Github

This is a guide on how DRYKISS utilise GIT and Github within out continuous intergration practices.

Setup

If you don’t have a Github account, you must use your work email (rather than your personal email) to sign up, as this helps us with identification. If you do have a GitHub account, please add your work email to your profile as your primary email.

Set up two-factor authentication

This is a requirement to access DRYKISS development teams. Please enable 2FA as soon as possible.

Complete your profile

Include the following:

Turn notifications on

It's important that you stay up to date with notifications so please turn these on. These may include comments on pull requests you are a member off. Promptly addressing these is important.

Join the Organisation

All engineering staff should be part of the DRYKISS organisation. Please make sure you have access to this and the repositories you need to work on. Ask in the Slack #security channel for any access requests.

After you are added you should receive an email or visit here.

Make your membership public

Go to the DRYKISS people page. Click where it says private next to your name. Change that to public.

Rules

Sensitive Data

It should be obvious that all sensitive company and personal data should not make it's way onto DRYKISS repositories.

Files may include environment variables; private configuration data or sensitive information about the public.

In the event that such variables or configuration data is pushed to a GitHub repository accidentally, even momentarily, consider it compromised and revoke or change the credentials immediately. Do not delete the commit itself!

Contact the #security channel in slack immediately and give honest information about the incident. Further reading of how to clean up such an incident can be found here, Removing sensitive data from a repository. Do not attempt this cleanup let the trained security staff handle this.