GitHub GraphQL API v4

I’ve briefly mentioned before that GitHub joined the adopters of the GraphQL for their API.  Here’s the link to the full documentation and more details.

GitHub chose GraphQL for our API v4 because it offers significantly more flexibility for our integrators. The ability to define precisely the data you want—and only the data you want—is a powerful advantage over the REST API v3 endpoints. GraphQL lets you replace multiple REST requests with a single call to fetch the data you specify.

GitHub : Security Alerts and Team Discussions

GitHub blog recently announced a couple of interesting new features.

Firstly, Security Alerts.   For now it only supports Ruby and JavaScript, but hopefully other languages are coming soon (PHP/Composer please!).  Security Alerts will notify repository owners if there are any known security issues in any of the packages that the repository is using.  Similar, I guess, to who SensioLabs Security Check works, but integrated with your GitHub.

Secondly, Team Discussions. This is yet another way place for the team to communicate.  There are Issues and Pull Requests already.  But those are more specific and more focused.  For anything that doesn’t have a single issue, or doesn’t have a PR yet, a Team Discussion might be a better place.

GitHub : Archiving Repositories

GitHub archive repositories

Last week, GitHub introduced archiving of repositories. While it might not seem like a news worthy feature, it is quite useful for both individuals and teams.  Two particular scenarios that I find helpful are:

  1. Indicate that a particular repository / project is obsolete and is not maintained.  This should save quite a bit of time for people who randomly end up on a project’s page, via searching GitHub/Packagist/Google or somewhere else.
  2. Provide an insight into how many of the person’s or team’s profile are active.  It’s often difficult to estimate at a first glance, when looking at a GitHub profile of a person or a team who have been developing for a long time, how many of their projects are actually actively maintained.

GitFlow considered harmful, and how we do it

I came across this rather strongly opinionated blog post – GitFlow considered harmful, and I have to say that I mostly agree with it.

In our company, we use a similar approach to the Anti-gitflow, but with even more simplicity.  This is one particular thing I like so much about git is that each person, team, or company can pick the workflow that suits them best.

Just to give you a little bit of context, we have a rather small development team (under 10 people), but we do a large number of projects.  All our projects are web-based, varying from small and simple websites (static HTML), through more complex WordPress sites (multilingual, e-commerce, etc), to business applications like CRMs.  Each project is done by several developers at a time and can later on be passed on to other developers, often much later (another iteration after several month).  Each developer is working on a number of projects at a time.  And we do very fast-paced development, often deploying multiple versions per day.  Given the nature of the projects and the development pace, we don’t ever really rollback.  Rollback is just another step (version) forward.  And we don’t have long and complex roadmaps in terms of which features will be released in which version.  It’s more of a constant review of what’s pending, what needs which resources, and what we can do right now.  (It’s far from ideal project management, but it somehow works for us.  If you think you can do better, send me your CV or LinkedIn profile, and we’ll talk.)

In our case, we do the following:

  • We have one eternal branch, and we call it master.
  • The master branch is always stable and deployable.  Even though we don’t really deploy it directly.
  • Nobody is allowed to commit directly to the master branch.  Initially it was just an agreed convention, but because people make mistakes, we now have this rule enforced with the technology.  Both BitBucket and GitHub support protected branches.  BitBucket, in my opinion, does it much better.
  • All new features, fixes, and improvements are developed in separate “feature” branches.  Most of these are branched off the master.  For large chunks of work, we can create a feature branch, and then introduce incremental changes to it via sub-feature branches, branched off the feature one.  This allows for easier code reviews – looking at a smaller set of changes, rather than a giant branch when it’s ready to be merged.
  • We do code review on everything.  The strongly suggested rule is that at least two other developers review the code before it is merged.  But sometimes, this is ignored, because either the changes are small and insignificant (CSS tweaks or content typos), or we are really in a hurry (we’ll review the changes later).  But whatever the case is, nobody is allowed to merge their own pull requests.  That is set in stone.  This guarantees that at least one other person looked at the changes before they were merged in.
  • We tag new versions only on the master branch.
  • We use semantic versioning for our tags.
  • We don’t deploy branches.  We deploy tags.  This helps with preventing untested/unexpected changes sneaking in between the review of the branch and the deployment.

The above process suits us pretty well.

Shields.io – quality metadata badges for open source projects

Shields.io provides a large collection of badges that you can use in your project documentation (like README.md over at GitHub or BitBucket), which shows a variety of metrics for the project – latest version, number of downloads, build status, and more.  Pretty much anything that you’ve seen used by any project on GitHub is supported (I couldn’t think of a badge that wasn’t).

Now, if only there was a way to insert these things automatically somehow …

GitHub adds Open Source license descriptions

GitHub added Open Source license descriptions.  This is a tiny, but very useful feature, especially for those people who are not very well versed in the differences between GPL, MIT, BSD, and other licenses.  I wish there was a way to have something like this proprietary applications.  Maybe then people would pay attention to the end user license agreements (EULAs).

GitHub pricing : Business

GitHub has yet another update to their pricing options.  Business plans have been launched with support for SAML single sign-on, 99.95% uptime SLA, 24×5 support with 8 hour response, and more.

Unfortunately it still counts external contributors as users in the account, which makes it too expensive for my organizations, but it’s good to see them trying.

GitHub starts the Open Source Guides

GitHub blog is “Announcing Open Source Guides“:

we’re launching the Open Source Guides, a collection of resources for individuals, communities, and companies who want to learn how to run and contribute to open source.

[…]

Open Source Guides are a series of short, approachable guides to help you participate more effectively in open source, whether it’s:

  • Finding users for your project
  • Making your first contribution
  • Managing large open source communities
  • Improving the workflow of your project

These guides aim to reflect the voice of the community and their years of wisdom and practice. We’ve focused on the topics we’ve heard about most, and curated stories from open source contributors across the web.

I think it’s a great idea and I really like the execution too.  Most of what I know about Open Source comes from years of participation, and from reading old books, manuals and licenses – not something that is easy to share with people who are just getting their feet wet.

GitHub’s Open Source Guides are very simple, concise and specific.  And they cover a variety of subjects, not just the legal or technical side of things, but also communications, support, marketing, etc.

GitHub to MySQL

GitHub to MySQL is a handy little app in PHP that pulls labels, milestones and issues from GitHub into your local MySQL database.  This is useful for analysis and backup purposes.

There are a few example queries provided that show issues vs. pull requests, average number of days to merge a pull request over the past weeks, average number of pull requests open every day, and total number of issues.

I think this tool can be easily extended to pull other information from GitHub, such as release notes, projects, web hooks.  Also, if you are using multiple version control services, such as BitBucket and GitLab, extending this tool can help with merging data from multiple sources and cross-referencing it with the company internal tools (bug trackers, support ticketing systems, CRM, etc).

This is not something I’ll be doing now, but I’m sure the future is not too far away.