From 7e9e98067421e3ece8dd9ecb1ada62bdc37d103f Mon Sep 17 00:00:00 2001
From: Laurence de Bruxelles
 <laurence.debruxelles@digital.cabinet-office.gov.uk>
Date: Wed, 8 Sep 2021 09:30:17 +0100
Subject: [PATCH] Add CODEOWNERS file to protect secrets

We need to make sure only staff can access secrets and/or deploy to
production.

This commit adds a [CODEOWNERS file] to ensure that any changes to our
GitHub Actions are reviewed by a developer, to avoid the (unlikely)
scenario where a PR that changes our GitHub Actions is approved by
someone who isn't a developer and doesn't spot the significance of the
change.

[CODEOWNERS file]: https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-on-github/about-code-owners
---
 CODEOWNERS | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 CODEOWNERS

diff --git a/CODEOWNERS b/CODEOWNERS
new file mode 100644
index 0000000000..974f33c8a0
--- /dev/null
+++ b/CODEOWNERS
@@ -0,0 +1,2 @@
+# Workflows (which have access to secrets and to production)
+.github/workflows/  @alphagov/design-system-developers