OSAC-1112: Enable GitHub Pages for the fulfillment-service repository

[jhernand]

Summary

The fulfillment-service repository recently added a GitHub Actions workflow to publish
OpenAPI specifications to GitHub Pages (see osac-project/fulfillment-service#619). However,
the Pages feature was only enabled manually in the repository settings, so it gets reverted
every time this Terraform configuration is re-applied, because the pages variable defaults
to null.

This adds the pages configuration with build_type = "workflow" to match the workflow-based
deployment used by publish-openapi.yaml.

Related: https://redhat.atlassian.net/browse/OSAC-1112
Related: osac-project/fulfillment-service#619

Test plan

• Verify that terraform plan shows no unexpected changes beyond enabling Pages.
• After apply, confirm that GitHub Pages remains enabled on the fulfillment-service repository with build_type = "workflow".
• Confirm the OpenAPI specs are still accessible at https://osac-project.github.io/fulfillment-service/openapi/.

Summary by CodeRabbit

• Chores
  • Updated repository configuration for build and deployment settings.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: osac-project/coderabbit/.coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 835b884d-ec2b-4aaa-9a52-cb767c28b71a

📥 Commits

Reviewing files that changed from the base of the PR and between 33d2081 and 3ad5844.

📒 Files selected for processing (1)

• repositories.tf

---

Walkthrough

Updated repo_fulfillment_service repository configuration to enable GitHub Pages with workflow-based builds and adjusted required status checks formatting in the Terraform module.

Changes

GitHub Pages and Branch Protection Configuration

Layer / File(s)	Summary
Fulfillment Service Pages and Branch Protection Configuration repositories.tf	The required_status_checks block formatting is adjusted within the repo_fulfillment_service module, and a new pages configuration is added that enables GitHub Pages with build_type set to workflow.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

---

Security & Risk Assessment

Risk Severity: Low-Medium — Configuration-level infrastructure change with deployment implications.

Observable Security Impacts:

• Pages Deployment: Enabling GitHub Pages with workflow-based builds creates an automated deployment pathway. Verify that the workflow triggering this build enforces appropriate branch protections and code review gates.
• Status Checks Adjustment: The required status checks formatting change may affect branch protection rules. Confirm that critical checks are not removed or weakened by this adjustment.
• No direct code execution risk, but infrastructure configuration changes should align with organizational deployment security policies.

Review focus: Confirm the workflow build process for Pages includes proper access controls and that status checks remain sufficient to prevent unreviewed code from merging.

---

Poem

📄 A workflow breathes life to pages anew,
GitHub builds what it's told to do,
Status checks keep the gates held tight,
One small merge keeps the fulfillment right. ✨

🚥 Pre-merge checks | ✅ 11

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: enabling GitHub Pages for the fulfillment-service repository, which matches the core objective of adding the pages configuration with build_type = "workflow".
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
No-Hardcoded-Secrets	✅ Passed	No hardcoded secrets detected. All string assignments are legitimate configuration values (repo names, descriptions, team IDs, permissions, build_type). No sensitive data found.
No-Weak-Crypto	✅ Passed	PR contains only Terraform configuration for GitHub repository settings; no cryptographic implementations, weak algorithms, or secret comparisons present.
No-Injection-Vectors	✅ Passed	No injection vectors present. PR only modifies Terraform configuration with hardcoded literal value "workflow" for build_type, validated against allowlist. No code execution patterns detected.
Container-Privileges	✅ Passed	PR contains only Terraform GitHub repository configuration; no container/K8s manifests with privileged settings found.
No-Sensitive-Data-In-Logs	✅ Passed	The PR adds only GitHub Pages configuration (build_type=workflow) to fulfillment-service. No logging or sensitive data exposure detected.
Ai-Attribution	✅ Passed	AI tool use (Cursor) properly attributed with "Assisted-by: Cursor" trailer in commit 3ad5844. No improper Co-Authored-By usage detected for AI tools.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jhernand]

FYI: @tzvatot you will need something like this if you are manually enabling the pages feature and you want it to survive, otherwise it will be automatically disabled when this configuration is re-applied.