What you will achieve
You will configure a shared Git repository with branch protection, a clean default workflow, hooks for code quality, and CI integration. The result is a repo that scales from 3 to 50 contributors without rewrites.
Step 1: create the repository
On GitHub, GitLab, or Bitbucket, create a new repository. Initialise with a README and a .gitignore. Pick a licence if applicable.
git clone [email protected]:myorg/project.git
cd projectStep 2: configure default branch
Most teams use main. Confirm:
git config init.defaultBranch mainOn the host, set the default branch in repo settings.
Step 3: branch protection
On GitHub: Settings → Branches → Add rule → Pattern main:
- Require a pull request before merging.
- Require at least one approving review.
- Require status checks to pass (configure once CI is in place).
- Require linear history (optional but recommended).
- Disallow force pushes.
- Disallow direct deletion.
Step 4: .gitignore and .gitattributes
# .gitignore - language-specific; example for Node
node_modules/
dist/
.env*
!.env.example
.DS_Store
*.swp
# .gitattributes
* text=auto eol=lf
*.png binary
*.jpg binary
*.pdf binarygit add .gitignore .gitattributes
git commit -m "Add .gitignore and .gitattributes"Step 5: CODEOWNERS
# .github/CODEOWNERS
* @myorg/maintainers
/docs/ @myorg/docs-team
/infra/ @myorg/devopsThis automatically requests reviews from the right people.
Step 6: PR and issue templates
# .github/PULL_REQUEST_TEMPLATE.md
## Summary
## Test plan
- [ ]
## Screenshots / videos (if UI)
## Linked issuesStep 7: pre-commit hooks
Use Husky for Node, pre-commit framework for Python, or share via core.hooksPath.
npm install --save-dev husky lint-staged
npx husky init
# .husky/pre-commit
npx lint-staged
# package.json
"lint-staged": {
"*.{js,ts}": ["eslint --fix", "prettier --write"]
}Step 8: CI configuration
# .github/workflows/ci.yml
name: CI
on:
push:
branches: [main]
pull_request:
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '20'
- run: npm ci
- run: npm run lint
- run: npm testStep 9: secret scanning
# .github/workflows/gitleaks.yml
name: gitleaks
on: [pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}Step 10: contribution docs
# CONTRIBUTING.md
## Branch naming
feature/, fix/, chore/, docs/
## Commit messages
Imperative mood, 50-char subject, optional body.
## PR process
1. Branch off main.
2. Open a draft PR early.
3. Get one approval and CI green.
4. Squash and merge.Step 11: invite the team
Add team members with appropriate permissions. Most should be "write"; a small group "maintain" or "admin".
Step 12: first PR
Create a small PR yourself - perhaps adding a docs section. Walk through the process to ensure CI, hooks, branch protection, and review all work.
Maintenance
- Review branch protection rules quarterly.
- Update CODEOWNERS as the team changes.
- Refresh dependency-update bots' configurations.
- Periodically prune merged branches.
The result
The repo is now configured for safe, scalable, reviewable development. New contributors get the right hooks via npm install; the host enforces review and CI; secrets and quality issues are caught before merge.