Users of QualityNet Jira and Confluence may have their sessions briefly disconnected on Tuesday, July 2, 2024, between 8:00 PM ET and 9:00 PM ET while the team completes a certificate renewal.  If you have questions or concerns, please reach out to us in Slack at #help-atlassian.

QualityNet IT Services



GitHub Enterprise provides next generation DevOps & Agile configuration management capabilities in support of the QualityNet mission. The application aggregates commonly required features for change and configuration management: project collaboration, issue tracking, modern GIT based version control, and documentation via wiki. For more information on these items please refer to the GitHub Enterprise website.


Requesting GitHub Enterprise Access


Requesting Access to GitHub

Access to GitHub is controlled via HARP. Therefore a user must have a HARP account before they can request access to GitHub.

Step 1: If you do not have a HARP account or an EIDM or EUA account, register for a HARP ID. For instructions on the HARP registration process, refer to the HARP page.

Step 2: Once the HARP account has been created, log into HARP and request a QualityNet GitHub Enterprise Cloud(GHEC) entitlement via a HARP User Role. 

  • Select User Roles from the top of the page and select Request a Role.
  • Select QualityNet-Github Enterprise Cloud.
  • Select the Organization you would like access to for GitHub Enterprise.
  • Select a QualityNet GitHub user role (choose one)
    • GitHubCloud Admin
    • GitHubCloud Developer
    • GitHubCloud SO
  • Click the Submit button
  • Enter your reason for requesting the selected role in the Request Reason text field.
  • Click the Submit button

Step 3: The organization's Security Official reviews and approves/denies the user role request. You will be notified via email that your request has been submitted, and again when your role has been approved or denied.

Step 4: Log into GitHub Enterprise Cloud https://github.com/enterprises/cms-qnet-emu using your HARP credentials.

Requesting a New GitHub Organization (For onboarding team only)

(Use IT Services Catalog > SecDevOps > ADO Onboarding Request > GitHub Enterprise Onboarding Request Catalog Item)

Required Information:

    • Proposed name for the new GitHub organization

    • Names and IDs (HARP IDs) of the people to be assigned as Organization Owners

      • Org Owners are the super users / administrators of the Organization. Keep the number of Org Owners small.

    • A brief justification for the new GitHub Organization

      • EX: This new Org will be used by the <Your LOB> team. We want to keep our repos separated from other QNET repos and controlled via an Organization as opposed to using GitHub Teams within the overall QNET Organization.

 

User Resources
Security Guidelines

FAQs

General

Any Application Development Organization (ADO) employee that is part of their enterprise software development team.


Access

GitHub Enterprise is available to all QualityNet Application Development Organizations (ADOs).

There are four GitHub Organization User Roles. Most users will request the GitHub-Developer User role, but a description of all roles is provided below:

  • GitHub-SO: Designated for Security Officials responsible for approvals of each GitHub Organization. Request this role only if you have been designated as a Security Official.
  • Read Only (I don’t work for this organization): Provides Ready Only access to another ADO’s GitHub Organization.
  • GitHub-Admin: Designated for Admins (Organization Owners) responsible for GitHub Organization administration and assisting GitHub Organization users.
  • GitHub-Developer: Most common GitHub Organization role as GitHub supports the ADO development community.

Yes, to obtain access to both ADO GitHub Organizations, you are required to submit HARP GitHub User requests for each.

To successfully authenticate in GitHub with your HARP credentials, the Security Official must approve your GitHub Role request. The 403 error occurs when a GitHub user request has not been approved.

Yes, but you are required to select the contract you are currently supporting, enter a reason for your request to access the ADO GitHub Organization and your request will need to be approved by the ADO Security Official.


Working in GitHub Enterprise

The maximum size of Git objects that can be pushed to repositories on this appliance is 100MB per file (25MB if adding a file via a web browser). Allowing large objects to be pushed into Git can degrade performance. Consider other options such as using Nexus Repository Manager to store dependencies, artifacts and other large objects.

Only members with owner privileges for an organization or admin privileges for a repository can manage webhooks for an organization. For more information, see "Permission levels for an organization."

Chances are the account that you used to create the webhook token does not have Org Owner privileges in GitHub. Ensure that the account with which the token was created has these privileges. Use these credentials in the Jenkins Master Global configuration → GitHub Webhooks section and re-register the webhooks. Now, go to your repository and re-deliver the payload. This should fix the issue.

For help on configuring webhooks see About Webhooks in the GitHub Help documentation.

For help on building a webhook, including a full list of actions you can associate with, see "Webhooks" in the GitHub Developer documentation.

Users are not able to delete GitHub repositories. 

If you are absolutely certain that a repository belonging to you or your organization needs to be deleted, please submit a ServiceNow RITM and assign it to ESSII Build-DEVOPS.  After the ticket is created, please send an email to ESS_Devsecops_Team@ventera.com with the ticket number and a confirmation from you to delete the specified repository.

Once a repository is deleted from GitHub, it cannot be restored. 

Repositories containing tags/releases that have been deployed should be archived rather than be deleted.

A branch is a separate line of development that is “branched” from the Master branch.

A tag represents a version of a particular branch at a moment in time.

  • While branches can be updated, a tag cannot
  • A tag may not necessarily include all of the changes made in a branch
  • From the GitHub web interface perspective, a tag is the same as a release
  • Tags can also be created from the Git command line and then pushed to GHE





 

Need Help ?

Please contact one of the following:

  • Find us on Slack #help-devsecops. Slack is monitored Monday through Friday, 8:00am - 6:00pm.

  • For assistance with HARP, please contact the CCSQ Service Center at: 

    Phone: (866) 288-8914 (TRS:711)

    Slack: #help-service-center-sos

    Email: ServiceCenterSOS@cms.hhs.gov

    Hours of Operation: 24/7


  • No labels