>>> View this presentation online at http://github-service-universe.kimminich.de/ <<<
PDF version of the slide deck for my JavaLand 2015 talk "All-round careful Software Development with GitHub Services"
Tools for unit testing, building applications, analyzing software quality and planning release scopes are an essential aspect of modern software development. With GitHub and "pluggable" external services there are lots of options to move these aspects into "the Cloud". For open source projects this is a viable alternative to on-premise solutions. In this talk I will present and demonstrate the CI lifecycle of some of my recent projects hosted on GitHub where I tried to integrate modern tools (e.g. Gradle, npm, bower) and external services (e.g. Travis-CI, Code Climate, Coveralls, HuBoard, AmazonSNS, NMA). The benefits and limitations of those services will be honestly illuminated. I am not affiliated with any of the providers mentioned, so this talk will not end up as a marketing show! Instead, the audience is supposed go out of this talk with some new things to try out with their own GitHub projects while hopefully being able to avoid some of the ramp-up difficulties.
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Exploring the GitHub Service Universe
1. Exploring the
GitHub Service
UniverseAll-round carefreeful Software Development with GitHub Services
Created by /Björn Kimminich @bkimminich
Follow @bkimminich
Tweet 1
Follow @bkimminich 35
Star 1
2. Björn Kimminich
Division Architect & Security Officer @
Lecturer for Software Development @
Member & Contributor @
Master of the (highly recommended)
Kuehne + Nagel (AG & Co.) KG
Nordakademie gAG
Open Web Application Security Project
Code School Git Path
3. Disclaimer
This is not a marketing talk. It is a compilation of personal experience
gathered while working on two of my own public repositories. I am
neither affiliated with nor paid or otherwise reimbursed by GitHub or
any other company behind the products mentioned in this presentation.
No product evaluation or comparison study of any kind was conducted
prior to choosing the services presented here.
Only services that are entirely free for open source projects are
presented in this talk.
4. Agenda
A very brief introduction to
GitHub &
Showcase repositories &
15 valuable GitHub Services in practical use
GitHub
WebHooks Services Hooks
kata-tcg juice-shop
7. You don't trust...
...cloud service providers with your code?
Fact #1: GitHub offers free hosting of public Git repositories!
8. You are still...
...on ?Subversion
Fact #2: Offering a sophisticated web-based graphical interface, GitHub still remains 100% compatible with the git CLI.
9. Or even...
... ?CVS
Fact #3: GitHub supports collaborative development through e.g. forking and pull requests.
10. Not really...
...still or ?RCS SCCS
Fact #4: GitHub (optionally) adds an issue tracker, wiki and project page to each repository.
11. Or seriously...
...no version control system at all?
Fact #5: Repository statistics and social extras like Feeds, Followers & Favorites are part of GitHub.
12. WebHooks & Service Hooks
Individual & Third Party Service Integration
https://developer.github.com/webhooks
https://github.com/github/github-services
13. Wait a moment! What are ?WebHooks
Simply put: User-defined HTTP callbacks.
More specifically: HTTP POSTs that occur when something happens. So basically a simple event-notification via HTTP POST.
14. WebHooks on GitHub
Subscription to events on GitHub.com
Used to integrate individual applications or tools
Installation on or
Types & payloads mirror the
organization repository level
Event API
15. Service Hooks on GitHub
Service Hooks can only be installed on repositories
Only one Service Hook per integrator
Supported events depend on service implementation
Services come with their own unique configuration
16. Account Level Integration
Close integration with GitHub by demanding repo or account access
Do not require any manual setup by the user on the GitHub page
Configured by the service provider via its own user interface
17. Integration Chain
3rd party does not integrate directly with GitHub
Instead integration with APIs of other service providers
Very useful in Continuous Integration context. Example:
18. What way of Integration should I use?
GitHub recommends WebHooks for all new integrations
If required use to manage authorization
The existing is not accepting any new services
OAuth
github-service repo
20. Repository WebHook Event Types
Organization WebHooks send events for all repositories in that organization. New events for repository creation and team
membership are also available on organization-level.
43. Amazon SNS
Simple Notification Service enables applications, end-users, and devices
to instantly send and receive notifications from the cloud.
http://aws.amazon.com/sns/
71. Setup NMA email* on any coverage drop
For each new API key apikey@nmamail.net that can be used for
custom notifications.
NMA automatically creates an email address
76. Coverity scan setup on a separate branch
Coverity to 1-3 builds/day (and 2-12 builds/week) depending the project's LOC.limits the build submission frequency
77. Codeclimate
Automated code review for Ruby, JS, and PHP providing feedback on
code quality and test coverage.
https://codeclimate.com/
86. Versioneye
Notification System for Software Libraries showing outdated
dependencies in different supported project files.
https://www.versioneye.com/
89. Graph with all indirect dependencies
shows all the dependencies brought into the JS implementation of kata-tcg by the used testing libraries!This graph
95. Automatically discovered Node.js projects
Unfortunately David-DM (v9.0.0) can only discover Node.js projects with a package.json in the repository root folder.
96. Dependency status with security advisory
A module without security warnings might still contain undiscovered vulnerabilities! On the other hand proven vulnerabilities
of a module might be irrelevant in the context it is used in.
116. Bountysource
Funding platform for open-source software where users can
create/collect bounties and pledge to fundraisers.
https://www.bountysource.com/
133. Credits
- The HTML Presentation Framework
- Turns text into UML sequence diagrams
- The official Octocat gallery
reveal.js
js-sequence-diagrams
GitHub Octodex
Copyright (c) 2015 Björn Kimminich