Merge pull request #53 from bcgov/update/confluence-content

Updated content from confluence.

patterns/docs/GitHub Repository Best Practices/GitHub Repository Best Practices.md

@@ -3,8 +3,8 @@ sidebar_position: 3
 ---
 <table class="wrapped relative-table"><colgroup></colgroup><tbody><tr><th>Status</th><td><div class="content-wrapper"><p>GreenPublished</p></div></td></tr><tr><th>Overview</th><td><div class="content-wrapper"><p>The purpose of this page is to outline practices when using GitHub as your source code repository</p></div></td></tr></tbody></table>
 
-Removing Sensitive Data from a GitHub Repo
-==========================================
+Removing Sensitive Data from a GitHub Repo, How To#
+===================================================
 
 **[https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)**
 

patterns/docs/GitHub Repository Best Practices/data.json

@@ -1 +1 @@
-{"id":"163422029","type":"page","status":"current","title":"GitHub Repository Best Practices","body":{"storage":{"value":"<ac:structured-macro ac:name=\"details\" ac:schema-version=\"1\" ac:macro-id=\"5f5c56f3-5d6c-46cf-ad8f-f3ff3d2ece6b\"><ac:parameter ac:name=\"label\" /><ac:rich-text-body><table class=\"wrapped relative-table\" style=\"width: 66.4076%;\"><colgroup><col style=\"width: 16.6678%;\" /><col style=\"width: 83.2901%;\" /></colgroup><tbody><tr><th>Status</th><td><div class=\"content-wrapper\"><p><ac:structured-macro ac:name=\"status\" ac:schema-version=\"1\" ac:macro-id=\"a2e29e0a-14d5-42cd-922b-bfb7364904e6\"><ac:parameter ac:name=\"colour\">Green</ac:parameter><ac:parameter ac:name=\"title\">Published</ac:parameter></ac:structured-macro> </p></div></td></tr><tr><th>Overview</th><td><div class=\"content-wrapper\"><p>The purpose of this page is to outline practices when using GitHub as your source code repository</p></div></td></tr></tbody></table></ac:rich-text-body></ac:structured-macro><h1><ac:structured-macro ac:name=\"toc\" ac:schema-version=\"1\" ac:macro-id=\"164734e5-87cf-45d3-9ad0-5288c1fc1109\" /></h1><h1>Removing Sensitive Data from a GitHub Repo</h1><p><strong><a class=\"\" href=\"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository\">https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository</a></strong></p><p>Please make sure to follow those instructions carefully, as simply deleting the content will not remove it completely from the repository commit history.</p><h1>Repository Setup</h1><p>The below options are found under settings</p><h1>Branch Protection</h1><p>Create at least 1 branch protection rule for your &quot;main&quot; branch that;</p><ul><li>Forces an approval before merging to your &quot;main&quot; branch<ul><li>An approver should be someone able to understand the code changes and has the authority to approve code changes and pipeline activities associated with a PR Merge (Eg. Data Custodian and Test/Prod deployments)</li></ul></li></ul><p>Note: Admins can bypass this</p><p><ac:image ac:height=\"250\"><ri:attachment ri:filename=\"image2023-8-8_9-12-55.png\" /></ac:image></p><ul><li>Enforces status checks to be passed before merging, this should include;<br /><ul><li>SonarCloud (vulnerability, code coverage)</li><li>Code scanning (Trivy, Snyk, CodeQL)</li><li>Builds</li><li>Deployments</li><li>Route verification (up/down, penetration testing)</li></ul></li><li>Note: checks need to have been run once to populate the drop-down</li></ul><p>(Ensure you select your options below when enabling the rule)</p><p><ac:image ac:height=\"97\"><ri:attachment ri:filename=\"image2023-8-8_9-18-27.png\" /></ac:image></p><ul><li>Ensures branches are up to date before merging</li></ul><p><ac:image ac:height=\"72\"><ri:attachment ri:filename=\"image2023-8-8_9-18-42.png\" /></ac:image></p><h1>Manage Your Administrators</h1><ul><li>Have at least 1 backup administrator</li><li>Have as few admins as possible, most developers will not need to be an admin</li></ul><h1>Manage Your Team</h1><ul><li>Create a Team in GitHub and Manage the permission in the team. (<a href=\"https://github.com/orgs/bcgov/teams\">https://github.com/orgs/bcgov/teams</a>)</li><li>This way if the single team is working on multiple products, authorization will be easier to manage and tracking will be easier.