>>> View this presentation online at http://github-service-universe.kimminich.de/ <<<
PDF version of the slide deck for my JavaLand 2015 talk "All-round careful Software Development with GitHub Services"
Tools for unit testing, building applications, analyzing software quality and planning release scopes are an essential aspect of modern software development. With GitHub and "pluggable" external services there are lots of options to move these aspects into "the Cloud". For open source projects this is a viable alternative to on-premise solutions. In this talk I will present and demonstrate the CI lifecycle of some of my recent projects hosted on GitHub where I tried to integrate modern tools (e.g. Gradle, npm, bower) and external services (e.g. Travis-CI, Code Climate, Coveralls, HuBoard, AmazonSNS, NMA). The benefits and limitations of those services will be honestly illuminated. I am not affiliated with any of the providers mentioned, so this talk will not end up as a marketing show! Instead, the audience is supposed go out of this talk with some new things to try out with their own GitHub projects while hopefully being able to avoid some of the ramp-up difficulties.
UniverseAll-round carefreeful Software Development with GitHub Services
Created by /Björn Kimminich @bkimminich
Follow @bkimminich 35
Division Architect & Security Officer @
Lecturer for Software Development @
Member & Contributor @
Master of the (highly recommended)
Kuehne + Nagel (AG & Co.) KG
Open Web Application Security Project
Code School Git Path
This is not a marketing talk. It is a compilation of personal experience
gathered while working on two of my own public repositories. I am
neither affiliated with nor paid or otherwise reimbursed by GitHub or
any other company behind the products mentioned in this presentation.
No product evaluation or comparison study of any kind was conducted
prior to choosing the services presented here.
Only services that are entirely free for open source projects are
presented in this talk.
A very brief introduction to
Showcase repositories &
15 valuable GitHub Services in practical use
WebHooks Services Hooks
You don't trust...
...cloud service providers with your code?
Fact #1: GitHub offers free hosting of public Git repositories!
You are still...
Fact #2: Offering a sophisticated web-based graphical interface, GitHub still remains 100% compatible with the git CLI.
Fact #3: GitHub supports collaborative development through e.g. forking and pull requests.
...still or ?RCS SCCS
Fact #4: GitHub (optionally) adds an issue tracker, wiki and project page to each repository.
...no version control system at all?
Fact #5: Repository statistics and social extras like Feeds, Followers & Favorites are part of GitHub.
WebHooks & Service Hooks
Individual & Third Party Service Integration
Wait a moment! What are ?WebHooks
Simply put: User-defined HTTP callbacks.
More specifically: HTTP POSTs that occur when something happens. So basically a simple event-notification via HTTP POST.
WebHooks on GitHub
Subscription to events on GitHub.com
Used to integrate individual applications or tools
Installation on or
Types & payloads mirror the
organization repository level
Service Hooks on GitHub
Service Hooks can only be installed on repositories
Only one Service Hook per integrator
Supported events depend on service implementation
Services come with their own unique configuration
Account Level Integration
Close integration with GitHub by demanding repo or account access
Do not require any manual setup by the user on the GitHub page
Configured by the service provider via its own user interface
3rd party does not integrate directly with GitHub
Instead integration with APIs of other service providers
Very useful in Continuous Integration context. Example:
What way of Integration should I use?
GitHub recommends WebHooks for all new integrations
If required use to manage authorization
The existing is not accepting any new services
Repository WebHook Event Types
Organization WebHooks send events for all repositories in that organization. New events for repository creation and team
membership are also available on organization-level.
Watching your dependencies.Node
Automatically discovered Node.js projects
Unfortunately David-DM (v9.0.0) can only discover Node.js projects with a package.json in the repository root folder.
Dependency status with security advisory
A module without security warnings might still contain undiscovered vulnerabilities! On the other hand proven vulnerabilities
of a module might be irrelevant in the context it is used in.
Security vulnerability details
David-DM cooperates with to determine and link to vulnerabilities.Node Security Project