The document discusses various GitHub services and tools that facilitate software development, focusing on personal experiences with public repositories. It highlights features such as GitHub's collaborative capabilities, webhooks, service hooks, and continuous integration tools. Additionally, it provides examples of valuable GitHub services, such as Travis CI for continuous integration and Coveralls for test coverage analysis.

1. Exploring the
GitHub Service
UniverseAll-round carefreeful Software Development with GitHub Services
Created by /Björn Kimminich @bkimminich
Follow @bkimminich
Tweet 1
Follow @bkimminich 35
Star 1

2. Björn Kimminich
Division Architect & Security Officer @
Lecturer for Software Development @
Member & Contributor @
Master of the (highly recommended)
Kuehne + Nagel (AG & Co.) KG
Nordakademie gAG
Open Web Application Security Project
Code School Git Path

3. Disclaimer
This is not a marketing talk. It is a compilation of personal experience
gathered while working on two of my own public repositories. I am
neither affiliated with nor paid or otherwise reimbursed by GitHub or
any other company behind the products mentioned in this presentation.
No product evaluation or comparison study of any kind was conducted
prior to choosing the services presented here.
Only services that are entirely free for open source projects are
presented in this talk.

4. Agenda
A very brief introduction to
GitHub &
Showcase repositories &
15 valuable GitHub Services in practical use
GitHub
WebHooks Services Hooks
kata-tcg juice-shop

5. GitHub
Collaborative repository hosting service.Git
http://github.com/

6. If you've never heard about
GitHub before...

7. You don't trust...
...cloud service providers with your code?
Fact #1: GitHub offers free hosting of public Git repositories!

8. You are still...
...on ?Subversion
Fact #2: Offering a sophisticated web-based graphical interface, GitHub still remains 100% compatible with the git CLI.

9. Or even...
... ?CVS
Fact #3: GitHub supports collaborative development through e.g. forking and pull requests.

10. Not really...
...still or ?RCS SCCS
Fact #4: GitHub (optionally) adds an issue tracker, wiki and project page to each repository.

11. Or seriously...
...no version control system at all?
Fact #5: Repository statistics and social extras like Feeds, Followers & Favorites are part of GitHub.

12. WebHooks & Service Hooks
Individual & Third Party Service Integration
https://developer.github.com/webhooks
https://github.com/github/github-services

13. Wait a moment! What are ?WebHooks
Simply put: User-defined HTTP callbacks.
More specifically: HTTP POSTs that occur when something happens. So basically a simple event-notification via HTTP POST.

14. WebHooks on GitHub
Subscription to events on GitHub.com
Used to integrate individual applications or tools
Installation on or
Types & payloads mirror the
organization repository level
Event API

15. Service Hooks on GitHub
Service Hooks can only be installed on repositories
Only one Service Hook per integrator
Supported events depend on service implementation
Services come with their own unique configuration

16. Account Level Integration
Close integration with GitHub by demanding repo or account access
Do not require any manual setup by the user on the GitHub page
Configured by the service provider via its own user interface

17. Integration Chain
3rd party does not integrate directly with GitHub
Instead integration with APIs of other service providers
Very useful in Continuous Integration context. Example:

18. What way of Integration should I use?
GitHub recommends WebHooks for all new integrations
If required use to manage authorization
The existing is not accepting any new services
OAuth
github-service repo

19. Adding a WebHook to a repository

20. Repository WebHook Event Types
Organization WebHooks send events for all repositories in that organization. New events for repository creation and team
membership are also available on organization-level.

21. Service Hook example: Twitter

22. WebHooks & Services in Settings menu

23. Adding Twitter as a Service

24. The Twitter Service configuration

25. Authorizing GitHub to send tweets

26. Setting tweet format and trigger branch

27. Sending a test payload
The Test Service function triggers the real Service once for the most recent commit!

28. The published push notification tweet

29. The Showcase Repositories

30. Kata TCG
Code Kata for a two-player trading card game loosely based on
Hearthstone - Heroes of Warcraft
https://github.com/bkimminich/kata-tcg

31. Sample Implementations
Java (JUnit, Hamcrest, Mockito)
Groovy (Spock)
Javascript (Karma, Jasmine)
Clojure (work in progress...)

32. Polyglot Build
Multi-module build using language specific plugins to build & test
all sample implementations in one execution.
Gradle

33. Juice Shop
An intentionally insecure Javascript Web Application
http://bkimminich.github.io/juice-shop/

34. Technology Stack

35. Build Setup

36. 15 valuable GitHub Services
in practical use in &kata-tcg juice-shop

37. Notifications

38. NMA
Platform for delivering push notifications from virtually any application
to an Android device.
http://www.notifymyandroid.com/

39. Install free* NMA Android App
*The number of receivable notifications per day is limited. Unlimited premium account available via in-app purchase.

40. Generate API Keys for each Notifier

41. Enter API Key in NMA Service config
For convenience you can use the same API Key for all your GitHub repositories.

42. Notification on every push to GitHub

43. Amazon SNS
Simple Notification Service enables applications, end-users, and devices
to instantly send and receive notifications from the cloud.
http://aws.amazon.com/sns/

44. Create global topic in SNS Dashboard

45. Create Subscriber for SNS Topic

46. Configure SNS Service in GitHub
For convenience you can use the same SNS Topic for all your GitHub repositories.

47. Receiving sexy* JSON email on a push
*If you're not so much into JSON I'm sure you'll find a WebHook subscriber that is...

