diff --git a/gh/labels/labels.tf b/gh/labels/labels.tf
index 8ef612f..67a6f46 100644
--- a/gh/labels/labels.tf
+++ b/gh/labels/labels.tf
@@ -115,12 +115,12 @@ locals {
     },
     {
       name : "cla: yes",
-      color : "ff0040",
+      color : "98fb00",
       description : "User has signed the Contributor License Agreement"
     },
     {
       name : "cla: no",
-      color : "98fb00",
+      color : "ff0040",
       description : "User has not signed the Contributor License Agreement"
     }
   ]
diff --git a/gh/modules/actions-repo/repo.tf b/gh/modules/actions-repo/repo.tf
index 68a52d1..d06bc7f 100644
--- a/gh/modules/actions-repo/repo.tf
+++ b/gh/modules/actions-repo/repo.tf
@@ -33,19 +33,19 @@ resource "github_repository" "repo" {
 resource "github_branch_protection" "branch_protection" {
   repository_id = github_repository.repo.node_id
   pattern       = "main"
-  # disabled due to https://github.com/terraform-providers/terraform-provider-github/issues/572
-  # required_status_checks {
-  #   strict   = true
-  #   contexts = var.status_checks
-  # }
+  required_status_checks {
+    strict   = true
+    contexts = var.status_checks
+  }
   required_pull_request_reviews {
     dismiss_stale_reviews = false
   }
 }
 
 resource "github_repository_collaborator" "google_bot" {
-  count      = var.allow_google_bot ? 1 : 0
-  repository = github_repository.repo.name
-  username   = "google-github-actions-bot"
-  permission = "triage"
+  count                       = var.allow_google_bot ? 1 : 0
+  repository                  = github_repository.repo.name
+  username                    = "google-github-actions-bot"
+  permission                  = "triage"
+  permission_diff_suppression = true
 }
diff --git a/gh/repos/providers.tf b/gh/repos/providers.tf
index fa9f3f3..4b389e2 100644
--- a/gh/repos/providers.tf
+++ b/gh/repos/providers.tf
@@ -15,7 +15,7 @@
  */
 
 provider "github" {
-  version      = "~> 3.1.0"
+  version      = "~> 4.4.0"
   organization = local.gh_org
 }
 
diff --git a/gh/repos/repos.tf b/gh/repos/repos.tf
index 343ff4e..de27489 100644
--- a/gh/repos/repos.tf
+++ b/gh/repos/repos.tf
@@ -62,6 +62,12 @@ locals {
       name : "release-please-action",
       description : "automated releases based on conventional commits",
       templated : false
+      status_checks : ["cla/google", "test (12)"]
+    },
+    {
+      name : ".github",
+      description : "Default files for google-github-actions",
+      templated : false
     },
   ]
 }