A year ago GitHub Actions was launched at GitHub Actions at the GitHub Universe Event in 2018. The GitHub community and I were pretty excited about this launch as it had the potential to disrupt the coding landscape. “The main idea is to automate the execution of workflow-based applications. It also includes capabilities to include CI/CD. Developers can build their workflows using pre-defined actions.”
It's a very natural move, in our opinion. If you check out the GitHub Marketplace, you will see a lot of small companies building their businesses around the GitHub ecosystem by calling - "actions." So Congratulations, GitHub(read Microsoft) on this wise move. They will jump into the CI/CD market and prepare a place under the Sun.
Code Quality and Security categories are trending too. However, those categories must have numerous small products, IMHO. More products will offer different services, and it will help to grow the open-source movement. If I decide to work on a side project, I'll definitely try to do something that is connected to GitHub.
Or we can wait for a Godzilla-like product that will dominate the entire section.
I mean, yes, an integrated tool that focuses on code quality, as part of the core of Github product, should be a better solution.
Right now, GH Marketplace has ~ 300 tools related to code quality. But most of them don’t have “perfect connections” with major GitHub sections like Issues, Code Commits, or working between few repositories, connected together. Hey, GitHub managers - make it better! NOW! Another way how it can be solved - our readers can build it. Note: YCombinator School receives ~ 25% of all applicants are dev tool creators
Make it work, and then GitHub will buy your product when they need it.
For a few years, I was using GitHub bots that updated npm packages automatically. One of them was called dependabot. It didn't have a fancy design or complete functionality, but it worked, and people used it. And I was very excited to see that Github bought them out and included them in their "Security Alerts" section. Sure, you might say Renovate bot works better and has a more cool UI, but GitHub differs from your opinion. It’s a classic case of a small company making a significant impact. It became possible because they did simple work at a scale.
Welcome Heroku, today`s newsletter sponsor. Heroku is presenting to you a new open-source tool - Terrier - that can help you to understand your container image. Don't forget to star it on GitHub. All right, my question to you: as Github's Actions were released recently - do you like it? What do you think about the progress that has been made over one year? It will be interesting to hear a story from experienced engineers. We're waiting for your story. 😍
Since GitHub bought dependabot, it's obvious to think that they are betting big on security. I think it also overlaps with another GitHub's feature: npm package hosting. They will try to overcome NPM, and I think it's making a significant impact on them.
I Use Dependabot Before it Was a Mainstream
Github actions offer a new way to make CI/CD for our repositories - small or big ones. Earlier, we had to use tools like Jenkins, Azure DevOps pipelines to make it work.
Plus, you needed to connect those tools with your GitHub projects.
Now It works a bit better, which means that more code will be covered with tests that will move us into code ISO future specification that I dream about these days.
