GitHub Organisation Setup

Rufftag Organisation Setup

This document explains how the Rufftag GitHub Organisation is structured and how developers (currently the core team) access resources through GitHub and Cloudflare Zero Trust.

πŸ‘₯ Organisation Overview

  • Organisation name: rufftag
  • Owners:
  • Team:
    • dev-team β€” Core developers responsible for building and maintaining Rufftag

πŸ—οΈ Structure

rufftag/
β”œβ”€β”€ repos/             # All organisation repositories
β”‚   β”œβ”€β”€ rufftag-app    # Frontend / mobile app
β”‚   β”œβ”€β”€ rufftag-api    # Backend services
β”‚   └── docs           # Organisation-wide documentation
└── teams/
    └── dev-team       # Assigned to repos with Write or Admin access
  • Organisation: Container for all repos and members
  • Team (dev-team): Used to grant permissions collectively
  • Owners: Manage settings, billing, security, and member invites

πŸ”‘ Roles & Permissions

  • Owners: Full control of the organisation (repos, billing, teams, security).
  • Dev-team: Granted Write access by default to dev repos, and Admin where needed.

When new repos are created:

  1. Add dev-team with the appropriate access level.
  2. Avoid granting permissions user-by-user unless strictly necessary.

πŸ”’ Cloudflare Zero Trust Integration

Rufftag services (APIs, dashboards, and staging environments) are protected by Cloudflare Zero Trust.

  • Identity Provider: GitHub
  • Access Rules:
    • Must belong to the Rufftag organisation
    • Optional: restrict further by requiring membership in the dev-team

Access Flow

  1. Developer requests access to a protected service.
  2. Cloudflare Zero Trust redirects to GitHub OAuth.
  3. GitHub confirms the user’s identity and org/team membership.
  4. If policies are satisfied β†’ access to service is granted.
  5. If not β†’ access denied.

πŸš€ Adding New Developers

  1. Invite them to the organisation (Settings β†’ People β†’ Invite member).
  2. Assign role = Member (not Owner, unless they require full control).
  3. Add them to the dev-team.
  4. Update Cloudflare Zero Trust policies if required.

πŸ“Œ Notes

  • The free GitHub plan allows unlimited private repositories and teams.
  • CI/CD is provided by GitHub Actions, with 2,000 minutes/month included for private repos.
  • Cloudflare Pages integrates directly with GitHub for deployments.
  • Cloudflare Zero Trust enforces authentication and access policies for APIs and apps.

βœ… Current Status

  • Organisation created
  • Owners invited
  • dev-team created and populated
  • Repositories initialised
  • Cloudflare Pages integration configured
  • Zero Trust access policies applied
Tagged: GitHub, Organisation, Setup
Visibility: internal