Skip to content

GitHub

  1. Naming conventions
    1. Repositories SHOULD be prefixed with a department or project code (e.g. ds- for Digital Services, da- for Digital Archiving or tdr- for Transfer of Digital Records)
  2. Setup
    1. Repositories SHOULD have a CODEOWNERS file
  3. Maintenance
    1. Once no longer maintained, teams SHOULD archive repositories
  4. Security
    1. You MUST sign your commits
    2. You SHOULD sign your commits with a GPG key
    3. You COULD sign your commits with an SSH key
    4. You SHOULD NOT use personal access tokens (PATs) or long-lived credentials