From 4e8e71ad3d4187883cc732dda1cfd69b9f95dee4 Mon Sep 17 00:00:00 2001
From: Steve Teuber <github@steveteuber.com>
Date: Fri, 14 Nov 2025 11:42:49 +0100
Subject: [PATCH] fix: check if organization and requires sign off commits

---
 github/config.go                     | 14 ++++++++------
 github/resource_github_repository.go | 22 ++++++++--------------
 2 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/github/config.go b/github/config.go
index 9bd419c9b7..38a3f1e471 100644
--- a/github/config.go
+++ b/github/config.go
@@ -29,12 +29,13 @@ type Config struct {
 }
 
 type Owner struct {
-	name           string
-	id             int64
-	v3client       *github.Client
-	v4client       *githubv4.Client
-	StopContext    context.Context
-	IsOrganization bool
+	name                       string
+	id                         int64
+	v3client                   *github.Client
+	v4client                   *githubv4.Client
+	StopContext                context.Context
+	IsOrganization             bool
+	IsWebCommitSignoffRequired bool
 }
 
 // GHECDataResidencyMatch is a regex to match a GitHub Enterprise Cloud data residency URL:
@@ -134,6 +135,7 @@ func (c *Config) ConfigureOwner(owner *Owner) (*Owner, error) {
 			if remoteOrg != nil {
 				owner.id = remoteOrg.GetID()
 				owner.IsOrganization = true
+				owner.IsWebCommitSignoffRequired = remoteOrg.GetWebCommitSignoffRequired()
 			}
 		}
 	}
diff --git a/github/resource_github_repository.go b/github/resource_github_repository.go
index b50667f756..d7a71b2b46 100644
--- a/github/resource_github_repository.go
+++ b/github/resource_github_repository.go
@@ -865,18 +865,11 @@ func resourceGithubRepositoryUpdate(d *schema.ResourceData, meta interface{}) er
 	owner := meta.(*Owner).name
 	ctx := context.WithValue(context.Background(), ctxId, d.Id())
 
-	// When the organization has "Require sign off on web-based commits" enabled,
-	// the API doesn't allow you to send `web_commit_signoff_required` in order to
-	// update the repository with this field or it will throw a 422 error.
-	// As a workaround, we check if the organization requires it, and if so,
-	// we remove the field from the request.
-	if d.HasChange("web_commit_signoff_required") && meta.(*Owner).IsOrganization {
-		organization, _, err := client.Organizations.Get(ctx, owner)
-		if err == nil {
-			if organization != nil && organization.GetWebCommitSignoffRequired() {
-				repoReq.WebCommitSignoffRequired = nil
-			}
-		}
+	// When the organization has "Require contributors to sign off on web-based commits" enabled,
+	// the API doesn't allow you to send `web_commit_signoff_required` or it returns a 422 error.
+	// As a workaround, check if the organization requires it, and if so, remove it from the request.
+	if meta.(*Owner).IsOrganization && meta.(*Owner).IsWebCommitSignoffRequired {
+		repoReq.WebCommitSignoffRequired = nil
 	}
 
 	repo, _, err := client.Repositories.Edit(ctx, owner, repoName, repoReq)
@@ -980,8 +973,9 @@ func resourceGithubRepositoryDelete(d *schema.ResourceData, meta interface{}) er
 				return err
 			}
 			repoReq := resourceGithubRepositoryObject(d)
-			// Always remove `web_commit_signoff_required` when archiving, to avoid 422 error
-			repoReq.WebCommitSignoffRequired = nil
+			if meta.(*Owner).IsOrganization && meta.(*Owner).IsWebCommitSignoffRequired {
+				repoReq.WebCommitSignoffRequired = nil
+			}
 			log.Printf("[DEBUG] Archiving repository on delete: %s/%s", owner, repoName)
 			_, _, err := client.Repositories.Edit(ctx, owner, repoName, repoReq)
 			return err