Depending on who you’re working with and the scope of the project, you may want to have access to certain GitHub features. If you’re working on proprietary code for a company (or code that may be a product for a future company you’re hoping to start), then the investment of GitHub Teams may be suitable, giving you private repos as part of an organization. But if you’re working with other students at your university on a semester-long project, then just creating a private repo may be good enough.
1. Creating a GitHub organization
GitHub organizations allow you to give a group of users access to a set of repositories all at once. With features such as teams, you can also have subgroups of users that have different access rights to different repositories. This setup also makes communicating across GitHub easier because you can tag an organization (or team) instead of an individual person. If you’re running a large project that has more than one repository, organizations may be a good option for you.
You can start an organization in one of three tiers:
» Team for Open Source: In this tier, you get unlimited public repositories, unlimited collaborators, issues and bug tracking, and project management. Essentially, this tier allows a core group of people who are working on an open source project to work together easier. If you don’t need any private repos associated with the organization, this tier is a great option.
» Team: In this tier, you get everything from the previous tier, plus unlimited private repositories, the ability to require all your organization members using two-factor authentication, team discussions that don’t have to be associated to a specific repository, access for managing groups of people, and advanced tools and insights into all your repositories.
Two-factor authentication is when you’re required to enter in your password plus perform an additional security measure to ensure it is really you logging in to the website. Because passwords can sometimes be hacked, organizations will often require that you use a mobile app (such as Duo Mobile or Google Authenticator), text-message confirmation, or a physical YubiKey to verify that it is you.
» Enterprise: This tier essentially gives you GitHub.com with the Team tier features, but all your data is private on a self-hosted or cloud-hosted instance of GitHub. (The data is not shared with the rest of GitHub.com users.) If you have a GitHub.com account and your company has a GitHub Enterprise instance, you will have a separate account to log in to your company’s GitHub instance. This tier is most likely beyond the scope of what you’ll be doing in but you may work for a company that has this.
You can find the tiers by clicking the plus symbol at the top right of GitHub.com (when you’re logged in) and choosing New organization. You see a new page where you can choose the organization’s name, specify a billing email address, and choose a tier.
Don’t worry: If you choose the free tier, you aren’t billed anything; you won’t even be asked for a credit card.
2. Inviting members to your GitHub organization
During the organization setup process, you’re asked if you want to invite others to join your organization. Using their GitHub.com alias, you can search for them in the provided box and send them an invite. If you forget to invite someone or want to invite them later, you can still do so by going to the People tab on the organization’s home page and clicking Invite member. You can choose the permission level for the person you invite to your organization. Figure 11-1 shows the two options: Member and Owner. You can change the permission level later, if you need to.
Figure 11-1 also shows the number of remaining seats for your organization at the bottom of the page. If you’re on the free tier, you have unlimited seats, but if you’re on the paid tier, then you have only the number of seats you’re paying for.
The Teams tier has a minimum of five seats at a set price. If you want to add more seats, you can, but you always start with five.
After you invite someone to your organization, they will receive an email notification with a link to accept the invitation, or they can go to the organization’s GitHub home page to accept the invitation. For example, in Figure ii-i,we invited Adrian to be a part of The We Can Zone organization because he helps manage all the writing projects that we work on. When he visited https://github.com/ thewecanzone while logged in to his GitHub account, he saw a banner and View invitation button at the top of the page. Clicking the View invitation button, he was taken to a new page, shown in Figure 11-2, where he was able to first see what kind of access the owners of the We Can Zone organization would have to his GitHub account information if he were to join.
3. Viewing repositories for your organization
Repositories is the default tab on your organization home page. This page shows you all the repositories associated with this organization. For example, if you go to the Microsoft organization home page on GitHub (https://github.com/microsoft), you find more than 2,000 repositories and more than 4,000 people involved in open source projects for Microsoft (see Figure 11-3).
Pinned repositories appear at the top of the Repositories page. Pinned repositories are the ones that the Microsoft organization owners think are the most relevant to folks interested in what Microsoft is doing in the open source space. For example, the VS Code repository has more than 68,000 stars and more than 9,000 forks. As one of the most popular editors and most popular open source projects, Microsoft wants to make sure this repository is front and center for visitors to their open source organization home page.
4. Managing members of your organization
You will always have at least one member of your organization — you! But this section is more interesting if you have more than one member, so if you haven’t invited other members yet, go to the earlier section “Inviting members to your GitHub organization” and invite someone else.
To see all your organization’s member, from your organization home page, click the People tab. You should see all the members of your organization on this tab, as shown in Figure 11-4.
On the right of each member is a small cog drop-down menu. This menu gives you quick options for managing your organization members. You can also get all these options and more information about a specific member by choosing Manage from that drop-down menu. You then see an overview of an organization member, as shown in Figure 11-5.
Figure 11-5 gives you the following information about the person:
» Role: The person’s role in the organization with the ability to change it to a different role from this page.
