Each GSA user must
- Activate 2-factor Authentication
- Add your information to your account
- Add a profile avatar
- Make your membership public
Each repository should:
Standards for making a private repo:
By default, projects in GitHub.com/GSA should be public. They should only be made private under certain circumstances.
- A repository can be made private if it containts information that legally cannot be made public.
Creating a GitHub account
- If you haven't created a GitHub account yet (https://github.com/), do so with your government email, which will assist with records retention.
- If you already have a GitHub account, simply add your goverment email to your existing account. Do not create a new account. You can also set up custom email routing through the Notifications Center. Make sure your commits are associated with your government email address.
- Update the
Settingsin your account to match the GSA Standards.
- Note that associating commits with an email address is different from setting notifications to go to one or another email address. You also have to change the official commit email address attached to each repo.
- If you’re using your work computer for personal projects on GitHub and want your personal email tied to those commits, you can set your GSA email as part of the global
.gitconfig, then override on a repository level with your personal email. If you have both emails in your GitHub settings, though, they will both be tied to your GitHub account.
- Make sure you have notifications turned on and make sure your notifications are set up they way you'd like them.
Requesting access to the GSA organization
- Ensure that you have created a GitHub account that matches the standards above.
- If your group already has a team in the GSA organization, ask your point of contact to email 'firstname.lastname@example.org' with your Github username and request that you be given access.
- If your group does not yet have a team in the GSA organization, email 'email@example.com' to coordinate a team be created. You will need to list the usernames of any others who should be added.
- You will receive a notification when you've been given access.
Creating new public repositories
- At https://github.com/GSA, Click
+ New Repository.
- When choosing the repo's name, try to pick a simple and useful name
- Include a brief description of the project.
- Change the repo status to
Publicunless it does must be private.
- It is usually convenient to check the box to
Initialize this repository with a README.
- You will usually not need to worry about adding a
- Please choose the type of license from the dropdown. For a description of the license types, see https://help.github.com/articles/licensing-a-repository
- Click Create Repository
- If prompted, choose the most appropriate team that you are a member of that should be given permission to the repo.
Creating new private repositories
The above directions are the same except that at step 4, you will choose Private instead of Public.
Removing access to the GSA organization
- Team managers should ensure that they monitor when a member of their GitHub team leaves the project or agency and no longer needs access to the GSA organization.
- At that point, they should email 'firstname.lastname@example.org' with a request to remove the user from the GSA organization.
- Organization admins should reply to the email with confirmation when the removal is complete.
- Team managers may delegate this responsibility but need to ensure that it is in place.
If you are requesting third-party access apps to access GitHub, the app needs to be in the GSA IT Enterprise Architecture GEAR listing as approved ( https://ea.gsa.gov/#!/itstandards ) and whoever wants to use the app needs to shepherd it through the GEAR process for approval. Once it is approved in the It Standards, it can be approved in GitHub.
Organize Agency Users
- Identify Team Leads
- Plan and implement the application of the standards
- Ensure everyone has guidance going forward