</li></ul><h1>Manage Your Code Owners </h1><ul><li><span><span>Add a CODEOWNERS file under the /.</span><span>github</span><span> directory</span></span><span> </span></li><li><span>Add this rule to your main branch protection to ensure PRs are reviewed by code owner </span></li></ul><p><span><ac:image ac:height=\"250\"><ri:attachment ri:filename=\"image-2024-6-18_15-52-26.png\" /></ac:image></span></p><h1>Setup Your Pull Request Repository Settings (Very Useful to Help Ensure Guidelines are Followed)</h1><ul><li>Use squash merging to keep histories clean<ul><li>We recommend using pull request titles</li></ul></li><li>Suggest updating pull requests<ul><li>Being up to date is required (see above)</li><li>Selecting this will add an easy update button to PRs</li></ul></li><li>Automatically delete head branches, which are merged feature branches<ul><li>Excessive numbers of branches can degrade performance and increase clone times</li><li>Long lived-branches are strongly discouraged</li></ul></li></ul><p><ac:image><ri:attachment ri:filename=\"prdeets.png\" /></ac:image></p><p>For additional PR, Pipeline, and Deployment practices: See <ac:link><ri:page ri:content-title=\"Coding Patterns &amp; Practices\" /></ac:link></p><h1>Create Repository Documentation</h1><ul><li>Create a meaningful Readme.md, see <a href=\"https://github.com/bcgov/BC-Policy-Framework-For-GitHub/blob/master/BC-Gov-Org-HowTo/SAMPLE-README.md\" style=\"text-align: left;\" rel=\"nofollow\">https://github.com/bcgov/BC-Policy-Framework-For-GitHub/blob/master/BC-Gov-Org-HowTo/SAMPLE-README.md</a></li><li>Add a license and other required documentation, see <a href=\"https://docs.developer.gov.bc.ca/required-pages-for-github-repository/\" style=\"text-align: left;\" rel=\"nofollow\">https://docs.developer.gov.bc.ca/required-pages-for-github-repository/</a></li><li>Make use of the GitHub Wiki<ul><li>The GitHub Wiki provides version controlled documentation that multiple people can edit and does not require technical expertise</li><li>If you're going to use the Wiki make sure you add a reference to it in your Readme.md</li></ul></li><li>Create a reference in confluence to your repository and documentation</li></ul><h1>GitHub Wiki - Suggestions of What to Add</h1><ul><li>Points of Contact</li><li>How-To's:<ul><li>Running Locally</li><li>Developer Practices</li><li>Coding Practices</li><li>Ticket management</li><li>Backup and restore </li></ul></li><li>Application process flows</li></ul><h1>Handle Your Secrets and Environment Variables</h1><p>See <ac:link><ri:page ri:content-title=\"Coding Patterns &amp; Practices\" /></ac:link></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p>","representation":"storage","_expandable":{"content":"/rest/api/content/163422029"}},"_expandable":{"editor":"","view":"","export_view":"","styled_view":"","anonymous_export_view":""}},"extensions":{"position":"none"},"_links":{"webui":"/display/AR/GitHub+Repository+Best+Practices","edit":"/pages/resumedraft.action?draftId=163422029","tinyui":"/x/TZ_9CQ","collection":"/rest/api/content","base":"https://apps.nrs.gov.bc.ca/int/confluence","context":"/int/confluence","self":"https://apps.nrs.gov.bc.ca/int/confluence/rest/api/content/163422029"},"_expandable":{"container":"/rest/api/space/AR","metadata":"","operations":"","children":"/rest/api/content/163422029/child","restrictions":"/rest/api/content/163422029/restriction/byOperation","history":"/rest/api/content/163422029/history","ancestors":"","version":"","descendants":"/rest/api/content/163422029/descendant","space":"/rest/api/space/AR"}}
