bcgov GitHub Organization](https://developer.gov.bc.ca/docs/default/component/bc-developer-guide/use-github-in-bcgov/bc-government-organizations-in-github/#bcgov) and
+ - More information about `bcgov` and `bcgov-c` is available under [Organizations in GitHub](https://developer.gov.bc.ca/docs/default/component/bc-developer-guide/use-github-in-bcgov/bc-government-organizations-in-github/#organizations-in-github) on the same page.
+4. [Bookmark the Developer Experience Jira Service Management](https://citz-do.atlassian.net/servicedesk/customer/portal/2) system, which is shortened to JSM. Users can submit support tickets
+5. [Get access to GitHub Discussions](https://github.com/bcgov/bcgov-community-discussions) and [internal Rocket.Chat](https://chat.developer.gov.bc.ca/)
+ - Rocket.Chat is undergoing a migration and will become inactive soon.
+ - The developer community gathers on GitHub Discussion to ask questions, support each other with issues, and finds it the best source of support for internal serivces, such as cloud services and common components.
+6. Explore [our internal services](https://digital.gov.bc.ca/technology/common-components/) and [Software-as-a-Service **(SaaS)** tools](https://digital.gov.bc.ca/technology/cloud/saas/) to support development.
+7. Learn about what's happening in the [BC Gov Digital Ecosystem](https://digital.gov.bc.ca/blog/).
-### [How To Select Technology](choosing-technology/how-to-select-technology.md)
+### Security and compliance guidance and policies
-This section shares some of the commonly adopted technologies to help teams make technical decisions for their projects.
+Although we don't expect developers to memorize the guidance and policies below, we do expect developers to be aware of them:
-### [GitHub in the B.C. government](./use-github-in-bcgov/bc-government-organizations-in-github/)
+- [B.C. government OpenShift DevOps security considerations](https://developer.gov.bc.ca/docs/default/component/platform-developer-docs/docs/security-and-privacy-compliance/platform-security-compliance/)
+- [BC Gov Policy for GitHub](https://github.com/bcgov/BC-Policy-Framework-For-GitHub/blob/master/README.md)
+- [FOIPPA Quick Reference](https://raw.githubusercontent.com/bcgov/devhub-resources/master/resources/privacy/foippa_quick_reference.pdf)
+- [IMIT standards](https://www2.gov.bc.ca/gov/content/governments/services-for-government/policies-procedures/im-it-standards)
+- [Privacy and personal information in the B.C. public sector](https://www2.gov.bc.ca/gov/content/governments/services-for-government/information-management-technology/privacy)
-GitHub is the preferred tool for B.C. government development team to store and share code. Learn about available options related to GitHub and how to license and manage code repositories.
+#### Cloud Technology
+We offer two options for cloud services: **private** and **public**. [Cloud Services](https://digital.gov.bc.ca/technology/cloud/) offers more information about both services.
-### Developer Community Tools
-#### [Rocket.Chat](rocketchat/steps-to-join-rocketchat.md)
-
-We use Rocket.Chat for technical discussions. It’s similar to Slack or Discord.
-
-Learn how to join and use Rocket.Chat and connect with other developers across the B.C. government.
-
-### Front End Development
-
-#### [Accessibility resources](accessibility-resources.md)
-
-Understand what resources are available to support the development of accessible web applications.
-
-#### [Design System](design-system/about-the-design-system.md)
-
-Learn what the BC Government Design System for Digital Services can do for your project.
-
-#### [Working with Data](working-with-data.md)
-
-Understand what B.C. Data Services support are available to support the success of technical projects.
-
-## Future Topics
-
-In the spirit of #Agile and #WorkingInTheOpen, we're taking an iterative approach to publishing new guidance.
-
-Potential topics for this guide include:
-
-- Digital Government 101
-- Ways of working in the B.C. government
-- Supports for developers
-- Developer communities
-- Application lifecycle
-- Deploying applications
-- Testing applications
-- Operating applications
-- Licensing and intellectual property
-- Code management
-- Common code, components, and services
-- Languages and frameworks
-- Design
-- Multilingual support
-- Architecture
-- Networking
-- Security
-- Compliance
-
-## Contact us
-
-This guide is owned and maintained by the Developer Experience team within the Digital Office. Please reach out with questions or feedback to [developer.experience@gov.bc.ca](mailto:developer.experience@gov.bc.ca).
diff --git a/docs/security-and-privacy-compliance-and-guidance.md b/docs/security-and-privacy-compliance-and-guidance.md
deleted file mode 100644
index 8b13789..0000000
--- a/docs/security-and-privacy-compliance-and-guidance.md
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/docs/use-github-in-bcgov/bc-government-organizations-in-github.md b/docs/use-github-in-bcgov/bc-government-organizations-in-github.md
index 7039bec..b1b5936 100644
--- a/docs/use-github-in-bcgov/bc-government-organizations-in-github.md
+++ b/docs/use-github-in-bcgov/bc-government-organizations-in-github.md
@@ -1,124 +1,132 @@
-# B.C. Government organizations in GitHub
+# bcgov, bcgov-c, and SSO
-The [Digital Principles for B.C. Government](https://www2.gov.bc.ca/gov/content/governments/policies-for-government/core-policy/policies/im-it-management#12.1.1.5) urge product teams to work in the open. GitHub is the leading platform for open-source projects. It lets our organization work with the open-source community to build software, support innovation and save time and money.
+The [Digital Principles for B.C. Government](https://www2.gov.bc.ca/gov/content/governments/policies-for-government/core-policy/policies/im-it-management#12.1.1.5) supports and encourages product teams to work in the open. GitHub is the leading platform for open-source projects and collaboration.
-Using GitHub, teams can:
+With GiHub Enterprise Cloud, we can:
+ - Collaborate with the open-source community to build software
+ - Support innvation
+ - Share code and best practices
+ - Track issues and feature requests
+ - Use tools for team and project management
+ - Save costs and time
-* Collaborate with the open-source community
-* Share and control code versions
-* Use tools for team and project management
-* Integrate automation tools
-* Track issues
+The **Developer Experience team** manages B.C. Government's GitHub environments. For questions, concerns, or feedback, please [submit a support request on our Jira Service Manager system]( https://citz-do.atlassian.net/servicedesk/customer/portal/2).
-!!! Info
- This document aims to provide detailed information about accessing B.C. government's GitHub organizations. If you are looking for quick access to common topics related to using GitHub in the B.C. government, you may wish to consult our [quick reference](quick-reference.md) instead.
-
-B.C. Government's main organization is [bcgov](https://github.com/bcgov), where we store open code developed by government teams. It includes projects that have open-source and inner-source contribution models. `bcgov` has over 1000 repositories.
-
-We also have the `bcgov-c` organization, where developers can store confidential code.
-
-On behalf of the B.C. Government, the Developer Experience Team manages government GitHub environments. For any questions or concerns, please [submit a support request]( https://citz-do.atlassian.net/servicedesk/customer/portal/2).
+For users who need quick access to common topics related to using GitHub in B.C. Government, please see the [GitHub for B.C. Government quick reference guide](quick-reference.md) instead of this doc.
## Organizations in GitHub
-!!! Note
-
- In July 2024, we enabled [Single Sign-On (SSO)](#single-sign-on) for `bcgov` and in August 2024, `bcgov-c`. To keep access to repositories in the `bcgov` and `bcgov-c` organizations, all users must be authenticated with IDIRs. Contractors and employees without IDIRs must order one before SSO can be enabled.
+We have two GitHub organizations, commony shortened to **"org"**: `bcgov` and `bcgov-c`:
-We use GitHub Enterprise Cloud, and it hosts the `bcgov` and `bcgov-c` GitHub organizations:
```mermaid
- graph TD;
-A[GitHub Enterprise Cloud] --> B[bcgov]
-A --> C[bcgov-c]
+graph TD;
+ accTitle: mermaid flowchart of GitHub orgs
+ accDescr: First tier is Enterprise GitHub Cloud and second tier is bcgov and bcgov-c
+ A[GitHub Enterprise Cloud] --> B[bcgov];
+ A --> C[bcgov-c];
```
+In July 2024, we enabled Single-Sign On **(SSO)** for `bcgov`. We enabled SSO for `bcgov-c` in August 2024. All members must be authenticated with IDIRs, including contractors. The [GitHub Single Sign-On (SSO) section](#single-sign-on) has more information about the transition.
