Add repo archiving policy to the GitHub process

ben-sagar · web-flow · commit ba1dfca44cc8 · 2025-12-17T13:54:10.000Z
Also covers adding and removal of associated Sonar projects.
diff --git a/docs/guides/continuous_integration.md b/docs/guides/continuous_integration.md
@@ -35,15 +35,15 @@ These tools are free to use for open source GitHub repositories.
 
 ### Maintainability and test coverage
 
-Defra has a [SonarCloud](https://www.sonarsource.com/products/sonarcloud/) organisation, which should be used to perform static quality analysis checks on your code.
+Defra has a [SonarQube Cloud](https://www.sonarsource.com/products/sonarcloud/) organisation, which should be used to perform static quality analysis checks on your code.
 It provides a rating for the security, reliability and maintainability of your code and estimates the time it would take to deal with any technical debt.
 
-You should include SonarCloud in your CI so that it flags problems it spots in your code, like duplication or complexity.
+You should include SonarQube Cloud in your CI so that it flags problems it spots in your code, like duplication or complexity.
 
-You can also configure your build tool (like GitHub Actions) to report unit test coverage to SonarCloud.
-SonarCloud will then include your test coverage in its assessment of your code.
+You can also configure your build tool (like GitHub Actions) to report unit test coverage to SonarQube Cloud.
+It will then include your test coverage in its assessment of your code.
 
-SonarCloud is free to use for open source GitHub repositories.
+SonarQube Cloud is free to use for open source GitHub repositories.
 
 ## CI with Jenkins
 
diff --git a/docs/processes/github_access.md b/docs/processes/github_access.md
@@ -18,7 +18,7 @@ You're not required to set a profile picture, but changing it from the default G
 All projects at Defra must be created under one of the organisations within the Defra GitHub enterprise:
 
 - [Defra](https://github.com/DEFRA) for development of digital services
-- [Defra Data Science Centre of Excellence](https://github.com/-Defra-Data-Science-Centre-of-Excellence) for data science
+- [Defra Data Science Centre of Excellence](https://github.com/Defra-Data-Science-Centre-of-Excellence) for data science
 - [Defra design team](https://github.com/defra-design) for prototype designs
 - [aphascience](https://github.com/aphascience) for scientific projects at APHA
 
@@ -42,6 +42,18 @@ You should contact the organisation owners to create a new repository. They'll n
 
 **Do not create repositories under your own user account!** Though repositories can be transferred at a later date, it is easier for everyone if they originate within our organisations.
 
+## Analysing a repository with SonarQube Cloud
+
+If your repository is in the Defra GitHub organisation, we have a SonarQube Cloud organisation that can be used to perform static analysis on your code.
+
+You should put this in place, to ensure that you comply with [our standard for code quality checks](../standards/common_coding_standards.md/#all-code-is-checked-for-quality).
+
+To request this, you can contact the organisation owners:
+
+- use the #sonar-support channel on the Defra Digital Slack workspace
+
+You will need to [sign in to SonarQube Cloud](https://sonarcloud.io/login) with your GitHub account before you can be added to the Defra SonarQube Cloud organisation.
+
 ## Administering a repository
 
 If you are the administrator for a repository it's your responsibility to ensure the repo has been set up and maintained in accordance with the standards of the organisation.
@@ -52,8 +64,18 @@ However you choose to manage it, you must always ensure that your repository's *
 
 If you will no longer be the administrator for a repository, you will need to identify a replacement and make them the administrator.
 
+## Archiving repositories
+
+When a repository that you administer is no longer being maintained, you should request that it be archived. This can be done by contacting the relevant organisation owners.
+
+We typically archive repositories rather than deleting them, as the code they contain may still be of value.
+
 Repositories without an administrator will be archived by the organisation owners.
 
+Repositories that have been inactive for 24 months or more will be archived by the organisation owners.
+
+If an archived repository has an associated SonarQube Cloud project then that will be deleted by the organisation owners. Projects will also be deleted if they haven't been analysed for 24 months or more.
+
 ## Access removal
 
 Each month, the administrators of our Defra GitHub enterprise will run a report to identify any [dormant users](https://docs.github.com/en/enterprise-cloud@latest/admin/managing-accounts-and-repositories/managing-users-in-your-enterprise/managing-dormant-users) who have not been active for six months and provide the list to each of the organisation owners in the enterprise.
diff --git a/docs/standards/common_coding_standards.md b/docs/standards/common_coding_standards.md
@@ -87,7 +87,7 @@ The path to reuse starts with module/namespacing. When the need for reuse is con
 
 All repos are connected to a quality analysis tool and the tool's maximum quality rating is maintained.
 
-All repos on GitHub and Azure Repos are connected to our SonarCloud organisation and the Defra standard quality gate is met.
+All repos on GitHub and Azure Repos are connected to our SonarQube Cloud organisation and the Defra standard quality gate is met.
 
 ### All code is checked for security
 
@@ -115,4 +115,4 @@ Amended to add standard on code licencing in April 2025.
 
 ## Significant changes
 
-SonarCloud was adopted as our standard quality analysis tool on 1 April 2020.
+SonarCloud (now known as SonarQube Cloud) was adopted as our standard quality analysis tool on 1 April 2020.
