`encrypted_secrets`**](#var-encrypted_secrets): *(Optional `map(string)`)*<a name="var-encrypted_secrets"></a>
 
   This map allows you to create and manage encrypted secrets for repositories in your organization.
-
   Each element in the map is considered a secret to be managed, being the key map the secret name and the value the corresponding encrypted value of the secret using the Github public key in Base64 format.b
-
   When applied, a secret with the given key and value will be created in the repositories.
 
   Default is `{}`.
@@ -1033,9 +1044,7 @@ The following attributes are exported by the module:
 ## Module Versioning
 
 This Module follows the principles of [Semantic Versioning (SemVer)].
-
 Given a version number `MAJOR.MINOR.PATCH`, we increment the:
-
 1. `MAJOR` version when we make incompatible changes,
 2. `MINOR` version when we add functionality in a backwards compatible manner, and
 3. `PATCH` version when we make backwards compatible bug fixes.
@@ -1049,10 +1058,8 @@ Given a version number `MAJOR.MINOR.PATCH`, we increment the:
 
 [Mineiros][homepage] is a remote-first company headquartered in Berlin, Germany
 that solves development, automation and security challenges in cloud infrastructure.
-
 Our vision is to massively reduce time and overhead for teams to manage and
 deploy production-grade and secure cloud infrastructure.
-
 We offer commercial support for all of our modules and encourage you to reach out
 if you have any questions or need help. Feel free to email us at [[email protected]] or join our
 [Community Slack channel][slack].
@@ -1074,10 +1081,8 @@ Run `make help` to see details on each available target.
 ## License
 
 [![license][badge-license]][apache20]
-
 This module is licensed under the Apache License Version 2.0, January 2004.
 Please see [LICENSE] for full details.
-
 Copyright &copy; 2020-2022 [Mineiros GmbH][homepage]
 
 
 
@@ -38,11 +38,8 @@ section {
   toc     = true
   content = <<-END
     A [Terraform] module for creating a public or private repository on [Github].
-
     **_This module supports Terraform v1.x and is compatible with the Official Terraform GitHub Provider v4.20 and above from `integrations/github`._**
-
     **Attention: This module is incompatible with the Hashicorp GitHub Provider! The latest version of this module supporting `hashicorp/github` provider is `~> 0.10.0`**
-
     ** Note: Versions 5.3.0, 5.4.0, and 5.5.0 of the Terraform Github Provider have broken branch protections support and should not be used.**
   END
 
