GitHub access

This guide covers covers all things related to accessing and using GitHub in the context of working on a Defra project.

GitHub account requirements

Before you can do anything on GitHub you'll need to create an account. If you already have one it is okay to use it, else create a new one specifically for your Defra work if you prefer.

Whether you create an account or use an existing one, it must meet the following requirements

• Two factor authentication must be enabled
• Your profile must have the Name field populated with your full name .e.g. Alan Cruikshanks.

You're not required to set a profile picture, but changing it from the default GitHub provides will help your team members distinguish your contributions from theirs.

Joining a Defra organisation

All projects at Defra must be created under one of the organisations within the Defra GitHub enterprise:

• Defra for development of digital services
• Defra Data Science Centre of Excellence for data science
• Defra design team for prototype designs
• aphascience for scientific projects at APHA

The organisation owners can be contacted to add you to their organisation:

• for digital service development or design, use the #github-support channel on the Defra Digital Slack workspace
• for data science visit the Internal Defra DASH SharePoint site for contact details
• for scientific projects at APHA visit the Internal Defra SCE SharePoint site for contact details

Depending on your role and requirements, you may either be added as a member of the organisation or as an outside collaborator on individual repositories.

Getting a new repository

You should contact the organisation owners to create a new repository. They'll need

• A name for the repository - this should be consistent with the existing organisational naming conventions
• Whether the repository is to be private or public - and if it is private the justification for this
• The GitHub username of the person that will be its administrator
• (Optional) A description - having a short description helps other people quickly identify what is in your repository

Do not create repositories under your own user account! Though repositories can be transferred at a later date, it is easier for everyone if they originate within our organisations.

Administering a repository

If you are the administrator for a repository it's your responsibility to ensure the repo has been set up and maintained in accordance with the standards of the organisation.

Depending on the organisation settings, you may be able to create and maintain teams to help with administering who has access to your repositories. If not, you may still be able to request the creation of teams from your organisations owners.

However you choose to manage it, you must always ensure that your repository's Collaborators and teams setting accurately reflects who should have access to the repository.

If you will no longer be the administrator for a repository, you will need to identify a replacement and make them the administrator.

Repositories without an administrator will be archived by the organisation owners.

Access removal

The administrators of our Defra GitHub enterprise will run quarterly reports of dormant users and provide these to the owners of all the organisations in the enterprise.

The owners will have a week to respond with the details of any dormant users that should not be removed, but after that time any other accounts will be removed from the enterprise. Organisation owners will need to remove any dormant outside collaborators.

This will ensure that we are using our licences effectively and that we are applying appropriate security controls on our information.

If you need access again after your account is removed, you will need to ask to join an organisation again as described above.

If you think you may be identified as a dormant user, for example if you are taking an extended break from work, then you should let an organisation owner know and they will ensure that your account is not removed.

Getting a new organisation

If you would like to have a new organisation added into the Defra enterprise you should contact one of the enterprise administrators to discuss your requirements.

Owning an organisation

As an organisation owner you are responsible for

• setting the standards and processes for access control in the organisation
• checking whether access is required for dormant users and removing dormant outside collaborators from your organisation
• ensuring that people that will want to join your organisation know who you are and how to contact you