-### `bcgov`
+To link GH accounts and IDIRs, [follow our SSO enablement instructions](https://developer.gov.bc.ca/docs/default/component/bc-developer-guide/use-github-in-bcgov/bc-government-organizations-in-github/#directions-to-sign-up-and-link-your-account-for-bcgov).
-The `bcgov` organization contains public repositories that hold open-source code or public documents developed by B.C. government teams. This organization is **public**. To align with our Digital Principles, repositories should be hosted in this open repo. The only exception is strong rationale from your Ministry Security Information Officer.
+### `bcgov`
-* Any member of the `bcgov` organization can create repositories.
+The `bcgov` org hosts public repositories, often shortened to **(repos)**. There's over 1000 repos. Each repo holds open-source code, public documents, and inner-source contribution models developed by B.C. Government teams.
-* To join this organization, follow [these instructions](#directions-to-sign-up-and-link-your-account-for-bcgov).
+All content hosted on this org must be public to align with [B.C. Government's Digital Principles](https://digital.gov.bc.ca/policies-standards/dcop/). Anyone with membership can create repos.
### `bcgov-c`
-The `bcgov-c` organization stores private repositories with confidential source code and documents. This repository is **private**.
+We use `bcgov-c` for **private** repos with confidential code and documents. If a team needs a location for private code, or is working to make code public, this is the right org.
-* Use this repository if you need a location for private code, or if you're working towards making the code public.
-* Only the Developer Experience team can create repositories in this organization.
- * Request a repository by [submitting a request](https://citz-do.atlassian.net/servicedesk/customer/portal/2/group/9/create/60).
-* To join this organization, follow [these instructions](#directions-to-sign-up-and-link-your-account-for-bcgov-c).
+Only the Developer Experience team can create repos in `bcgov-c`. To request a repo, please [submit a support request on our Jira Service Manager system](https://citz-do.atlassian.net/servicedesk/customer/portal/2/group/9/create/60).
+### Security features for both organizations
-## Single Sign-On
+Please keep in mind that application and code security are complex. The [Security and Privacy Guidance doc](https://developer.gov.bc.ca/docs/default/component/bc-developer-guide/security/security-and-privacy-compliance-and-guidance/) and [Security best practices for apps doc](https://developer.gov.bc.ca/docs/default/component/bc-developer-guide/security/best-practices-for-apps/) offer more comprehensive guidance.
-!!! Warning
- Contractors without an IDIR must follow the steps in [our guide](github-transition-guide.md#idirs) before proceeding. **Please note** this can take several days to complete depending on your ministry. We recommend doing with this step as soon as possible to avoid access disruptions.
+Both orgs come with various security features to protect repos and its code. We've highlighted some prominent features and best practices below.
-Learn more about IDIRs and post-authentication steps in [our guide](github-transition-guide.md).
-
-### Directions to sign up and link your account for 'bcgov'
+#### Costs
-1. Have any two-factor devices, and personal GitHub login and IDIR login ready.
-1. Log into GitHub with your personal login.
-1. [Authenticate your IDIR](https://github.com/orgs/bcgov/sso)
-1. You'll get an email with an invitation to join the **bcgov** GitHub organization. The invitation will be sent to the email address associated with your GitHub account.
- 1. Refer to the [troubleshooting](#troubleshooting) section if you didn't receive an email.
-1. Your teammates can add you to your team's repositories. We recommend teams use [GitHub teams](https://docs.github.com/en/organizations/organizing-members-into-teams/about-teams) to manage access.
-1. [Authorize your personal access tokens and/or SSH keys](github-transition-guide.md#resetting-github-keys).
+**`bcgov`:** no cost for security features because GH gives them free to public repos.
-That’s it, your accounts are now joined.
+**`bcgov-c`**: cost for security features because GH charges a fee for private repos. **But** the Developer Experience team covers cost **without cost recovery**.
-[Learn more about IDIRs](github-transition-guide.md).
-
-### Directions to sign up and link your account for 'bcgov-c'
+#### Prominent features
-A similar process applies for 'bcgov-c'.
+* **Code scanning:** scans code for security vulnerabilities and coding errors.
-1. Have any two-factor devices, and personal GitHub login and IDIR login ready.
-1. Log into GitHub with your personal login.
-1. [Authenticate your IDIR](https://github.com/orgs/bcgov-c/sso)
-1. You'll get an email with an invitation to join the **bcgov-c** GitHub organization. The invitation will be sent to the email address associated with your GitHub account.
- 1. Refer to the [troubleshooting](#troubleshooting) section if you didn't receive an email.
-1. Your teammates can add you to your team's repositories. We recommend teams use [GitHub teams](https://docs.github.com/en/organizations/organizing-members-into-teams/about-teams) to manage access.
-1. [Re-authorize your personal access tokens and/or SSH keys](github-transition-guide.md#resetting-github-keys).
+* **Secret scanning:** scans repos and commits for sensitive information like API keys, passwords, and other secrets.
-That’s it, your accounts are now joined.
+* **Dependabot:** scans repos for outdated or vulnerable dependencies and provides recommendations for fixing problems, including via automated pull requests **(PR)**.
-[Learn more about IDIRs](github-transition-guide.md)
+#### Best practices
-#### Video demo'ing joining GitHub ID and IDIR
+* **Keep features enabled in repos**. Even if some can be reconfigured at the repo level, they keep the team secure code.
-The video shows the process, starting from the banner link on the `bcgov` GitHub organization, to the end:
+* **Use the [GitHub Security Overview page](https://github.com/orgs/bcgov/security/overview)** to check any detected issues for repos, especially if working on multiple repos.
-
+* **Take action on any issue surfaced by security features immediately**. Quick action-even if false positives-can stop big problems or becoming "noise" to ignore.
-### SSO timelines for 'bcgov-ent'
-For current B.C. Government private organizations part of the legacy `bcgov-ent` Enterprise implementation, we’ll work with your respective Information Management Branches and Information Systems Branches to identify next steps.
-
-### Resources
-
-For more supplementary information, please see [our guide](github-transition-guide.md).
-
-For help with access, please [submit a support request]( https://citz-do.atlassian.net/servicedesk/customer/portal/2).
+## Single Sign-On
+
+Because IDIRs are mandatory for both organizations, we have created [an IDIR guide for SSO](github-transition-guide.md). We've also included contractor-specific instructions. Please note that IDIR order completion can take **several** days.
+
+If the instructions and troubleshooting help below doesn't resolve any issues, please [submit a support request on our Jira Service Manager system]( https://citz-do.atlassian.net/servicedesk/customer/portal/2).
+
+### Security Insights for GitHub Enterprise-linked organizations
+
+All orgs linked to the corporate GitHub Enterprise accounts have access to the [Security Insight feature](https://docs.github.com/en/enterprise-cloud@latest/code-security/how-tos/view-and-interpret-data/analyze-organization-data/viewing-security-insights), inclusive of branch protection and code owners for private repos.
+
+[Branch protection](https://docs.github.com/en/enterprise-cloud@latest/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches) allows specified members to push to the protected branch. The [code owners feature](https://docs.github.com/en/enterprise-cloud@latest/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-code-owners) allows automated reviews. For example, if a member is a code owner of certain files, they'll automatically be added as a PR reviewer. A PR needs their approval before the code can be merged.
+
+### Directions to sign up and link your account for `bcgov`
-## Security Insights for GitHub Enterprise-linked organizations
+1. Have any two-factor device, and personal GitHub login and IDIR login ready.
+1. Log into GitHub with your personal login.
+1. [Authenticate your IDIR](https://github.com/orgs/bcgov/sso)
+1. Go to [https://github.com](https://github.com).
+ - Sign in with the account used to join the [`bcgov` org](#directions-to-sign-up-and-link-your-account-for-bcgov) or [`bcgov-c` org](#directions-to-sign-up-and-link-your-account-for-bcgov-c).
+ - Click on your profile picture.
+ - Choose the "Your organizations" option from the menu.