@@ -60,7 +57,6 @@ section {
       maintained by our team of platform engineering experts and saves
       companies such as yours tons of time by building on top of a pre-configured
       solution instead of building and maintaining it yourself.
-
       For details please see [https://mineiros.io/github-as-code][github-as-code].
     END
   }
@@ -70,19 +66,16 @@ section {
     content = <<-END
       In contrast to the plain `github_repository` resource this module enables various other
       features like Branch Protection or Collaborator Management.
-
       - **Default Security Settings**:
         This module creates a `private` repository by default,
         Deploy keys are `read-only` by default
-
       - **Standard Repository Features**:
         Setting basic Metadata,
         Merge Strategy,
         Auto Init,
         License Template,
         Gitignore Template,
         Template Repository
-
       - **Extended Repository Features**:
         Branches,
         Branch Protection,
@@ -93,7 +86,6 @@ section {
         Deploy Keys,
         Projects,
         Repository Webhooks
-
       - _Features not yet implemented_:
         Project Columns support,
         Actions,
@@ -105,12 +97,10 @@ section {
     title   = "Getting Started"
     content = <<-END
       Most basic usage creating a new private github repository.
-
       ```hcl
       module "repository" {
         source  = "mineiros-io/repository/github"
         version = "~> 0.18.0"
-
         name               = "terraform-github-repository"
         license_template   = "apache-2.0"
         gitignore_template = "Terraform"
@@ -796,12 +786,9 @@ section {
           default     = []
           description = <<-END
             This resource allows you to configure v4 branch protection for repositories in your organization.
-
             Each element in the list is a branch to be protected and the value the corresponding to the desired configuration for the branch.
-
             When applied, the branch will be protected from forced pushes and deletion.
             Additional constraints, such as required status checks or restrictions on users and teams, can also be configured.
-
             **_NOTE:_** May conflict with v3 branch protections if used for the same branch.
           END
 
@@ -970,6 +957,47 @@ section {
         }
       }
 
+      section {
+        title = "Security And Analysis Configuration"
+
+        variable "security_and_analysis" {
+          type        = object(security_and_analysis)
+          default     = {}
+          description = <<-END
+            (Optional) The repository's [security and analysis](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/enabling-features-for-your-repository/managing-security-and-analysis-settings-for-your-repository) configuration.
+            See [Security and Analysis Configuration](#security-and-analysis-configuration) below for details.
+          END
+
+          attribute "advanced_security" {
+            type        = string
+            required    = true
+            default     = "disabled"
+            description = <<-END
+              The advanced security configuration for the repository. See [Advanced Security Configuration](#advanced-security-configuration) below for details.
+            END
+          }
+
+          attribute "secret_scanning" {
+            type        = string
+            required    = true
+            default     = "disabled"
+            description = <<-END
+              The secret scanning configuration for the repository. See [Secret Scanning Configuration](#secret-scanning-configuration) below for details.
+            END
+          }
+
+          attribute "secret_scanning_push_protection" {
+            type        = string
+            required    = true
+            default     = "disabled"
+            description = <<-END
+              The secret scanning push protection configuration for the repository. See [Secret Scanning Push Protection Configuration](#secret-scanning-push-protection-configuration) below for details.
+            END
+          }
+
+        }
+      }
+
       section {
         title = "Issue Labels Configuration"
 
@@ -1134,13 +1162,9 @@ section {
           default     = {}
           description = <<-END
             This map allows you to create and manage secrets for repositories in your organization.
-
             Each element in the map is considered a secret to be managed, being the key map the secret name and the value the corresponding secret in plain text:
-
             When applied, a secret with the given key and value will be created in the repositories.
-
             The value of the secrets must be given in plain text, GitHub provider is in charge of encrypting it.
-
             **Attention:** You should treat state as sensitive always. It is also advised that you do not store plaintext values in your code but rather populate the encrypted_value using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible in your code. See below for an example of this abstraction.
           END
 
@@ -1157,9 +1181,7 @@ section {
           default     = {}
           description = <<-END
             This map allows you to create and manage encrypted secrets for repositories in your organization.
-
             Each element in the map is considered a secret to be managed, being the key map the secret name and the value the corresponding encrypted value of the secret using the Github public key in Base64 format.b
-
             When applied, a secret with the given key and value will be created in the repositories.
           END
 
@@ -1379,9 +1401,7 @@ section {
     title   = "Module Versioning"
     content = <<-END
       This Module follows the principles of [Semantic Versioning (SemVer)].
-
       Given a version number `MAJOR.MINOR.PATCH`, we increment the:
-
       1. `MAJOR` version when we make incompatible changes,
       2. `MINOR` version when we add functionality in a backwards compatible manner, and
       3. `PATCH` version when we make backwards compatible bug fixes.
@@ -1401,10 +1421,8 @@ section {
     content = <<-END
       [Mineiros][homepage] is a remote-first company headquartered in Berlin, Germany
       that solves development, automation and security challenges in cloud infrastructure.
-
       Our vision is to massively reduce time and overhead for teams to manage and
       deploy production-grade and secure cloud infrastructure.
-
       We offer commercial support for all of our modules and encourage you to reach out
       if you have any questions or need help. Feel free to email us at [[email protected]] or join our
       [Community Slack channel][slack].
@@ -1438,10 +1456,8 @@ section {
     title   = "License"
     content = <<-END
       [![license][badge-license]][apache20]
-
       This module is licensed under the Apache License Version 2.0, January 2004.
       Please see [LICENSE] for full details.
-
       Copyright &copy; 2020-2022 [Mineiros GmbH][homepage]
     END
   }
@@ -1541,4 +1557,4 @@ references {
   ref "contribution guidelines" {
     value = "https://github.com/mineiros-io/terraform-github-repository/blob/main/CONTRIBUTING.md"
   }
-}
+}
@@ -379,7 +379,6 @@ golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586 h1:7KByu05hhLed2MO29w7p1XfZvZ13m8mub3shuVftRs0=
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -424,12 +423,10 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7 h1:fHDIZ2oxGnUZRN6WgWFCbYBjH9uqVPRCUVUDhs0wnbA=
 golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 h1:efeOvDhwQ29Dj3SdAV/MJf8oukgn+8D8WgaCaRMchF8=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
@@ -579,7 +576,6 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD
 gopkg.in/warnings.v0 v0.1.1/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
 gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=