Home / Companies / GitHub / Blog / October 2018

October 2018 Summaries

30 posts from GitHub

Filter
Month: Year:
Post Summaries Back to Blog
Celebrating its first anniversary, the GitHub Community Forum has grown significantly since its inception on October 31, 2017, evolving from three discussion boards and a single article to a vibrant platform with 625,000 unique visitors, 18,000 registered members, and engagement from over 100 countries. The forum has facilitated 5,500 conversations and published 40 GitHub Original Series articles, with members earning over 185 challenge badges. Looking ahead, GitHub plans to enhance the forum with a new homepage design, additional original articles, more challenges and contests for earning rewards, and expanded opportunities for community involvement. GitHub expresses gratitude for the community's contributions and invites new members to join, emphasizing the importance of user feedback in shaping the platform's future.
Oct 31, 2018 321 words in the original blog post.
Years ago, the author managed popular open-source projects on GitHub and faced challenges keeping up with issue management due to a busy schedule. To efficiently handle issues, a triage system using labels was implemented, but it proved tedious. This experience inspired the development of an automated triage tool using natural language processing (NLP) APIs like Recast.AI. The proposed solution involves creating a GitHub App to automate issue labeling by classifying issues as bugs, enhancements, or questions. The process includes training a language model with existing labeled issues from GitHub using a one-shot script and deploying a GitHub App to label new issues upon creation. The tool utilizes Recast.AI to analyze issue titles and classify them, following which a label is applied. The author provides a detailed guide on building this system, highlighting the challenges such as GitHub’s API rate limits and the benefits of expanding language support and data for improved accuracy. The project is open-source, encouraging others to build on it and share their developments.
Oct 31, 2018 3,066 words in the original blog post.
GitHub has developed Tree-sitter, a sophisticated parsing system integrated into the Atom text editor, to enhance code readability and writing by maintaining a syntax tree that accurately represents the structure of code in real-time. Unlike traditional text editors that rely on simple pattern recognition, Tree-sitter offers improved syntax highlighting and reliable code folding based on actual code syntax rather than indentation. This system supports syntax-aware selection with new editing commands and enables incremental parsing to avoid delays in syntax highlighting updates while typing. Currently, Tree-sitter supports 11 programming languages, with plans to expand further, and GitHub encourages community involvement and feedback to refine and extend its capabilities.
Oct 31, 2018 512 words in the original blog post.
GitHub experienced a significant service disruption lasting over 24 hours due to a routine maintenance error that caused a network partition between their US East Coast network hub and data center, resulting in connectivity issues and a cascade of database replication challenges. Despite the restoration of connectivity within seconds, the incident led to degraded services, including delayed webhook events and GitHub Pages builds, as the company struggled to reconcile data inconsistencies between its data centers. GitHub prioritized data integrity over rapid recovery, opting to preserve user data by failing-forward to its West Coast data center, which introduced additional latency and service delays. The company has initiated technical and organizational improvements, such as adjusting the configuration of its Orchestrator tool and accelerating its migration to a new status reporting mechanism. Additionally, GitHub is advancing a project to support active traffic management across multiple data centers, aiming for greater resilience against single data center failures. Throughout the incident, GitHub maintained transparency with users and is committed to learning from this event to enhance its service reliability and communication strategies.
Oct 30, 2018 2,792 words in the original blog post.
On 9 November 2018, developers of all skill levels are invited to attend a Craftwork event in London, focusing on building GitHub Apps using the GitHub API. This hands-on workshop, held at Uncommon, London, will guide participants through creating and deploying their first GitHub App, leveraging tools such as Probot and Glitch. The event promises an informal, collaborative atmosphere with GitHub experts on hand to assist, and aims to enhance productivity for open source projects or workplace tasks. Attendees are encouraged to create a GitHub account prior to the event, which will also provide food and refreshments, with considerations for dietary restrictions.
Oct 29, 2018 267 words in the original blog post.
The acquisition of GitHub by Microsoft has been completed, and Nat Friedman is stepping in as the new CEO with a commitment to maintaining GitHub's independence, developer-first values, and open extensibility. Emphasizing GitHub's role as a community, platform, and business, Friedman pledges to enhance the developer experience by focusing on reliability, security, and performance while making GitHub more accessible globally. With insights gained from extensive conversations with developers, he aims to ensure GitHub remains the best place for productive communities and teams by improving core functionalities such as search, notifications, and mobile experience, as well as expanding GitHub Actions. The overarching vision is to serve every developer worldwide by fostering a collaborative environment that enables the creation and sharing of software, aligning with the belief that communities achieve more when working together.
