GitHub Migration: Opportunities, Challenges and Strategies

In the dynamic world of software development, choosing the right tool is crucial to a project's success. Azure DevOps and GitHub are two of the most popular platforms developers use worldwide. Since 2018, Microsoft has owned both platforms. Whether and to what extent Microsoft will operate both platforms in the long term or merge them in some way is currently unclear.

While Azure DevOps (ADO) offers a comprehensive suite of development and project management tool suite, GitHub has become increasingly popular in recent years thanks to its user-friendly interface and strong community. GitHub also offers some modern features, such as GitHub Advanced Security or GitHub Copilot. The wealth of integrated features convinced us to migrate to GitHub.

After thorough analysis and discussion, we decided to consider a GitHub migration. The main reasons for this decision were:

• Improved collaboration: GitHub provides a social coding environment allowing developers to collaborate seamlessly and provide feedback.
• GitHub Copilot: The AI-supported programming assistant, which makes code suggestions directly while writing and increases developer productivity.
• GitHub Actions: It is a great advantage to be able to create and manage CI/CD workflows directly in GitHub is a great advantage.
• Community and support: The large developer community and the extensive support GitHub provides make the platform attractive.
• GitHub Advanced Security: A collection of additional security features provides, for example, code scans or dependency checks.
• GitHub Enterprise Billing: The new billing platform allows users to create cost centers and assign them to specific users, organizations, or repositories.

Licensing in GitHub Enterprise Cloud is based on a session-based model where user licenses are managed via an Enterprise account. Here are the key points:

User-based licenses

• Every person with access to private repositories under an Enterprise account requires a license.
• Licenses apply to users regardless of how many organizations or repositories they use within the company account.

License assignment

• Licenses are automatically assigned when a user is added to an organization within the Enterprise account.
• Administrators can manage licenses centrally via the Enterprise Dashboard.

Invoice

• Billing takes place on a monthly or annual basis, depending on the contract.
• Additional licenses can be purchased if required and billing will be adjusted accordingly.

GitHub Advanced Security (GHAS)

• Functions such as code scanning and secret scanning require an additional license per user.

Additional products

• Add-ons such as GitHub Copilot for Business or storage for GitHub Actions are billed separately.

The Security Dashboard in GitHub Enterprise Cloud provides a central overview of security issues in organizations and repositories. This is based on the GitHub Advanced Security Features:

• Code scanning: Automatic checking of code for security vulnerabilities
• Dependabot: Analysis of dependencies in projects to detect known security vulnerabilities
• Secret Scanning: Detection of secret keys or sensitive information in code
• Dependency Graph: Visualization of project dependencies
• Security alerts: Automatic notification of security problems

Among other things, Azure DevOps and GitHub differ in their structural organization. The graphic shows that GitHub has a superordinate "Enterprise" level, which brackets the organizations. The "projects" also have different meanings. While Azure DevOps "project" forms an organizational bracket around pipelines, boards, repositories, etc., the project within GitHub is more comparable to the boards in Azure DevOps and is used for work item management. ADO's CI/CD processes are under the term pipelines and are managed at the project level. In GitHub, these processes can be implemented with actions and are managed via a repository. Once you have understood these structural changes, it is easier to switch to GitHub, and you will quickly find your way around the platform.

Repos

Azure DevOps supports both Git and Team Foundation Version Control (TFVC) for version control. As TFVC is no longer supported in GitHub, a migration to Git is required. There are various approaches for carrying out this migration. If the repository to be migrated is already managed in Git and does not contain large files, the easiest option is to import it via the GitHub website. For repositories that are still managed with TFVC, external tools such as "git-tfs" are recommended. Alternatively, it is also possible to migrate the repository within Azure DevOps to Git and then to GitHub. Large files may also require external tools such as "git-lfs". To reduce the migration time, cleaning up the branches that are no longer required before the migration makes sense.

CI / CD

The basic principle of Continuous Integration and Continuous Deployment (CI/CD) is the same in both worlds. The structure of GitHub Actions is similar to the AOD YAML pipelines, but there are differences in the syntax and the marketplace. The GitHub Marketplace is very community-driven and offers a wide range of functions.

Projects/work items

Azure boards are comprehensive and offer various evaluation options and good output templates. In comparison, the options with GitHub Projects are somewhat more limited. However, GitHub Projects offers basic templates that are good and sufficient for many projects.

The GitHub migration has paid off for us, both technologically and culturally. The platform promotes open collaboration, offers modern features, and can be flexibly integrated into existing toolchains. Of course, not everything went smoothly, but with a clear migration plan and direct communication between IT and specialist departments, even significant platform changes can be implemented efficiently.