Developer Onboarding Guide

This guide walks through the steps to onboard a new developer to the Eli Health team. Follow these steps in order to ensure complete access setup.

Prerequisites

Before starting, collect the following information from the new developer:

Email address (eli.health domain, e.g., name@eli.health)
GitHub username (e.g., DanielShaban)
Full name (for display purposes)

Onboarding Checklist

1. Slack Access

Contact: Thomas Cortina

Request Thomas to invite the new developer to the Eli Health Slack workspace:

Workspace: eli-health.slack.com
Channels to join:
- #alerts-dev - Development environment alerts
- #alerts-staging - Staging environment alerts
- #alerts-production - Production environment alerts
- #engineering - Engineering discussions

2. Jira Access

Contact: Lena

Request Lena to add the new developer to Jira:

Project: EXM (Eli Health Experience Management)
URL: https://eliscience.atlassian.net
Role: Developer

3. GitHub Repository Access

Location: eli-devops/github/collaborators.tf

Add the new developer as a collaborator to the required repositories:

# In eli-devops/github/collaborators.tf

resource "github_repository_collaborator" "eli_backend_api_USERNAME" {
  repository = github_repository.eli_backend_api.name
  username   = "GitHubUsername"
  permission = "push"
}

resource "github_repository_collaborator" "eli_app_USERNAME" {
  repository = github_repository.eli_app.name
  username   = "GitHubUsername"
  permission = "push"
}

resource "github_repository_collaborator" "eli_devops_USERNAME" {
  repository = github_repository.eli_devops.name
  username   = "GitHubUsername"
  permission = "push"
}

resource "github_repository_collaborator" "eli_docs_USERNAME" {
  repository = github_repository.eli_docs.name
  username   = "GitHubUsername"
  permission = "push"
}

resource "github_repository_collaborator" "eli_app_fastlane_USERNAME" {
  repository = github_repository.eli_app_fastlane.name
  username   = "GitHubUsername"
  permission = "push"
}

Apply the changes:

cd eli-devops/github
terraform init -reconfigure -backend-config=github.gcs.tfbackend
terraform apply -var-file=tfvars/github.tfvars -auto-approve

4. GCP Environment Access

Location: eli-devops/tf/*.tfvars

Add the developer to the environment_access_users variable in each environment file:

Development (`development.tfvars`) - Owner Access

environment_access_users = [
  # ... existing users ...
  {
    email = "name@eli.health"
    role  = "owner"  # Full access for development
  }
]

Staging (`staging.tfvars`) - Owner Access

environment_access_users = [
  # ... existing users ...
  {
    email = "name@eli.health"
    role  = "owner"  # Full access for staging
  }
]

Production (`production.tfvars`) - Viewer Access (Read-Only)

environment_access_users = [
  # ... existing users ...
  {
    email = "name@eli.health"
    role  = "viewer"  # Read-only for production
  }
]

Apply the changes for each environment:

cd eli-devops/tf

# Development
gcloud config set project eli-health-dev
terraform init -reconfigure -backend-config=development.gcs.tfbackend
terraform apply -var-file=development.tfvars -target=module.environment_access -auto-approve

# Staging
gcloud config set project eli-health-staging
terraform init -reconfigure -backend-config=staging.gcs.tfbackend
terraform apply -var-file=staging.tfvars -target=module.environment_access -auto-approve

# Production
gcloud config set project eli-health-prod
terraform init -reconfigure -backend-config=production.gcs.tfbackend
terraform apply -var-file=production.tfvars -target=module.environment_access -auto-approve

GCP Role Definitions

Role	Access Level	Use Case
`owner`	Full project access	Dev/Staging environments
`editor`	Edit access (no IAM changes)	Trusted developers
`developer`	Cloud Run, BigQuery, SQL, Storage	Standard dev access
`viewer`	Read-only	Production monitoring
`storage_viewer`	Storage + BigQuery read-only	Data access only
`user_admin`	Identity Platform admin	User management

5. Apple App Store Connect & Provisioning Profiles

Contact: Chip (or any existing Admin)

For iOS development and deployment, the developer needs access to:

App Store Connect

Go to App Store Connect
Navigate to Users and Access
Click + to add a new user
Enter the developer's information:
- First Name, Last Name
- Email: name@eli.health
- Role: Developer
Click Invite

The developer will receive an email invitation to join the Eli Health team on App Store Connect.

Apple Developer Portal & Provisioning Profiles

Go to Apple Developer Portal
Navigate to Account → People
Click + to invite a new member
Enter the developer's Apple ID (usually their @eli.health email)
Select role: Developer
Click Invite

Fastlane Match (Provisioning Profiles & Certificates)

The eli-app-fastlane repository manages code signing via Fastlane Match. Once the developer has:

GitHub access to eli-app-fastlane repository
Apple Developer Portal access

They can sync certificates and provisioning profiles:

# From the eli-mobile-app directory
bundle exec fastlane match development --readonly
bundle exec fastlane match appstore --readonly

Note: Only use --readonly flag unless you need to regenerate certificates. Regenerating affects all team members.

Apple Developer Team ID

Team ID: XS3FBW645N
Team Name: Eli Health Inc.

6. Sentry Access

Location: eli-devops/sentry/sentry_config.yaml

Add the developer to the members section:

members:
  # ... existing members ...
  - email: name@eli.health
    role: member
    name: Developer Name

Apply the changes:

cd eli-devops/sentry
python3 sentry_manager.py members

The developer will receive an email invitation to join Sentry and will have access to all three projects:

eli-react-native-dev (Development)
eli-react-native-staging (Staging)
eli-react-native (Production)

Post-Onboarding Verification

After completing all steps, verify the developer has access to:

Slack workspace and relevant channels
Jira project (EXM)
GitHub repositories (check pending invitations)
GCP Console for all three environments
App Store Connect (check email for invitation)
Apple Developer Portal (check email for invitation)
Fastlane Match certificates sync successfully
Sentry dashboards

Access Summary Table

System	Access Level	Contact/Location
Slack	Member	Thomas Cortina
Jira	Developer	Lena
GitHub	Push (collaborator)	`eli-devops/github/collaborators.tf`
GCP Dev	Owner	`eli-devops/tf/development.tfvars`
GCP Staging	Owner	`eli-devops/tf/staging.tfvars`
GCP Production	Viewer (read-only)	`eli-devops/tf/production.tfvars`
App Store Connect	Developer	Chip (App Store Connect UI)
Apple Developer Portal	Developer	Chip (Apple Developer UI)
Sentry	Member	`eli-devops/sentry/sentry_config.yaml`

Offboarding

To remove a developer's access, reverse the above steps:

Remove from collaborators.tf and apply
Remove from *.tfvars environment_access_users and apply
Remove from sentry_config.yaml members (note: this won't auto-remove from Sentry, must be done manually in Sentry UI)
Remove from App Store Connect (Users and Access)
Remove from Apple Developer Portal (Account → People)
Request removal from Slack (Thomas) and Jira (Lena)

Prerequisites​

Onboarding Checklist​

1. Slack Access​

2. Jira Access​

3. GitHub Repository Access​

4. GCP Environment Access​

Development (development.tfvars) - Owner Access​

Staging (staging.tfvars) - Owner Access​

Production (production.tfvars) - Viewer Access (Read-Only)​

GCP Role Definitions​

5. Apple App Store Connect & Provisioning Profiles​

App Store Connect​

Apple Developer Portal & Provisioning Profiles​

Fastlane Match (Provisioning Profiles & Certificates)​

Apple Developer Team ID​

6. Sentry Access​

Post-Onboarding Verification​

Access Summary Table​

Offboarding​