Enforce GitHub collaborator access in Terraform

[AgaDufrat]

Following the work to automate granting team access to govuk-tagged repos , we now automate the granting of certain access to certain ‘teams’ in GitHub. The vast majority of GOV.UK repos should follow the same pattern of access.

Over the years, inconsistencies have crept in, whereby certain other teams or individuals have been granted access to certain repos. In most cases we expect we can remove those individuals'/teams' access with no ill effect.

Leaving the inconsistent access as-is is a security risk, as it means that some people who have left GDS might still have write-access to some repos.

Access audit spreadsheet