GitHub Top 10 Best Practices

9)Protect the main branches from direct commits

8)Avoid unrecognized committers

7)Define CODEOWNERS for each repository

6)Separate secret credentials from source code

5)Avoid committing dependencies into your project

4)Separate configuration files from source code

3)Create a meaningful .gitignore file for your projects

2)Archive dead repositories

1)Lock package version

0)Align packages versioning

What are your best practices? Feel free to add.

11 Likes

Use a .gitattributes file to specify which language is used in files with a vague extension, or to exclude vendor code that is not recognized by GH?

  1. is a really good one though!
3 Likes

Good list! Here are some more:

  • Commit early and often
  • Provide useful commit messages
  • Add a README.md file to each of your repositories
  • Add a SECURITY.md file to each of your repositories
  • Choose an appropriate open source license
  • Periodically change SSH keys and personal access tokens to mitigate the risk of stolen keys/tokens that you may not even know about
  • Require two-factor authentication (2FA) for all of your team’s GitHub accounts
  • Remember to revoke repository access when a team member leaves a team or the organization
3 Likes

We had a lot of discrepancies problems on production because we didn’t follow best practice #0

Here is another GH best practice which I like, but not everyone enforces:

Dismiss stale pull request approvals when new commits are pushed

It’s pretty basic but super important! 

2 Likes
  • Use “require multiple reviewers” on protected branches to improve code quality
  • Use code owners to ensure review by domain experts by file extension/regex
2 Likes