48. Continuous Integration

49. Travis-CI
Hosted continuous integration service providing different runtimes for
different languages.
https://travis-ci.org/

50. Last result for each repo & build history

51. Detailed build log for failure analysis

52. Build results per pull request

53. Build results per commit of a PR

54. Warning about ongoing PR build
Of course there is also a warning when the PR build failed.

55. Watching the console of the running build

56. Merging PR with a warm All is well-feeling

57. Build configuration via .travis.yml file

58. Saucelabs
Automated cross-browser and mobile testing in the cloud for CI.
https://saucelabs.com/

59. List of last test run results for juice-shop

60. Overview of the last failed test run

61. Live screencast of ongoing e2e test run

62. Triggering Saucelabs from Travis CI
The secure tokens are your SAUCE_USERNAME and SAUCE_ACCESS_KEY.

63. Quality Assurance

64. Coveralls
Works with continuous integration servers to provide test coverage
history and statistics.
https://coveralls.io/

65. Coveralls repository dashboard

66. Coverage of latest builds of a repo

67. Coverage per file for specific build

68. Drilldown into file coverage

69. Integration into PR overview screen

70. Passing test results to Coveralls

71. Setup NMA email* on any coverage drop
For each new API key apikey@nmamail.net that can be used for
custom notifications.
NMA automatically creates an email address

72. Notification on a ( ) coverage dropforged

73. Coverity
Provides software quality and security testing solutions.
http://www.coverity.com/

74. Coverity's Analysis Dashboard

75. Details on a specific issue

76. Coverity scan setup on a separate branch
Coverity to 1-3 builds/day (and 2-12 builds/week) depending the project's LOC.limits the build submission frequency

77. Codeclimate
Automated code review for Ruby, JS, and PHP providing feedback on
code quality and test coverage.
https://codeclimate.com/

78. Quality overview in Codeclimate Feed

79. Quality metrics and test coverage per file

80. Code smells identified by Codeclimate

81. Coverage details show a missed function

82. Send merged data to CodeclimateLCOV

83. Automatically open issues for code smells

84. Refactoring issue created by Codeclimate

85. Dependency Management

86. Versioneye
Notification System for Software Libraries showing outdated
dependencies in different supported project files.
https://www.versioneye.com/

87. Versioneye Project Overview
Supported Languages: Java - Ruby - Python - PHP - Node.js - JS - Objective-C - Clojure - CSS - R

88. Dependency details on project level

89. Graph with all indirect dependencies
shows all the dependencies brought into the JS implementation of kata-tcg by the used testing libraries!This graph

90. Gemnasium
Monitoring of project dependencies and alerts for updates and security
vulnerabilities.
https://gemnasium.com/

91. Dependency status overview for all repos

92. Outdated Jasmine test dependencies

93. Email with security alert

94. David-DM
Watching your dependencies.Node
https://david-dm.org/

95. Automatically discovered Node.js projects
Unfortunately David-DM (v9.0.0) can only discover Node.js projects with a package.json in the repository root folder.

96. Dependency status with security advisory
A module without security warnings might still contain undiscovered vulnerabilities! On the other hand proven vulnerabilities
of a module might be irrelevant in the context it is used in.

97. Security vulnerability details
David-DM cooperates with to determine and link to vulnerabilities.Node Security Project

98. Continuous Deployment

99. Heroku
Build and Run Your Apps, Your Way.
https://www.heroku.com/

100. of Juice ShopHeroku instance
Heroku .offers a free small instance per personal application

101. Application status dashboard
Heroku supports Ruby, Node.js, Python, Java, and PHP.

102. Application deployment history

103. Setting up deployment in .travis.yml
By default only a successful build of the master branch triggers a deployment.

104. Docker
Open platform for distributed applications for developers and
sysadmins.
https://docker.com/

105. Autobuild Repository on Docker Hub

106. Activated Docker Service Hook on GitHub

107. The Dockerfile of Juice Shop

108. Collaboration

109. HuBoard
Lightweight Kanban Board offering instant project management for
GitHub issues.
https://huboard.com/

110. Kanban Board based on GitHub issues

111. DnD for priorization and process flow

112. Simple creation and tagging of story cards

113. Authorizing access to GitHub repos

114. Let HuBoard setup the GitHub integration

115. Service Hook generated by HuBoard

116. Bountysource
Funding platform for open-source software where users can
create/collect bounties and pledge to fundraisers.
https://www.bountysource.com/

117. Overview of issues to place bounties on

118. Picking to place a bounty onan issue

119. Placing a 10$ bounty for a new logo

120. The new bounty in the Activity feed

121. Issue augmented with bounty information

122. Developer starting to work on issue

123. Developer claims bounty for closed issue

124. Approved and paid bounty for new logo

125. Gitter
Chat. For GitHub.
https://gitter.im/

126. The official Gitter chatroom of Juice-Shop
Disclaimer: Chatroom might appear more desolated on screenshot than in reality.

127. Activity sidebar populated via WebHooks

128. GitHub-side of the Gitter-WebHook
With granted repository access Gitter will setup its WebHook on GitHub automatically.

129. One final takeaway
If the services you are using offer status badges for your README.md...
... use them ...
...on every occasion ...

130. ...because they are just cool !

131. Thanks for your
attention!
by Björn Kimminich / kimminich.de
These slides are publicly available on and .GitHub Slideshare

132. Q&A

133. Credits
- The HTML Presentation Framework
- Turns text into UML sequence diagrams
- The official Octocat gallery
reveal.js
js-sequence-diagrams
GitHub Octodex
Copyright (c) 2015 Björn Kimminich