How does a developer request access to Bahmni code?
Which “team” do they get added to?
Who can “raise” a PR to Bahmni code? Do they need repo access? Is raising a PR optional?
Who has “commit” rights to Bahmni organisation repos? What is the process for getting direct commit access to Bahmni code?
How often is the access rights of developers reviewed, to ensure people who are no longer “associated” with Bahmni are not continuing to have access?
How do we ensure malicious code does NOT make it into Bahmni code / builds / images?
Answer: Enable Branch Protection and ensure every code commit has one Approver from core team. See this Jira issue:
Jira Legacy server System JIRA serverId 32584f0f-f83d-3b0b-b91f-826465c6b0b8 key BAH-3097
How do we secure API keys / sensitive passwords which are needed to access AWS or other external services during the build process? (need a different wiki page for this?)