+ - Confirm the `bcgov` and/or `bcgov-c` organization is listed under the "Organizations" page.
+ - Click the "Accept" button next to the organization.
+ - 
+1. Your teammates can add you to your team's repositories. We recommend teams use the [GitHub teams page](https://docs.github.com/en/organizations/organizing-members-into-teams/about-teams) to manage access.
+1. [Authorize your personal access tokens and/or SSH keys](github-transition-guide.md#resetting-github-keys).
-The Security Insight feature is available for all organizations linked to the corporate GitHub Enterprise accounts, as well as branch protection and code owners for private repositories. Branch protection only allows specific people to push to the protected branch. The code owners feature allows automated reviews. For example, if a specific user is a code owner of certain files they are automatically added as PR reviewers and their approval is required before the code can be merged.
+That’s it, both accounts are now joined.
+
+### Directions to sign up and link your account for `bcgov-c`
-## Troubleshooting
+A similar process applies for `bcgov-c`.
-### I didn't receive an email invitation to join the bcgov or bcgov-c organization
+1. Have any two-factor devices, and personal GitHub login and IDIR login ready.
+1. Log into GitHub with your personal login.
+1. [Authenticate your IDIR](https://github.com/orgs/bcgov-c/sso)
+1. Go to [https://github.com](https://github.com).
+ - Sign in with the account used to join the [`bcgov` org](#directions-to-sign-up-and-link-your-account-for-bcgov) or [`bcgov-c` org](#directions-to-sign-up-and-link-your-account-for-bcgov-c).
+ - Click on your profile picture.
+ - Choose the "Your organizations" option from the menu.
+ - Confirm the `bcgov` and/or `bcgov-c` organization is listed under the "Organizations" page.
+ - Click the "Accept" button next to the organization.
+ - 
+1. Your teammates can add you to your team's repositories. We recommend teams use [GitHub teams page](https://docs.github.com/en/organizations/organizing-members-into-teams/about-teams) to manage access.
+1. [Re-authorize your personal access tokens and/or SSH keys](github-transition-guide.md#resetting-github-keys).
-You can check your organization status and invites:
+That’s it, both accounts are now joined.
-1. Go to [https://github.com](https://github.com)
-1. Sign in with the account used to join the [bcgov](#directions-to-sign-up-and-link-your-account-for-bcgov) or [bcgov-c](#directions-to-sign-up-and-link-your-account-for-bcgov-c) organization
-1. Click on your profile picture
-1. Choose the "Your organizations" option from the menu
-1. Confirm the bcgov and/or bcgov-c organization is listed under the "Organizations" page
-1. Click the "Accept" button next to the organization
+### SSO video demo
-
+
diff --git a/docs/use-github-in-bcgov/evaluate-open-source-content.md b/docs/use-github-in-bcgov/evaluate-open-source-content.md
index bfa757b..fae44a2 100644
--- a/docs/use-github-in-bcgov/evaluate-open-source-content.md
+++ b/docs/use-github-in-bcgov/evaluate-open-source-content.md
@@ -1,79 +1,43 @@
----
-title: Evaluate open-source content
+# Evaluate open-source content
-slug: evaluate-open-source-content
+To prepare for open-source development, all teams must undergo an evaluation process of their content before posting anything onto `bcgov` or `bcgov-c` GitHub organizations.
-description: Describes guidelines to evaluate open-source content and whether you can use it on GitHub.
+We wrote guidelines below to help teams in four areas that can restrict open-source:
-keywords: privacy, copyright, legal, contracts, policy, security, open-source, licence, license, GitHub, repository
+* Privacy
-page_purpose: Outlines the types of issues that could prevent a developer from using open-source content in their project and gives information on how to evaluate the content.
+* Security
-audience: technical lead, developer
+* Copyright
-author: Jonathan Bond
+* Legal, contractual, and policy requirements
-content_owner: Olena Mitovska/Nick Corcoran
-
-sort_order: 5
----
-
-# Evaluate open-source content
-
-Use the following guidelines to make sure that you are able to use existing, open-source content on GitHub.
-
-For more information on approval requirements, see [Start working in the BC Gov GitHub organization](start-working-in-bcgov-github-organization.md).
-
-## On this page
-- [Privacy](#privacy)
-- [Copyright](#copyright)
-- [Legal, contractual, or policy](#legal-contractual-or-policy-constraints)
-- [Security](#security)
-
-These guidelines help you make sure that there are no restrictions to using the material publicly. Restrictions may be due to one of the following concerns:
-
-- Privacy
-- Copyright
-- Legal, contractual or policy
-- Security
-
-Evaluate the content you wish to use before posting the material in a GitHub repository.
+The [First steps working in GitHub doc](https://developer.gov.bc.ca/docs/default/component/bc-developer-guide/use-github-in-bcgov/start-working-in-bcgov-github-organization/) may also be of help because it has more information on conditions for approval.
## Privacy
-Make sure that the content is free of personal information that may directly identify an individual (for example, name, phone number, photo, address, driver's licence number or any similar identification number).
-
-Ministries may contact Knowledge and Information Services to assist in privacy assessments.
+Data shouldn't be posted into repos, only code. Personal information **(P.I.)**, like name, phone number, photo, address, driver's license numbers, etc., is data. Teams should contact their privacy analyst for help with privacy assessments.
-## Copyright
-Make sure to meet the following requirements:
+## Security
-- Content is created solely by B.C. government employees
-- Content is fully owned by the B.C. government and doesn't contain any third-party content. Collect copies of any contracts related to the content for review with the [Intellectual Property Program (IPP)](https://www2.gov.bc.ca/gov/content/governments/services-for-government/policies-procedures/intellectual-property/intellectual-property-program)
-- Content has no terms of use or exclusive licences that prohibit the Province from licensing the content on GitHub. Collect information concerning any terms of use or licences related to the content for review with the IPP
-- You have [authority to license the content](license-your-github-repository.md)
+Contact the Ministry Chief Information Security Officer **(MISO)** to make sure all mandatory security controls are implemented.
-Ministries **must** contact the IPP to assist in this assessment. Any legal review or legal advice is provided by the Legal Services Branch.
+Anything labelled **'public'** must meet the [Information Security Classification Framework](https://www2.gov.bc.ca/gov/content/governments/services-for-government/information-management-technology/information-security/information-security-classification).
-## Legal, contractual or policy constraints
+## Copyright
-Make sure that the public release and use of the content is permitted under law, contract or policy. For example, make sure that there are no relevant legal, contractual or policy restrictions or limitations.
+The requirements below are mandatory before posting on GitHub:
-If there are legal, contractual or policy restrictions or limitations on the content, you must address them before you can use the content.
+* Content is created only by B.C. Government employees
-## Security
+* Content is owned by the B.C. Government and doesn't have third-party content. Collect copies of contracts related to the content for review with the [Intellectual Property Program](https://www2.gov.bc.ca/gov/content/governments/services-for-government/policies-procedures/intellectual-property/intellectual-property-program) **(IPP)**.
-Contact your [Ministry Information Security Officer (MISO)](https://www2.gov.bc.ca/gov/content/governments/services-for-government/policies-procedures/information-security-policy-and-guidelines/role-of-miso) to make sure that all necessary security controls have been implemented.
+* Content doesn't have terms of use or exclusive licences that prohibit the Province from licensing the content on GitHub. Collect information about any terms of use or licences related to the content for review with the IPP.
-Make sure that the material has been labelled **Public**, using the [Information Security Classification Framework](https://www2.gov.bc.ca/gov/content/governments/services-for-government/information-management-technology/information-security/information-security-classification).
+* The team has authority to license the content. More information can be found on the [Licenses for GitHub repos doc](https://developer.gov.bc.ca/docs/default/component/bc-developer-guide/use-github-in-bcgov/license-your-github-repository/).
----
-Related links:
+Ministries must contact the IPP to assist in this assessment. The Legal Services branch offers legal review or advice.
