Last updated: 27 Nov 2024

Configure a new GOV.UK repository

When creating a new GOV.UK repo in Github, you must:

• make a well-written README (see READMEs for GOV.UK applications, or the GDS Way guidance for general repositories)
• tag it with the govuk topic
• add Dependency Review and CodeQL scans to its CI pipeline
• add it to the repos.yml file
• add it to repos.yml in govuk-infrastructure. This:
  • applies branch protection rules and configures PRs to be blocked on the outcome of the GitHub Action CI workflow (if one exists)
  • restricts the merging of PRs for continuously deployed apps, so that only those with Production Deploy or Production Admin access can merge
  • enables vulnerability alerts and security fixes
  • sets up the webhook for GitHub Trello Poster
  • sets some other default repo settings (e.g. delete branch on merge)

You’ll then need to plan and apply the GitHub workspace in Terraform Cloud, which automatically updates the collaborators to the default teams and access levels.

If your repository access is sensitive, tag it with the govuk-sensitive-access topic to avoid this automation: you would then need to manually manage its collaborators.

More in the GitHub section

Learn

• How GOV.UK uses GitHub

How to...

• Make a GitHub repo private
• Merge a Pull Request