Skip to main content

GitHub organisation management

The MoJ Analytical Services GitHub organisation is managed by the Operations Engineering Team.

Processes and practices

Members

Adding a member

To add a member to the organisation, you can either:

  1. Follow the instructions in the GitHub documentation. To do this, you must be an organisation owner.
  2. If you are an MoJ employee then use the GitHub SSO

You do not need to add members to the everyone team manually, as this will be done automatically.

Outside collaborators

An outside collaborator is a person who is not a member of the organisation, but has access to one or more repositories.

We use outside collaborators for external users, such as analysts from other government departments and partner organisations.

Outside collaborators are managed in Terraform in the moj-analytical-services/github-outside-collaborators repository.

Adding an outside collaborator

To add an outside collaborator to the GitHub organisation, you can either submit an issue in the moj-analytical-services/github-outside-collaborators repository or manually make changes to the relevant Terraform files. You will need to provide:

  • the GitHub username of the user
  • the name of the user
  • the email of the user
  • the organisation of the user
  • the reason the user needs access to the organisation
  • your name and email
  • a review date
  • the level of permission needed by the user
  • a list of repositories the user should have access to

Automation

All automated processes are managed in the moj-analytical-services/operations-engineering repository.

Archiving GitHub repositories

GitHub repositories are automatically archived when there is no activity on the main or master branch for more than 1.5 years.

If you still need a repository that has been archived, contact the Operations Engineering Team. Where a repository is inactive but should not be archived, it can be added to an allow list, so it is not archived again in future.

Moving members with direct repository access to teams

Any members that only have direct access to a repository will be moved to a new team with the same level of access. For example, a member with write access to the airflow repository would be added to a team called airflow-write-team.

If a member has both direct access to a repository and access via a team, they will only retain access via the team. If the level of access provided by the team is less than the level of direct access, their level of access will be reduced. For example, if a member has direct admin access to a repository and read access via a team, they will only retain read access via the team.

By default, members that are moved to teams will not be maintainers. Therefore, they will not be able to manage team permissions, including adding and removing members, and changing the role of members. You can request to be made a maintainer by contacting the Operations Engineering Team.

Adding members to the everyone team

All organisation members will automatically be added to the @moj-analytical-services/everyone team. This does not include outside collaborators.

Removing inactive users

Occasionally, we will review active members of the GitHub organisation, and remove accounts that are no longer required. We identify inactive members using information provided by GitHub on managing dormant users.

Contact

The team can be contacted in the #ask-operations-engineering Slack channel or by email at operations-engineering@digital.justice.gov.uk.

This page was last reviewed on 30 January 2023. It needs to be reviewed again on 30 January 2024 by the page owner #analytical-platform-support .