'%2F%3E%3Ccircle%20cx%3D'680'%20cy%3D'80'%20r%3D'130'%20fill%3D'%233fb950'%20opacity%3D'0.08'%2F%3E%3Ccircle%20cx%3D'90'%20cy%3D'380'%20r%3D'110'%20fill%3D'%2358a6ff'%20opacity%3D'0.07'%2F%3E%3Crect%20x%3D'40'%20y%3D'40'%20width%3D'180'%20height%3D'30'%20rx%3D'15'%20fill%3D'%233fb950'%2F%3E%3Ctext%20x%3D'130'%20y%3D'61'%20text-anchor%3D'middle'%20font-family%3D'Arial%2Csans-serif'%20font-size%3D'13'%20font-weight%3D'700'%20fill%3D'%230d1117'%3EDEVOPS%20-%20PART%201%20OF%203%3C%2Ftext%3E%3Ctext%20x%3D'40'%20y%3D'130'%20font-family%3D'Arial%2Csans-serif'%20font-size%3D'42'%20font-weight%3D'800'%20fill%3D'%23ffffff'%3EGitHub%20Fundamentals%3C%2Ftext%3E%3Ctext%20x%3D'40'%20y%3D'180'%20font-family%3D'Arial%2Csans-serif'%20font-size%3D'42'%20font-weight%3D'800'%20fill%3D'%23ffffff'%3EDeep%20Dive%3C%2Ftext%3E%3Ctext%20x%3D'40'%20y%3D'220'%20font-family%3D'Arial%2Csans-serif'%20font-size%3D'22'%20font-weight%3D'700'%20fill%3D'url(%23gg)'%3ERepositories%20-%20Branches%20-%20Pull%20Requests%3C%2Ftext%3E%3Ctext%20x%3D'40'%20y%3D'255'%20font-family%3D'Arial%2Csans-serif'%20font-size%3D'14'%20fill%3D'%23c9d1d9'%3EThe%20collaboration%20model%20behind%20100M%2B%20developers%3C%2Ftext%3E%3Cg%20transform%3D'translate(40%2C290)'%3E%3Crect%20width%3D'170'%20height%3D'100'%20rx%3D'10'%20fill%3D'%230d2818'%20stroke%3D'%233fb950'%2F%3E%3Ctext%20x%3D'85'%20y%3D'52'%20text-anchor%3D'middle'%20font-family%3D'Arial'%20font-size%3D'30'%20font-weight%3D'800'%20fill%3D'%233fb950'%3ERepos%3C%2Ftext%3E%3Ctext%20x%3D'85'%20y%3D'80'%20text-anchor%3D'middle'%20font-family%3D'Arial'%20font-size%3D'12'%20fill%3D'%237ee787'%3ECode%20-%20Issues%20-%20Wiki%3C%2Ftext%3E%3C%2Fg%3E%3Cg%20transform%3D'translate(220%2C290)'%3E%3Crect%20width%3D'170'%20height%3D'100'%20rx%3D'10'%20fill%3D'%230c2237'%20stroke%3D'%2358a6ff'%2F%3E%3Ctext%20x%3D'85'%20y%3D'52'%20text-anchor%3D'middle'%20font-family%3D'Arial'%20font-size%3D'30'%20font-weight%3D'800'%20fill%3D'%2358a6ff'%3EBranches%3C%2Ftext%3E%3Ctext%20x%3D'85'%20y%3D'80'%20text-anchor%3D'middle'%20font-family%3D'Arial'%20font-size%3D'12'%20fill%3D'%2379c0ff'%3EGit%20Flow%20-%20Trunk-based%3C%2Ftext%3E%3C%2Fg%3E%3Cg%20transform%3D'translate(400%2C290)'%3E%3Crect%20width%3D'170'%20height%3D'100'%20rx%3D'10'%20fill%3D'%233b1d4d'%20stroke%3D'%23a371f7'%2F%3E%3Ctext%20x%3D'85'%20y%3D'52'%20text-anchor%3D'middle'%20font-family%3D'Arial'%20font-size%3D'30'%20font-weight%3D'800'%20fill%3D'%23a371f7'%3EPRs%3C%2Ftext%3E%3Ctext%20x%3D'85'%20y%3D'80'%20text-anchor%3D'middle'%20font-family%3D'Arial'%20font-size%3D'12'%20fill%3D'%23d2a8ff'%3EReview%20-%20Merge%3C%2Ftext%3E%3C%2Fg%3E%3Cg%20transform%3D'translate(580%2C290)'%3E%3Crect%20width%3D'170'%20height%3D'100'%20rx%3D'10'%20fill%3D'%234a1f1f'%20stroke%3D'%23f85149'%2F%3E%3Ctext%20x%3D'85'%20y%3D'52'%20text-anchor%3D'middle'%20font-family%3D'Arial'%20font-size%3D'30'%20font-weight%3D'800'%20fill%3D'%23f85149'%3EIssues%3C%2Ftext%3E%3Ctext%20x%3D'85'%20y%3D'80'%20text-anchor%3D'middle'%20font-family%3D'Arial'%20font-size%3D'12'%20fill%3D'%23ffa198'%3EProjects%20-%20Roadmaps%3C%2Ftext%3E%3C%2Fg%3E%3Ctext%20x%3D'400'%20y%3D'425'%20text-anchor%3D'middle'%20font-family%3D'Arial'%20font-size%3D'12'%20fill%3D'%237d8590'%3EForks%20-%20Stars%20-%20Codespaces%20-%20Pages%20-%20Releases%20-%20Wiki%20-%20Discussions%3C%2Ftext%3E%3C%2Fsvg%3E)
- ▸ Part 1: Repositories, Branches & Pull Requests YOU ARE HERE
- Part 2: GitHub Actions, Workflows & OIDC →
- Part 3: Packages, Container Registry & Security →
