Enhance your DevOps practices with another great tool – GitHub

DevOps in GitHub: introduction

In my previous article series, I described what DevOps is: a combination of cultural philosophies, practices, and tools that improves an organization’s ability to deliver IT solutions and services.

I also presented how Azure DevOps can help with the implementation of some crucial DevOps practices. We saw some important features of Azure DevOps, like Boards, Backlogs, or Repos.

This time, I would like to introduce you to another great tool that is expanding quickly and can be either used together with Azure DevOps or entirely separately.

I will talk about GitHub, which is used by more than 65 million developers around the world, including us at Predica.

Key points:

  • What is GitHub?
  • What is GitHub Advanced Security used for?
  • How to integrate Azure DevOps Boards with GitHub?

Most organizations will find value in combining Azure DevOps and GitHub to use best in class features of both products. It really comes down to your organization’s specific needs.
If you’re starting a new project today, you could begin on either platform. Alternatively, you can move your repositories over to GitHub while supporting Portfolio Management, Pipelines, Boards, or any number of features in Azure DevOps as you do today. The choice is yours.

What is GitHub and what are its features?

GitHub, similarly to Azure DevOps, is a tool that provides developers with ways to plan work, collaborate on code development, and build and deploy applications. It is the largest and most advanced development platform in the world.

Registration in GitHub is free, so anyone can start using it. There is also a dedicated plan for organizations, called GitHub Enterprise.

You can see the differences in functionalities on the pricing page.

Creating Organizations with GitHub

When thinking about Organizations on GitHub, it helps to compare it to the concept of Organization concept in Azure DevOps.

Organization in GitHub is a feature where businesses and open-source project maintainers can collaborate across many projects at once. Let me use an example.

At Predica, we (as a team) created a Predica Organization on GitHub. Everyone who has a GitHub account can join our organization.

Of course, we decide who will be invited and what will be the access level for this specific person.

The good news is that we can use Organizations for free with a GitHub Free license, which includes unlimited collaborators on unlimited public repositories with full features, and unlimited private repositories with limited features.

For additional functionalities, including sophisticated user authentication and management, and improved support coverage, you can upgrade to GitHub Team or GitHub Enterprise Cloud.

Want more updates like this? Leave your email address to get the latest insights every two weeks. Subscribe

About GitHub Enterprise Cloud and Server

GitHub Enterprise is available today both as a cloud service and as a self-hosted server.

  1. GitHub Enterprise Cloud (GHEC) is a fully GitHub-managed SaaS solution. This cloud service runs on the same powerful infrastructure as the GitHub platform.
  2. GitHub Enterprise Server (GHES) is a great option for enterprises that need to host their own data. This is a scalable solution that is installed on-premises in a self-hosted cloud infrastructure.

GHES is also available for federal and heavily regulated customer bases that store data within an Azure Government Cloud datacenter. It offers controllable scaling, monitoring capabilities, and support for very large user bases.

Managing work with GitHub Project Boards

Using Project Boards it is possible to coordinate, track, and update our team’s work in one place with Kanban boards. You can configure different states add items and move them between defined columns.

Example of a GitHub Project Board

Example of a GitHub Project Board

You can also link created Pull Requests and created issues, so there is a transparent view of progress and current state of development.

Projects can be either:

  • public – anyone on the internet can see them or
  • private – here we can choose who can see and make changes.

At the time of writing, GitHub Projects are being

redesigned. You can see the new upcoming features and new designs here, and it is possible to join beta program.

Git source code repositories

As I mentioned in my previous article, it is always good practice to store source code in a version control system. With GitHub, we can create an unlimited number of Git repositories to store the source code of the projects we implement. Each team member can implement specific functionalities and then create pull requests so other team members can review the code.

Team members can connect to the GitHub repositories with different Integrated Development Environments (IDE) like Visual Studio or XCode. There is also a dedicated GitHub Desktop application which helps to track local changes and makes it possible to make commits and push code to the GitHub platform.

Repos in GitHub

Repos in GitHub

You can also apply branch protection rules to make sure that direct commits to specific branches are forbidden. If you use Azure DevOps, you probably know that the same functionality is available there. A code review requirement can be set up before changes are merged.

You can also “verify build” status to make sure that before you merge changes, code compiles and unit tests are successfully executed.

a branch protection rule

Setting up a branch protection rule

GitHub Actions

Continuous Integration and Delivery are also part of DevOps best practices. With GitHub Actions, it is possible to set up automatic builds for different types of applications (like web or mobile).