-- [Start working in the BCGov GitHub organization](start-working-in-bcgov-github-organization.md)
-- [Intellectual Property Program (IPP)](https://www2.gov.bc.ca/gov/content/governments/services-for-government/policies-procedures/intellectual-property/intellectual-property-program)
-- [License your GitHub repository](license-your-github-repository.md)
-- [Ministry Information Security Officer (MISO)](https://www2.gov.bc.ca/gov/content/governments/services-for-government/policies-procedures/information-security-policy-and-guidelines/role-of-miso)
-- [Information Security Classification Framework](https://www2.gov.bc.ca/gov/content/governments/services-for-government/information-management-technology/information-security/information-security-classification)
+## Legal, contractual, and policy requirements
----
+The public release and use of content must be permitted under law, contract, or policy. Any and all ramifications of the content must be addressed beforehand.
diff --git a/docs/use-github-in-bcgov/github-enterprise-user-licenses-bc-government.md b/docs/use-github-in-bcgov/github-enterprise-user-licenses-bc-government.md
deleted file mode 100644
index 51811d6..0000000
--- a/docs/use-github-in-bcgov/github-enterprise-user-licenses-bc-government.md
+++ /dev/null
@@ -1,63 +0,0 @@
-# B.C. government GitHub Enterprise
-
->Note: This page is under review as of December 2023 and will be updated for clarity and accuracy early in 2024.
-
-All code built for B.C. government for staff or contracted developers should be open source by default and stored in the public [`bcgov` organization on GitHub.com](https://github.com/bcgov). If you have closed source code and still want to use GitHub's functionality, you can store your code in a private repository within the B.C. government's [GitHub Enterprise environment](https://github.com/enterprises/bcgov-ent/). This page contains details related to that environment and its use.
-
-For more information about B.C. government GitHub organizations outside of GitHub Enterprise, see [B.C. government organizations in GitHub](bc-government-organizations-in-github.md).
-
-## B.C. government GitHub Enterprise Overview
-
-GitHub Enterprise offers various features beyond those of the Free and Teams tiers. To find out more about the features of GitHub Enterprise, you may wish to review [GitHub's product page](https://github.com/enterprise).
-
-There are certain notable differences between the [public facing `bcgov` GitHub organization](https://github.com/bcgov) and B.C. government's GitHub Enterprise environment. For example, the ability to create public repositories is disabled within GitHb Enterprise since with B.C. government public open source code should be in the [public `bcgov` organization](https://github.com/bcgov).
-
-Other details of GitHub Enterprise include the following:
-
-* Single sign-on is provided via Azure AD (aka Entra ID)
-* Login uses government-issued IDIR identities
-* Users will be automatically assigned new GitHub IDs, which will change the login experience for users working in both GitHub.com repositories and B.C. government GitHub Enterprise
-* GitHub Actions is enabled
-* Code Dependency Insights is enabled
-
-## GitHub Enterprise account ownership
-
-The B.C. government's GitHub Enterprise account is managed centrally by the Digital Office's [Developer Experience Team](mailto:developer.experience@gov.bc.ca). Ministries or sectors are provided with GitHub "organizations" within the central GitHub Enterprise account. Teams' private repositories are created within these organizations. Management of ministry or sector organizations within GitHub Enterprise is delegated to staff within the corresponding IMB/ISB.
-
-Paid licenses are required to use GitHub Enterprise. Licenses must be purchased for each user that will use or administer to the B.C. government GitHub Enterprise organizations or repositories. Each ministry or sector is responsible for acquiring and paying for its own licenses. The process for acquiring licences is described [below](#background-bc-government-github-enterprise-process-map).
-
-## Acquiring GitHub Enterprise user licences
-
-> Note: the process outlined below may be slightly different for some sectors or ministries, but it will be generally similar for all. For example, in some areas, the responsibility for interacting with CSAM may be done by the ministry or sector IMB/ISB staff rather than end users in a business area.
-
-This section outlines what is involved in acquiring the licenses required to use B.C. government GitHub Enterprise.
-
-### Pre-requisites:
-
-- Confirm that your intended use of GitHub Enterprise aligns with its purpose, which is exclusively for storing code that can't be, or isn't currently, open source.
-- Confirm whether your ministry or sector is using GitHub Enterprise and know who in your IMB/ISB is responsible for managing access. If you aren't sure who to contact within your IMB/ISB, please contact the [Developer Experience Team](mailto:developer.experience@gov.bc.ca) for assistance.
-- Identify who is responsible within your business area for submitting iStore orders.
-
-### Steps
-
-Once you've completed the pre-requisites, follow the steps below to acquire GitHub Enterprise licenses.
-
-- Request a quote via email to [SoftwareCentral.Management@gov.bc.ca](mailto:SoftwareCentral.Management@gov.bc.ca). Use the subject line "Request for Quotation for GitHub Enterprise" and indicate in the body the number of users who need GitHub Enterprise licenses. For example, "Could I please get a quote for 10 GitHub Enterprises licenses (Standalone)?".
-- Wait for a response by email from CSAM, which will include a quote number and the associated cost for your licenses. This should take 2-3 business days.
-- Work with the person reponsisble for iStore orders in your business area to create and submit an iStore order referencing the quote number to initiate the purchase. This will triggerthe e-approval process.
-- Wait for a notification from CSAM indicating that they have made the purchase of GitHub licenses on your behalf. This should take less than 5 business days. Billing back to your expense authority will commence at this point. Billing occurs monthly until you notify CSAM to cancel the user licenses.
-- Work with the appropriate individual or team within your ministry or sector IMB/ISB to request access to the corresponding organization within B.C. government's GitHub Enterprise environment.
-
-Once the above steps are complete, you'll be able to log in (using your IDIR) to the B.C. government GitHub Enterprise at [https://github.com/enterprises/bcgov-ent/](https://github.com/enterprises/bcgov-ent/) and begin working in private repositories within your ministry or sector's organization.
-
-## Background: BC government GitHub Enterprise process map
-
-The [Developer Experience Team](mailto:developer.experience@gov.bc.ca) has created the artifact below which captures the steps and teams involved in acquiring and mananaging GitHub Enterprise licenses. This version is intended for reference only.
-
-
----
-Related links:
-
-* [BC Government Organizations in GitHub](bc-government-organizations-in-github.md)
-
----
diff --git a/docs/use-github-in-bcgov/github-security.md b/docs/use-github-in-bcgov/github-security.md
deleted file mode 100644
index 9373999..0000000
--- a/docs/use-github-in-bcgov/github-security.md
+++ /dev/null
@@ -1,35 +0,0 @@
-# Security Features for BC Government GitHub users
-
-The BC government GitHub organizations (`bcgov` and `bcgov-c`) have various security features available to help protect the code and repositories within them. This page will highlight some of these features and provide recommendations on using them for BC government development teams.
-
-## Availability
-
-The features described here are available and enabled in both `bcgov` and `bcgov-c` organizations.
-
-## Cost
-
-In the `bcgov` organization, there is no cost for these security features because all repositories are public, and GitHub provides them for free for public repositories.
-
-In the `bcgov-c` organization, there is a cost for these features since the repositories are private, and GitHub charges a fee for private repositories. However, this cost is currently covered by the Developer Experience Team, so individual teams or ministries do not need to pay.
-
-## Features
-
-The following features are some of the major security features available in the BC government GitHub organizations:
-
-- [Code scanning](https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning): This feature scans code for security vulnerabilities and coding errors.
-- [Secret scanning](https://docs.github.com/en/code-security/secret-scanning/introduction/about-secret-scanning): This feature scans repositories and commits for sensitive information such as API keys, passwords, and other secrets.
-- [Dependabot](https://docs.github.com/en/code-security/dependabot): This feature scans repositories for outdated or vulnerable dependencies and provides recommendations for fixing problems, including via automated pull requests.
-
-## Recommendations
-
-Application and code security are a complex topics, and the features described above are just a few of the many tools available to help teams secure their code. The Developer Experience Team has the following recommendations specific to these features provided within GitHub:
-
-- Keep the features enabled in your repositories. Even if some features can be reconfigured at the repository level, they are there to help you and your team secure your code.
-- Use the Security Overview page for your repositories to see any issues detected by GitHub's security features. The Security Overview page is available in the repository under the "Security" tab.
-- If you work on multiple repositories within `bcgov` or `bcgov-c`, you can use the [Security Overview for the organization](https://github.com/orgs/bcgov/security/overview) to see a summary of all security issues across multiple repositories in the organization.
