GitHub Onboarding
Overview
This guide defines the process for adding new Teams to GitHub, and for adding new users to existing teams.
GitHub Organizations: - mdt-crm-internal
Access Request and Managment Flow
Add Users to Existing Teams
- Request GitHub Access
Onboard New Teams
- Create a new Security Group
- Request GitHub Access
- Create a GitHub Team
Create a new Security Group
To onboard a new Team to GitHub, a new Active Directory security group is required. This group is explicitly for managing membership of a GitHub team, which is how repository permissions are managed.
The authentication process for GitHub does not support nested groups. As such, members must be directly included in the security groups.
Use this ServiceNow request form to request the security group.
Form inputs:
| Field | Value | Example |
|---|---|---|
| Requested for | Your name | |
| What do you want to do? | Create New Application Group | |
| Environment | ENT | |
| Request type | Group for a new application | |
| Application Name | GitHub Enterprise Cloud Access Request | |
| Group Name | github_productname_capabilityname_maintain | github_mlife_cicd_maintain |
| Object Class Attribute | -- None -- | |
| Primary Approver/Owner - app | Individual or Lead Engineer of the team | Dileep Veldi |
| Secondary Approver - app | Another engineer or the team manager | Piyush Shah |
| Business Friendly Description | Team for PRODUCTNAME-CAPABILITYNAME in GitHub - CRM organization | Team for MLife-CICD in Github - CRM organization |
| Do you want to grant users access now? | No |
Request GitHub Access
After the new security group has been created, please allow a day for all the group information to sync into ServiceNow to allow it to appear in this next form.
Use this ServiceNow request form to manage user membership int the security group. A separate request should be submitted for each user.
Form inputs:
| Field | Value |
|---|---|
| Requested for | User being added |
| What do you want to do? | Add Access |
| Select User Type | New/Existing |
| Do you have an MSDN License or an existing GitHub Enterprise License | Yes/No |
| Select Organization | Cardiac Rhythm Management |
| Select Role | Choose the Capability Maintain group, or Read Only for general access |
Create a GitHub Team
Create a Pull Request to this Azure Repository and add the new group to the list of group_mappings.
This repository uses Terraform to perform a number of tasks automatically when the Pull Request is closed, for each group in the list.
- Create a GitHub Team: Group membership to this team will be directly mapped and managed by the Active Directory Security Group.
- Create a Team Docs Repository: This repository will automatically build and publish a standardized GitHub Pages website the team can use for internal-team documentation (team onboarding guides, useful links, process guidelines, etc)
- Create a Capability Docs Repository: This repository will automatically build and publish a standardized GitHub pages website for documentation focused on the Capability (application documentation, API contract definitions, dashboard links, support links, etc)
NOTE: This step will not work without the Energizers team first requesting the new security group be added to the GitHub Enterprise Application. There are currently no form or automation options available for this step. The Energizers team should use the Chat Now link on the ServiceNow Home Page to initial this request when a new group needs to be added to the Enterprise Application in Azure Active Directory. The request should be routed to the IAM team. Once the group has been added, the pipeline on the Pull Request should be re-queued to detect the new group.