Get hands on at Universe 2018

GitHub Universe logo

GitHub Universe is just under a month away. With the countdown officially on, we’re excited to share all of the things you need to know for Universe 2018. Our complete schedule of Universe sessions and speakers is now live, and there’s something for everyone: three tracks, 30 breakouts, a full day of technical workshops, and plenty of learning in between.

Build your own Universe

This year, we’re highlighting the future of software—and celebrating the people and projects that push technology forward. Our three attendee tracks are here to help you build a custom Universe itinerary and get the most out of two jam-packed days at the historic Palace of Fine Arts:

  • Developer experience
  • Scaling your business
  • Enabling your platform

Get into the code

Looking to learn something new? Take the “developer experience” pathway and dive into how the problems of tomorrow are being solved by your peers. Find out what the future holds for your favorite tools and technology—and build your own solutions.

The “developer experience” pathway includes sessions like:

  • Code you can hold: Making your first IoT wearable Charlyn Gonda (Uber Engineering) Pick up a soldering iron and put on safety goggles—it’s time to make things. Get started with microcontroller programming, beginning with the Particle Photon board, a wifi-enabled microcontroller.
  • Leveling up WebAssembly itself: Going from MVP to brave new world Lin Clark (Mozilla) Unlock the future of WebAssembly and build your own. Learn how to code a WebAssembly module and see your module’s impact on the real world—or at least on the interactive light environment that coming to GitHub Universe. Then take control of the art installation with your WebAssembly module and walk through your creation.
  • GitHub Learning Lab: Teaching robots to teach Jason Etcovitch (GitHub) Discover how we built the Learning Lab app using public GitHub APIs and Probot, a framework for building GitHub Apps. Build your own courses on Learning Lab to teach developers how you work, what your product or integration does, or something completely new.

Grow your business to scale

It’s exciting to see your business grow—but growth also comes with its own new set of challenges. Our “scaling your business” pathway offers real-life case studies and insight from some of today’s top business leaders, including how they tackled the unique business demands that come with rapid growth.

Check out more of the highlights:

  • GitHub Enterprise at scale: Behind the scenes at Salesforce.com Vamshidhar Gandham (Salesforce), Michael Johnson (GitHub) Wondering how to get started with GitHub Enterprise? Find out why Salesforce started using GitHub, the tools they created to simplify migration, and how GitHub Enterprise has helped them change the face of DevOps.
  • The world’s largest company explains why the future needs more women who code Fiona Tan (Walmart) Increasing the number of women who can code, and specifically in the growing field of artificial intelligence, is critical. Examine why women are fundamental to the future of the self-learning algorithms that power AI and why closing the gender gap in STEM is not only important for business, but important for society.
  • Moving from mono to multi: How Continental Corporation manages a distributed code base Timm Drevensek (Continental Corporation) Working with larger software projects means you’ll eventually need to decide how to organize your code base. See how the Continental team overcame limitations, how to deal with distributed code bases, and what’s possible when integrating with GitHub.

Keep your platform healthy

Is your platform performing at its best? Follow the “enabling your platform” pathway and explore how leveraging the right tools (and embracing necessary change) can help your platform reach its full potential. Find out how developers from companies like Airbnb, Contentful—plus GitHub itself—keep things running smoothly behind the scenes.

And just a few examples of what else you’ll learn:

  • From Monorail to Monorepo: Airbnb’s journey into microservices Jens Vanderhaeghe (Airbnb) Airbnb has grown exponentially over the last few years—and so has their codebase. Hear some of the unique challenges they face as their engineering team grows and how they plan to transition toward a service-oriented architecture—a multi-year effort involving hundreds of engineers across the company.
  • Infrastructure as product: Building GitHub’s future Sophie Haskins (GitHub) Learn the story of Moda—GitHub’s internal service platform and set of tools, practices, and ideas for running software on Kubernetes. Discover how we approached big infrastructure changes, what’s worked well, and why we made the decisions we did.
  • API mashup: Combining APIs using GraphQL schema stitching Rouven Weßling (Contentful) The best mashups are seamless and natural. In today’s golden age of APIs, nobody would be surprised if you used more than six APIs in a project. But, like songs, they all work slightly differently. Find out how to use schema stitching to annotate the GitHub API with metadata about the repositories and users in an organization, resulting in a more powerful API that’s ready to build great tooling with less effort.

Get even more Universe with Workshop Day

Universe isn’t just product launches and after parties. We want you to go home with the practical tools and experience you need to keep building your best. If you’re looking to learn even more—and get an extra day of Universe—join us a day early for technical workshops on October 15.

