Accelerate DevOps with GitHub

Book description

Take your DevOps and DevSecOps game to the next level by leveraging the power of the GitHub toolset in practice

Key Features

  • Release software faster and with confidence
  • Increase your productivity by spending more time on software delivery and less on fixing bugs and administrative tasks
  • Deliver high-quality software that is more stable, scalable, and secure

Book Description

This practical guide to DevOps uses GitHub as the DevOps platform and shows how you can leverage the power of GitHub for collaboration, lean management, and secure and fast software delivery.

The chapters provide simple solutions to common problems, thereby helping teams that are already on their DevOps journey to further advance into DevOps and speed up their software delivery performance. From finding the right metrics to measure your success to learning from other teams’ success stories without merely copying what they’ve done, this book has it all in one place. As you advance, you’ll find out how you can leverage the power of GitHub to accelerate your value delivery – by making work visible with GitHub Projects, measuring the right metrics with GitHub Insights, using solid and proven engineering practices with GitHub Actions and Advanced Security, and moving to event-based and loosely coupled software architecture.

By the end of this GitHub book, you'll have understood what factors influence software delivery performance and how you can measure your capabilities, thus realizing where you stand in your journey and how you can move forward.

What you will learn

  • Effectively measure software delivery performance
  • Adopt DevOps and lean management techniques in your teams
  • Plan, track, and visualize your work using GitHub Issues and Projects
  • Use continuous delivery with GitHub Actions and Packages
  • Scale quality through testing in production and chaos engineering
  • “Shift left” security and secure your entire software supply chain
  • Use DevSecOps practices with GitHub Advanced Security
  • Secure your code with code scanning, secret scanning, and Dependabot

Who this book is for

This book is for developers, solutions architects, DevOps engineers, and SREs, as well as for engineering or product managers who want to enhance their software delivery performance. Whether you're new to DevOps, already have experience with GitHub Enterprise, or come from a platform such as Azure DevOps, Team Foundation Server, GitLab, Bitbucket, Puppet, Chef, or Jenkins but struggle to achieve maximum performance, you’ll find this book beneficial.

