GitHub
GitHub hosts the roche-private/model-dp-rdt repository, runs CI/CD workflows via GitHub Actions, and provides the project board for tracking all work. It is the primary collaboration surface for the platform team.
Connection Details
Section titled “Connection Details”| Property | Value |
|---|---|
| URL | https://github.com/roche-private/model-dp-rdt |
| Auth method | Device flow (browser) or Personal Access Token |
| Network | Public internet |
| Project board | https://github.com/orgs/roche-private/projects/44 |
| Access task | A10, A11 |
Environment Variables
Section titled “Environment Variables”| Variable | Source | Description |
|---|---|---|
GITHUB_TOKEN | GitHub Actions (automatic) | CI/CD authentication token |
GH_TOKEN | User shell | GitHub CLI authentication (set by gh auth login) |
CI/CD Workflows
Section titled “CI/CD Workflows”| Workflow | Trigger | Purpose |
|---|---|---|
validate.yml | On PR | Runs rdt-model-validate all against changed entities |
deploy.yml | On merge to main | Runs rdt-model-compile run for affected entities |
docs.yml | On merge to main | Runs rdt-model-docs generate + Starlight build |
CLI Modules
Section titled “CLI Modules”GitHub is not directly consumed by any CLI module, but orchestrates all of them:
| Consumer | Usage |
|---|---|
| GitHub Actions | Invokes every rdt-model-* binary in CI/CD |
rdt-model-compile | Reports pipeline status back to PR checks |
Access Verification
Section titled “Access Verification”Script: scripts/access/check-github.sh
Required tools: gh (GitHub CLI)
Checks performed:
- GitHub authentication status (
gh auth status) - Repository access (
gh repo view roche-private/model-dp-rdt) - Push permissions (via repos API)
- Admin permissions check
- Project board #44 accessibility
- Token scopes validation
Authentication
Section titled “Authentication”GitHub uses the device flow for interactive authentication:
# Install GitHub CLIsudo apt install gh
# Authenticate (opens browser for device flow)gh auth login
# Verifygh auth statusgh repo view roche-private/model-dp-rdtFor CI/CD, GitHub Actions automatically provides GITHUB_TOKEN with repository-scoped permissions.
Repository Structure
Section titled “Repository Structure”The repository uses a trunk-based development model:
main— production branch, auto-deploys to DEV- Feature branches — short-lived, merged via PR
- No long-lived release branches
GitHub Environments
Section titled “GitHub Environments”GitHub Environments store deployment credentials per target:
| Environment | Purpose | Secrets stored |
|---|---|---|
dev | Auto-deploy target | VAULT_ROLE_ID, VAULT_SECRET_ID |
test | Manual approval gate | VAULT_ROLE_ID, VAULT_SECRET_ID |
prod | Reviewer approval gate | VAULT_ROLE_ID, VAULT_SECRET_ID |
Issue Templates
Section titled “Issue Templates”| Template | Purpose |
|---|---|
llm-task.yml | Standard development task |
access-request.yml | Platform access request (A-tasks) |