-- Take action on any issue surfaced by GitHub security features as soon as possible. The sooner you address issues - even if they are false positives that you dismiss without changes - the less likely they are to become a problem or become "noise" that you ignore.
-
-
-
-
-
diff --git a/docs/use-github-in-bcgov/github-transition-guide.md b/docs/use-github-in-bcgov/github-transition-guide.md
index 6f8d4fe..d6c9d61 100644
--- a/docs/use-github-in-bcgov/github-transition-guide.md
+++ b/docs/use-github-in-bcgov/github-transition-guide.md
@@ -1,8 +1,14 @@
-# Transition Guides
+# IDIR and technical guide for SSO
-The IDIR guide offers more detailed information about IDIRs and how they relate to the mandatory SSO feature on 'bcgov' and 'bcgov-c'. If there’s a topic isn’t covered in the guide, please submit a ticket on our [service manager](https://citz-do.atlassian.net/servicedesk/customer/portal/2).
+The [B.C. Government organizations in GitHub doc](bc-government-organizations-in-github.md#single-sign-on) has an overview of Single Sign-On (SSO). Please read that section before reading these transition guides because the guides are supplementary material.
-We published an SSO overview [on DevHub](bc-government-organizations-in-github.md#single-sign-on-is-coming-to-the-bc-governments-github-organizations).
+The transition guide doc hosts two guides:
+
+- [**IDIR Guide**](#idir-guide): has more detailed information about IDIRs and how they relate to the mandatory SSO feature on `bcgov` and `bcgov`.
+
+- [**Technical Guide**](#technical-guide): helps GitHub users prepare for the SSO feature, and confirms if users completed joining successfully
+
+ If there’s a topic isn’t covered in the guide, please [submit a support request on our Jira Service Manager system](https://citz-do.atlassian.net/servicedesk/customer/portal/2).
## IDIR Guide
@@ -15,20 +21,21 @@ Our organization has many different types of IDIRs, such as:
- Generic IDIRs linked to shared inboxes
- Contractor IDIRs
-For SSO, we focus on 2 types of IDIRs:
+For SSO, we use 2 types:
- Primary IDIRs for employees
- Contractor IDIRs
### Primary IDIRs for employees
-B.C. Government employees have the default configuration compatible with SSO. [DevHub has instructions to link your IDIR to GitHub](bc-government-organizations-in-github.md#single-sign-on-is-coming-to-the-bc-governments-github-organizations).
+B.C. Government employees have the default configuration compatible with SSO. The [B.C. Government organizations in GitHub doc's SSO section](bc-government-organizations-in-github.md#single-sign-on-is-coming-to-the-bc-governments-github-organizations) has instructions to link an IDIR to GitHub IDs.
### Compatible IDIRs for contractors
-If a user is a contracted worker, then the process may be more complex depending on IDIR types. The table below gives an overview between P2 and E5, IDIRs compatible with the GitHub SSO feature.
-We don’t foresee any technical issues with SSO if contractors have either IDIR type. If this isn’t the case, please fill out a form to open a ticket on [service manager](https://citz-do.atlassian.net/servicedesk/customer/portal/2).
+If a user is a contracted worker, the process may be more complex depending on IDIR types. The table below gives an overview between P2 and E5 IDIRs.
+We don’t expect any technical issues with SSO if contractors have either IDIR type. If this isn’t the case, please [submit a support request on our Jira Service Manager system](https://citz-do.atlassian.net/servicedesk/customer/portal/2).
-P2 and E5 IDIR comparison
-Column 1 lists IDIR features, column 2 has P2 features, and column 3 has E5 features.
+#### P2 and E5 IDIR comparison table
+
+Column 1 lists IDIR features, column 2 lists P2 features, and column 3 lists E5 features.
| | P2 IDIR | E5 IDIR |
@@ -40,29 +47,36 @@ Column 1 lists IDIR features, column 2 has P2 features, and column 3 has E5 feat
Please see [Service Bulletin 1350](https://ociomysc.service-now.com/sp?id=kb_article&sys_id=7a69f65fdbff9d10fa86193813961978&spa=1) for more information.
-Contract managers must keep expiry dates updated because our team doesn’t have the ability to submit orders on behalf of ministries.
+It’s very likely contractors already with IDIRs have P2. If linking doesn't work, please call 7-7000 or [open a ticket to confirm on MyService Centre](https://ociomysc.service-now.com/sp?id=ocio_sr_incident_management).
+
+#### IDIR expiry
+
+Government employees don’t have expiry dates on their IDIR. Contractor IDIRs do.
+
+Once a contractor IDIR expires, the contractor loses general access. Contract managers must keep expiry dates updated. Our team doesn’t have the ability to submit orders on behalf of ministries.
+
-It’s very likely contractors already with IDIRs have P2. If linking doesn't work, please call 7-7000 or open a ticket to confirm through [MyService Centre](https://ociomysc.service-now.com/sp?id=ocio_sr_incident_management).
-
### Contractors without IDIRs
Each ministry has an authorized user who submits orders in [MyService Centre](https://ociomysc.service-now.com/sp?id=ocio_sr_incident_management). Please reach out to them as soon as possible to order an IDIR.
-## Multiple IDIRs.
+## Multiple IDIRs
-Developers with multiple IDIRs can join their most permanent IDIR to their GitHub ID. They can change IDIRs at any time. We tested and can confirm that users make changes on their own.
+Developers with multiple IDIRs can join their most permanent IDIR to their GitHub ID. They can change IDIRs at any time. We tested and can confirm that users can make changes on their own.
The important things to keep in mind are:
- The IDIR must not be expired
- Our team cannot manage IDIR expiry dates
-If you don’t see information that could be helpful on this guide, please let us know through [our service manager](https://citz-do.atlassian.net/servicedesk/customer/portal/2).
+If you don’t see information that could be helpful on this guide, please let us know through [submit a support request on our Jira Service Manager system](https://citz-do.atlassian.net/servicedesk/customer/portal/2).
-## Technical Guide
+#### P2 IDIR login
-Our technical guide helps GitHub users prepare for the SSO feature, and confirms if users completed joining successfully. [Our IDIR guide](#idir-transition-guide) offers more details about IDIRs.
