GitHub Universe is almost here. For more on what to expect from this year’s stream, we sat down with virtual host, Brian Douglas, for a quick Q&A on GitHub Actions, DevOps, and automation.
The biggest difference this year is that Universe is a hundred percent online. It’s three days with five hours of content each day, and we’re doing a rebroadcast in the Asia-Pacific region for everyone outside of the original timezone. Beyond the new format, we’re going to be following up on a lot of the features we shipped earlier this year. You’ll learn more about code scanning, and get updates on GitHub Discussions, GitHub Actions, and more.
Actions is a feature we shipped about two years ago—actually two Universes ago. It’s something that many folks have dabbled with, whether it’s for starting CI jobs or running tests. You can automate nearly any part of your workflow with Actions, and at GitHub, Actions is a building block for a lot of our other features. It powers everything from security and authentication to access to webhooks. My talk, Getting traction with GitHub Actions, is going to cover everything you can use Actions for outside of CI/CD, like automating performance and checking if your site is up and running. I’ll also show how I manage staging for some of my projects’ design systems with Actions. Overall, the goal is to help expand the footprint of what you can do with Actions outside of just simple things like running tests.
One of the most interesting workflows I’m using right now is the Lighthouse action. The action is based on Google’s Lighthouse project, which is an open source tool for auditing your project’s performance and accessibility. With the Lighthouse tool, you can just open up your browser and check your website’s performance directly. But with the Lighthouse action, I can actually check my site’s performance on GitHub when a new pull request is opened. If a pull request makes performance go down, I can stop and figure out why. This is huge for organizations: we’ve seen many major companies ignore accessibility and performance issues only to have to backtrack and fix them. Now you and your team can be on the same page. Every time a pull request is opened, a GitHub action is triggered to give you a Lighthouse score. The action will also upload a report directly into the artifact, which I’ll share more about in the session.
I’d recommend checking out the Actions course on GitHub Learning Lab. From there, you should definitely visit the Actions tab in your repository. It’ll give you a lot of hands-on insights for your project and how to get started with actions, even before you attend Universe.
Security is definitely going to be a main theme. Even if security hasn’t been top of mind for your workflows, most developers have accidentally shipped a token or committed a secret. I’ve done it myself. Afterwards, everyone’s frantic and there’s a lot of running around to try to clean it up—when it can actually be avoided or fixed easily. I love the fact that GitHub now automatically identifies and regenerates tokens, which you can choose to replace and no one has to know. Those small wins for developers add up. So, even if you’re just attending Universe for DevOps tips or ways to improve your workflows, you’re going to get a lot of security answers. You’ll walk away with tools and questions you can take back to your team to help you better navigate some of the risks that are out there.
There are several—like the HashiCorp session on keeping secrets in your infrastructure pipeline and how to manage that with GitHub. There’s also a counterpoint talk from Sasha Rosenbaum around what happens after you committed a secret. And I know Maya Kaczorowski and William Bartholomew are also doing similar content on how the GitHub Product Team has managed our code scanning feature.
Check them all out here:
First off, you can have access to the work of security researchers right now. The Security tab on your project has a lot of good links to security research documents, or reports that security researchers have linked to actual libraries you’re leveraging your project. I discovered the power of this connection firsthand when I realized one of my actions was being featured in another Universe security talk. We found some security vulnerabilities within the action, and fixing it didn’t only help me. It helped everyone using the action. So, even if you don’t feel like you’re up to date or can stay up to date on all the stuff that’s happening, we do have a community of security researchers on GitHub who can share that information. Start checking the Security tab now, and you can continue checking back in over time to confirm nothing you’re using is vulnerable.
Whether it’s security or DevOps, the most important thing is just being aware and understanding what GitHub tools are out there. Take CodeQL for example: You have to go to the Security tab, enable it on your project, and your code is secure. That’s simplifying, but it starts with doing things like that and making sure you’re aware of what’s happening in your code base and in your community. So, whether you’re writing Python, Ruby, or JavaScript, understand that the community has security researchers involved and that you have access to all their research.
It can be overwhelming for folks to try to feel like they need to be online and watch every single talk. We’re all going to be at home working or doing other things while we’re watching Universe. That’s why we have the play track—being able to have the play track tab open is a way to still feel connected to Universe. It’s a nice break. You can play performances in the background, get a quick 10-minute tutorial on creative coding tools, just to name a few.
I also recommend checking out the discussions. You can create your own Universe threads with Discussions, the built-in native feature that we shipped earlier this year. It’s an opportunity for you to get a first-hand look and try it out for yourself. Put yourself out there, ask questions, or use discussions to connect directly with the speakers. I’ll be hanging out there too—just tag me @bdougie!
Want to learn more? Tune in to Brian’s Universe talk on December 9 at 10:00am PT/1:00pm ET or see the full list of DevOps sessions.
As part of our ongoing commitment to accelerate human progress through Social Impact initiatives, we’re offering students 30-minute, 1:1 micro-mentoring sessions with GitHub employees ahead of Universe.
Edge computing practitioners answer your questions about when and why to build applications at the edge.
Game Bytes is our monthly series taking a peek at the world of gamedev on GitHub—featuring game engine updates, game jam details, open source games, mods, maps, and more. Game on!
Grace Madlinger 