+{"id":"163422029","type":"page","status":"current","title":"GitHub Repository Best Practices","body":{"storage":{"value":"<ac:structured-macro ac:name=\"details\" ac:schema-version=\"1\" ac:macro-id=\"5f5c56f3-5d6c-46cf-ad8f-f3ff3d2ece6b\"><ac:parameter ac:name=\"label\" /><ac:rich-text-body><table class=\"wrapped relative-table\" style=\"width: 66.4076%;\"><colgroup><col style=\"width: 16.6678%;\" /><col style=\"width: 83.2901%;\" /></colgroup><tbody><tr><th>Status</th><td><div class=\"content-wrapper\"><p><ac:structured-macro ac:name=\"status\" ac:schema-version=\"1\" ac:macro-id=\"a2e29e0a-14d5-42cd-922b-bfb7364904e6\"><ac:parameter ac:name=\"colour\">Green</ac:parameter><ac:parameter ac:name=\"title\">Published</ac:parameter></ac:structured-macro> </p></div></td></tr><tr><th>Overview</th><td><div class=\"content-wrapper\"><p>The purpose of this page is to outline practices when using GitHub as your source code repository</p></div></td></tr></tbody></table></ac:rich-text-body></ac:structured-macro><h1><ac:structured-macro ac:name=\"toc\" ac:schema-version=\"1\" ac:macro-id=\"164734e5-87cf-45d3-9ad0-5288c1fc1109\" /></h1><h1>Removing Sensitive Data from a GitHub Repo, How To#</h1><p><strong><a class=\"\" href=\"https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository\">https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository</a></strong></p><p>Please make sure to follow those instructions carefully, as simply deleting the content will not remove it completely from the repository commit history.</p><h1>Repository Setup</h1><p>The below options are found under settings</p><h1>Branch Protection</h1><p>Create at least 1 branch protection rule for your &quot;main&quot; branch that;</p><ul><li>Forces an approval before merging to your &quot;main&quot; branch<ul><li>An approver should be someone able to understand the code changes and has the authority to approve code changes and pipeline activities associated with a PR Merge (Eg. Data Custodian and Test/Prod deployments)</li></ul></li></ul><p>Note: Admins can bypass this</p><p><ac:image ac:height=\"250\"><ri:attachment ri:filename=\"image2023-8-8_9-12-55.png\" /></ac:image></p><ul><li>Enforces status checks to be passed before merging, this should include;<br /><ul><li>SonarCloud (vulnerability, code coverage)</li><li>Code scanning (Trivy, Snyk, CodeQL)</li><li>Builds</li><li>Deployments</li><li>Route verification (up/down, penetration testing)</li></ul></li><li>Note: checks need to have been run once to populate the drop-down</li></ul><p>(Ensure you select your options below when enabling the rule)</p><p><ac:image ac:height=\"97\"><ri:attachment ri:filename=\"image2023-8-8_9-18-27.png\" /></ac:image></p><ul><li>Ensures branches are up to date before merging</li></ul><p><ac:image ac:height=\"72\"><ri:attachment ri:filename=\"image2023-8-8_9-18-42.png\" /></ac:image></p><h1>Manage Your Administrators</h1><ul><li>Have at least 1 backup administrator</li><li>Have as few admins as possible, most developers will not need to be an admin</li></ul><h1>Manage Your Team</h1><ul><li>Create a Team in GitHub and Manage the permission in the team. (<a href=\"https://github.com/orgs/bcgov/teams\">https://github.com/orgs/bcgov/teams</a>)</li><li>This way if the single team is working on multiple products, authorization will be easier to manage and tracking will be easier.</li></ul><h1>Manage Your Code Owners </h1><ul><li><span><span>Add a CODEOWNERS file under the /.