### Checklist

- [ ] I have read the [code of conduct] and [contributing guide]
- [ ] I have made this pull request to the `main` branch
- [ ] I have run all of the automated validation using `npm run ship`
- [ ] I have added myself to the `"contributors"` list in the `package.json` (or do not want to)

[code of conduct]: https://github.com/textbook/starter-kit/blob/main/.github/CODE_OF_CONDUCT.md
[contributing guide]: https://github.com/textbook/starter-kit/blob/main/.github/CONTRIBUTING.md
diff --git a/bin/files/user-story.md b/.github/ISSUE_TEMPLATE/user-story.md
similarity index 100%
rename from bin/files/user-story.md
rename to .github/ISSUE_TEMPLATE/user-story.md
diff --git a/bin/files/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
similarity index 100%
rename from bin/files/PULL_REQUEST_TEMPLATE.md
rename to .github/PULL_REQUEST_TEMPLATE.md
diff --git a/.github/workflows/keepalive.yml b/.github/workflows/keepalive.yml
deleted file mode 100644
index a6d24a9f..00000000
--- a/.github/workflows/keepalive.yml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-name: Keep deployment alive
-
-on:
  schedule:
    - cron: "14 3 * * *"
-
-jobs:
  ping:
    runs-on: ubuntu-latest
    steps:
      - run: curl 'https://starter-kit-ci.herokuapp.com/api/message'
diff --git a/README.md b/README.md
index 04cc751a..3e45f022 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
 # Starter Kit v2
 
+[![Deploy to Render](https://render.com/images/deploy-to-render-button.svg)](https://render.com/deploy)
+
- [x] [Node] LTS support (verified working on 20.x LTS release)
- [x] [Express] server
- [x] [Postgres] database with [`pg`][node-postgres]
@@ -15,6 +17,23 @@ commonly use:
- [x] [Google App Engine], [Heroku], [Render] or [Vercel] deployment
- [x] [Docker] build
 
+## Setup
+
+> **Note** if you have _any problems_ setting up the starter kit, see the [wiki] and, if still not solved, post to
+> [`#cyf-full-stack-starter-kit` in Slack][2].
+
+Pick one member of the team to own the repository and pipeline. That person should do the following: + +1. Click the "Use this template" button above (see [GitHub's docs][1]) to create your team repository and name it something appropriate for your project. + - Your repo should say _"generated from"_, **not** _"forked from"_, _"CodeYourFuture/cyf-final-project-starter-kit"_ at the top +2. In your repo, click the "Deploy to Render" button at the top of the README and log in using GitHub when prompted. +3. Fill in a service group name for your application and then click "Apply". +4. Once it has deployed successfully, click the "managed resources" link to view the application details. + +Whenever you commit to main (or e.g. merge a [pull request]) it will get automatically deployed! + +You should now make sure all of the project team are [collaborators] on the repository. + ## Scripts Various scripts are provided in the package file, but many are helpers for other scripts; here are the ones you'll @@ -29,6 +48,23 @@ commonly use: - `test`: runs the unit and integration tests. - `test:cover`: runs the tests and outputs coverage data. +### Security + +If the project handles **any kind of** Personally Identifiable Information (PII) then make sure the following +principles are followed: + +- Only collect **strictly necessary** PII; +- Access to PII should be as restricted as possible; +- Access to PII should only be possible after authentication. Authentication **must be done** via GitHub. **Ad hoc + authentication solutions are not allowed**; +- Admins must be able to control who has access to the platform and at which levels using only GitHub groups; +- There must be an audit mechanism in place. It is required by law to know who accessed what and when; +- Code must be reviewed by senior developers before being pushed to production; +- APIs must be secure. 