Skip to content

Commit

Permalink
Add CODEOWNERS file to protect secrets
Browse files Browse the repository at this point in the history 
We need to make sure only staff can access secrets and/or deploy to
production.

This commit adds a [CODEOWNERS file] to ensure that any changes to our
GitHub Actions are reviewed by a developer, to avoid the (unlikely)
scenario where a PR that changes our GitHub Actions is approved by
someone who isn't a developer and doesn't spot the significance of the
change.

[CODEOWNERS file]: https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners
  • Loading branch information
@lfdebrux
lfdebrux committed Sep 8, 2021
1 parent 6bb926b commit 7e9e980
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions CODEOWNERS
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
# Workflows (which have access to secrets and to production)
.github/workflows/ @alphagov/design-system-developers

0 comments on commit 7e9e980

Please sign in to comment.