Like our conference sessions, Workshop Day features three unique attendee tracks. We’ll cover everything from the secrets of great maintainers to scaling GitHub within your organization. Just pick your path to get started:

  • 2018: An Open Source Odyssey - Workshops for individuals and teams interested in innersource, open source, and everything in between
  • U, Robot - Workshops for builders and bot lovers 🤖
  • Git Runner 2048 - Workshops for future Git and GitHub superusers

Check out Universe Workshops

Your Universe is what you make it

Whether you want the latest coding tools, tips to successfully scale your business from industry experts, or tried-and-trued insights to take your platform to the next level, Universe 2018 is a place for everyone—and an experience completely yours. Tickets are limited, so reserve your seat and conference pathway as soon as possible. We can’t wait to see you there!

Get your tickets

Migrating to GitHub Apps — Code Climate shares their story

We first started talking about GitHub Apps in 2017 as the recommended way for developers to build integrations on GitHub. With GitHub Apps, developers can use either GitHub’s REST or GraphQL APIs to interact with the GitHub ecosystem and provide a more flexible security model for users. Since announcing, we have released new documentation and guides to help simplify the process of building new integrations or migrating existing OAuth Apps and talking to integrators about their experiences. For those considering building or migrating to GitHub Apps, we thought it might be interesting to share one of those stories from Code Climate.

Code Climate has built on GitHub from the very beginning. Now they’re using GitHub Apps to build bots, manage server-to-server integrations, limit permission scopes, and provide better support to the engineers using their products. Here’s how they build with GitHub Apps, and what they learned in the process, in the words of Kathryn Chen, VP of Product.

Code Climate Switches to GitHub Apps

Code Climate switched to GitHub Apps

Why are we so excited about GitHub Apps?

Though GitHub OAuth provides great capabilities for managing user-initiated actions, it presented us with a few limitations for building server-to-server integrations.

Using GitHub Apps to build bots

In our Quality product, we wanted to provide users with an Automated Code Review feature. Before GitHub Apps, we used individual user credentials to retrieve and post data into GitHub. We couldn’t post review comments on our customers’ pull requests as a Code Climate bot. GitHub Apps solve this problem.

A Bot found code similarities and suggests refactoring

Using GitHub Apps to manage server-to-server integrations

Some of our customers have immediate security policies that don’t allow us to use SSH to clone repository data from GitHub. Prior to GitHub Apps, we implemented HTTPS repository data cloning by rotating through various users’ OAuth access tokens. This means that these HTTPS calls are associated with specific GitHub users, even though they are not initiated by them. With GitHub Apps, we can authenticate to pull this type of data as a service.

Using GitHub Apps to limit permission scope

In the world of GitHub OAuth, read and write access to repository data are bundled together. GitHub Apps provides much more granularity in permissions. We are now able to ask for only the access level we need (read-only) on the specific resources we need (e.g. pull requests). This aligns the requested permission with the services we provide, making our users more comfortable.

Permission request to install Code Climate Velocity testing

How did we go about implementing GitHub Apps?

We found that switching to GitHub Apps did not require our existing system to be substantially restructured. The API endpoints and queries that we implemented via OAuth remained the same for GitHub Apps, and only our method of authentication changed.

For querying, we use GitHub’s graphql-client gem, with our client defined as:

class HTTP < ::GraphQL::Client::HTTP
  def initialize(vcs, access_token)
    super(vcs.graphql_api_url)
    @access_token = access_token
  end
  
  def headers(context)
    {}.tap do |h|
      if (token = context.fetch(:access_token, @access_token))
        h.merge!("Authorization" => "Bearer #{token}")
      end
    end
  end
end

With OAuth, for access_token, we provided the authorized OAuth token of a random user in the organization. Randomization helped us to balance usage across the organization, but was not ideal. We wanted to make the API request on behalf of the organization itself, which is where GitHub Apps came in.

With GitHub Apps, access is provided via short-lived, renewable tokens belonging to the installation, and the installation is granted the appropriate permissions. We introduced a component in our code that would generate a token for the organization’s GitHub App installation using the octokit gem and the credentials of our GitHub App:

  def create_token
    create_token_client.create_app_installation_access_token(
      external_database_id,
      accept: Octokit::Preview::PREVIEW_TYPES[:integrations],
    )
  end
  
  def create_token_client
    @create_token_client ||= Octokit::Client.new(
      bearer_token: generate_jwt_token,
      api_endpoint: vcs.api_url,
      web_endpoint: vcs.web_url,
      connection_options: {
        url: vcs.api_url,
      },
    )
  end
  
  def generate_jwt_token
    now = Time.now.to_i
    key = OpenSSL::PKey::RSA.new(vcs_app.private_key)
    opts = {
      iat: now,
      exp: now + 60,
      iss: vcs_app.external_database_id.to_i,
    }
    
    JWT.encode(opts, key, "RS256")
  end

We then pass this token to the API client in exactly the same way as before, keeping the overall change small and isolated.