Table of contents

  1. Accelerate DevOps with GitHub
  2. Foreword
  3. Foreword
  4. Contributors
  5. About the author
  6. About the reviewers
  7. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the example code files
    5. Download the color images
    6. Conventions used
    7. Get in touch
    8. Share Your Thoughts
  8. Part 1: Lean Management and Collaboration
  9. Chapter 1: Metrics That Matter
    1. Why accelerate?
    2. Engineering velocity
      1. Measuring velocity with effort
      2. Toxic estimates
      3. The correct way to estimate high-level initiatives
      4. From developer to engineering velocity
    3. High-performance companies
      1. The Developer Velocity Index
      2. The state of DevOps
    4. Measuring metrics that matter
      1. Delivery lead time
      2. Deployment frequency
      3. Mean time to restore
      4. Change fail rate
      5. The Four Keys dashboard
      6. What you shouldn't do
    5. The SPACE framework for developer productivity
      1. Satisfaction and well-being
      2. Performance
      3. Activity
      4. Communication and collaboration
      5. Efficiency and flow
      6. How to use the SPACE framework
    6. Objectives and key results
      1. What are OKRs?
      2. How do OKRs work?
      3. OKRs and DevOps
    7. Summary
    8. Case study
    9. Further reading
  10. Chapter 2: Plan, Track, and Visualize Your Work
    1. Work is work
    2. Unplanned work and rework
    3. Visualizing your work
      1. Establish pull
      2. Prioritize
      3. Keep it simple!
    4. Limiting WIP
      1. Set WIP limits
      2. Reduce batch size
      3. Reduce hand-offs
    5. GitHub issues, labels, and milestones
      1. Creating a new issue
      2. Collaborating on issues
      3. The issue backlog
      4. Milestones
      5. Pinning issues
      6. Issue templates
    6. GitHub Projects
      1. Get started
      2. Adding work items to projects
      3. Adding metadata to your work
      4. Working with table views
      5. Working with the board view
      6. Working with views
      7. Workflows
      8. Insights
      9. Managing access
    7. Third-party integration
      1. Jira
      2. Azure Boards
    8. Case study
    9. Summary
    10. Further readings and references
  11. Chapter 3: Teamwork and Collaborative Development
    1. Software development is a team sport
    2. The heart of collaboration – the pull request
    3. Hands-on – Creating a pull request
    4. Proposing changes
      1. Draft pull requests
      2. Code owners
      3. Required reviews
      4. Requesting a pull request review
      5. Auto-merge
    5. Pull request reviews
      1. Reviewing proposed changes in a pull request
      2. Marking files as viewed
      3. Hands-on – Making suggestions
      4. Incorporating feedback into your pull request
      5. Submitting a review
      6. Finishing your pull request
    6. Best practices for code reviews
      1. Teach Git
      2. Link pull request to issue
      3. Use draft pull requests
      4. Have a minimum number of two approvers
      5. Do peer reviews
      6. Automate review steps
      7. Deploy and test changes
      8. Review guidelines/code of conduct
    7. Summary
    8. Further readings and references
  12. Chapter 4: Asynchronous Work: Collaborate from Anywhere
    1. Comparing synchronous and asynchronous work
      1. The history of communication
      2. Work and communication
      3. In-person and remote work
    2. Distributed teams
    3. Cross-team collaboration
    4. Shift to asynchronous workflows
    5. Teams and Slack integration
    6. GitHub Discussions
      1. Getting started with Discussions
      2. Discussion categories
      3. Starting a discussion
      4. Participating in a discussion
    7. Pages and wikis
      1. GitHub Pages
      2. Wikis
    8. Working from everywhere with GitHub Mobile
    9. Case study
    10. Summary
    11. Further readings and references
  13. Chapter 5: The Influence of Open and Inner Source on Software Delivery Performance
    1. History of free and open source software
      1. Public domain software
      2. Free software
      3. Open source software
      4. The rise of open source software
    2. The difference between open source and open development
    3. Benefits of embracing open source for companies
      1. Deliver faster with open source software
      2. Build better products by engaging the community
      3. Use tools with a lower risk of obsolescence
      4. Attract talent
      5. Influence emerging technologies and standards
      6. Improve your process by learning from open source projects
    4. Implementing an open source strategy
