Concepts

GitHub

Collaborative development platform built on Git. More than repository hosting — it's the central hub for code review, CI/CD, project management, and open source collaboration.

evergreen#tooling#git#collaboration#dx

GitHub is a platform that extends Git with collaboration, automation, and project management. Founded in 2008, acquired by Microsoft in 2018, it now hosts over 200 million repositories and is the de facto standard for open source development.

What it adds over Git

Git is the version control engine. GitHub adds:

  • Pull Requests — change proposals with integrated code review
  • Issues — bug, feature, and task tracking
  • Actions — native CI/CD with declarative workflows
  • Projects — Kanban boards and planning
  • Discussions — per-repository forums
  • Codespaces — cloud development environments
  • Copilot — AI code assistant
  • Security — Dependabot, secret scanning, code scanning

Pull Requests

The central collaboration flow:

  1. Create branch from main
  2. Make commits with changes
  3. Open Pull Request (PR)
  4. Code review — comments, suggestions, approvals
  5. CI checks pass
  6. Merge to main

Anatomy of a good PR

## Description
What changes and why.
 
## Type of change
- [ ] Bug fix
- [ ] New feature
- [ ] Breaking change
- [ ] Documentation
 
## Testing
How this change was tested.
 
## Screenshots (if applicable)

Merge strategies

StrategyResultWhen to use
Merge commitPreserves all commits + merge commitFull history matters
Squash and mergeSingle commit on mainPRs with many WIP commits
Rebase and mergeIndividual commits without merge commitClean linear history

GitHub Actions

Declarative CI/CD in YAML. Workflows live in .github/workflows/.

name: CI
 
on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
 
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version: 20
          cache: 'pnpm'
      - run: pnpm install
      - run: pnpm test
      - run: pnpm build

Key concepts

  • Workflow — YAML file defining the automation
  • Job — set of steps running on the same runner
  • Step — individual command or reusable action
  • Action — reusable unit (e.g., actions/checkout@v4)
  • Runner — machine executing the job (GitHub-hosted or self-hosted)
  • Secret — encrypted variable for tokens and credentials

Common triggers

on:
  push:                          # any push
  pull_request:                  # PRs opened/updated
  schedule:
    - cron: '0 0 * * *'         # daily at midnight UTC
  workflow_dispatch:             # manual from UI
  release:
    types: [published]           # when a release is published

Branch protection

Rules to protect critical branches:

  • Require PR before merge
  • Require N approvals
  • Require status checks (CI must pass)
  • Require resolved conversations
  • Require signed commits
  • Block force push

Configure at: Settings, Branches, Add rule

GitHub CLI (gh)

Interact with GitHub from the terminal:

# Authentication
gh auth login
 
# Repositories
gh repo create my-project --public
gh repo clone owner/repo
gh repo fork owner/repo
 
# Pull Requests
gh pr create --title "feat: add login" --body "Description"
gh pr list
gh pr checkout 123
gh pr merge 123 --squash
gh pr review 123 --approve
 
# Issues
gh issue create --title "Bug: login fails"
gh issue list --label bug
gh issue close 456
 
# Actions
gh run list
gh run view 789
gh run watch 789
 
# Releases
gh release create v1.0.0 --generate-notes

GitHub vs alternatives

PlatformStrengthConsideration
GitHubEcosystem, community, ActionsOwned by Microsoft
GitLabComplete DevOps, self-hostedMore complex UI
BitbucketAtlassian integration (Jira)Less open source community
Azure DevOpsEnterprise, Azure integrationLearning curve

Best practices

  1. Atomic commits — each commit does one thing
  2. Conventional commitsfeat:, fix:, chore:, docs:
  3. Small PRs — easier to review, less risk
  4. Branch protection — never push directly to main
  5. CODEOWNERS — assign reviewers automatically
  6. Templates — PR and issue templates for consistency
  7. Dependabot — automatic security updates

Special files

.github/
├── workflows/           # GitHub Actions
├── CODEOWNERS          # Automatic reviewer assignment
├── PULL_REQUEST_TEMPLATE.md
├── ISSUE_TEMPLATE/
│   ├── bug_report.md
│   └── feature_request.md
├── FUNDING.yml         # Sponsors
└── dependabot.yml      # Dependabot configuration

Why it matters

GitHub is not just repository hosting — it is the platform where code, review, CI/CD, project management, and collaboration converge. Mastering its native capabilities (Actions, branch protection, CLI) reduces dependency on external tools and accelerates the development cycle.

References

Concepts