+Vendors using both **P2 IDIRs** and external emails (e.g. ggg123@gmail.com) must log in with **
YOUR REPO NAME HERE by the Province of British Columbia is licensed under a Creative Commons Attribution 4.0 International License. @@ -105,12 +147,3 @@ The code for the Creative Commons 4.0 footer looks like this: xmlns:cc="http://creativecommons.org/ns#" property="cc:attributionName">the Province of British Columbia is licensed under a Creative Commons Attribution 4.0 International License. ---- -Related links: - -- [Apache 2](https://www.apache.org/licenses/LICENSE-2.0) -- [Creative Commons International 4.0 (CC BY)](https://creativecommons.org/licenses/by/4.0/) -- [Open Government Licence - BC (OGL-BC)](https://www2.gov.bc.ca/gov/content/data/open-data/open-government-licence-bc) -- [Affero General Public Licence (AGPL)](https://www.gnu.org/licenses/agpl-3.0.en.html) - ---- diff --git a/docs/use-github-in-bcgov/remove-user-bcgov-github-access.md b/docs/use-github-in-bcgov/remove-user-bcgov-github-access.md index 6afc952..471e977 100644 --- a/docs/use-github-in-bcgov/remove-user-bcgov-github-access.md +++ b/docs/use-github-in-bcgov/remove-user-bcgov-github-access.md @@ -1,37 +1,22 @@ +# Removing member access from `bcgov` and `bcgov-c` -# Remove a user's BCGov GitHub access +Removing a member's access should only occur when members don't work for the government anymore or moved to a different role that doesn't need access. -There are two steps to remove a user: +We have two steps to remove access: +1. [Remove their access to team repos](https://docs.github.com/en/organizations/organizing-members-into-teams/removing-organization-members-from-a-team). -1. Remove their access to your repositories -1. Remove their membership in the [bcgov](https://github.com/bcgov) and [bcgov-c](https://github.com/bcgov-c) GitHub organizations +2. Remove membership in `bcgov` and/or `bcgov-c` orgs -## Remove access to repositories -A user may access your repositories by GitHub team membership or direct access. +## Step 1: Remove access to team repos -Remove their access by: +A GitHub user can access a team repo via GitHub team membership, or direct repo access. The GitHub help pages below offers guidance on how to complete removal: -- [removing them from your GitHub team(s)](https://docs.github.com/en/organizations/organizing-members-into-teams/removing-organization-members-from-a-team) -- [removing them in your repository's "Collaborators & teams" setting](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository#removing-access-for-a-team-or-person) +1. [removing members from GitHub team(s)](https://docs.github.com/en/organizations/organizing-members-into-teams/removing-organization-members-from-a-team) +2. [removing members from repo "Collaborators & teams" setting](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository#removing-access-for-a-team-or-person) +## Step 2: Remove membership in `bcgov` and/or `bcgov-c` orgs -## Remove membership in GitHub organizations - - -!!! warning - Only do this step if the user is no longer an employee or contractor with the government. - -Membership in the [bcgov](https://github.com/bcgov) and [bcgov-c](https://github.com/bcgov-c) GitHub organizations is [controlled by IDIRs](github-transition-guide.md). - -A team's manager must [cancel a user's IDIR account](https://ociomysc.service-now.com/sp?id=kb_article&sys_id=5f3fab83db1a5690fa86193813961933) to remove them from the [bcgov](https://github.com/bcgov) and [bcgov-c](https://github.com/bcgov-c) GitHub organizations. - -IDIR cancellation may take a few days to complete. So, make sure to remove the user's access to your repositories ASAP. - -# Related Links - -* [GitHub - Removing organization members from a team](https://docs.github.com/en/organizations/organizing-members-into-teams/removing-organization-members-from-a-team) -* [GitHub - Managing teams and people with access to your repository](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-teams-and-people-with-access-to-your-repository) -* [My Service Centre - Manage IDIR Access](https://ociomysc.service-now.com/sp?id=kb_article&sys_id=5f3fab83db1a5690fa86193813961933) - +The Developer Experience team doesn't remove membership from the `bcgov` and `bcgov-c` orgs. Membership is controlled by IDIRs, so a team's manager must [cancel a user's IDIR account on MyService Centre](https://ociomysc.service-now.com/sp?id=kb_article&sys_id=5f3fab83db1a5690fa86193813961933). This makes sure users are removed, however, cancellation may take a few days. +Please remove the member's access from team repos immediately. diff --git a/docs/use-github-in-bcgov/required-pages-for-github-repository.md b/docs/use-github-in-bcgov/required-pages-for-github-repository.md index b04043e..252e39f 100644 --- a/docs/use-github-in-bcgov/required-pages-for-github-repository.md +++ b/docs/use-github-in-bcgov/required-pages-for-github-repository.md @@ -1,80 +1,50 @@ ---- -title: Required pages for a GitHub repository +# Mandatory GitHub repo files -slug: required-pages-for-github-repository +The following markdown files are required in every `bcgov` repos: -description: Describes the pages that must be added to a project in the BC Government organization +* License file **(LICENSE.md)** +* README file **(README.md)** +* Code of Conduct file **(CODE_OF_CONDUCT.md)** +* Contributing guidelines file **(CONTRIBUTING.md)** -keywords: readme, contributor, code of conduct, best practices, repository, repository management, GitHub, working in GitHub, open source, working in the open +## License file -page_purpose: Discusses the pages that users should include in their repositories and gives guidelines on what those pages should provide +All repos need a license. Choose the best fit for the team repo. Important information about license types can be found on the [Licenses for GitHub repos doc](https://developer.gov.bc.ca/docs/default/component/bc-developer-guide/use-github-in-bcgov/license-your-github-repository/). -audience: technical lead, developer +## README file -author: Jonathan Bond +Please read and adapt the [GitHub README guidelines](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes) and [5 tips for making your GitHub profile page accessible](https://github.blog/developer-skills/github/5-tips-for-making-your-github-profile-page-accessible/) for guidance to create good README files. Teams can find extensive documentation on GH about README files for repos. -content_owner: Olena Mitovska +Aside from GitHub documentation, please include: -sort_order: 7 ---- +* A brief project description. -# Required pages for a GitHub repository +* An overview of how to contribute to the team repo, and a link to repo contribution guidelines. -When you create a repository in the `bcgov` organization, add the following markdown files: +* Dependent on licence, boilerplate text. The [Licenses for GitHub repos doc](https://developer.gov.bc.ca/docs/default/component/bc-developer-guide/use-github-in-bcgov/license-your-github-repository/) offers more information about the topic. -- License -- README -- Code of conduct -- Contribution guidelines +* A link to team Code of Conduct file. -## On this page +Here's a [sample README file](https://github.com/bcgov/BC-Policy-Framework-For-GitHub/blob/master/BC-Gov-Org-HowTo/SAMPLE-README.md ). -- [Licence](#licence) -- [ReadMe](#readme) -- [Code of conduct](#code-of-conduct) -- [Contribution guidelines](#contribution-guidelines) +## Code of Conduct file -## Licence -Choose a licence and place a licence file in your repository before you do anything else. For important information on licences, see [License your GitHub repository](license-your-github-repository.md). +Code of Conducts fosters an open and welcoming environment, if written with clarity. -Depending on the licence you choose, add boilerplate text for the applicable licence to your README file. +Two starting points for creating a strong Code of Coduct: +* [Contributor Covenant](https://www.contributor-covenant.org/): common Code of Conduct for open source projects. -## ReadMe -GitHub has extensive documentation on how to create a good README file for your repository. Follow these guidelines when you create your README. +* [GitHub's guidelines on healthy contributions](https://docs.github.com/en/github/building-a-strong-community/setting-guidelines-for-repository-contributors): guidance on setting up a code of conduct for healthy contributions. -For more information, see [About READMEs](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes). +Here's a [sample Code of Conduct file](https://github.com/bcgov/BC-Policy-Framework-For-GitHub/blob/master/BC-Gov-Org-HowTo/SAMPLE-CODE_OF_CONDUCT.md). -Make sure to include the following: +## Contributing guidelines file -- A brief description of your project -- An overview on how to contribute to the repository with a link to your contribution guidelines -- Depending on your licence, boilerplate text for the applicable licence. For more information, see [License your GitHub repository](license-your-github-repository.md) -- A link to your code of conduct file +Always make sure contribution guidelines offer clarity and accurate methods of contributing to team repos. -See a [sample README file](https://github.com/bcgov/BC-Policy-Framework-For-GitHub/blob/master/BC-Gov-Org-HowTo/SAMPLE-README.md). +For example, if the repo needs contributors to fork the repo and submit pull requests, make sure it's included. Also, add links to the applicable documentation. -## Code of conduct -Write a clear code of conduct to ensure contributors to your project foster an open and welcoming environment. +Contributors should be aware of the repo license and relevant documentation. -Two good starting points to create a code of conduct for your project are the [Contributor Covenant](https://www.contributor-covenant.org/version/1/4/code-of-conduct/) and GitHub's guidelines on [healthy