Additionally, each generated token comes with an associated expires_at timestamp. To improve performance, we store an encrypted copy of the temporary token along with this timestamp in our database, allowing us to refresh the token only when necessary.

What did we learn in the process?

API Rate Limit Calculation

During this migration, we learned about the different rate-limiting mechanisms between GitHub OAuth and GitHub Apps.

With OAuth, we were able to cycle through user tokens to make API requests. This provided a very high capacity, as each token allowed for 5,000 GraphQL points per hour. When switching to GitHub Apps, however, the rate limit became organization-wide, meaning we had to think more critically about how often we were hitting the API and how expensive our queries were.

To understand our current GraphQL usage, we used the rateLimit object received from our GraphQL queries, and began tracking statistics using StatsD around how expensive each query was, as well as how often the tokens we used approached their rate limits:

  def process_RateLimit(object)
    object = Connectors::GitHub::Graphql::Fragments::RateLimitFragment.new(object)

    prefix = ["graphql", definition.name.demodulize, "limit"].join(".")
    $statsd.gauge("#{prefix}.cost", object.cost)
    $statsd.gauge("#{prefix}.remaining", object.remaining)
  end

We found that many of our GraphQL queries were fairly inexpensive, but we identified one particularly complex query to be expensive (15 GraphQL points) and frequent (every 10 minutes for every repository in an organization). We thought about how this query would perform for a large organization in our system (for example, 100 repositories) when using GitHub Apps:

100 repositories * 15 GraphQL points * 6 queries per hour = 9,000 GraphQL points / hour

This was initially concerning, as the number was significantly more than the 5,000 GraphQL point rate limit provided for an installation. However, another advantage of GitHub Apps is that its rate limit scales with the size of the organization. For installations with more than 20 repositories, an additional 50 requests (or 50 GraphQL points) is provided for each repository per hour.

With this increase, we identified our modified rate limit would be:

5,000 GraphQL points base + 50 additional points * 100 repositories = 10,000 GraphQL points

This provided us with enough capacity to maintain our current system. To help us stay comfortably within our limit going forward, we worked with GitHub to identify additional strategies for keeping our API usage within its rate limit:

  • Ingest real-time data via inbound webhooks
  • Catch-up with historical data using the API
  • Throttle your API requests to stay within your rate limits
  • Use conditional requests, where possible (currently only available via v3 REST API)

Impact on User Onboarding

Another lesson we learned during this migration is that GitHub Apps requires a different onboarding approach. Unlike OAuth, where users typically identify themselves and grant access in one step, with GitHub Apps, users are required to leave our site and install the application on GitHub before data can be processed. To smooth out this flow, we use the GitHub App installation endpoints to track the user’s onboarding progress and display in-app calls to action linking out to the GitHub App setup URL (when appropriate).

Wrap up

We are very excited to continue to build on GitHub Apps and to take advantage of all the data exposed through the GraphQL API. We’re also looking forward to partnering with GitHub and pioneering more beta features in the future.

If you’re interested in taking a more data-driven approach to engineering management (and want to see our GitHub Apps workflow in action) check us out!

GitHub Classroom celebrates 3M repos with the launch of Classroom Assistant

Teachers tell us they love using GitHub Classroom for deeper insight into student work.

Classroom makes it easy for teachers to set up their courses on GitHub. The tool automatically creates student repositories, and allows you to track assignments right from your dashboard.

It’s helped teachers at Loyola Marymount, Cal Poly, Rice University, and Johns Hopkins use real-world workflows in their courses. In the words of one teacher: “GitHub Classroom takes the intimidation out of using GitHub for noobs.”

As of this week, students have submitted over three million coding assignments using Classroom.

Thank you, Classroom Assistant

But when you have dozens—or even hundreds—of students’ work to grade, you need a simple way to get every repository into one place. Manually cloning each repository eats up precious hours you could spend with students.

Now you can save time and get right to the code. Classroom Assistant allows you to easily download all the repositories in your course.

Signing in to GitHub to use Classroom Assistant

Downloading assignments in GitHub Classroom Assistant

It’s a cross-platform desktop application, available for Windows, Mac, and Linux. Download 500 student assignments—or more—to your local machine with the click of a button.

