-
Notifications
You must be signed in to change notification settings - Fork 2
HOME
Welcome to the GitHub guidance wiki for BLM! This is the jump-off point for all guidance related to software development in the BLM where GitHub will be used as the version control system and/or for developers to "socialize". Note that the main GitHub DOI repository can be found at https://github.com/usinterior/. The main BLM repository can be found at https://github.com/DOI-BLM.
Background: Why is Github needed within BLM?
In addition to previous policies on Paperwork Elimination, Transparency and Open Government M-09-12 and M-10-06, and Guidance for Third Party Application Use, the following more recent policies prescribe direction to be followed with regard to websites, digital services and application code: Policies for Federal Agency Public Websites and Digital Services M-17-06 and Federal Source Code policy M-16-21. These prescribe that all Government websites and digital services shall be open and searchable. They also prescribe that if it is determined that custom-built software needs to be written, making the code available as open-source software (OSS) must be considered to perpetuate both transparency and Government-wide code reuse. These policies include provisions requiring agencies to start storing new code and code inventories on Code.gov.
It is our hope that by releasing as much of BLM's source code as possible to GitHub, we can share and learn with other agencies and individuals everywhere, whether working in Government, or not. This is consistent with the true spirit of open source software development and open government. Here is an example of a real-world example (though simple) of how Joe Q-public found and fixed an issue with a Government Agency file posted on Github via a merged pull request.
Finally, even if no one ever uses BLM's code, making the code open source helps government to implement good code management and being better situated to deal with vendor turnover. If the code is public, federal project teams can see the code on a regular basis and check for pragmatic prose. As vendors transition, the code will be complete in one place and contract transition issues will be lessened. Finally, as BLM moves to more modern practices such as writing software-as-a-service, employing microservices and containerization, and moving towards more DevOps including 12Factor.Net principles, BLM needs to have one source of the truth, particularly with the new policy to move towards code being available via code.gov.
Getting Started
Accounts in Github are free and personal. If you don't already have a personal account, it is recommended that your account username be your BLM username followed by a hyphen, followed by lowercase "blm". For example: "jdoe-blm".
Once you have an account, associate your official BLM email address with your GitHub account. This can be done by using either your existing or newly-created account. Be sure your official email address is public. Also, when taking any web-based actions on GitHub, make sure your primary email address is set to your official BLM email address (username@blm.gov).
Once your account is created, users are encouraged to use both two-factor (2FA) authentication and use SSH Keys when using GitHub to enhance security. See here for how to turn on 2FA, and here for implementing SSH keys.
Join the BLM Organization on GitHub
Once you have a GitHub account, send an email to blm_github_admin@blm.gov and request to join the BLM organization, which can be found at https://github.com/DOI-BLM. Include your GitHub account name - especially when your account does not match your BLM username. Once your organization administrator approves your membership, he/she will invite you to join the BLM organization. Once you have accepted the invitation, publicize your membership as follows.
The exact publication process is being created and is the responsibility of the organization releasing code. GSA and their Chief Technology Office (CTO) is leading an effort to be published here with Security and Acquisition IT Offices in developing an automated code scan and release process to be published on GSA’s open source policy repository with further instructions for use. The US Digital Service is also working on overarching Government publishing policies.
Realize that all useage of the DOI-BLM organization is subject to this Code of Conduct.
Join the Government Organization on GitHub
Another good idea once that’s done is to join the GitHub Government organization by pointing your favorite browser to https://government-community.githubapp.com. You should be automatically added to this organization and can head to https://github.com/government at any time to get started. If you’re having issues joining the community, email government@github.com. More information can be found here.
How does GitHub work?
Training on the use of Github is beyond the scope of this set of guidance, however, more info can be found on the official GitHub Youtube channel and the [official DigitalGov YouTube channel] (https://www.youtube.com/channel/UC5V8jrK77-8gsa9RL_taG9A). DigitalGov University is also a good resource.
Code Repository Management
It is crucial that BLM keeps their home repository/organization clean and preened, whereby old code that is end-of-life and/or no longer used will be taken down. In these cases, the BLM Github administration team will work with the code sponsors/owners to decide whether or not code should continue to be hosted. In those cases where the code is to be taken down, it shall be archived pursuant to the official GitHub instructions to archive repositories. A descriptive note shall be added in the project description field at the top of the page before/while doing the archiving. It should also be noted that any and all code that is part of a system(s) that are considered "investments" (see Capitol Planning and Investment Control - CPIC for definitions of what constitutes an investment) shall be properly decommissioned according to those policies Click here for BLM CPIC policies and [here for DOI CPIC policies] (https://www.doi.gov/ocio/policy-mgmt-support/capital-planning-and-investment-control). All DOI and BLM records management policies and procedures shall also be taken into consideration.
Other Guidance
Privacy Impact Assessment - Department of Interior Adapted Privacy Impact Assessment for GitHub
Terms Of Service - Agreement between GitHub, Inc. and U.S. federal government users
BLM Source Code Policy - Based on Consumer Financial Protection Bureau (CFPB) Source Code Policy
BLM GitHub Code of Conduct - This Code of Conduct is distributed under a Creative Commons Attribution-ShareAlike license
18F Source Code Policy - GSA/18F Github repository for their open source policy
Code Review Guidelines - Based on Consumer Financial Protection Bureau (CFPB) Code Review Guidelines
Government Best Practices for open source using GitHub from 18f
Government best practices - Note this is for Governmental entities of any size (national/federal, state, local, and municipal) and for any country
Notes on GitHub and FedRamp - Government account required for access
Please contact @dfinnefrock with any problems, concerns, ideas