Note: This is Part 1 of a three-part deep dive into GitHub. Part 2 covers GitHub Actions in depth, and Part 3 covers GitHub Packages and Security.
GitHub started in 2008 as a hosted Git service and has since become the central nervous system of modern software development, used by more than 100 million developers across millions of organizations. While many treat it as a code host with some extras, GitHub is really a tightly integrated platform combining version control, code review, project management, automation, package distribution, and security tooling. This article is a deep dive into the foundational layer: repositories, branches, pull requests, and the collaboration model that everything else builds on.
1. Git vs GitHub: Setting the Mental Model
Git is the distributed version control system invented by Linus Torvalds in 2005. GitHub is a hosting platform built on top of Git that adds a web UI, access control, collaboration features, automation, and a vast ecosystem of integrations. You can use Git without GitHub, but you cannot use GitHub without Git as the underlying engine.
Local repositories, commits, branches, merges. Works offline. Identical across all hosting providers.
Cloud hosting, PRs, Issues, Actions, Packages, Pages, security, identity, billing, API.
2. Anatomy of a GitHub Repository
A repository ("repo") is the unit of project organization on GitHub. It contains the Git history plus a rich set of metadata: issues, pull requests, releases, wiki pages, projects, discussions, security advisories, and configuration like CODEOWNERS, branch protection rules, and workflows. Repositories can be public, private, or internal (visible only to members of an enterprise).
my-repo/
.github/ -- GitHub-aware config
workflows/ -- GitHub Actions YAML
CODEOWNERS -- review routing
ISSUE_TEMPLATE/ -- issue forms
PULL_REQUEST_TEMPLATE.md
dependabot.yml -- update automation
src/ -- your code
tests/
README.md -- project front page
LICENSE -- open-source license
SECURITY.md -- vulnerability disclosure
CONTRIBUTING.md -- contributor guide
.gitignore3. Branches and Branching Strategies
Branches are independent lines of development inside a repository. Modern teams generally pick one of three strategies depending on team size, release cadence, and risk tolerance.
| Strategy | Branches | Best For | Trade-offs |
|---|---|---|---|
| Trunk-based | main + short-lived | CI/CD-heavy teams | Requires strong tests, feature flags |
| GitHub Flow | main + feature | Web apps, continuous deploy | No explicit release branches |
| Git Flow | main, develop, release/*, hotfix/* | Versioned software, mobile apps | Complex, slower throughput |
| Release Flow | main + release/* per train | Large products with cohorts | Cherry-pick discipline required |
4. Pull Requests: The Heart of Collaboration
A pull request (PR) is the GitHub wrapper around a Git diff: a proposed change from one branch into another, paired with discussion, code review, automated checks, and merge controls. The PR is the single most important workflow object on GitHub - it is where code review happens, where CI runs, where required reviewers and status checks are enforced, and where the audit trail lives.
GitHub provides three merge modes, each with very different implications for the resulting history:
Preserves the branch shape with a merge node. Good for tracing PRs to commits.
Collapses the PR into one commit on main. Clean linear history. Most popular.
Replays each commit onto main. Linear, preserves individual commits.
