From f9f3bfd078bedd6f9129579f950920fcc708c558 Mon Sep 17 00:00:00 2001
From: Kim Iversen <kim@wwan.no>
Date: Fri, 14 Mar 2025 08:34:00 +0100
Subject: [PATCH 1/2] feat: repository visibility configurable

---
 modules/github/repository_module.tf    | 2 +-
 modules/github/repository_templates.tf | 2 +-
 modules/github/variables.tf            | 9 +++++++++
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/modules/github/repository_module.tf b/modules/github/repository_module.tf
index 06aeda1..ea94ef4 100644
--- a/modules/github/repository_module.tf
+++ b/modules/github/repository_module.tf
@@ -2,7 +2,7 @@ resource "github_repository" "alz" {
   name                 = var.repository_name
   description          = var.repository_name
   auto_init            = true
-  visibility           = data.github_organization.alz.plan == local.free_plan ? "public" : "private"
+  visibility           = var.repository_visibility
   allow_update_branch  = true
   allow_merge_commit   = false
   allow_rebase_merge   = false
diff --git a/modules/github/repository_templates.tf b/modules/github/repository_templates.tf
index 92a3924..65dad83 100644
--- a/modules/github/repository_templates.tf
+++ b/modules/github/repository_templates.tf
@@ -3,7 +3,7 @@ resource "github_repository" "alz_templates" {
   name                 = var.repository_name_templates
   description          = var.repository_name_templates
   auto_init            = true
-  visibility           = data.github_organization.alz.plan == local.free_plan ? "public" : "private"
+  visibility           = var.repository_visibility
   allow_update_branch  = true
   allow_merge_commit   = false
   allow_rebase_merge   = false
diff --git a/modules/github/variables.tf b/modules/github/variables.tf
index c2ec9f8..d7e8633 100644
--- a/modules/github/variables.tf
+++ b/modules/github/variables.tf
@@ -91,3 +91,12 @@ variable "use_self_hosted_runners" {
 variable "create_branch_policies" {
   type = bool
 }
+
+variable "repository_visibility" {
+  type    = string
+  default = "private"
+  validation {
+    condition     = contains(["private", "public", "internal"], var.repository_visibility)
+    error_message = "The repository visibility must be either of (private|public|internal)"
+  }
+}

From c189df82e73b170f7a4756cd947f17f61b4fa369 Mon Sep 17 00:00:00 2001
From: Kim Iversen <kim@wwan.no>
Date: Fri, 14 Mar 2025 10:39:26 +0100
Subject: [PATCH 2/2] fix: move variable validation logic to caller module

feat: enable repo visibility configuration
---
 alz/github/main.tf          |  1 +
 alz/github/variables.tf     | 10 ++++++++++
 modules/github/variables.tf |  7 +------
 3 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/alz/github/main.tf b/alz/github/main.tf
index 7d28f7d..f5a9935 100644
--- a/alz/github/main.tf
+++ b/alz/github/main.tf
@@ -78,6 +78,7 @@ module "github" {
   organization_name                            = var.github_organization_name
   environments                                 = local.environments
   repository_name                              = local.resource_names.version_control_system_repository
+  repository_visibility                        = var.repository_visibility
   use_template_repository                      = var.use_separate_repository_for_templates
   repository_name_templates                    = local.resource_names.version_control_system_repository_templates
   repository_files                             = local.repository_files
diff --git a/alz/github/variables.tf b/alz/github/variables.tf
index af8545c..e3437b6 100644
--- a/alz/github/variables.tf
+++ b/alz/github/variables.tf
@@ -87,6 +87,16 @@ variable "use_separate_repository_for_templates" {
   default     = true
 }
 
+variable "repository_visibility" {
+  description = "Can be public or private. If your organization is associated with an enterprise account using GitHub Enterprise Cloud or GitHub Enterprise Server 2.20+, visibility can also be internal. The visibility parameter overrides the private parameter."
+  type        = string
+  default     = "private"
+  validation {
+    condition     = contains(["private", "public", "internal"], var.repository_visibility)
+    error_message = "The repository visibility must be either of (private|public|internal)"
+  }
+}
+
 variable "bootstrap_subscription_id" {
   description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription"
   type        = string
diff --git a/modules/github/variables.tf b/modules/github/variables.tf
index d7e8633..6d872b5 100644
--- a/modules/github/variables.tf
+++ b/modules/github/variables.tf
@@ -93,10 +93,5 @@ variable "create_branch_policies" {
 }
 
 variable "repository_visibility" {
-  type    = string
-  default = "private"
-  validation {
-    condition     = contains(["private", "public", "internal"], var.repository_visibility)
-    error_message = "The repository visibility must be either of (private|public|internal)"
-  }
+  type = string
 }