Install Classroom Assistant or learn more about Classroom

Hacktoberfest is back and celebrating its fifth year!

Hacktoberfest 2018

Join us this October by participating in the fifth annual Hacktoberfest, a month-long celebration of open source software. Along with welcoming back our friends at DigitalOcean, Twilio has joined our partnership for its first year in celebrating Hacktoberfest.

It’s easy to join in on the fun (and get a limited-edition shirt!), all you have to do is check the Hacktoberfest website for details on how to enter. Then, submit 5 pull requests to open source projects between October 1st and 31st. That’s it! The first 50,000 people to complete the challenge will earn a limited edition Hacktoberfest shirt. Terms and conditions will be posted on the website prior to the start of the contest.

Earn a limited-edition Hacktoberfest shirt

If you’ve never contributed to an open source project before, you don’t have to miss out on all the fun—check out our contributing to open source guide.

Want to share your love for Hacktoberfest? Tell the world with the #hacktoberfest hashtag on Twitter, Facebook, or Instagram.

Last year, 30,000+ people from over 100 countries (119 to be exact!) submitted almost 240,000 pull requests to all kinds of projects—everything from documentation tweaks and bug fixes, to new features and performance improvements. See their stories and (and selfies!) on Twitter with #hacktoberfest.

Hacktoberfest 2017 participants

Don’t miss out! Check the Hacktoberfest website and sign up to receive updates

Level up your school projects with Algolia, GitKraken Glo, Heroku, and JetBrains

GitHub Student Developer Pack welcomes Algolia, GitKraken Glo, Heroku, and JetBrains

New tools added to the GitHub Student Developer Pack will make your projects ship faster, shine with robust features, and help you stand out from the crowd.

These powerful new additions are free with the GitHub Student Developer Pack, so you can start the school year off right:

  • Algolia’s APIs will help you build search functionality in your projects
  • Heroku provides a super-easy cloud platform to get your apps online for the whole world to enjoy
  • JetBrains gives you a suite of IDEs to help you conquer your coding assignments

On top of that, our friends at GitKraken added Glo Boards, their issue and task tracker, to help you stay on top of your school work.

Algolia

Does your app have search functionality? Why not add it with Algolia.

Algolia is a search API that gives developers a complete toolkit for building search into their products—from front end libraries to back end frameworks and API clients. Now that they’re included with the GitHub Student Developer Pack, you’ll get 100,000 records for your index, and one million indexing operations monthly for free (a value of $150 monthly).

Build out discoverability features for your app so your users can find what they’re looking for.

Examples of Algolia Instant Search for e-commerce, media, and tourism

Get Algolia

GitKraken Glo

Keeping track of everything you need to do for class can be a chore, and group projects can be especially challenging. That’s where GitKraken Glo comes in with the easiest way to track tasks from inside the GitKraken Git Client, a browser, mobile apps, or even Atom and VS Code. Glo Boards sync in real-time with GitHub Issues to help visualize your to-do list in a workflow or calendar view. Track individual and team progress, and use @mentions to keep everyone on task.

GitKraken Glo

GitKraken offers these legendary task tracking boards with GitHub Issue sync, free for 1 year (normally $49 yearly) through the GitHub Student Developer Pack.

Get GitKraken Glo

Heroku

If you’re building a web application at a hackathon, Heroku is your new best friend. The cloud-based, platform as a service (PaaS) gives you everything you need to do your best work. This includes a fully-managed runtime environment, coupled with a wide range of tools and built-in services. Build apps with the language or framework of your choice. It’s a great place to practice popular architectural patterns or collaborate with other students. For example, developers use the “review apps” feature to share changes immediately with every commit to GitHub. Because Heroku takes care of DevOps, you can focus on becoming a better developer.

All Heroku applications run in a collection of lightweight Linux containers called dynos. With the GitHub Student Developer Pack, you’ll get a Hobby Dyno to run small projects for up to 2 years (valued at $84 yearly).

Get Heroku

JetBrains

These integrated development environments will change your life. If you’re learning Java, PHP, Ruby, Python, JavaScript, Kotlin, Objective-C, Go, or .NET, you can quickly get started with ease using professional developer tools from JetBrains.

With the GitHub Student Developer Pack, you get a free year-long subscription to all JetBrains desktop tools, including IntelliJ IDEA Ultimate, PyCharm Professional, CLion, and Rider. As long as you remain a student, you’re welcome to renew your Student License for free.

Get JetBrains

Newer

Changelog

Subscribe

GitHub Universe logo

GitHub Universe

October 16-17 in San Francisco
Get tickets today

Discover new ways to build better

Try Marketplace apps free for 14 days

Learn more