Oct 26, 2018 402 words in the original blog post.
GitHub has achieved FedRAMP Tailored authorization for its Business Cloud platform, marking a significant step in aligning with U.S. federal government security standards. This development allows government users to confidently utilize GitHub, knowing it meets the required low-impact software-as-a-service (SaaS) security standards. FedRAMP, managed by the U.S. General Services Administration (GSA), standardizes the security assessment and authorization of cloud services, streamlining the adoption of such services by federal agencies through a unified process. GitHub's involvement in refining the FedRAMP framework for SaaS providers has resulted in enhancements that lower entry barriers for cloud software providers seeking FedRAMP Authorization. The broader GitHub community, including government agencies, benefits from improved privacy and security measures, enabling secure cloud collaboration, fostering innovation, and modernizing software development practices.
Oct 24, 2018 381 words in the original blog post.
GitHub introduced "The Check-In," a webcast designed to keep its global community updated on the latest developments, especially for those who could not attend the GitHub Universe event in person. This initiative aims to provide a comprehensive recap of recent product releases and features, such as GitHub Actions, Learning Lab for Organizations, Security Vulnerability Alerts, and GitHub Connect. The inaugural session of this 45-minute webcast is scheduled for October 25 across different time zones, and following this first episode, The Check-In will continue as a quarterly update for business customers. The webcast serves as an accessible platform for users worldwide to stay informed about GitHub's advancements and offerings.
Oct 23, 2018 179 words in the original blog post.
GitHub recently hosted an event in Brussels to highlight the importance of open source in the ongoing EU copyright reform negotiations, focusing on potential impacts of the EU Copyright Directive on software development. The event aimed to educate EU policymakers about the need to modernize outdated copyright laws while protecting open source software, featuring discussions with developers, policymakers, and industry experts. Key issues include ensuring that exceptions for text and data mining are broad and mandatory, and refining definitions in the directive to effectively exclude open source software development platforms from restrictive measures. GitHub advocates for adopting specific language from the European Parliament that would protect both for-profit and non-profit open source platforms, emphasizing that such distinctions are crucial for fostering innovation and competitiveness in the EU tech sector.
Oct 23, 2018 1,112 words in the original blog post.
All GitHub services have returned to normal as of Monday at 23:00 UTC, following a disruption that affected millions of users and businesses who rely on the platform. GitHub emphasizes its commitment to reliability and extends an apology for the inconvenience caused to its community. A comprehensive root cause analysis and mitigation plan is underway, with the findings set to be shared publicly in the near future.
Oct 22, 2018 72 words in the original blog post.
At 10:52 pm Sunday UTC, GitHub.com experienced a network partition and subsequent database failure, affecting several services and causing inconsistent information to appear on its website. To protect data integrity, GitHub paused webhook events and other internal processing systems. While the incident led to outdated information being displayed, no data was lost, and the primary impact was limited to website metadata stored in MySQL databases, such as issues and pull requests. Git repository data remained unaffected and accessible throughout the incident. GitHub is working to determine a recovery timeline and will provide updates via their status page, ensuring users are informed as the situation progresses.
Oct 21, 2018 173 words in the original blog post.
GitHub has expanded its token scanning capabilities from initially focusing on GitHub OAuth tokens to now include various credentials from cloud service providers, such as unencrypted SSH private keys. This initiative addresses the security complexities inherent in modern software development, where developers use numerous cloud services, each requiring credentials that, if exposed, can lead to significant risks like unauthorized access to sensitive data or misuse of computing resources. Initially relying on hand-tuned assembly to identify GitHub OAuth tokens, GitHub has transitioned to using the Hyperscan library by Intel, which allows for a more scalable and efficient scanning process across different credential formats. The implementation involved collaboration with cloud service providers through a private beta, where credentials found in public repositories are validated and addressed by the providers. Feedback from this beta has been positive, leading to the public beta announcement of Token Scanning, which now supports a growing list of cloud providers. The goal is to reduce the security risks associated with credential exposure in software development while continuing to enhance the tool's effectiveness.
Oct 17, 2018 957 words in the original blog post.
GitHub has launched a new six-month paid apprenticeship program called the "Octoprenticeship" to provide career development opportunities for individuals with non-traditional work and educational backgrounds, including those transitioning into tech from other fields, returning caregivers, and self-taught developers without formal degrees. This initiative aims to increase diversity by offering real-world experience and professional networking, benefiting both the apprentices and GitHub through the infusion of diverse perspectives and innovation. The program includes technical and non-technical roles, allowing apprentices to work alongside full-time employees on real projects and participate in learning opportunities and community engagement. GitHub has partnered with organizations like Path Forward, Sabio, and TechHire to support and develop the program, with the ultimate goal of converting apprentices into full-time roles while continuously improving the program based on feedback from participants.