5. Code Review: CODEOWNERS, Required Reviewers, and Suggestions
Code review on GitHub is implemented through the PR Review system. You can leave inline comments, suggest changes (which the author can apply with one click), request changes (a blocking state), or approve. Beyond ad-hoc review, teams use two main mechanisms to enforce quality:
- CODEOWNERS - A file at
.github/CODEOWNERSmapping path patterns to owners. When a PR touches a path, the matching owners are auto-requested as reviewers. - Branch protection rules - Require N approvals, require CODEOWNER approval, require status checks, require linear history, require signed commits, and forbid force-pushes.
# .github/CODEOWNERS
* @org/maintainers
/src/auth/ @org/security-team
/infrastructure/ @org/platform-team @alice
*.tsx @org/frontend
/.github/workflows/ @org/devops6. Issues, Projects and Discussions
Issues are the GitHub lightweight tracker. They support labels, assignees, milestones, linked PRs, sub-issues, and now Issue Forms: structured YAML-defined templates that produce typed inputs. Issues feed into GitHub Projects, a flexible tracker (kanban / table / roadmap views) that can pull from multiple repos and add custom fields, iterations, and automation. Discussions provide a forum-style space for Q&A, polls, and announcements separate from actionable work.
Bugs, tasks, feature requests. Per-repo, with labels & milestones.
Cross-repo planning. Kanban, tables, roadmaps. Custom fields, iterations.
Async Q&A, polls, announcements. Not tied to code changes.
7. Forking and the Inner / Outer Loop
A fork is a server-side copy of a repository under another account, with a tracked relationship to the upstream. Forks power open-source contribution: you fork, push to your fork, then open a cross-repo PR back to the original. Inside organizations, forks are also useful for sandboxing and for repos with restricted write access.
org/repo
you/repo
back upstream
8. Releases and Tags
Tags are immutable Git pointers to specific commits, typically used for versions like v1.2.0. GitHub Releases build on top of tags by adding release notes (auto-generated from PRs and commits), binary attachments, and a public landing page. The Releases API is what package managers, installers, and update systems integrate with.
9. Codespaces and Dev Containers
GitHub Codespaces is a cloud development environment that boots a containerized VS Code workspace directly from a repository. Configuration lives in .devcontainer/devcontainer.json, ensuring every contributor gets the same toolchain (node version, Python interpreter, extensions, environment variables, and pre-installed dependencies) in seconds.
// .devcontainer/devcontainer.json
{
"name": "Node.js + TypeScript",
"image": "mcr.microsoft.com/devcontainers/typescript-node:20",
"features": {
"ghcr.io/devcontainers/features/github-cli:1": {},
"ghcr.io/devcontainers/features/docker-in-docker:2": {}
},
"postCreateCommand": "npm install",
"customizations": {
"vscode": {
"extensions": ["dbaeumer.vscode-eslint", "esbenp.prettier-vscode"]
}
},
"forwardPorts": [3000]
}10. The GitHub API and CLI
Everything you can do in the GitHub UI is exposed through the REST API, the GraphQL API, and the gh command-line tool. The CLI is especially useful for scripting and CI tasks - listing PRs, downloading run logs, creating issues, dispatching workflows, and managing releases.
# Create a PR from current branch
gh pr create --base main --title "Fix login bug" --body "Closes #142"
# List open PRs that need your review
gh pr list --search "review-requested:@me is:open"
# Trigger a workflow_dispatch run
gh workflow run deploy.yml --ref main -f environment=staging
# Stream logs of the most recent run
gh run watch11. Permissions: Personal, Organization and Enterprise
GitHub has three tiers of access. Personal accounts own their own repos. Organizations group repos, teams, and billing under a namespace, with role-based permissions (Owner, Member, Outside Collaborator) and Teams that map to PR review and CODEOWNERS routing. Enterprise accounts sit above organizations and add SSO/SAML, SCIM provisioning, audit log streaming, IP allow lists, and centralized policy.
Individual repos, free private repos, public OSS.
Teams, role-based access, billing, audit log.
SSO, SCIM, policy, audit streaming, IP allow lists.
Conclusion
Underneath the visual polish, the GitHub collaboration model is remarkably consistent: a repository contains Git history and metadata, branches isolate work, pull requests propose changes with review and automation gates, and orgs/teams/CODEOWNERS define who can do what. Master these primitives and the more advanced layers (Actions, Packages, Security, and Copilot) all become much easier to reason about. Part 2 of this series covers GitHub Actions in depth: workflows, runners, matrix builds, caching strategies, reusable workflows, and secure deployments with OIDC.
- ▸ Part 1: Repositories, Branches & Pull Requests YOU ARE HERE
- Part 2: GitHub Actions, Workflows & OIDC →
- Part 3: Packages, Container Registry & Security →