Control: Default branch should block deletion in each private repository

Description

The default branch is important and definitely shouldn't be deleted.

Usage

Run the control in your terminal:

powerpipe control run github_sherlock.control.private_repo_default_branch_blocks_deletion

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run github_sherlock.control.private_repo_default_branch_blocks_deletion --share

Steampipe Tables

github_my_repository

SQL

select
  url as resource,
  case
    when (default_branch_ref -> 'branch_protection_rule') is null then 'info'
    when (default_branch_ref -> 'branch_protection_rule' ->> 'allows_deletions') = 'false' then 'ok'
    else 'alarm'
  end as status,
  name_with_owner || ' default branch ' || (default_branch_ref ->> 'name') ||
    case
      when (default_branch_ref -> 'branch_protection_rule' ->> 'allows_deletions') = 'false' then ' prevents deletion.'
      when (default_branch_ref -> 'branch_protection_rule' ->> 'allows_deletions') = 'true' then ' allows deletion.'
      -- If not false or true, then null, which means no branch protection rule exists
      else ' branch protection rule unknown.'
    end as reason,
  name_with_owner
from
  github_my_repository
where
  visibility = 'PRIVATE' and is_fork = false