Oct 17, 2018 870 words in the original blog post.
GitHub announced GitHub Actions at GitHub Universe, introducing a new way to automate and customize workflows by integrating open-source principles into workflow automation. GitHub Actions allows developers to create, share, and discover actions for their projects, enhancing the development cycle by automating processes from idea to production. The announcement highlighted various use cases, including integrations with Flic for tactile workflow control, Pulumi for automated cloud deployment, Netlify for enhanced web project management, HashiCorp Terraform for streamlined infrastructure changes, Jessie Frazelle's simplified open-source workflow, Chewy.com’s error-free compliance processes, and LaunchDarkly's automated feature management. These examples demonstrate the flexibility and potential of GitHub Actions to transform and simplify development workflows, encouraging users to share their creations and participate in the beta program.
Oct 17, 2018 1,395 words in the original blog post.
GitHub is enhancing its platform with new features to streamline software development and improve security, collaboration, and learning. The introduction of GitHub Actions allows developers to automate workflows using custom actions or those shared by the community, supporting various languages and platforms. To bolster security, GitHub has expanded its vulnerability alerts to include Java and .NET, introduced GitHub Token Scanning to prevent accidental exposure of sensitive information, and launched the GitHub Security Advisory API to provide comprehensive security data. GitHub Connect aims to unify experiences across different deployment types, while GitHub Learning Lab offers interactive courses to help developers enhance their skills. These initiatives reflect GitHub's commitment to openness, community-driven innovation, and providing tools that allow developers to focus on coding efficiently.
Oct 16, 2018 1,364 words in the original blog post.
GitHub's annual Octoverse report highlights the impressive achievements of its community, which now includes over 31 million developers, predominantly from outside the United States, contributing to more than 96 million repositories. This growth reflects a 40% increase in repositories and a significant rise in organization accounts, particularly in the Middle East and Southeast Asia. The report notes more than 200 million pull requests, with over a third occurring in the past year, and emphasizes the proactive approach to security, with over five million vulnerability alerts issued since late 2017. The popularity of app installations on GitHub has doubled, leading to more active organizational contributions, while data also reveals interesting behavioral trends like the global reduction in activity around New Year's Day and the "chattiest" contributors hailing from the Czech Republic.
Oct 16, 2018 540 words in the original blog post.
GitHub's latest Enterprise release, announced at GitHub Universe, introduces GitHub Connect, enabling development teams to collaborate effectively across Enterprise and Business Cloud accounts by bridging organizational barriers and integrating the open-source community's capabilities. The update enhances security with features like automatically protected branches and S/MIME Git signing, which simplifies branch protection and signing processes for large organizations. Unified Search now includes private Business Cloud repositories, facilitating efficient cross-repository communication, while Unified Contributions allow developers to showcase their work across both Enterprise and public GitHub profiles. The Checks API is now fully available, providing integrators with detailed build status information for a more cohesive developer experience. Additionally, GitHub has expanded its Premium Support program with new plans offering 24/7 support and personalized technical assistance, ensuring comprehensive support and training for enterprise users.
Oct 16, 2018 612 words in the original blog post.
Travis CI serves as a powerful tool for educational settings by offering both public and private tests for student feedback and project assessment, particularly benefiting schools participating in GitHub Education. As of January 2019, these schools gain access to Travis CI Enterprise at no extra cost, providing unlimited builds for institutions running GitHub Enterprise on their servers. This initiative is part of a broader GitHub Education program that provides free access to GitHub Enterprise and Business Cloud for technical departments, teacher training through the Campus Advisors program, and automated access to premium educational features such as the GitHub Student Developer Pack. Participants also receive exclusive access to new features and GitHub Education-specific merchandise, enhancing the educational experience for both staff and students.
Oct 15, 2018 144 words in the original blog post.
Game Off is an annual game jam hosted by GitHub that invites participants worldwide, from beginners to professional developers, to create games over a month based on a specified theme, announced on November 1st at 13:37 pm (PDT). Participants are encouraged to use open-source game engines, libraries, and tools, but any technology of choice is welcome, providing an opportunity to explore new technologies and collaborate. The event's inclusive nature supports first-time game developers with abundant resources, tutorials, and community support, and participants can explore various programming languages, such as JavaScript, C++, Python, Java, and Lua, to create games in genres ranging from retro to text adventures. Participants' games will be showcased on the GitHub Blog, allowing the global community to enjoy, contribute to, or learn from their creations. GitHub offers resources for newcomers to version control, Git, and GitHub, ensuring they have the support needed to participate effectively in the jam.
