In this post, we would like to introduce you to another great tool that is expanding quickly in the world of DevOps and can be either used together with Azure DevOps or entirely separately. We will talk about GitHub, which is used by more than 65 million developers around the world, including us at SoftwareOne. Most organisations will find value in combining Azure DevOps and GitHub to use best in class features of both products. It really comes down to your organisation's specific needs. If you’re starting a new project today, you could begin on either platform. Alternatively, you can move your repositories over to GitHub while supporting Portfolio Management, Pipelines, Boards, or any number of features in Azure DevOps as you do today. The choice is yours.
What is GitHub and what are its features?
GitHub, similarly to Azure DevOps, is a tool that provides developers with ways to plan work, collaborate on code development, and build and deploy applications. It is the largest and most advanced development platform in the world. Registration in GitHub is free, so anyone can start using it. There is also a dedicated plan for organisations, called GitHub Enterprise. You can see the differences in functionalities on the pricing page.
Creating Organisations with GitHub
When thinking about Organisations on GitHub, it helps to compare it to the concept of Organisation concept in Azure DevOps. Organisation in GitHub is a feature where businesses and open-source project maintainers can collaborate across many projects at once. Let us use an example. At SoftwareOne, we (as a team) created a SoftwareOne Organisation on GitHub. Everyone who has a GitHub account can join our organisation. Of course, we decide who will be invited and what will be the access level for this specific person.T he good news is that we can use Organisations for free with a GitHub Free license, which includes unlimited collaborators on unlimited public repositories with full features, and unlimited private repositories with limited features. For additional functionalities, including sophisticated user authentication and management, and improved support coverage, you can upgrade to GitHub Team or GitHub Enterprise Cloud.
About GitHub Enterprise Cloud and Server
GitHub Enterprise is available today both as a cloud service and as a self-hosted server.
- GitHub Enterprise Cloud (GHEC) is a fully GitHub-managed SaaS solution. This cloud service runs on the same powerful infrastructure as the GitHub platform.
- GitHub Enterprise Server (GHES) is a great option for enterprises that need to host their own data. This is a scalable solution that is installed on-premises in a self-hosted cloud infrastructure.
GHES is also available for federal and heavily regulated customer bases that store data within an Azure Government Cloud datacentre. It offers controllable scaling, monitoring capabilities, and support for very large user bases.
Managing work with GitHub Project Boards
Using Project Boards it is possible to coordinate, track, and update our team’s work in one place with Kanban boards. You can configure different states add items and move them between defined columns.
You can also link created Pull Requests and created issues, so there is a transparent view of progress and current state of development.Projects can be either:
- public - anyone on the internet can see them or
- private - here we can choose who can see and make changes.
At the time of writing, GitHub Projects are being redesigned. You can see the new upcoming features and new designs here, and it is possible to join beta program.
Git source code repositories
It is always good practice to store source code in a version control system. With GitHub, we can create an unlimited number of Git repositories to store the source code of the projects we implement. Each team member can implement specific functionalities and then create pull requests so other team members can review the code. Team members can connect to the GitHub repositories with different Integrated Development Environments (IDE) like Visual Studio or XCode. There is also a dedicated GitHub Desktop application which helps to track local changes and makes it possible to make commits and push code to the GitHub platform.
You can also apply branch protection rules to make sure that direct commits to specific branches are forbidden. If you use Azure DevOps, you probably know that the same functionality is available there. A code review requirement can be set up before changes are merged. You can also “verify build” status to make sure that before you merge changes, code compiles and unit tests are successfully executed.
GitHub Actions
Continuous Integration and Delivery are also part of DevOps best practices. With GitHub Actions, it is possible to set up automatic builds for different types of applications (like web or mobile). During the build phase, you can also apply additional verification, like a security scan, to detect vulnerabilities in the source code. If you use Azure DevOps to implement CI/CD pipelines, you will quickly discover that GitHub Actions is very similar. You can set up GitHub action to build the package with your application, deploy its package to Azure (or another) cloud, or publish unit tests results. You can also define environments to make sure that source code from a specific branch will be deployed to a specific environment type: dev, test, or prod. With this approach, you can be sure that deployments are done in a secure and predictable way.
For each environment, GitHub allows you to define separate secrets to make sure that they will be used only when necessary. There are more than 10,000 GitHub Actions available today in the GitHub Marketplace. The best thing about them is that if there isn’t a solution available today that addresses your workflow automation needs, it is very simple to create your own.
Security features with GitHub Advanced Security
GitHub Advanced Security supplies a rich set of capabilities for securing every part of your software development, e.g.:
- scanning and protecting code in your repositories and packages
- creating code-to-cloud DevSecOps workflows
- understanding and securing your software supply chain.
It includes the industry-leading code vulnerability analysis capabilities of Semmle’s CodeQL, automatic security flows, secret scanning, and more.These tools connect every enterprise with the work of security researchers across the world, and they provide secure workflows for producing and consuming code.
This is not everything. With GitHub Dependency Graph we can also automatically scan our source code repository to detect all dependencies (libraries) used in our project. You can also configure Dependabot security updates, so your source code is regularly scanned. If a vulnerability is discovered in one of the libraries you use, Dependabot will automatically create a pull request with required updates.
Connecting Azure DevOps and GitHub
At first glance, you may think that if you already use Azure DevOps, there is no need or no way to use GitHub and vice-versa. However, you can still use both products and use features they offer, together!Azure DevOps offers integration with GitHub. Here are the two mostly used integrations.
Azure DevOps Boards with GitHub
You can easily integrate Azure DevOps Boards with GitHub. When creating a new pull request in GitHub, you can reference work items from the backlog in Azure DevOps. You can connect Azure DevOps Boards with GitHub using a free extension available in the GitHub Marketplace.
Azure DevOps pipelines with GitHub
You can also trigger CI/CD pipelines in the Azure DevOps when new code is pushed to a GIT repository on GitHub. There is a free extension in the GitHub Marketplace for connecting Azure DevOps Pipelines with GitHub.
GitHub mobile app
GitHub also provides a mobile application available for iOS and Android platforms. It allows you to easily track what is happening in the projects you participate in. You can use it to check opened pull requests, leave comments, and merge or reject them. You can also browse source code repositories and participate in discussions.
Managing DevOps best practices with the right tools
If you are using Azure DevOps today, consider adopting GitHub on a project-by-project basis where it meets the needs of your software organisation.T his way, you can take advantage of GitHub’s advanced security, inner sourcing, strong open-source community, and workflow automation capabilities.