Github repository and Bahmni code access for developers

This page is in DRAFT mode. Need inputs from @Mohankumar Thangavel @Angshuman Sarkar @Umair Fayaz @Gokul Kuppan @Rahul Ramesh @Himabindu Thungathurty

  1. How does a developer request access to Bahmni code?

  2. Which “team” do they get added to?

  3. Who can “raise” a PR to Bahmni code? Do they need repo access? Is raising a PR optional?

  4. Who has “commit” rights to Bahmni organisation repos? What is the process for getting direct commit access to Bahmni code?

  5. How often is the access rights of developers reviewed, to ensure people who are no longer “associated” with Bahmni are not continuing to have access?

  6. How do we ensure malicious code does NOT make it into Bahmni code / builds / images?

    1. Answer: Enable Branch Protection and ensure every code commit has one Approver from core team. See this Jira issue: BAH-3097: Enable branch protection for master branch for all Bahmni reposNeeds Assessment )

  7. How do we secure API keys / sensitive passwords which are needed to access AWS or other external services during the build process? (need a different wiki page for this?)

 

The Bahmni documentation is licensed under Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0)