GitHub

GitHub #

Table of Contents #

Getting Started #

[ course ] Microsoft’s GitHub Foundations

[ documentation ] Get Started with GitHub

[ documentation ] Git and GitHub learning resources

[ h ][ g ] First Contributions

[ h ][ g ] GitHub Skills

GitHub’s Training Kit + Cheatsheet

Resources #

GitHub [ support ]

[ h ] GitHub Codespaces
- https://github.blog/2023-02-22-a-beginners-guide-to-learning-to-code-with-github-codespaces/
[ h ] GitHub Community
- [ community discussions ]
[ h ] GitHub Explore
[ h ] GitHub Features
- [ h ] Copilot
- [ h ] Collaborative Coding
[ h ] GitHub Marketplace
[ h ] GitHub Search
[ h ] GitHub Training

[ h ] Resources

[ h ] CI/CD
[ h ] DevOps
[ h ] InnerSource
[ h ] Security
- [ h ] Security

[ h ] Blog

[ b ] 10-11-2022 “On the go with GitHub Projects on GitHub Mobile (public beta)”.

[ c ] YouTube

[ y ] 11-09-2022. “What is GitHub?”.

[ h ] GitHub Flavored Markdown

[ awesome readmes ]
[ awesome contributing ]
[ awesome github templates ]
[ d ] Microsoft Style Guide
[ g ] emoji

GitHub InnerSource

Open Source

[ h ][ g ] GitHub’s Open Source Guides
[ h ] Choose an open source license
[ collaboration best practices ]

[ h ][ g ] First Contributions

[ h ][ g ] GitHub Skills

[ h ] GitHub Training Manual

[ h ] GitHub Student Developer Pack

Documentation

[ d ] Get started
- [ d ] Quickstart
- Writing on GitHub
  - Start writing on GitHub
    - [ d ] Basic formatting syntax
- [ d ] Getting started with git
  - [ d ] About remote repositories
Account and profile
- Profiles
  - Customizing your profiles
    - [ d ] Your profile README
[ d ] Authentication
- [ d ] Account Security
  - [ d ] Creating a strong password
- [ d ] Connect with SSH
- [ d ] Troubleshooting SSH
- [ d ] Verify commit signatures
[ d ] Repositores
- [ d ] Create & manage repositories
  - [ d ] About repositories
- [ d ] Manage repository settings
  - [ d ] Customize your repository
    - [ d ] About code ownders
- [ d ] Branches and merges
  - [ d ] Manage branches
    - [ d ] Changing the default branch
[ d ] Pull Requests
- [ d ] Commit changes to your project
  - [ d ] Create & edit commits
    - [ d ] About commits
    - [ d ] Creating a commit with multiple authors
  - [ d ] Troubleshooting commits
    - [ d ] Commit missing in local clone
- [ d ] Collaborate with pull requests
  - [ d ] Propose changes
    - [ d ] About branches
    - [ d ] About pull requests
  - [ d ] Address merge conflicts
    - [ d ] Resolving a merge conflict using the command line
  - [ d ] Incorporate changes
    - [ d ] Merging a pull request

More

[ d ] GitHub Actions
[ d ] GitHub CLI
- [ d ] Quickstart
[ d ] GitHub Codespaces
- [ g ] default image
- Setting up your project
  - Adding a dev container configuration
    - [ d ] Introduction to dev containers
[ d ] GitHub Glossary
[ d ] GitHub Pages
[ d ] Code Security

[ y ] 02-08-2021. Microsoft Developer. “Introduction to Git Recap | Learn with Dr G”.

Notes #

# GitHub repo directory structure
/                                  # repo root
├── .github                        #
│   ├── ISSUE_TEMPLATE.md          #
│   └── PULL_REQUEST_TEMPLATE.md   #
├── CODEOWNERS                     # defines individuals or teams that are responsible for reviewing code modifications
├── CODE_OF_CONDUCT                # sets the ground rules for community members
├── CONTRIBUTING.md                # provides guidance on how to contribute to the project
├── LICENSE                        # if the project does not contain an open-source license then it is not open-source
├── README.md                      # serves as the welcome page for a project (info on how to get started using the project, info on how to engage with the community)
├── SECURITY.md                    #
└── docs                           #

communication channels

https://github.com/repo/issues issue tracker - where folks discuss project-related issues and tasks
https://github.com/repo/pulls pull request - where folks discuss and review changes to the project
chat channels (Discourse, Gitter, IRC, Slack) - some folks use chat channels for conversations and discussions
https://github.com/repo/contribute - a good way to find beginner-friendly issues to help with
https://github.com/repo/labels

Repositories #

Repositories

Visibility
- Public - open-source, accesible to those inside and outside the org
- Internal - visible to members of the org that owns the repo, for InnerSource projects
- Private - visible to the owner and any teams or users added, for specific users and groups
user and team permissions
- read - non-code contributors to view and discuss the project
- triage - for contributors who need to proactively manage issues and pull requests without write access
- write - for contributors who actively push to the project
- maintain - for project managers who need to manage the repo without access to sensitive or destructive actions
- admin - for those who need full access to the project, including sensitive or destructive actions such as manageing security or deleting a repo
Discoverability
1. descriptive name
2. concise description
3. appropriate license (How can I use, customize, or distribute this software?)
4. README.md - the repo’s landing page

`README.md`#

README.md

GitHub searches for the first README.md in the order of the following directories (/.github, /, /docs) and automatically surfaces the it to repo visitors
Content
- communicates project expectations
- helps manage contributions
- articulates the project’s purpose/vision
- presents visual aids such as screenshots or code snippets to illustrate the project in action
- includes a link to the demo or production version of the app
- sets expectations for prerequisites and deplpoyment procedures
- includes references to the projects on which this project depends (promote the work of others)

`CONTRIBUTING.md`#

CONTRIBUTING.md

GitHub searches for CONTRIBUTING.md in the order of the following directories (/.github, /, /docs)
if CONTRIBUTING.md exists then GitHub links to it in issues and pull requests
Content
- explain the project’s contribution policy to potential contributors
- which conventions does the project follow?
- where does the team look for pull requests?
- which details are requested for bug reports?

Projects #

Workflows [ github flow ]

specify project workflows for external contributions
workflows include details about where and how branches should be used for bugs and features, how pull requests should be opened, and any other details people outside the repository team should know before they push code
specify a strategy for managing releases and deployments which affects day-to-day branching and merging [ adopt a git branching strategy ]

Metrics

traditional
- bugs reported
- time to market
innersource
- how has external participation improved project quality
- Is the repository receiving pull requests from external sources that fix bugs and add features?
- Are there active participants in discussions around the project and its future?
- Is the program inspiring an InnerSource expansion that drives benefits elsewhere in the organization?
- Measure process, not output
  - Code review turnaround time
  - Pull request size
  - Work in progress
  - Time to open
- Measure against targets and not absolutes
- Measure teams and not individuals
  - Number of unique contributors to a project
  - Number of projects reusing code
  - Number of cross-team @mentions

Actions #

packaged scripts that automate tasks in a software-development workflow in GitHub

types of actions

container actions
JavaScript Actions

Security #

Mitigation Overview

.gitignore
SECURITY.md
Vulnerable Dependency Detection - detect, fix outdated dependencies with sec vulerabilities
- Dependabot - automate the detection of vulnerable dependencies
How to remove historical commits exposing sensitive data deep in your repo?
How to remove a commit exposing sensitive data in a pull request?

Software Security

writing secure code
locking down infrastructure
protect the processes that occur during every stage of the software development lifecycle