Oct 15, 2018 579 words in the original blog post.
GitHub Universe is an event focused on fostering positive social impact through software, bringing together builders, planners, and leaders to explore ways to improve the future of software and society. The event includes panel discussions featuring developers who use open source technology for social good, such as expanding financial services for the poor and developing assistive technologies. Attendees can participate either live or via livestream, with sessions highlighting stories of addressing social issues with code. GitHub supports community partners like Code Tenderloin, AnnieCannons, and Women Who Code East Bay by providing free event tickets and encouraging donations through QR codes during the conference. Additionally, proceeds from sales at the Octoshop, GitHub's merchandise store, will be donated to organizations in cities where GitHub has local offices, further emphasizing the company's commitment to community support and social responsibility.
Oct 12, 2018 539 words in the original blog post.
Sentry's transition from OAuth to GitHub Apps enhanced its integration with GitHub by simplifying the signup process, improving security, and offering a better user experience. This shift allowed Sentry to provide organization-wide installations, ensuring that integrations remain intact despite staff changes, and enabled more granular control over repository permissions, addressing a previous gap in security. The upgrade, built from scratch rather than modifying the old OAuth integration, aligned well with Sentry's organizational structure, streamlining the authentication and integration processes into a single channel through GitHub Apps. This consolidation not only made the application cleaner and reduced maintenance time but also improved the overall developer experience by integrating error monitoring and identity management more seamlessly. The successful implementation underscores the value of GitHub Apps in enhancing Sentry's functionality and reliability for developers leveraging both platforms.
Oct 11, 2018 918 words in the original blog post.
GitHub has expanded its security alerts to include Python, alongside Ruby and JavaScript, identifying over four million vulnerabilities since their initial release. The platform supplements vulnerabilities from the National Vulnerability Database with additional insights from community activity, leveraging a machine learning model to efficiently process around 10,000 daily commits to dependency files. This model analyzes commit messages and associated issues to detect potential security upgrades, despite the possibility of false positives. To ensure quality, GitHub manually reviews the model's output before issuing alerts. For more information on their security initiatives and other technological advancements, GitHub invites users to join their GitHub Universe event, featuring talks and workshops.
Oct 09, 2018 431 words in the original blog post.
GitHub has expanded its developer tools by introducing a new extension for Visual Studio that supports GitHub pull requests, reflecting its commitment to enhancing developer experiences across various platforms. This extension is part of GitHub's ongoing efforts since 2015 to integrate its services directly within popular development environments, allowing developers to manage pull requests entirely within editors like Visual Studio, Atom, and Unity. Furthermore, GitHub collaborated with Microsoft to bring a pull request experience to Visual Studio Code, recognizing the need for improved collaboration within this widely-used IDE. The initial public preview of the GitHub Pull Request Extension for VS Code launched in September 2018, offering features like authentication with GitHub, listing and viewing pull requests, and testing them without leaving the editor. GitHub plans to showcase this extension further at the GitHub Universe event and encourages developers to engage with their team via social media or their open-source repository.
Oct 09, 2018 632 words in the original blog post.
The js13kGames competition, now in its seventh year, concluded with 274 game submissions, each crafted within a month using less than 13 kB. The event showcased a variety of game styles and genres, including dark shooters, pixelated beat 'em ups, puzzles, and platformers. Featured games included "UNDERRUN," a twin-stick shooter with a haunting soundtrack; "Envisionator," where players guide a robot to escape lockdown; and "ONOFF," a dimension-switching platformer. Other notable entries were "The Chroma Incident," a color-restoring shooter; "The Matr13k," a nostalgic combat game based on The Matrix; "1024 Moves," a challenging puzzle game; "Geoquiz 2," a geography trivia game; and "Spacecraft," which involves collecting data tokens in space. The list also included "Off the Line," an arcade tapper, "Exo," a space-based tower defense, "Everyone's Sky," a space exploration game, "Submersible Warship 2063," a strategic underwater combat game, and "Re-wire," a high-stakes puzzle game. The competition, organized by @end3r and supported by GitHub's Lee Reilly, celebrated the creativity and skill of developers in creating compact, engaging games.
Oct 05, 2018 1,039 words in the original blog post.
