GitHub - Where Developers Actually Keep Their Code

GitHub is basically a fancy wrapper around Git that adds a web interface and social features. It's where you push code so you don't lose it when your laptop dies, and where teams pretend to do code reviews before merging everything on Friday afternoon.

The Basic Stuff That Actually Matters

Git Hosting That Doesn't Suck
GitHub gives you unlimited private repos now - they finally figured out charging for private repos was stupid. You get the usual Git stuff: branches, commits, merges, and the inevitable merge conflicts that make you question your life choices. The web interface is decent for browsing code, though you'll still do most real work in your terminal.

Pull Requests: Democracy in Action
Pull requests are GitHub's main thing - someone makes changes, opens a PR, and then everyone argues about variable names for three days before rubber-stamping it. The review system works fine until your team lead decides to bikeshed every semicolon. Draft PRs are useful for "hey look at this broken shit I'm working on."

Issues: The Graveyard of Good Intentions
Every repo has an Issues tab where feature requests go to die. It's actually decent for bug tracking if your team doesn't abandon it after the first sprint. The search sucks though - good luck finding that bug report from six months ago.

The Expensive Shit They Try to Sell You

Codespaces: VSCode in the Cloud
GitHub Codespaces is basically VSCode running on Microsoft's servers. It's cool when it works, but you'll blow through your free 120 hours in about a week. At $0.18/hour minimum, it costs more than AWS EC2 instances for what amounts to a dev container with a fancy interface.

Security Theater
GitHub scans your code for accidentally committed secrets. I learned this the hard way when I pushed AWS keys to a public repo at 2 AM - their scanner caught it within 30 seconds, but not before three bots had scraped it. Dependabot creates more PRs than your entire team, updating dependencies that probably didn't need updating. Pro tip: Dependabot loves to update your testing framework right before a production deploy. Nothing like 47 broken tests to spice up your Friday afternoon.

People are still pushing secrets like fucking idiots. Last year alone, millions of API keys, passwords, and tokens got leaked to public repos. Despite all the security tools, vulnerable code patches increased by 50%. The average vulnerability sits there for years, which explains why your dependency updates feel endless.

The Security Dashboard Reality: GitHub's security features create a false sense of security. Secret scanning will catch your API keys, but only after you've already pushed them to a public repo and the damage is done. Dependabot alerts pile up faster than you can review them, and most teams just auto-merge dependency updates without understanding what changed.

The security stuff is actually useful if you can afford it. CodeQL finds real bugs, but the Advanced Security features cost extra because of course they do.

The AI Stuff and Other Ways to Spend Money

GitHub jumped on the AI bandwagon and honestly, some of it doesn't completely suck.

They've also got CI/CD, project management, and all the other shit you expect from a modern dev platform.

Copilot: AI Autocomplete for Code

GitHub Copilot is AI autocomplete for code powered by OpenAI Codex.

Sometimes it writes exactly the function you need, sometimes it suggests deprecated React lifecycle methods that look perfect until your console explodes with warnings. Millions of developers use Copilot now, making it stupidly popular. For $10/month individual or $19/user for teams, it's decent but not life-changing

• think fancy IntelliSense that occasionally writes entire functions for you.

The Copilot Experience: Picture this

• you're typing a function name and suddenly a gray suggestion appears, completing your entire thought.

Sometimes it's exactly what you needed, other times it's completely wrong but looks plausible enough that you waste 20 minutes debugging why the AI's "solution" doesn't work.

What It Actually Does:

• Decent autocompletion across most programming languages

• Sometimes writes working functions from comments

• Often suggests code that looks right but breaks in weird ways

• Converts natural language to code (when it feels like it)

• The productivity stats are marketing bullshit designed to justify the subscription cost, but it does save typing

The new GitHub Models and Spark stuff are Microsoft trying to make GitHub the center of everything AI.

It's fine if you're already in their ecosystem.

Actions: CI/CD That Mostly Works

GitHub Actions is their CI/CD system.

It's slower than GitLab CI but integrates better with the rest of GitHub. Millions of workflows run daily, with continuous deployment becoming more popular. The free tier gives you 2000 minutes, which disappears faster than free pizza at a developer conference.

What You Get:

• 2000 free minutes that you'll burn through in a week

• Enterprise gets 50,000 minutes, which is actually reasonable

• Marketplace with thousands of pre-built actions (quality varies wildly)

• Self-hosted runners if you don't trust Microsoft's infrastructure

• Windows and mac

OS runners cost 2x and 10x respectively

• the Windows runners also take 3 minutes just to boot up, so your 30-second test suite becomes a 5-minute CI run

Actions workflows are YAML hell, but at least the documentation is decent.

