feat: add gh-org-webhook tfm

[frmadem]

solves #977

[Copilot]

Pull request overview

This PR introduces a new Terraform module for managing GitHub organization-level webhooks (POC for issue #977), and wires it into the repository’s release-please/module documentation patterns.

Changes:

• Added modules/gh-org-webhook Terraform module (resource, inputs, outputs).
• Added module documentation + terraform-docs configuration and a basic example.
• Registered the new module in release-please-config.json.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 10 comments.

Show a summary per file

File	Description
release-please-config.json	Adds release-please package entry for the new module.
modules/gh-org-webhook/versions.tf	Declares GitHub provider requirement for the module.
modules/gh-org-webhook/variables.tf	Defines strongly-typed config input + validations for webhook events.
modules/gh-org-webhook/main.tf	Creates the github_organization_webhook resource from config.
modules/gh-org-webhook/outputs.tf	Exposes webhook id/url/active/events outputs.
modules/gh-org-webhook/docs/header.md	Module overview + usage examples used by terraform-docs.
modules/gh-org-webhook/docs/footer.md	Footer content intended for README injection.
modules/gh-org-webhook/.terraform-docs.yml	terraform-docs configuration for README generation.
modules/gh-org-webhook/README.md	Generated/assembled module documentation.
modules/gh-org-webhook/_examples/basic/main.tf	Minimal example wiring JSON config into the module.
modules/gh-org-webhook/_examples/basic/config.json	Example JSON config payload.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

In this HCL code block the module name is rendered as org\_webhook (escaped underscore), which makes it invalid HCL for copy/paste. Code fences should contain unescaped HCL identifiers.

[Copilot]

The events list in this HCL example escapes underscores (e.g., pull\_request, workflow\_run), which makes the example invalid for copy/paste. Remove the escaping inside code fences.

Suggested change

	module "org\_webhook" {
	source = "git::https://github.com/prefapp/tfm.git//modules/gh-org-webhook"
	config = {
	webhook = {
	active = true
	events = ["push", "pull\_request", "issues", "workflow\_run"]
	module "org_webhook" {
	source = "git::https://github.com/prefapp/tfm.git//modules/gh-org-webhook"
	config = {
	webhook = {
	active = true
	events = ["push", "pull_request", "issues", "workflow_run"]

[Copilot]

This example terraform block is missing required_version, while other module examples in this repo typically pin a minimum Terraform version. Adding it improves consistency and avoids running the example with incompatible Terraform versions.

[Copilot]

versions.tf defines required_providers but omits required_version. In this repo, module versions.tf files typically set a minimum Terraform version, and this module uses optional(...) object attributes (requires modern Terraform). Add an explicit required_version to avoid confusing failures for consumers on older Terraform.

[Copilot]

The webhook.events validation hard-codes a small allow-list, but the module docs/examples claim broader event support (e.g., workflow_run, repository, etc.). As written, valid organization webhook events will be rejected by input validation. Either expand the allow-list to match the supported GitHub org webhook events (and the docs), or relax validation to avoid blocking legitimate events.

Suggested change

	for e in var.config.webhook.events : contains(["push", "pull_request", "issues", "commit_comment", "create", "delete", "fork", "gollum", "member", "public", "release", "status", "watch", "workflow_dispatch"], e)
	])
	error_message = "Invalid event type in webhook.events."
	for e in var.config.webhook.events : length(trim(e)) > 0
	])
	error_message = "Each webhook event must be a non-empty string."

[Copilot]

docs/footer.md appears to include a self-referential heading and wraps the intended footer content in a fenced ```markdown block. Because terraform-docs injects this file verbatim, the README ends up showing the footer as a code snippet instead of rendering it. Remove the wrapper heading and code fence so the footer content is plain markdown.

Suggested change

	### `docs/footer.md`
	```markdown

[Copilot]

There’s an extra stray triple-backtick line after the inline example closes, which breaks markdown formatting. Remove the extra ``` so fences are balanced.

Suggested change

```

[Copilot]

This markdown opens a hcl code fence for the first example but never closes it before the next heading, which breaks rendering. Add the missing closing after the first module example.

[Copilot]

The header advertises "Full event support" / "all standard" org webhook events, but the module’s webhook.events validation currently restricts to a small subset. Please either narrow the claim in the docs or broaden validation to match what’s advertised.

Suggested change

	- **Full event support**: Subscribe to any GitHub organization webhook event
	- **Secure by default**: Supports secret, content type, and SSL validation
	- **JSON-native**: Perfect for programmatic generation
	- **Strong validation**: Ensures only valid events and required fields
	## Supported Events
	The module supports **all standard GitHub organization webhook events**.
	- **Comprehensive event coverage**: Subscribe to a wide range of common GitHub organization webhook events
	- **Secure by default**: Supports secret, content type, and SSL validation
	- **JSON-native**: Perfect for programmatic generation
	- **Strong validation**: Ensures only valid events and required fields
	## Supported Events
	This module currently supports the following GitHub organization webhook events:

[Copilot]

The README’s first usage example opens a ```hcl fence but doesn’t close it after the module block, so the subsequent heading gets rendered as code. Close the code fence after the first example (and re-run terraform-docs if this file is generated).