What is locked by someone else’s key? Exceptions to BYOK in Power BI
Data governance is one of the hot topics right now. Especially if you’re in a regulated industry like finance or insur...
I also presented how Azure DevOps can help with the implementation of some crucial DevOps practices. We saw some important features of Azure DevOps, like Boards, Backlogs, or Repos.
This time, I would like to introduce you to another great tool that is expanding quickly and can be either used together with Azure DevOps or entirely separately.
I will talk about GitHub, which is used by more than 65 million developers around the world, including us at Predica.
Most organizations will find value in combining Azure DevOps and GitHub to use best in class features of both products. It really comes down to your organization’s specific needs.
If you’re starting a new project today, you could begin on either platform. Alternatively, you can move your repositories over to GitHub while supporting Portfolio Management, Pipelines, Boards, or any number of features in Azure DevOps as you do today. The choice is yours.
GitHub, similarly to Azure DevOps, is a tool that provides developers with ways to plan work, collaborate on code development, and build and deploy applications. It is the largest and most advanced development platform in the world.
Registration in GitHub is free, so anyone can start using it. There is also a dedicated plan for organizations, called GitHub Enterprise.
You can see the differences in functionalities on the pricing page.
When thinking about Organizations on GitHub, it helps to compare it to the concept of Organization concept in Azure DevOps.
Organization in GitHub is a feature where businesses and open-source project maintainers can collaborate across many projects at once. Let me use an example.
At Predica, we (as a team) created a Predica Organization on GitHub. Everyone who has a GitHub account can join our organization.
Of course, we decide who will be invited and what will be the access level for this specific person.
The good news is that we can use Organizations for free with a GitHub Free license, which includes unlimited collaborators on unlimited public repositories with full features, and unlimited private repositories with limited features.
For additional functionalities, including sophisticated user authentication and management, and improved support coverage, you can upgrade to GitHub Team or GitHub Enterprise Cloud.
GitHub Enterprise is available today both as a cloud service and as a self-hosted server.
GHES is also available for federal and heavily regulated customer bases that store data within an Azure Government Cloud datacenter. It offers controllable scaling, monitoring capabilities, and support for very large user bases.
Using Project Boards it is possible to coordinate, track, and update our team’s work in one place with Kanban boards. You can configure different states add items and move them between defined columns.
You can also link created Pull Requests and created issues, so there is a transparent view of progress and current state of development.
Projects can be either:
At the time of writing, GitHub Projects are being
redesigned. You can see the new upcoming features and new designs here, and it is possible to join beta program.
As I mentioned in my previous article, it is always good practice to store source code in a version control system. With GitHub, we can create an unlimited number of Git repositories to store the source code of the projects we implement. Each team member can implement specific functionalities and then create pull requests so other team members can review the code.
Team members can connect to the GitHub repositories with different Integrated Development Environments (IDE) like Visual Studio or XCode. There is also a dedicated GitHub Desktop application which helps to track local changes and makes it possible to make commits and push code to the GitHub platform.
You can also apply branch protection rules to make sure that direct commits to specific branches are forbidden. If you use Azure DevOps, you probably know that the same functionality is available there. A code review requirement can be set up before changes are merged.
You can also “verify build” status to make sure that before you merge changes, code compiles and unit tests are successfully executed.
Continuous Integration and Delivery are also part of DevOps best practices. With GitHub Actions, it is possible to set up automatic builds for different types of applications (like web or mobile).
During the build phase, you can also apply additional verification, like a security scan, to detect vulnerabilities in the source code.
If you use Azure DevOps to implement CI/CD pipelines, you will quickly discover that GitHub Actions is very similar. You can set up GitHub action to build the package with your application, deploy its package to Azure (or another) cloud, or publish unit tests results.
You can also define environments to make sure that source code from a specific branch will be deployed to a specific environment type: dev, test, or prod. With this approach, you can be sure that deployments are done in a secure and predictable way.
For each environment, GitHub allows you to define separate secrets to make sure that they will be used only when necessary.
There are more than 10,000 GitHub Actions available today in the GitHub Marketplace. The best thing about them is that if there isn’t a solution available today that addresses your workflow automation needs, it is very simple to create your own.
GitHub Advanced Security supplies a rich set of capabilities for securing every part of your software development, e.g.:
It includes the industry-leading code vulnerability analysis capabilities of Semmle’s CodeQL, automatic security flows, secret scanning, and more.
These tools connect every enterprise with the work of security researchers across the world, and they provide secure workflows for producing and consuming code.
This is not everything. With GitHub Dependency Graph we can also automatically scan our source code repository to detect all dependencies (libraries) used in our project. Here is an example:
You can also configure Dependabot security updates, so your source code is regularly scanned. If a vulnerability is discovered in one of the libraries you use, Dependabot will automatically create a pull request with required updates.
At first glance, you may think that if you already use Azure DevOps, there is no need or no way to use GitHub and vice-versa. However, you can still use both products and use features they offer, together!
Azure DevOps offers integration with GitHub. Here are the two mostly used integrations.
You can easily integrate Azure DevOps Boards with GitHub. When creating a new pull request in GitHub, you can reference work items from the backlog in Azure DevOps:
You can connect Azure DevOps Boards with GitHub using a free extension available in the GitHub Marketplace.
You can also trigger CI/CD pipelines in the Azure DevOps when new code is pushed to a GIT repository on GitHub.
There is a free extension in the GitHub Marketplace for connecting Azure DevOps Pipelines with GitHub.
GitHub mobile app
GitHub also provides a mobile application available for iOS and Android platforms. It allows you to easily track what is happening in the projects you participate in.
You can use it to check opened pull requests, leave comments, and merge or reject them. You can also browse source code repositories and participate in discussions.
Managing DevOps best practices with the right tools
If you are using Azure DevOps today, consider adopting GitHub on a project-by-project basis where it meets the needs of your software organization.
This way, you can take advantage of GitHub’s advanced security, inner sourcing, strong open-source community, and workflow automation capabilities.
If your organization is looking to adopt GitHub today, let us know. We can work with your GitHub account team to help you create a plan that is right for your organization’s needs.
You can also get our support with identifying the key projects in your portfolio that would benefit the most from the GitHub platform.
Read similar articles