contributions](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions). +Here's a [sample contributing guildelines file.](https://github.com/bcgov/BC-Policy-Framework-For-GitHub/blob/master/BC-Gov-Org-HowTo/SAMPLE-CONTRIBUTING.md) -See a [sample code of conduct file](https://github.com/bcgov/BC-Policy-Framework-For-GitHub/blob/master/BC-Gov-Org-HowTo/SAMPLE-CODE_OF_CONDUCT.md). - -## Contribution guidelines -Write concise and clear contribution guidelines. Let potential contributors know how you prefer they work on projects and give them the correct information to do so. - -For example, if you prefer contributors fork repositories and [submit pull requests](https://help.github.com/articles/using-pull-requests/), provide links to the applicable documentation. - -Make sure you're clear on the licence that applies to your repository and provide a link to relevant documentation. - -See a [sample contributing file](https://github.com/bcgov/BC-Policy-Framework-For-GitHub/blob/master/BC-Gov-Org-HowTo/SAMPLE-CONTRIBUTING.md). - ---- -Related links: - -* [About READMEs](https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/about-readmes) -* [License your GitHub repository](license-your-github-repository.md) -* [Contributor Covenant](https://www.contributor-covenant.org/version/1/4/code-of-conduct/) -* [Healthy contributions](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions) -* [Using pull requests](https://help.github.com/articles/using-pull-requests/) ---- diff --git a/docs/use-github-in-bcgov/start-working-in-bcgov-github-organization.md b/docs/use-github-in-bcgov/start-working-in-bcgov-github-organization.md index f4d3f46..d68f276 100644 --- a/docs/use-github-in-bcgov/start-working-in-bcgov-github-organization.md +++ b/docs/use-github-in-bcgov/start-working-in-bcgov-github-organization.md @@ -1,85 +1,71 @@ -# Start working in the BCGov GitHub organization +# First steps working in GitHub -If you plan to share code developed by or for the B.C. government, [evaluate the content](evaluate-open-source-content.md) and get approval from your deputy minister. Deputy ministers may choose to delegate this authority to ministry chief information officers (CIOs). +Teams planning to share code need to evaluate the content, and get approval from their Deputy Minister **(DM)**. A DM may delegate approval to a Ministry Chief Information Officer **(MCIO)**. -## On this page +The B.C. Government works in the open, using [open development practices](https://digital.gov.bc.ca/policies-standards/dcop/open/) which includes: -- [Post existing code or projects](#post-existing-code-or-projects) -- [Initiate new code or projects](#initiate-new-code-or-projects) -- [Contribute to outside code or projects](#contribute-to-outside-code-or-projects) +* **[Mandatory GitHub repo files](https://developer.gov.bc.ca/docs/default/component/bc-developer-guide/use-github-in-bcgov/required-pages-for-github-repository/)** + - README file + - Contributing file + - Code of Conduct file + - License file. -The B.C. government follows the Open Development Standard, which outlines the following: - -* [Minimum content requirements](required-pages-for-github-repository.md): README, contributing file, code of conduct and license * Roles and responsibilities -* Basic mechanics of working in GitHub - -Generally, GitHub projects fall under one of the three following categories, with different key considerations depending on the type. -## Post existing code or projects - -Projects like this follow two basic approaches, but can vary. - -* **Throw it over the wall**: You have code that you want to make available because it might be useful to others. However, you don't want to make an open-ended commitment to maintain an active open-source project. +* Basic mechanics of working in GitHub -* **Create and run a sustainable project**: You have code that you want to make available and then run as an active project: accepting patches, soliciting code contributions, adding new maintainers, participating in user and developer forums, doing regular releases and more. +## Three common ways to start working in GitHub -In both cases, the basic steps to release the code are similar, while the implications for project management and resourcing are not. Key requirements in these scenarios include the following: +### Post existing code or projects -- Confirm your [authority to license](license-your-github-repository.md) +There are two common approaches a team can take: - Choose an open-source license and consult with the Intellectual Property Program (IPP) to make sure government has the right to release the code. +* **Throw it over the wall:** code that can be made availabe to others, but teams shouldn't make an open-ended committement to keep an active open-source project. - If any of the code is from another open-source project, make sure you adhere to the existing licensing provisions and make sure the licence is compatible when you select a licence to apply to your project. +* **Create and run a sustainable project:** code that can be made available, then run as an active project, inclusive of accepting patches, soliciting code contributions, adding new maintainers, participating in user and developer forums, doing regular releases and more. -- Make sure there are no other intellectual property considerations +Both methods use similar ways to release the code. They differ in project management and resourcing. Key requirements in these scenarios include: - These can include patent rights or trademarks in the code or documentation. Confirm that there are no restrictions on releasing the code or documentation imposed by legislation, policy or contracts. +* Confirming team authority to license. -- Assess any dependencies +* Choosing an open-source license, and consult with the Intellectual Property Program **(IPP)** to make sure government has the right to release the code. + * If using code from another open-source project, follow to the existing licensing provisions, and make sure the licences are compatiable. Per [the evaluate open-source content doc](https://developer.gov.bc.ca/docs/default/component/bc-developer-guide/use-github-in-bcgov/evaluate-open-source-content/), don't infringe on intellectual property rights. These can include, patent rights, trademarks in the code or documentation. - Check library dependencies, sample or configuration data to make sure it's appropriate for release or is separated out, if needed. +* Confirming that there are no restrictions on releasing the code or documentation imposed by legislation, policy or contracts. -If you are intending to maintain an active project, make sure to establish the appropriate processes and terms to manage contributions. +* Checking for any dependencies + - Check library dependencies, sample or configuration data to make sure it's appropriate for release, or is separated. -## Integrating GitHub Apps +Active project needs appropriate processes and terms to manage contributions. -We have large volumes of asks about adding GitHub Apps to our organization’s repository. Request a GitHub App to be installed from the BCDevOps Requests Issue: [Request for integrating a GitHub App](https://citz-do.atlassian.net/servicedesk/customer/portal/2/group/9/create/10). -If the existing applications don't work for you or your team, please create an issue. We need: +### Integrating GitHub Apps -1. Your contact information -1. Detailed information about the GitHub App +We get large volumes of asks about adding GitHub Apps to our org's repos. [Submit a support request on our Jira Service Manager system] to request a GitHub App to be installed. We need to know: +* Contact information -## Initiate new code or projects +* Detailed information about the GitHub App -These are projects that you want to manage as an open-source, collaborative project. +### Initiate new code or projects -- Choose an open-source licence and confirm your [authority to license](license-your-github-repository.md) -- Determine how contributions are made and managed and include this information in the contributor file in the repository. -- [Create the minimum required content](required-pages-for-github-repository.md). -- Add a [Contributor Code of Conduct](http://contributor-covenant.org/) to your repository. This document lets people know that all are welcome to contribute, and that all who contribute pledge to make participation in the project a harassment-free experience for everyone. Include a code of conduct and provide a contact method (in the placeholder) so that people know how to report violations. Introduce the code of conduct in your `readme.md`. +These types of projects fall under open-source and collaboration: -## Contribute to outside code or projects +* Choose an open-source licence and confirm team authority to license. -There may be circumstances where it's useful and appropriate for employees to contribute to non-B.C. government repositories as a part of their work. In these cases, consider the following: +* Use the [mandatory GitHub repo files doc](https://developer.gov.bc.ca/docs/default/component/bc-developer-guide/use-github-in-bcgov/required-pages-for-github-repository/) to create the specified pages. -- Make sure contributions are relevant, and the size and scope are consistent with your priorities. This may involve checking with your supervisor. -- Make sure the licensing provisions of the project you are contributing to are appropriate. For example, it's licensed under an OSI approved license and you aren't required to assign copyright to the project. +## Contribute to external code or projects - If the project requires you to sign a contributor agreement, get advice from Legal Services as to whether the terms are appropriate. +Sometimes, it's useful and appropriate for employees to contribute to non-B.C. Government repos as part of their workflow. In these cases, consider the following: - If the project uses a