Our CI started failing randomly because a popular marketplace action got updated and broke backward compatibility. No warning, just suddenly everything's red. Pro tip: always pin action versions unless you enjoy debugging random breakages.

Project Management:

Jira for People Who Hate Jira Less

GitHub Projects is their project management tool. It's better than Issues but worse than dedicated PM tools like Linear or Notion. Good enough if you don't want to pay for Jira.

The new Projects interface is actually usable, unlike the old one that everyone ignored. You can make Kanban boards that don't completely suck and track milestones without wanting to throw your laptop.

Packages:

Docker Registry That Costs More Than Docker Hub

GitHub Packages is their package registry. It works for npm, Docker, Maven, whatever. The free tier is 500MB, which is basically nothing if you're publishing container images. Enterprise gets 50GB, which is reasonable.

The container registry is fine but more expensive than Docker Hub or AWS ECR. Use it if you want everything in one place, skip it if you're watching costs.

The Apps Nobody Uses

GitHub Mobile exists but you'll never use it for actual coding. It's decent for checking PRs while pretending to pay attention in meetings.

GitHub CLI is actually pretty good

• faster than clicking through the web interface. GitHub Desktop is for people who are afraid of the command line.

![GitHub Flow

• Basic Git Workflow](https://docs.github.com/assets/cb-23923/images/help/repository/branching.png)

GitHub won the version control wars through a combination of timing, network effects, and not being totally incompetent. Now they're everywhere and there's no easy way out.

Everyone's Stuck on GitHub

Most companies use GitHub because switching is a nightmare, not because it's perfect. The Fortune 100 adoption stats are impressive but misleading - they're there because everyone else is there, not because GitHub is objectively the best.

Microsoft buying GitHub for $7.5 billion in 2018 was smart. They get to control where most code lives and slowly push developers toward their other products. The open source community freaked out initially but mostly got over it when Microsoft didn't immediately ruin everything.

Why It Matters:

• Network effects are brutal - if your dependencies are on GitHub, you're probably on GitHub
• Hiring is easier when everyone knows the same platform
• Enterprise likes "nobody gets fired for buying Microsoft"
• Switching costs increase exponentially with team size

The Numbers Game

GitHub has stupid numbers because they got there first and stayed there:

• 100+ million developers as of 2024, growing fast worldwide
• Over 420 million repositories hosted on the platform
• Billions in revenue means Microsoft isn't shutting it down anytime soon
• Python became the most popular language on GitHub, overtaking JavaScript due to AI development boom
• Billions of contributions made across projects every year

The language trends are actually useful - TypeScript adoption shows developers are tired of JavaScript's bullshit, and Rust growth indicates people want performance without C++ headaches.

The Ecosystem Lock-In

The GitHub Marketplace exists to keep you trapped in their ecosystem. Every integration makes switching harder:

• Third-party apps that only work with GitHub
• CI/CD workflows that assume GitHub-specific features
• Security tools that integrate deeply with GitHub's APIs
• GitHub Apps for authentication and authorization

The marketplace quality is inconsistent - some apps are essential, others are abandoned side projects with GitHub branding.

Open Source Hostage Situation

GitHub hosts most open source projects because that's where developers expect to find them. This creates a weird monopoly:

• If you want contributors, you need to be where they are
• GitHub Sponsors helps maintainers get paid but ties them deeper into the platform
• The security advisory system is useful but proprietary
• GitHub Pages provides free hosting that hooks projects into their ecosystem

The biggest projects like VS Code and React being on GitHub makes alternatives look less legitimate.

Competition Is Dead in the Water

GitLab has better CI/CD and Bitbucket has better Jira integration, but GitHub's network effects are insurmountable:

• Developers don't want to learn new platforms
• Recruiters search for candidates by GitHub profiles
• Enterprise buyers trust Microsoft more than smaller companies
• The AI integration with Copilot gives them a moat

Why Alternatives Struggle:
We tried migrating to GitLab in 2023. The code moved fine, but we lost 3 years of issue history, broke like a dozen integrations, and confused half the team. We moved back after two weeks because it was a fucking disaster.

• Migration tools suck and lose important data
• Social features (stars, following, etc.) don't transfer
• Third-party integrations assume GitHub APIs
• Muscle memory and familiarity favor incumbents

The Future: More Lock-In

Microsoft's strategy is obvious - make GitHub the center of everything:

• Copilot integration pushes you toward their AI services
• Azure DevOps integration for enterprise customers
• VS Code and GitHub Codespaces create seamless workflows
• GitHub Models positions them for the AI development boom

They're not trying to be the best at everything, just good enough at enough things that switching becomes impossible.