Skip to main content

Creating New Repos with the GitHub Access Manager

The container-platform-github-access repo manages GitHub repository settings, team access, branch protection rulesets, and compliance standards for all Container Platform repositories via Terraform.

This guide describes how to create a new repository using the manager repo.

Prerequisites

  • You have write access to container-platform-github-access
  • You have access to the GitHub App installation settings for “Container Platform Access”
  • Your commits are signed (GPG or SSH)

Step 1: Add the repo config

Add a new entry to github-repositories.tf:

container_platform_something_new = {
  name         = "container-platform-something-new"
  description  = "Description of the repo"
  has_projects = true
  access = {
    admins  = [module.github_team.id, data.github_team.cloud_platform_engineers.id, data.github_team.webops.id]
    pushers = [data.github_team.all_org_members.id]
  }
}

Step 2: Using the template repo

To create a repo from container-platform-terraform-template, you must set use_template = true. Without it, the repo is created empty:

container_platform_terraform_foo = {
  name         = "container-platform-terraform-foo"
  description  = "Foo Terraform module for the Container Platform"
  use_template = true
  has_projects = true
  access = {
    admins  = [module.github_team.id, data.github_team.cloud_platform_engineers.id, data.github_team.webops.id]
    pushers = [data.github_team.all_org_members.id]
  }
}

The template is hardcoded to:

  • Owner: ministryofjustice
  • Repository: container-platform-terraform-template

These are set in modules/github/repository/variables.tf. To use a different template, you would need to modify the module call in github-repositories.tf to pass through template_repository_owner and template_repository.

Step 3: Optional settings

Override module defaults as needed:

# Internal repo
visibility = "internal"

# Template repo (others can create repos from it)
is_template = true

# GitHub Pages
pages_enabled = true
pages_configuration = {
  cname = "my-site.service.justice.gov.uk"
}

# Discussions
has_discussions = true

# Custom topics
topics = ["custom-topic-1", "custom-topic-2"]

Notable defaults for new repos:

  • has_wiki = false (wiki disabled)
  • has_projects = false (must set true if needed)
  • allow_merge_commit = false (only squash merge allowed)
  • delete_branch_on_merge = true
  • web_commit_signoff_required = true
  • archive_on_destroy = true (removing from config archives the repo, does not delete it)

Step 4: Adding new team access

If the repo needs a team that is not already in data.tf, add a data source first:

data "github_team" "new_team" {
  slug = "new-team-slug"
}

Then reference it in the repo config:

access = {
  admins  = [module.github_team.id, data.github_team.cloud_platform_engineers.id]
  pushers = [data.github_team.new_team.id]
}

What gets created automatically

For each repo added, the module creates:

  • The repository with all settings applied
  • A branch protection ruleset on the default branch (signed commits, code owner reviews, stale review dismissal, linear history)
  • Dependabot security updates enabled
  • Team access (admin and push)
  • Security and analysis settings (secret scanning, push protection)
  • Default topics: ministryofjustice, container-platform

Important: Add to app scope first

Before merging the PR, add the new repo to the GitHub App’s installation scope:

  1. Go to container-platform-github-access > Settings > GitHub Apps
  2. Click Configure on “Container Platform Access” and authenticate
  3. Under “Repository access”, add the new repo
  4. Then merge the Terraform PR

If you skip this step, the apply will fail with a 403 error.

This page was last reviewed on 27 May 2026. It needs to be reviewed again on 27 November 2026 by the page owner #cloud-platform-notify .