Last updated: 6 Oct 2025
Configure a new GOV.UK repository
When creating a new GOV.UK repo in Github, you should follow these steps:
- First create and configure it by following the “Creating and configuring a new repository” guidance in
govuk-infrastructurerepo.- Note that when adding an existing repository (created in the GitHub UI) you will need to import it into terraform state.
- Make a well-written README (see READMEs for GOV.UK applications, or the GDS Way guidance for general repositories)
- Add a licence following Licensing Guidelines
- Add Dependency Review and CodeQL scans to its CI pipeline
- Add it to the repos.yml file in the GOV.UK Developer Docs
Managing Deployment Access
GOV.UK no longer relies on the use of Github “topic” tags as a way to select and configure Deployment access, to prevent the following situations:
- Accidentally (or intentionally) granting Repositories access to deployment credentials.
- Removing the Github Search API as a “SPoF” (Single Point of Failure) for configuration errors.
By “rationalising” our Repo configuration, we are reducing our reliance on “magic” or poorly-understood processes and thus reducing risk. Instead, granting access to things like Deployment secrets should always be done explicitly through our govuk-infrastructure repo.