</span><span>github</span><span> directory</span></span><span> </span></li><li><span>Add this rule to your main branch protection to ensure PRs are reviewed by code owner </span></li></ul><p><span><ac:image ac:height=\"250\"><ri:attachment ri:filename=\"image-2024-6-18_15-52-26.png\" /></ac:image></span></p><h1>Setup Your Pull Request Repository Settings (Very Useful to Help Ensure Guidelines are Followed)</h1><ul><li>Use squash merging to keep histories clean<ul><li>We recommend using pull request titles</li></ul></li><li>Suggest updating pull requests<ul><li>Being up to date is required (see above)</li><li>Selecting this will add an easy update button to PRs</li></ul></li><li>Automatically delete head branches, which are merged feature branches<ul><li>Excessive numbers of branches can degrade performance and increase clone times</li><li>Long lived-branches are strongly discouraged</li></ul></li></ul><p><ac:image><ri:attachment ri:filename=\"prdeets.png\" /></ac:image></p><p>For additional PR, Pipeline, and Deployment practices: See <ac:link><ri:page ri:content-title=\"Coding Patterns &amp; Practices\" /></ac:link></p><h1>Create Repository Documentation</h1><ul><li>Create a meaningful Readme.md, see <a href=\"https://github.com/bcgov/BC-Policy-Framework-For-GitHub/blob/master/BC-Gov-Org-HowTo/SAMPLE-README.md\" style=\"text-align: left;\" rel=\"nofollow\">https://github.com/bcgov/BC-Policy-Framework-For-GitHub/blob/master/BC-Gov-Org-HowTo/SAMPLE-README.md</a></li><li>Add a license and other required documentation, see <a href=\"https://docs.developer.gov.bc.ca/required-pages-for-github-repository/\" style=\"text-align: left;\" rel=\"nofollow\">https://docs.developer.gov.bc.ca/required-pages-for-github-repository/</a></li><li>Make use of the GitHub Wiki<ul><li>The GitHub Wiki provides version controlled documentation that multiple people can edit and does not require technical expertise</li><li>If you're going to use the Wiki make sure you add a reference to it in your Readme.md</li></ul></li><li>Create a reference in confluence to your repository and documentation</li></ul><h1>GitHub Wiki - Suggestions of What to Add</h1><ul><li>Points of Contact</li><li>How-To's:<ul><li>Running Locally</li><li>Developer Practices</li><li>Coding Practices</li><li>Ticket management</li><li>Backup and restore </li></ul></li><li>Application process flows</li></ul><h1>Handle Your Secrets and Environment Variables</h1><p>See <ac:link><ri:page ri:content-title=\"Coding Patterns &amp; Practices\" /></ac:link></p><p><br /></p><p><br /></p><p><br /></p><p><br /></p>","representation":"storage","_expandable":{"content":"/rest/api/content/163422029"}},"_expandable":{"editor":"","view":"","export_view":"","styled_view":"","anonymous_export_view":""}},"extensions":{"position":"none"},"_links":{"webui":"/display/AR/GitHub+Repository+Best+Practices","edit":"/pages/resumedraft.action?draftId=163422029","tinyui":"/x/TZ_9CQ","collection":"/rest/api/content","base":"https://apps.nrs.gov.bc.ca/int/confluence","context":"/int/confluence","self":"https://apps.nrs.gov.bc.ca/int/confluence/rest/api/content/163422029"},"_expandable":{"container":"/rest/api/space/AR","metadata":"","operations":"","children":"/rest/api/content/163422029/child","restrictions":"/rest/api/content/163422029/restriction/byOperation","history":"/rest/api/content/163422029/history","ancestors":"","version":"","descendants":"/rest/api/content/163422029/descendant","space":"/rest/api/space/AR"}}

patterns/docs/Source Code Repositories/GitHub Repository Best Practices/GitHub Repository Best Practices.md

@@ -3,8 +3,8 @@ sidebar_position: 1
 ---
 <table class="wrapped relative-table"><colgroup></colgroup><tbody><tr><th>Status</th><td><div class="content-wrapper"><p><ac:structured-macro ac:name="status" ac:schema-version="1" ac:macro-id="a2e29e0a-14d5-42cd-922b-bfb7364904e6"><ac:parameter ac:name="colour">Green</ac:parameter><ac:parameter ac:name="title">Published</ac:parameter></ac:structured-macro>&nbsp;</p></div></td></tr><tr><th>Overview</th><td><div class="content-wrapper"><p>The purpose of this page is to outline practices when using GitHub as your source code repository</p></div></td></tr></tbody></table>
 
-Removing Sensitive Data from a GitHub Repo
-==========================================
+Removing Sensitive Data from a GitHub Repo, How To#
+===================================================
 
 **[https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository)**