GitHub Actions May Change the Way You Code (Seriously)

GitHub is launching a service named "Actions" that promises to add unending layers of complexity to your code – in the best way possible. The company is also bringing openness to the enterprise via Connect, which bridges the private and professional lives of developers. Announced at Universe, they're GitHub's first major new products since being acquired by Microsoft, and they may just change how you work in a real and positive way. GitHub Actions is the “biggest” product the company has made since it launched, Sam Lambert, GitHub’s Head of Platform, tells Dice. He also (excitedly) suggested the company has “taken everything you love” about the platform and “attached it to code.” The site is typically where developers go to find projects or tools that help make their own apps or services better. It’s a platform of dependencies critical to our workflows. Actions is in line with this; it allows any cloud container to be added to a code repository via a single-line call. You can include just about anything you might find useful for programming in a container (testing, messaging about the status of pull requests, checking to make sure the right HEX codes are used, etc.) and add it to your own repository. GitHub Actions can be shared and made publicly available (or kept private), much like Gists. If you wrote a testing platform for an iOS app, you could host it via Docker (or any major container-hosting platform, really) and share it with the community at-large. Actions can also be versioned; if I were using version 3.2 of your testing service for my own apps, I could keep doing so indefinitely while you continued updating the platform for your own needs. [caption id="attachment_184149" align="aligncenter" width="1000"] GitHub Actions[/caption] Because GitHub Actions are a sort of micro-dependency, they can also be strung together. Lambert likened them to Siri Shortcuts, where lighter, strung-together Shortcuts can be cobbled together to build a larger contained service. You could include smaller Actions in a larger container as a ‘workflow,’ or simply call each to your repo as needed. GitHub tells Dice it will also suggest Actions to you based on your repo makeup, and adding Actions will be available programmatically (again, via the one-line call to a container) or via the user interface (likely a drag-and-drop system). In making container-hosted services a plug-and-play option for repositories, GitHub is trying to change the paradigm of how we work in open source. Imagine uploading a repository; GitHub notices you haven’t written unit tests, and offers up an Action that takes care of that. All you have to do is call the container. Now imagine your repository goes GitHub-viral and is downloaded or forked dozens of times the next day. You could call an action that notifies you when someone forks your repo, and stars it automatically so you can keep tabs. Later, you might add a few more Actions and create your own workflow. Developers love using libraries and frameworks. Github Actions is reminiscent of CocoaPods, just a lot more useful and far simpler to implement. It could actually be transformative. [caption id="attachment_140550" align="aligncenter" width="2048"] GitHub Offices, San Francisco[/caption]

GitHub Mixes Public & Private While Improving Security

Enterprise customers will also find the platform more useful. Cory Wilkerson, Head of Product Engineering for GitHub, acknowledged to Dice there was a distinct divide for companies using GitHub, and his team set out to change that. With 44 percent year-over-year (YoY) growth for the enterprise (GitHub boasts that over 2.1 million organizations use it), the company is carefully wading into a more open environment for businesses. It’s doing so with a service dubbed 'Connect,' which bridges a developer’s individual account with their enterprise activity. A developer working for IBM may have an individual GitHub account they use to find new repos or tools. That account may be linked to IBM, but the activity and search is silo’d. With Connect, their activity at work will show on their graph. Connect also returns search results for private and public repos. If the same IBM developer were working on a project and ran into an issue, they could search for a solution via GitHub and discover all applicable repos in one place. Search results also show which repos are publicly available, and which are unique to IBM’s own internal efforts. Wilkerson says the idea is to reduce friction in developer workflow. While a unified search service isn't exactly sexy, it's effective. Another concept meant to reduce friction is token scanning; GitHub will begin scanning repos for “known formats” for outside dependencies that may pose a security risk. GitHub was unwilling to divulge what it checks for, or what a “known” token format is, but the aim is to reduce your involvement with nefarious actors. For example, a flashy new ad network promising a higher CPM may also be pinging a foreign server without your knowledge. If GitHub's aware the format for that service is problematic, it'll alert you. There's no demand you remove it; the service is simply informative. All told, GitHub is making its service a lot friendlier to use. Actions is exciting, and Connect is going to keep developers engaged more often and throughout their day. Patching security vulnerabilities is a critical service nobody wants to talk about (but everyone wants someone else to fix). GitHub was always where developers touched base, and these moves may just compel them to set up camp there, as well.