reciprocal or "copyleft" license, such as GPL or Mozilla, make sure you understand the requirements for publishing any modifications you make to the code. +* Any contribution, size, and scope is relevant. Team leads should confirm this. -- Confirm your [authority to license](license-your-github-repository.md) +* Licensing provisions of the project must be appropriate. For example, it's licensed under an OSI approved license and no requirement to assign copyright to the project. -Employees can also contribute to non-B.C. government owned intellectual property rights outside their professional roles by using their personal email linked to their GitHub account. +* If the project requires a contributor agreement to be signed, get advice from Legal Services if terms are appropriate. ---- -Related links: +* If the project uses a reciprocal or "copyleft" license, such as GPL or Mozilla, understand the requirements for publishing any modifications to the code. -* [Evaluate the content](evaluate-open-source-content.md) -* [Required pages for a GitHub repository](required-pages-for-github-repository.md) -* [License your GitHub repository](license-your-github-repository.md) +* Confirm team authority to license. ---- +Employees can also contribute to non-B.C. Government owned intellectual property rights outside their professional roles by using their personal email linked to their GitHub account. diff --git a/docs/use-github-in-bcgov/transferring-repos-to-bc-gov-orgs.md b/docs/use-github-in-bcgov/transferring-repos-to-bc-gov-orgs.md index ac202bc..b7f45d1 100644 --- a/docs/use-github-in-bcgov/transferring-repos-to-bc-gov-orgs.md +++ b/docs/use-github-in-bcgov/transferring-repos-to-bc-gov-orgs.md @@ -1,4 +1,4 @@ -# Transferring repositories +# Transferring repos to bcgov or bcgov-c This page explains the process to move repositories from a team or ministry's GitHub organization to either [bcgov](https://github.com/bcgov) or [bcgov-c](https://github.com/bcgov-c) GitHub organization. diff --git a/docs/welcome-to-bc-gov.md b/docs/welcome-to-bc-gov.md deleted file mode 100644 index 8bbba17..0000000 --- a/docs/welcome-to-bc-gov.md +++ /dev/null @@ -1,45 +0,0 @@ -# Welcome to the B.C. government - -There are a plethora of things to consider when developing apps for [core government](https://www2.gov.bc.ca/gov/content/governments/organizational-structure/ministries-organizations/ministries). This list will hopefully get you started on the right foot. - -## Five quick things to get you started - -1. Bookmark this site! It serves as the central hub for all development-related matters - -2. Get [access to the BCGov GitHub organization](../use-github-in-bcgov/bc-government-organizations-in-github/#bcgov). This is the default place for code to be stored in the BC Gov. Learn more about [the different B.C. Government GitHub organizations](../use-github-in-bcgov/bc-government-organizations-in-github/#organizations-in-github). - -3. [Get access to Rocket.Chat](../rocketchat/steps-to-join-rocketchat) and BC Government [GitHub Discussions](https://github.com/bcgov/bcgov-community-discussions). These are where the developer community gathers to ask questions, support each other with issues and is often the best source of support for internal services such as our cloud services and common components. - -4. [Explore the internal services](https://digital.gov.bc.ca/common-components/) and [Saas Tools](https://digital.gov.bc.ca/cloud/services/saas/) you can re-use to supports your work. - -5. Learn about what's happening in the [BC Gov Digital Ecosystem](https://digital.gov.bc.ca/blog/) - -Beyond this, most things are up to your team to decide, and not standardized. Browse the [documentation](/docs/) on this site to understand some of the existing resources available to you. Your team may have more guidance specific to your Ministry and team processes. - -## Where things are hosted - -### Working in the Private Cloud a.k.a. Open Shift - -* [Open Shift Intro](https://digital.gov.bc.ca/cloud/services/private/intro/) -* [Account access](/docs/default/component/platform-developer-docs/docs/openshift-projects-and-access/grant-user-access-openshift/) -* [Training](/docs/default/component/platform-developer-docs/docs/training-and-learning/training-from-the-platform-services-team/) - -### Working in the Public Cloud - -* [Public Cloud Intro](https://digital.gov.bc.ca/cloud/services/public/intro/) -* [Account access](/docs/default/component/public-cloud-techdocs/provision-a-project-set/#account-access) -* [Training](/docs/default/component/platform-developer-docs/#training-and-learning) - -### On Premise Hosting - -* [Hosting Services Intro](https://www2.gov.bc.ca/gov/content/bc-procurement-resources/buy-for-government/goods-and-services-catalogue/hosting-services) - -## Security and compliance guidance and policies - -You don't need to memorize these, but having them as context is helpful for navigating the compliance and governance environment you're working within. - -* [Privacy and personal information in the B.C. public sector](https://www2.gov.bc.ca/gov/content/governments/services-for-government/information-management-technology/privacy) -* [FOIPPA Quick Reference](https://raw.githubusercontent.com/bcgov/devhub-resources/master/resources/privacy/foippa_quick_reference.pdf) -* [B.C. government OpenShift DevOps security considerations](https://developer.gov.bc.ca/docs/default/component/platform-developer-docs/docs/security-and-privacy-compliance/platform-security-compliance/) -* [BC Gov Policy for GitHub](https://github.com/bcgov/BC-Policy-Framework-For-GitHub/blob/master/README.md) -* [IMIT standards](https://www2.gov.bc.ca/gov/content/governments/services-for-government/policies-procedures/im-it-standards) diff --git a/docs/working-with-data.md b/docs/working-with-data.md index 4c87269..cc72956 100644 --- a/docs/working-with-data.md +++ b/docs/working-with-data.md @@ -39,5 +39,5 @@ The province's area, varied topography and predominantly natural resource based ## Support -If you're working on a project that will hold citizen or buisness data, or needs to connect to an existing resource, the [Data Services Client Hub](https://dpdd.atlassian.net/servicedesk/customer/portal/1) can help connect you to the right place for support. +If you're working on a project that will hold citizen or business data, or needs to connect to an existing resource, the [Data Services Client Hub](https://dpdd.atlassian.net/servicedesk/customer/portal/1) can help connect you to the right place for support. diff --git a/mkdocs.yml b/mkdocs.yml index 9634a52..d9fda78 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -20,36 +20,36 @@ exclude_docs: | supports_for_developers.md nav: - - Introduction: index.md + - Welcome to the B.C. Government: index.md # - Digital Government: digital_government.md # - Ways of Working: ways_of_working.md # - Supports for developers: supports_for_developers.md - - Welcome to the B.C. government: welcome-to-bc-gov.md - - Selecting Technology: choosing-technology/how-to-select-technology.md + - Choosing project technology: choosing-technology/how-to-select-technology.md - Security and Privacy: - - Security and Privacy Guidance: security/security-and-privacy-compliance-and-guidance.md + - Security and Privacy guidance: security/security-and-privacy-compliance-and-guidance.md - Security best practices for apps: security/best-practices-for-apps.md + - Accessibility: + - Accessibility: accessibility-resources.md + - The design system: design-system/about-the-design-system.md - GitHub in the B.C. government: - - BC Government organizations in GitHub: use-github-in-bcgov/bc-government-organizations-in-github.md - B.C. Government GitHub Quick Reference: use-github-in-bcgov/quick-reference.md - - Security Features for BC Government GitHub Users: use-github-in-bcgov/github-security.md - - Remove a user's BCGov GitHub access: use-github-in-bcgov/remove-user-bcgov-github-access.md - - GitHub SSO transition guide: use-github-in-bcgov/github-transition-guide.md + - bcgov, bcgov-c, and SSO: use-github-in-bcgov/bc-government-organizations-in-github.md + - SSO IDIR and technical guide: use-github-in-bcgov/github-transition-guide.md + - First steps working in GitHub: use-github-in-bcgov/start-working-in-bcgov-github-organization.md - Evaluate open-source content: use-github-in-bcgov/evaluate-open-source-content.md + - Licenses for GitHub repos: use-github-in-bcgov/license-your-github-repository.md - Required pages for a GitHub repository: use-github-in-bcgov/required-pages-for-github-repository.md - - Start working in the BCGov GitHub organization: use-github-in-bcgov/start-working-in-bcgov-github-organization.md - - License your GitHub repository: use-github-in-bcgov/license-your-github-repository.md - - Transfer a repository to a BC Government GitHub Organization: use-github-in-bcgov/transferring-repos-to-bc-gov-orgs.md + - Transferring repos to bcgov or bcgov-c: use-github-in-bcgov/transferring-repos-to-bc-gov-orgs.md + - Removing member access: use-github-in-bcgov/remove-user-bcgov-github-access.md + - Rocket.Chat: - Join the B.C. Government Rocket.Chat: rocketchat/steps-to-join-rocketchat.md - Rocket.Chat etiquette: rocketchat/rocketchat-etiquette.md - Rocket.Chat channel descriptions: rocketchat/rocketchat-channel-descriptions.md - - Developing better questions: rocketchat/get-help-in-rocketchat.md - - Accessibility: accessibility-resources.md - - Design System: - - About the Design System: design-system/about-the-design-system.md + - Developing better questions: rocketchat/get-help-in-rocketchat.md + - Quickstart Wizards: - - Quickstart for OpenShift Wizard: wizards/quickstart-for-openshift-wizard.md + - Quickstart for OpenShift Wizard: wizards/quickstart-for-openshift-wizard.md - DevHub Content Partner Guide: content-partner-guide.md - DevHub Content Syntax Guide: content-syntax-guide.md - Working with data: working-with-data.md