From a190cd7fffd3e5dfa753647fd241e84db1f97234 Mon Sep 17 00:00:00 2001
From: ashcherbatyi <alexey.shcherbatyi@gmail.com>
Date: Sun, 23 Jun 2024 09:42:46 +0000
Subject: [PATCH] fix validation on main.tf

---
 .github/workflows/terraform-validate.yml |  2 +-
 tf-bootstrap/main.tf                     | 25 ++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/terraform-validate.yml b/.github/workflows/terraform-validate.yml
index a56efb4..9a30646 100644
--- a/.github/workflows/terraform-validate.yml
+++ b/.github/workflows/terraform-validate.yml
@@ -9,7 +9,7 @@ on:
 jobs:
 
   tofu-terraform-validate:
-    name: 'OpenTofu'
+    name: 'OpenTofu+Checkov'
     runs-on: ubuntu-latest
     defaults:
       run:
diff --git a/tf-bootstrap/main.tf b/tf-bootstrap/main.tf
index 66b4837..e03d799 100644
--- a/tf-bootstrap/main.tf
+++ b/tf-bootstrap/main.tf
@@ -34,6 +34,31 @@ resource "github_repository" "this" {
   description = var.github_repository
   visibility  = "private"
   auto_init   = true # This is extremely important as flux_bootstrap_git will not work without a repository that has been initialised
+
+   # Enable vulnerability alerts
+  vulnerability_alerts = true
+
+  # Branch protection
+  branch_protection {
+    pattern    = "main"
+    enforce_admins = true
+
+    required_pull_request_reviews {
+      dismiss_stale_reviews          = true
+      require_code_owner_reviews     = true
+      required_approving_review_count = 1
+    }
+
+    required_status_checks {
+      strict   = true
+      contexts = ["validate"]
+    }
+
+    restrictions {
+      users = []
+      teams = []
+    }
+  }
 }
 
 # ==========================================