title | description | layout | category | subcategory | cspell | redirect_from |
---|---|---|---|---|---|---|
GitHub & GitLab |
Team code repos, permissions, notification strategies |
article |
Development |
Code |
ignore omniauth |
/articles/github.html |
View a list of all repositories tagged for Login.gov.
Some repositories in GitHub are mirrored from our self-hosted GitLab.
-
18f/identity-idp
secure.login.gov
IDP (main application) -
18f/identity-pki
PIV/CAC application -
18f/identity-idp-config
Service Provider (service_providers.yml
) and Agency (agencies.yml
) configuration repo that can be updated and deployed independently of the IDP. -
18f/identity-dashboard
Partner Dashboard for viewing and editing service provider configurations (only in the INT environment). -
18f/identity-charts
{: .deprecated-link} (Archived)
login-charts-server.app.cloud.gov
Metrics dashboard for Login.gov
-
18f/identity-hostdata
Gem that provides functionality for our Ruby applications on our EC2 infrastructure to download secrets and read configs. -
18f/identity-logging
Gem that sets up common log formatting and configuration for Rails applications -
18F/omniauth_login_dot_gov
Provides an Omniauth strategy for Login.gov that helps other projects integrate with Login.gov more easily. Some use cases include the identity-dashboard as well as Touchpoints, USMC and search.gov -
18f/identity-validations
Gem that provides shared validations for the ServiceProvider model across the IDP and dashboard -
18f/identity-telephony
{: .deprecated-link} (Archived) Gem that provides a common interface for voice and SMS features across multiple vendor backends. This code has been moved into the IDP codebase. -
18f/identity-doc-auth
{: .deprecated-link} (Archived) Provides a library for performing document authentication. This code has been moved into the IDP codebase. -
18f/identity-proofer-gem
{: .deprecated-link} (Archived) Provides a generic interface around identity proofing (IDV, identity verification) that is implemented by other proofers. This code has been moved into the IDP codebase. -
18f/identity-lexisnexis-api-client-gem
{: .deprecated-link} (Archived) Implementation of the identity-proofer interface for LexisNexis. This code has been moved into the IDP codebase. -
18f/identity-aamva-api-client-gem
{: .deprecated-link} (Archived) Implementation of the identity-proofer interface for AAMVA for drivers licenses. This code has been moved into the IDP codebase.
-
18f/identity-oidc-sinatra
Example service provider that uses OpenID connect and Sinatra. -
18f/identity-saml-sinatra
Example service provider that uses SAML and Sinatra. -
18f/identity-saml-rails
{: .deprecated-link} (Archived) Example service provider that uses SAML and Rails.
-
lg/identity-devops
Platform CLI tools, Terraform for infrastructure as code (IaC), Chef for instance (server) provisioning, and so much more! (Too much more?) -
lg/identity-devops-private
Per-application environment additional Terraform and Chef configurations -
lg/identity-terraform
Publicly shared Terraform modules -
lg/identity-cookbooks
Publicly shared Chef cookbooks -
lg/identity-base-image
AWS EC2 Image (AMI) definitions and build pipelines to match -
18f/identity-monitor
{: .deprecated-link} (Archived) Smoke tests and NewRelic scripts that test the site -
18f/identity-lambda-functions
AWS Lambda functions and the code to deploy them - Only used for KMS matching code at this time
18f/identity-design-assets
A place for the Login.gov design team to version and store design assets (illustrations, sketch files, etc.)
-
GSA-TTS/identity-site
login.gov
Hosted on: Cloud.gov Pages
Public marketing page. -
18f/identity-design-system
The Login.gov Design System, an extension of the U.S. Web Design System used on Login.gov sites to consistently identify the Login.gov brand. -
GSA-TTS/identity-dev-docs
developers.login.gov
Hosted on: Cloud.gov Pages
Developer documentation and integration guides for OpenID Connect and SAML. -
18f/connect.gov
{: .deprecated-link} (Archived)
connect.gov
Hosted on: Cloud.gov Pages
A site to disambiguate the Login.gov's predecessorconnect.gov
from Connecticut's ConnectCTconnect.ct.gov
-
18f/identity-partners-site
{: .deprecated-link} (Archived)
partners.login.gov
A site to present information for partners, now exists as/partners
in theidentity-site
repo. -
GSA-TTS/identity-reporting
data.login.gov
Hosted on: Cloud.gov Pages
Public reporting dashboard. -
GSA-TTS/identity-handbook
handbook.login.gov
Hosted on: Cloud.gov Pages
This handbook! -
lg-public/identity-internal-handbook
lg-public.pages.production.gitlab.login.gov/identity-internal-handbook/
Hosted on: GitLab Pages (self-hosted)
Internal version of this handbook (Private to Login.gov team only) -
18f/identity-handbook-private
{: .deprecated-link} (Archived)
Old, private version of this handbook! (Private to Login.gov team only)
To request access to GitHub:
- Set up GitHub account per TTS GitHub guidelines
- Join the #admins-github Slack channel
- Tag
@github-admins-login
and request to add your GitHub username to the following teams/orgs:
All Login.gov repos should have the following permissions. They can be changed by a current admin under "Settings" > "Manage Access" in GitHub.
Group Name | Role | Applicable Orgs |
---|---|---|
identity-admins | Admin | 18f, GSA-TTS |
identity-core | Write | 18f, GSA-TTS |
identity-partners | Read | 18f |
identity-ro | Read | 18f |
We should not have any individual access, only team access.
Repositories hosted in the GSA-TTS org on GitHub (the mostly static sites) require signed commits. See GitHub's documentation on configuring git to sign commits.
We strongly recommend that you configure git to automatically sign commits (so you don't have to add -S
to every commit)
-
The default settings for GPG only prompt for a password once every 10 minutes
-
You can set this up globally or per-repo (locally)
-
To verify that the signing has been enabled, in either your
~/.gitconfig
(global) or the.git/config
in each repository (local), check for these values:[commit] gpgsign = true [user] signingkey = <<YOUR ID HERE>>
Default settings for GitHub can generate a lot of email that can be tough to sift through. Here are some strategies for helping manage these notifications:
-
Create Gmail filters to help highlight mentions:
-
A filter to get emails out of the Inbox
list:18F.github.com OR list:gsa-tts.github.com
Skip Inbox, Apply label: github -
A mentions/me filter to highlight Pull Requests you're participating in (such as being tagged as a reviewer)
from:[email protected] to:me
Apply label: github-me
Example:
-
-
In GitHub, only have notifications on for repositories you care about (unwatch all others). The 18F org has many repos that do not affect Login.gov. For example, set up "All Activity" for
identity-
repos, and "Participating" for all others.Key Repositories Other Repositories
Engineers may want to run CI before submitting their code for review. For example, this can be a helpful way to check that all tests pass. To run CI on a branch without creating a pull request:
- Push the up to date branch to GitHub
- Navigate to https://gitlab.login.gov/lg/identity-idp/-/pipelines/new
- In the drop-down below
Run for branch name or tag
, select the branch for which you'd like to run CI
Engineers might want to share work with other engineers, such as before starting a pairing session. To share work without creating a PR, consider using GitHub's "compare" feature.
- Push the up to date branch to GitHub
- From the repo's home page, select the branch
- Click "Contribute" and select the left button, "Compare"
- Share the resulting url, eg https://github.com/18F/identity-idp/compare/branch-name-goes-here, with your fellow engineer.
Additionally, you can use a script like git-cmp
that allows you to generate github compare urls from local branches.
See [Pull Request Review]({% link _articles/pull-request-review.md %})