» Repository access: The number of repositories this person has access to within the organization, as well as a list of all the repositories and what permissions they have for each one. Each repository has a button that allows you to quickly navigate to the settings for that person for that repository.
» Number of teams: The number of teams the person is a part of within the organization.
» Activity: Information on whether the person is choosing to share their activity on projects within this organization on their public profile.
» Two-factor authentication: Whether this person has two-factor authentication enabled for their account. Two-factor authentication can be a requirement of your organization, which you can change in the settings for your organization. (See the upcoming section “Setting organization settings.”)
» Convert to outside collaborator: A button to convert someone to an outside collaborator. This feature is useful for short-term or very scoped projects. Instead of having a person be a part of the entire organization, you can make them a part of a single team that has access to certain repositories, making their privileges easier to manage.
» Remove from organization: As straightforward as it sounds. This setting removes the person from the organization.
5. Creating teams within your organization
As your organization begins to grow, it may make sense for you to create teams within your organization. The benefit of teams is that you can quickly give access to a repository to an entire team, without having to remember every single person that is on that team. To create a team, click the Team tab on your organization home page and click New team. A new page appears where you can choose a team name, add a description, choose a parent team (if you’ve created other teams already), and set the team’s visibility within the organization.
Choosing a team name is an important part to consider carefully. The team name will be how folks within your organization can tag everyone in the team all at once. For example, if you have a security-vulnerabilities team that manages all security vulnerabilities for your website “ and a security bug is found, you can tag the security-vulnerabilities team, and each person on that team will get a notification. This will help make sure that you get the fastest response time, accounting for different time zones, working hours, shifts, and schedules. You want the name to be representative of the team because if you had named the team something like powerpuffgirls, it would be pretty confusing to see an issue comment that says
@powerpuffgirls, please review this security vulnerability asap
creating Teams has a lot more benefits than the ability to mention them all using one alias. If you’re interested, read the section “Making the Most of Your Teams,” later in this chapter.
6. Using project boards within your organization
Chapters 3 and 4 cover how to create project boards and use them when they’re associated with a specific repository. By creating an organization, you have unlocked the ability to have project boards that link multiple repositories together. When you click the Projects tab and click the New project button, to the Create a New Project page appears, as shown in Figure 11-6.
Everything is the same about creating the project board as it is when you create one for a specific repository (see Chapter 2), except an option at the very bottom, right before you click Create project: a section where you can choose which repositories you want to link to this project board.
By linking multiple repositories to one project board, any rules you set for specific columns (for example, all new issues that get opened in a repository should go in a To do column) will apply to all the repositories that are linked to the project board. Linking multiple repositories to one project board can help make triaging easier for project managers, and give organization leaders a broader picture of where the entire organization is, without having to go to each repository to check in.
If you ever need to link more repositories to a project board after you create it, or change the visibility of the project or permissions for organization members or specific teams, you can click the three dot menu and navigate to the Settings page for the specific project board, as shown in Figure 11-7.
7. Setting organization settings
Organizations have a few more settings than typical individual GitHub accounts. On the right-most Settings tab on the organization home page a Settings page that is similar to the one we describe in Chapter 1, but with some key differences:
» Profile is where you can change the organization’s name, avatar, and primary contact email address or even delete the organization. You can also choose to join the GitHub Developers Program (you can read about at https:// developer.github.com/program).
» Member privileges is where you can set all the default permissions for every member in your organization. We recommend changing the default of new members from Admin, unless you really want every new member to have admin privileges over every repository within the organization.
» Billing is where you can upgrade or downgrade your organization account. You can add, change, and remove payment methods, add marketplace apps, and add seats within your organization. You can also add billing managers to your organization; this can be really useful for folks within your company who need to have access to billing information, but may not be savvy or interested in the code aspect.
» Security is the area where you can require that all members of your organization have two-factor authentication setup for their GitHub.com account.
» Verified domains is where you can verify a domain that you own so that you can verify your organization’s identity on GitHub.
» Audit log is a log of all activity done to the organization (not the individual repositories part of the organization).
» Webhooks notifies third-party services of events happening within your organization.
» Third-party access is all third-party applications that you have given access to your repositories.
» Installed GitHub apps is all the GitHub apps that you have installed within your organization.
» Repository topics is one place to view and modify the topics for all of your repositories.
» Projects contains overall settings for project boards within your organization.
» Teams is where you can enable team discussions, more information about this is in the section “Making the Most of Your Teams” later in this chapter.
» Developer Settings has two settings — OAuth Apps and GitHub Apps — and a place to specify management of the organization (under GitHub Apps).
» Moderation is where you can block users from your organization or enact temporary (24-hour) limitations on what activity can happen on any repository within the organization. Figure 11-8 shows that you can block users for short periods of time or forever. These moderation settings are often most useful in open source project organizations because each member is less likely to have a common driving force, such as a paycheck, to behave with respect. However, moderation settings can also be useful with inner-source projects if things simply start to get heated within the organization.
Source: Guthals Sarah, Haack Phil (2019), GitHub for Dummies, Wiley.