During the build phase, you can also apply additional verification, like a security scan, to detect vulnerabilities in the source code.

If you use Azure DevOps to implement CI/CD pipelines, you will quickly discover that GitHub Actions is very similar. You can set up GitHub action to build the package with your application, deploy its package to Azure (or another) cloud, or publish unit tests results.

Example GitHub Action

Example GitHub Action

You can also define environments to make sure that source code from a specific branch will be deployed to a specific environment type: dev, test, or prod. With this approach, you can be sure that deployments are done in a secure and predictable way.

Secrets for specific environments

Configuring secrets for specific environments

For each environment, GitHub allows you to define separate secrets to make sure that they will be used only when necessary.

 There are more than 10,000 GitHub Actions available today in the GitHub Marketplace. The best thing about them is that if there isn’t a solution available today that addresses your workflow automation needs, it is very simple to create your own.

Security features with GitHub Advanced Security

GitHub Advanced Security supplies a rich set of capabilities for securing every part of your software development, e.g.:

  • scanning and protecting code in your repositories and packages
  • creating code-to-cloud DevSecOps workflows
  • understanding and securing your software supply chain.

It includes the industry-leading code vulnerability analysis capabilities of Semmle’s CodeQL, automatic security flows, secret scanning, and more.

These tools connect every enterprise with the work of security researchers across the world, and they provide secure workflows for producing and consuming code.

Example CodeQL scan result

Example CodeQL scan result

This is not everything. With GitHub Dependency Graph we can also automatically scan our source code repository to detect all dependencies (libraries) used in our project. Here is an example:

GitHub Dependency Graph example

GitHub Dependency Graph example

You can also configure Dependabot security updates, so your source code is regularly scanned. If a vulnerability is discovered in one of the libraries you use, Dependabot will automatically create a pull request with required updates.

Dependabot in GitHub

Dependabot in GitHub 

Connecting Azure DevOps and GitHub

At first glance, you may think that if you already use Azure DevOps, there is no need or no way to use GitHub and vice-versa. However, you can still use both products and use features they offer, together!

Azure DevOps offers integration with GitHub. Here are the two mostly used integrations.

Azure DevOps Boards with GitHub

You can easily integrate Azure DevOps Boards with GitHub. When creating a new pull request in GitHub, you can reference work items from the backlog in Azure DevOps:

Connecting Azure DevOps Boards with GitHub

Connecting Azure DevOps Boards with GitHub

You can connect Azure DevOps Boards with GitHub using a free extension available in the GitHub Marketplace.

GitHub extension for Azure Boards

GitHub extension for Azure Boards

Azure DevOps pipelines with GitHub

You can also trigger CI/CD pipelines in the Azure DevOps when new code is pushed to a GIT repository on GitHub.

There is a free extension in the GitHub Marketplace for connecting Azure DevOps Pipelines with GitHub.

GitHub extension for Azure Pipelines

GitHub extension for Azure Pipelines

GitHub mobile app

GitHub also provides a mobile application available for iOS and Android platforms. It allows you to easily track what is happening in the projects you participate in.

You can use it to check opened pull requests, leave comments, and merge or reject them. You can also browse source code repositories and participate in discussions.

Screenshots from GitHub mobile app

Screenshots from GitHub mobile app

Screenshots from GitHub mobile app   

Managing DevOps best practices with the right tools

If you are using Azure DevOps today, consider adopting GitHub on a project-by-project basis where it meets the needs of your software organization.

This way, you can take advantage of GitHub’s advanced security, inner sourcing, strong open-source community, and workflow automation capabilities.

If your organization is looking to adopt GitHub today, let us know. We can work with your GitHub account team to help you create a plan that is right for your organization’s needs.

You can also get our support with identifying the key projects in your portfolio that would benefit the most from the GitHub platform.

Key takeaways:

  1. GitHub is a tool that provides developers with ways to plan work, collaborate on code development, and build and deploy applications.
  2. GitHub Advanced Security supplies a rich set of capabilities like scanning and protecting code in repositories and packages, creating code-to-cloud DevSecOps workflows, understanding and securing your software supply chain.
  3. You can integrate Azure DevOps Boards with GitHub in two ways: by referencing work items from the backlog in Azure DevOps when creating a new pull request in GitHub, or using a free extension available in GitHub Marketplace.