    5. Open and inner source
    6. The importance of insourcing
    7. GitHub Sponsors
      1. Sponsor tiers
      2. Sponsorship goals
    8. Summary
    9. Further reading and references
  14. Part 2: Engineering DevOps Practices
  15. Chapter 6: Automation with GitHub Actions
    1. Overview of GitHub Actions
    2. Workflows, pipelines, and actions
    3. YAML basics
      1. Comments
      2. Scalar types
      3. Collection types
    4. The workflow syntax
      1. Workflow triggers
      2. Workflow jobs
      3. Workflow steps
      4. Context and expression syntax
      5. Workflow commands
    5. Working with secrets
      1. Storing your secrets
      2. Accessing your secrets
      3. The GITHUB_TOKEN secret
    6. Hands-on – your first workflow
    7. Hands-on – your first action
    8. The GitHub marketplace
    9. Summary
    10. Further reading
  16. Chapter 7: Running Your Workflows
    1. Hosted runners
      1. Isolation and privileges
      2. Hardware
      3. Software
      4. Networks
      5. Pricing
    2. Self-hosted runners
      1. The runner software
      2. Communication between the runner and GitHub
      3. Using self-hosted runners behind a proxy server
      4. Adding self-hosted runners to GitHub
      5. Removing self-hosted runners
    3. Managing access with runner groups
    4. Using labels
    5. Scaling your self-hosted runners
      1. Ephemeral runners
      2. Scaling up and down with GitHub webhooks
      3. Existing solutions
    6. Monitoring and troubleshooting
      1. Checking the status of the runners
      2. Reviewing the application log files
      3. Reviewing the job log files
      4. Checking the service status
      5. Monitoring the runner update process
    7. Case study
    8. Summary
    9. Further reading
  17. Chapter 8: Managing Dependencies Using GitHub Packages
    1. GitHub Packages
      1. Pricing
      2. Permissions and visibility
    2. Using npm packages with Actions
    3. Using Docker with Packages
    4. Apache Maven, Gradle, NuGet, and RubyGems packages
      1. Java with Apache Maven
      2. Gradle
      3. RubyGems
      4. NuGet
    5. Summary
    6. Further reading
  18. Chapter 9: Deploying to Any Platform
    1. Staged deployments
    2. Automating your deployments
    3. How to deploy to Azure App Service
      1. Deployment of Azure resources
      2. Deploying the application with GitHub Actions
    4. How to deploy to AWS ECS
      1. Deployment of AWS resources
      2. Deploying the container with GitHub Actions
    5. How to deploy to GKE
      1. Deployment of Google resources
      2. Deploying the container with GitHub Actions
    6. Infrastructure as code
      1. Tools
      2. Best practices
      3. Strategies
      4. Workflow templates
      5. Reusable workflows
    7. Measuring success
    8. Case study
    9. Summary
    10. Further reading
  19. Chapter 10: Feature Flags and the Feature Lifecycle
    1. What are Feature Flags?
    2. The lifecycle of features
    3. The benefits of Feature Flags
    4. Getting started with Feature Flags
    5. Feature Flags and technical debt
    6. Frameworks and products
    7. Experimentation with Feature Flags
    8. Summary
    9. Further reading
  20. Chapter 11: Trunk-Based Development
    1. Trunk-based development
    2. Why you should avoid complex branching
    3. Other git workflows
      1. Gitflow
      2. GitHub flow
      3. Release flow
      4. GitLab flow
    4. Accelerating with MyFlow
      1. The main branch
      2. Private topic branches
      3. Releasing
      4. Hotfix
      5. Automation
    5. Case study
    6. Summary
    7. Further reading
  21. Part 3: Release with Confidence
  22. Chapter 12: Shift Left Testing for Increased Quality
    1. Shift left testing with test automation
      1. Test-driven development
      2. Managing your test portfolio
    2. Eradicating flaky tests
    3. Code coverage
    4. Shift right – testing in production
      1. Health data and monitoring
      2. Feature flags and canary releases
      3. Business continuity and disaster recovery
      4. Exploratory testing and usability testing
    5. Fault injection and chaos engineering
    6. Tests and compliance
    7. Test management in GitHub
    8. Case study
    9. Summary
    10. Further reading
  23. Chapter 13: Shift-Left Security and DevSecOps
    1. Shift-left security
    2. Assume-breach, zero-trust, and security-first mindset
    3. Attack simulations
    4. Red team-blue team exercises
      1. Team constellation
      2. Rules of the game
      3. Where to start
    5. Attack scenarios
    6. GitHub Codespaces
    7. Summary
    8. Further reading
  24. Chapter 14: Securing Your Code
