Repository: ospo-resources
Description: This repository contains technical resources created by the NDTP Open Source Program Office (OSPO) for contributors.
SPDX-License-Identifier: Apache-2.0 AND OGL-UK-3.0
This repository contains technical resources produced by the NDTP Open Source Program Office (OSPO) for programme contributors. It includes reusable GitHub Actions workflows and other resources to support OSPO’s technical needs and ensure consistency across programme repositories.
The contents maintained in this repository are designed for use with GitHub.
If you wish to use these materials outside of the National-Digital-Twin organisation, please note that repository names used in the GitHub Actions files will require adjustment.
To use the synchronise-ospo-workflows GitHub Action, a private GitHub application must be installed in your GitHub organisation. This is because the workflow requires workflow:write permissions to add content to the .github/workflows directory, which cannot currently be achieved using the GITHUB_TOKEN authorisation context.
Guidance on installing a GitHub application can be found here: Installing your own GitHub App
The GitHub application must have the following repository permissions:
contents:readcontents:writeworkflows:readworkflows:write
Once your GitHub application has been created, the synchronise-ospo-workflows action must be able to assume the identity of the application. To do this, two repository secrets are required:
OSPO_WORKFLOW_APP_IDOSPO_WORKFLOW_PRIVATE_KEY
For ease of administration, these secrets can be set once as organisation-level secrets, with access delegated to trusted repositories, rather than adding them to each repository individually.
Guidance on managing organisation secrets is available here:
Creating and managing organisation secrets
Assign repository access to your GitHub application for each trusted repository where you want to use the synchronise-ospo-workflows workflow.
To trigger the synchronise-ospo-workflows workflow when pull requests are made in repositories within your organisation, a repository ruleset must be created with the following settings enabled:
- Require workflows to pass before merging
- Do not require workflows on creation
The workflow configuration section of the ruleset should reference the synchronise-ospo-workflows workflow found in the repository housing these assets.
Because the status check is marked as required at the organisation level, the workflow will be triggered automatically - unlike with standard repository rulesets.
Any proposed changes to the main branch must be navigated via a Pull Request, which has been enforced using branch protection policies. Pull requests must include the details in the PULL_REQUEST_TEMPLATE.md file.
- Workflow distribution solution
- synchronise-ospo-workflows.yml - this action can be used to distribute GitHub Actions across repositories in a GitHub organisation, using organisation-level repository rulesets.
- Reusable GitHub Actions for utility tasks
- gitflow-pr-target-check.yml - this action checks target branches of pull requests align with conventions of the GitFlow branching strategy
- publish-github-release.yml - this automatically generates a Software Bill of Materials (SBOM) and attaches it to a new GitHub release when a release/* branch gets merged to main.
- Dependabot configuration helper - creates draft groups for optimising dependabot configurations based on repository contents. Please see dependabot-configuration-helper for further details.
- Centralised Pull request labelling solution - labels pull requests using the https://github.com/actions/labeler GitHub Action. A base configuration for use with GitFlow can be found at labeler.yml.
- SBOM aggregation tool - an automation solution for generating and grouping Software Bill of Materials for all repositories in a GitHub organisation. Please see sbom-aggregation.
This repository has been developed with public funding as part of the National Digital Twin Programme (NDTP), a UK Government initiative. NDTP, alongside its partners, has invested in this work to advance open, secure, and reusable digital twin technologies for any organisation, whether from the public or private sector, irrespective of size.
This repository contains both source code and documentation, which are covered by different licenses:
- Code: Originally developed by the National Digital Twin Programme Open-Source Program Office for the National Digital Twin Programme. Licensed under the Apache License 2.0.
- Documentation: Licensed under the Open Government Licence v3.0.
SeeLICENSE.md,OGL_LICENSE.md, andNOTICE.mdfor details.
We take security seriously. If you believe you have found a security vulnerability in this repository, please follow our responsible disclosure process outlined in SECURITY.md.
We welcome contributions that align with the Programme’s objectives. Please read our CONTRIBUTING.md guidelines before submitting pull requests.
This repository has benefited from collaboration with various organisations. For a list of acknowledgments, see ACKNOWLEDGEMENTS.md.
For questions or support, check our Issues or contact the NDTP team by emailing [email protected].
Maintained by the National Digital Twin Programme (NDTP).
© Crown Copyright 2025. This work has been developed by the National Digital Twin Programme and is legally attributed to the Department for Business and Trade (UK) as the governing entity.