While everyone is familiar with using GitHub to manage source code, not everyone is aware of how the GitHub API can make it much more capable than just version control. In this blog post, we’ll show you how to use the API to improve your CICD environment(s).
Personal Access Tokens
Fine-grained Access Tokens make utilizing GitHub’s REST and GraphQL APIs easier than ever before for teams. All you need is a personal access token (PAT) with the necessary permissions. That means everyone, not just organization admins, can get started with benefiting from the API. When wanting to leverage the API on behalf of your org, GitHub recommends creating a GitHub app, which we’ll get into later.
Cleanup Tasks
Within an organization, cleaning up old resources such as repos and issues is often needed to keep the workspace from becoming cluttered. The GitHub API can be utilized for cleaning up these resources by leveraging its ability to filter and delete. For example, the following code sample demonstrates how you can leverage the GitHub API using the PyGithub library to do a cleanup of unused repositories at the organization level and have it run once a month as a GitHub Action:
A GitHub Gist containing a Python Script and GitHub Action Workflow for monthly repo maintenance.
Funnel Data Out to ES
Some people utilize the GitHub API exclusively for extracting data from within their org. Integrating the data extracted with visualization libraries like D3.js is really easy, but you can also take this one step further by taking your extracted data, consolidating it, and throwing it into something like ElasticSearch. This allows you to query that data easily and even hook it up to Grafana and make some really neat visualizations.
Enforcing Standardization
You may have heard of GitHub templates allowing users to create repositories following a particular format or structure depending on the intended use of the repository. After this is created, however, we might want to enforce the maintenance of this state such as making sure every repository contains a Dependabot configuration and a README, contribution guidelines, etc. You can also take the GitHub API further and use it for administrative purposes. For example, you could prevent adding an administrator to a repo and sending notifications to other users to let them know of an attempt to add one.
If you want to get adventurous, you can use the contents API to check and modify files in a repo. Say, for example, you want to enforce that a pipeline executes a GitHub Action that runs a SonarQube scan. You can use this API to get the contents and use a YAML parser to check that this step exists.
Self-Service Jobs
Self-service jobs can be used to perform tasks that require escalated privileges based on user input. The jobs can be limited to specific requirements that need to be done before execution. For example, a job that sets repo visibility to ‘Public’ could verify that the repo has a code of conduct and licensing details, and doesn’t contain sensitive information.
Expanding on the examples mentioned above (using the contents API, GitHub Actions, and self-service jobs), the following repo demonstrates how you can use the GitHub API and GitHub Actions to create repos that follow a company standard/policy:
GitHub API for Bots
If you ever contributed to an open-source project, you may have come across some bots. These bots can validate the format of issues, assign labels, reply to comments, assign people to tasks, and much more! These bots are GitHub Apps that leverage the GitHub API to perform operations. They commonly use the Issues API to interact with comments and add further information. Here is an example of Kubernetes’ guide to interacting with their bot, Prow. To see it in action, hop on over to the issues or PR section of the Kubernetes repository.
Third-Party Integrations
Third-party tools such as work tracking systems, chatbots, ticketing systems, cloud platforms, and internal applications can all integrate with GitHub via their API. For example, some things that can be retrieved are the current status of rate limits for billing purposes, code scanning results, and workflow status.
And of course, there are libraries/SDKs for interacting with the API in multiple different languages such as Go, JavaScript/TypeScript, Python, and more. It’s important to note that GitHub released a blog post on January 3, 2024 that outlines their move from “static” libraries to automatically generated SDKs using Kiota with the first SDKs available for Go and .NET.
There is tremendous value in automating common tasks, and the GitHub API gives you the power to make life easier for you and your organization.
Conclusion
The GitHub API is a powerful tool that extends beyond basic version control, offering a multitude of possibilities for automating and enhancing various aspects of software development and organizational workflows. From cleaning up resources and enforcing standardization to integrating with third-party systems and creating bots, the GitHub API opens up a world of efficiency and customization. With the ease of use provided by Personal Access Tokens and the support of various libraries/SDKs, teams of all sizes can harness the API to streamline their processes, ensure compliance, and foster a more productive and innovative environment.
At Liatrio, we specialize in leveraging tools like the GitHub API to transform and streamline software delivery processes for organizations. Our expertise lies in identifying and implementing automated solutions that enhance collaboration, efficiency, and innovation within software teams. By partnering with us, your organization can unlock the full potential of GitHub, from automating mundane tasks to creating sophisticated workflows that align with your specific development needs.
Be on the lookout for more content specific to some of these examples.