    1. Dependency management and Dependabot
      1. Exploring your dependencies
      2. Dependabot
      3. Automate Dependabot updates with GitHub Actions
      4. Use Dependabot to keep your GitHub actions up to date
    2. Secret scanning
    3. Code scanning
      1. Code scanning in GitHub
      2. Running your code scans
      3. Getting started
      4. Code scanning alerts
      5. Pull request integration
      6. Code scanning configuration
    4. Writing your own CodeQL queries
    5. Summary
    6. Further reading
  25. Chapter 15: Securing Your Deployments
    1. Container and infrastructure security scanning
      1. Container scanning
      2. Infrastructure policies
    2. Automate the infrastructure change process
    3. Source code and infrastructure integrity
      1. The SBOM
      2. Signing your commits
      3. Signing your code
    4. Dynamic application security testing
    5. Security hardening your release pipeline
      1. Secure your runners
      2. Secure your Actions
      3. Secure your environments
      4. Use tokens when possible
      5. Collect security telemetry
    6. Case study
    7. Summary
    8. Further reading
  26. Part 4: Software Architecture
  27. Chapter 16: Loosely Coupled Architecture and Microservices
    1. Loosely coupled systems
    2. Microservices
    3. Evolutionary design
    4. Event-driven architecture
    5. Summary
    6. Further reading
  28. Chapter 17: Empower Your Teams
    1. Conway's law
    2. The two-pizza team
    3. Inverse Conway Maneuver
    4. Delivery cadence
    5. A mono- or multi-repo strategy
      1. Working with large mono repositories
      2. Organizing your repos with topics and star lists
      3. Using Git submodules to structure your code
      4. What's the right strategy?
    6. Case study
    7. Summary
    8. Further reading
  29. Part 5: Lean Product Management
  30. Chapter 18: Lean Product Development and Lean Startup
    1. Lean product development
    2. Incorporating customer feedback
    3. The MVP
    4. Enterprise portfolio management
    5. Improving your product management skills
      1. Understanding your customers
      2. Understanding your business
      3. Understanding your product
    6. Business Model Canvas
    7. Summary
    8. Further reading
  31. Chapter 19: Experimentation and A|B Testing
    1. Conducting experiments with the scientific method
      1. Observation – gathering and analyzing the data
      2. Formulating the hypothesis
      3. Building the experiment
      4. Validating the results
    2. Effective A|B testing with GrowthBook and Flagger
      1. Flagger
    3. Experimentation and OKR
    4. Summary
    5. Further reading
  32. Part 6: GitHub for your Enterprise
  33. Chapter 20: GitHub – The Home for All Developers
    1. Hosting options and pricing
      1. Hosting options
      2. GitHub Connect
      3. Pricing
    2. Hands-on – create your account on GitHub.com
    3. Enterprise security
      1. SAML authentication
      2. SCIM
      3. Automatic team synchronization
      4. Enterprise Managed Users
      5. Authentication with GHES
      6. The Audit API
    4. GitHub Learning Lab
    5. Summary
    6. Further reading
  34. Chapter 21: Migrating to GitHub
    1. Picking the right migration strategy
    2. Achieving compliance with low-fidelity migrations
    3. Synchronizing requirements for a smooth transition
    4. Migrating your code
    5. Migrating from Azure DevOps or GitHub
    6. Migrating your pipelines
    7. Summary
    8. Further reading
  35. Chapter 22: Organizing Your Teams
    1. GitHub scopes and namespaces
      1. GitHub enterprises
      2. GitHub organizations
    2. Structuring GitHub teams
    3. Role-based access
    4. Custom roles
    5. Outside collaborators
    6. Summary
    7. Further reading
  36. Chapter 23: Transform Your Enterprise
    1. Why many transformations fail
      1. Assuming your company or industry is special
      2. Having no sense of urgency
      3. Having no clear vision
      4. Letting obstacles block your progress
      5. Not getting help
    2. Starting with WHY?
      1. A purpose-driven mission
      2. Establishing an engineering culture
    3. Data-driven transformation
      1. The Theory of Constraints
      2. Eliminating bottlenecks
      3. DevOps is a journey of continuous improvement
      4. Optimizing for value stream-aligned teams
    4. Summary
    5. Further reading
    6. Why subscribe?
  37. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts

Product information

  • Title: Accelerate DevOps with GitHub
  • Author(s): Michael Kaufmann
  • Release date: September 2022
  • Publisher(s): Packt Publishing
  • ISBN: 9781801813358