Git Conventions
The following documents outling the Git process used across the company. This ensures that every developer can immediately know what to expect when starting a new project.
GitHub Usage Policy
1. Ownership and Access
- All repositories must reside under the agency’s official GitHub organization (
github.com/bao-agency). - Repositories must never be created, forked, or hosted under a personal GitHub account unless explicitly approved by management.
- All source code developed under the agency’s scope — whether for clients or internal projects — is the property of the agency or its clients, as defined by contracts.
2. Account Structure
- Employees may use either their personal GitHub accounts, or a BAO specific account to contribute (so commit history reflects their work). All users are added through organization-managed access.
- The agency manages access through GitHub Teams and role-based permissions (Admin / Maintainer / Developer / Read-only).
- All users must have two-factor authentication (2FA) enabled on their GitHub account.
3. Security & Compliance
- Repositories should be private by default.
- Only authorized personnel may grant external collaborator access.
- When an employee or contractor leaves, their access is revoked within 24 hours.
4. Branching and Reviews
- All repositories must use branch protection rules and required code reviews before merging to
mainormaster.
5. Client Collaboration
- When clients require access, they must be added as an outside collaborator.
- Never share client repositories publicly or fork them into personal spaces.
- Source code handoff (if required) must occur through an official GitHub transfer or exported archive — not via personal accounts.
6. Exceptions
- Open source or community projects can live under personal accounts if unrelated to client or proprietary work.
- For experimental work or hackathons, employees may use personal accounts, but all client data or proprietary components must be excluded.