From 3a620752be57ef0e7026c056610bdc66b36096d8 Mon Sep 17 00:00:00 2001
From: xnoto <steven@makeitwork.cloud>
Date: Tue, 3 Mar 2026 00:05:35 -0700
Subject: [PATCH 1/2] feat: configure squash merge and disable force pushes

---
 gh-protections.tf  |  2 +-
 gh-repositories.tf | 12 +++++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/gh-protections.tf b/gh-protections.tf
index 3bdc160..2c0f8ca 100644
--- a/gh-protections.tf
+++ b/gh-protections.tf
@@ -11,7 +11,7 @@ resource "github_branch_protection" "protections" {
   repository_id                   = github_repository.repositories[each.key].node_id
   pattern                         = "main"
   enforce_admins                  = false
-  allows_force_pushes             = true
+  allows_force_pushes             = false
   required_linear_history         = true
   require_conversation_resolution = true
   required_status_checks {
diff --git a/gh-repositories.tf b/gh-repositories.tf
index 06c83aa..bac3325 100644
--- a/gh-repositories.tf
+++ b/gh-repositories.tf
@@ -7,9 +7,15 @@ import {
 */
 
 resource "github_repository" "repositories" {
-  for_each   = local.github_repositories
-  name       = each.key
-  visibility = var.github_visibility
+  for_each                    = local.github_repositories
+  name                        = each.key
+  visibility                  = var.github_visibility
+  allow_squash_merge          = true
+  allow_merge_commit          = true
+  allow_rebase_merge          = false
+  delete_branch_on_merge      = true
+  squash_merge_commit_title   = "PR_TITLE"
+  squash_merge_commit_message = "PR_BODY"
   lifecycle {
     ignore_changes = [
       description,

From 234d7d1bc68f2316e11538c406cdef45470be98f Mon Sep 17 00:00:00 2001
From: xnoto <steven@makeitwork.cloud>
Date: Tue, 3 Mar 2026 00:25:56 -0700
Subject: [PATCH 2/2] fix: set required review count to 0 for single-maintainer
 workflow

---
 gh-protections.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gh-protections.tf b/gh-protections.tf
index 2c0f8ca..34c3613 100644
--- a/gh-protections.tf
+++ b/gh-protections.tf
@@ -23,7 +23,7 @@ resource "github_branch_protection" "protections" {
     dismiss_stale_reviews           = true
     pull_request_bypassers          = ["/${github_team.admins.slug}"]
     require_code_owner_reviews      = true
-    required_approving_review_count = 1
+    required_approving_review_count = 0
     require_last_push_approval      = true
     restrict_dismissals             = true
   }