GitHub today released a CI/CD Tool, GitHub Actions. With the tight integration into development workflows and rich, community maintained build-command, actions appears an interesting competitor in the market. As a minimum, the release indicates the importance of CI/CD for the modern software development lifecycle.
Developer productivity and frictionless workflows have been buzzwords for the past half decade and the arrival and rapid growth of Travis-CI, Jenkins or Cirlce-CI have proven the resonance in development organisations. GitHub has outstanding testimonials from day one on the announcement and the ecosystem appears to be ready to go.
It is an offering that comes with appealing integrations and a competitive price, that sure is worth watching.
GitHub Actions makes it easy to automate all your software workflows, now with world-class CI/CD. Build, test, and deploy your code right from GitHub. Make code reviews, branch management, and issue triaging work the way you want.
The other day wrote this in their post on LinkedIn. Following the link takes one to the newly announced Github Package Registry, that allows developers to host releases for distribution. It’s currently in beta and supports npm, docker images, maven packages, NuGet and Ruby Gems. The corresponding blog article has a few more insights:
With GitHub Package Registry your packages are at home with their code—sign up for the limited beta to try it out.
From the blogpost
While I appreciate the thought and easiness of integration, the announcement doesn’t leave me with a cosy feeling. It’s a bit like GitHub is trying to become the Facebook of code. The Internet is made to work decentralised and the interesting part always has been the freedom of choice. With functionality merging together in one platform, choice gets lost and there is opportunity of misuse.
In particular, it seems almost forgotten that Github, just like Linkedin, have been acquired by Microsoft in 2016 and 2018. This perspective throws another light on the added functionality and developers may want to evaluate remaining alternatives.
NETRESEC took a closer look at the long lasting DDoS attacks on github.com. One of the few instances of this type of attack that even made it to mainstream media.
The article finds random web browsers from outside China are tricked into reloading two particular pages on github.com. Apparently, this happens by manipulating requests coming from users physically outside China to services in country hosted content at the border infrastructure.
This is another example of why encryption is a good thing. General usage of SSL/TLS will prevent passive filtering infrastructure from manipulating traffic, and prevent such problems.