A vulnerability identified as CVE-2018-17456 in Git allowed arbitrary code execution during the cloning of malicious repositories, prompting the release of Git v2.19.1 and various backports as a remedy. Users are advised to update their Git clients to avoid exposure, particularly when handling untrusted submodules, with specific instructions provided for GitHub Desktop and Atom users to secure their applications. Although GitHub.com and GitHub Enterprise are not directly impacted, they have implemented measures to detect and reject malicious repositories, with updated GitHub Enterprise versions releasing on October 9. The vulnerability, akin to a previous one, involved an option-injection attack related to submodules, and was responsibly disclosed to allow time for remediation before becoming public. The Git community, in collaboration with GitHub developers, audited and implemented stricter validation checks on .gitmodules values, enhancing detection capabilities for potentially harmful submodules. Additionally, JGit and libgit2 were found unaffected due to their different handling of submodules, and a comprehensive scan of GitHub repositories revealed no active exploitation of this vulnerability.
Oct 05, 2018 590 words in the original blog post.
A new integration between Jira Software Cloud and GitHub has been developed to streamline the workflow of software teams by connecting code on GitHub with projects in Jira. This integration enhances visibility into the status of work from planning to deployment, allowing teams to view branches, commit messages, and pull requests directly in Jira tickets. It improves security and simplifies installation, enabling features like smart commits, viewing associated pull requests from Jira, and keeping Jira issues updated through workflow triggers without switching platforms. The legacy integration will be deprecated in favor of this new version, and the new app has been built using publicly-available APIs, allowing for community contributions and feature requests. Users can install the app to connect their GitHub repositories with their Jira instance, with future updates and an enterprise version on the way.
Oct 04, 2018 362 words in the original blog post.
Abi Noda, the creator of Pull Reminders, shares his journey from a self-taught programmer in middle school to founding a successful business on the GitHub Marketplace. Starting with an interest in web design during his high school years, Noda eventually transitioned into a professional software developer and held roles in UX design, enterprise software management, and impactful political and educational projects. Pull Reminders was born out of a need he identified as an engineering manager, where delays in code reviews prompted him to create an automated solution to streamline the process. Despite initial hesitations, Noda's tool quickly gained traction, leading to successful integration with the GitHub Marketplace, which boosted its adoption by over 400 companies. His favorite aspect of the GitHub API is the supportive community he found among GitHub's team, which he considers a partnership. Noda discusses the complexities of supporting diverse code review workflows and his journey of overcoming challenges like perfectionism and self-doubt. His future plans include developing a new GitHub App, Dev Insights, aimed at helping engineering leaders use GitHub data to improve organizational performance, as well as offering guidance to other developers aspiring to start their own businesses.
Oct 04, 2018 1,887 words in the original blog post.
Hacktoberfest, an annual event held in October, encourages developers to contribute to open source projects, with this year's focus on socially impactful initiatives. In partnership with DigitalOcean, Twilio, and several highlighted projects, participants can contribute to a range of projects aimed at making a positive difference in the world. These projects include alex, which promotes inclusive language; REFUGE Restrooms, which maps safe restrooms for gender-nonconforming individuals; GliaX, which develops open source medical devices; HospitalRun, which improves software for charitable hospitals; If me, a mental health app; Talk, a commenting platform by Mozilla and major news outlets; the Humanitarian OpenStreetMap Team, which aids disaster management; and OptiKey, an on-screen keyboard for Motor Neuron Disease patients. Contributors of all levels can participate, and those completing the Social Impact Collection challenge will earn a badge on their GitHub Community Forum profile.
Oct 02, 2018 693 words in the original blog post.
The latest release of GitHub for Visual Studio introduces a new clone dialog that enhances repository list load times using GraphQL and offers separate tabs for cloning from GitHub and GitHub Enterprise, as well as an option to clone via URL. This update refines the user experience by appending the owner and repository name to the default clone path for better organization and includes internationalization efforts, initially focusing on Chinese translations, facilitated by the platform Crowdin. The development team is using metrics to evaluate the effectiveness of these changes and is conducting usability studies for a new feature, inviting user participation through a survey.
Oct 02, 2018 403 words in the original blog post.
Open Jam, an 80-hour game development event organized by @Jared-Sprague, @mwcz, and opensource.com, returns for its second year, inviting participants to create games within certain constraints, such as limited time, themes, or specific technologies, while encouraging the use of open source game engines, libraries, and Creative Commons assets. The event serves as an opportunity for both seasoned developers and newcomers to experiment with game creation, with last year's theme "Leave a mark" inspiring a variety of creative games like Stellar Wrath, developed with Godot. The top three games from Open Jam will be showcased at the All Things Open conference in Raleigh, NC, and participants can find theme announcements, tutorials, and details on the itch.io jam page starting October 5, 2018. Those unable to participate in Open Jam can look forward to GitHub's Game Off, a month-long game jam occurring the following month.
Oct 01, 2018 269 words in the original blog post.