
How Azure scaled to 2,000 employees on GitHub - us0r
https://azure.microsoft.com/en-us/blog/enterprise-scale-github-at-azure/
======
nikolay
Coming from a custom Gitolite [0] setup where I was able to protect branches
and reject commits and do other basic or complex stuff with ease, GitHub looks
like a joke. Their "improved" permissioning made me laugh. It doesn't even
show signed commits, tags, and branches! Simply put, I like the "Hub", I hate
the "Git" in GitHub.

[0]
[https://github.com/sitaramc/gitolite](https://github.com/sitaramc/gitolite)

~~~
nahname
Definitely sounds like a cultural mismatch between your work environment and
the expected github work environment.

~~~
toomuchtodo
I don't think that's the case. I work at a startup with a fairly permissive
commit policy (forgiveness > permission), and because of how Github is
architected, we have to put policies in place about which branches someone
can/should commit to in READMEs (branch X should always build, branch Y should
is where code get staged for tested, and so forth), instead of within the
tooling.

As someone at Google once said, "If your policy doesn't exist in software, it
doesn't exist."

------
epaulson
I've used this as an outsider to do some work with Microsoft and it's really
slick.

I wish the Visual Studio Online team would look a little harder at Github and
steal more of its Issues experience, and have something more lightweight than
the backlog monster they've got now. I think it's not uncommon for VSO users
to keep a Github sync of their code so they can use GH for issues and day to
day code and VSO for builds and deploys.

~~~
partiallypro
I use VSO for the free private repos, but really it needs to be overhauled in
a number of ways...a name change itself would go a long way. "Visual Studio
Online" sounds like I'm actually going to be using an online version of VS
like Office 365's online apps...but nope. It's a bit of a marketing nightmare.
Even the guys from Microsoft were complaining about the naming making it hard
to make people understand when I was at Build this year.

~~~
johngossman
We just renamed it to "Visual Studio Team Services" last week. Yeah, everybody
assumed it was an online version of Visual Studio.

[https://www.visualstudio.com/en-us/products/visual-studio-
te...](https://www.visualstudio.com/en-us/products/visual-studio-team-
services-vs.aspx)

~~~
junto
Isn't it just a version of TFS online using a SAAS billing concept?

Wouldn't "TFS Online" be a better description if you want to stock with the
Microsoft unimaginative naming policy? At least it says exactly what it is.

My personal opinion is that Microsoft should just go with the internal names.
They are more interesting and memorable for customers. They are often one
word, rather than five. Visual Studio Team System Online 2020 Developer
Edition.... Sorry, started snoring after 3 words.

[https://en.m.wikipedia.org/wiki/List_of_Microsoft_codenames](https://en.m.wikipedia.org/wiki/List_of_Microsoft_codenames)

------
brugidou
We are using [https://github.com/rapid7/github-
connector](https://github.com/rapid7/github-connector) to sync github org
users with an internal AD.

------
stephenr
The "inviting a person to the org" issue sounds like a failing on the GH side.
Why can't you just invite someone by email and let them choose the account to
use the invite with (or create one)??

~~~
jedberg
You send me an invite. I choose to use it with my account that I set up while
working at your competitor. Now your competitor potentially has access.

At least the way they do it now gives some control to the org as to who has
access to their account. It's inconvenient but it biases towards making on
boarding hard to make control and off boarding easier.

Also, GitHub wants to avoid the same person having multiple accounts. Their
focus is the developer, not the org. So they want all your work to be
associated with you.

I still have stuff on my account that is associated with Netflix and reddit.
Because the account is tied to my personal account, those orgs can never
"remove" my contribution.

~~~
adrianN
A malicious employee can simply send the code to the competitor. There is no
need to set up an account that is controlled by the competitor to evade access
protections.

~~~
johncolanduoni
I think the point is that in this way it can happen without the employee
intending it to happen.

~~~
stephenr
How though? Can someone explain a situation where a GH organisation
automatically gets access to another organisations' repos through a shared
individual member?

------
tacos
AWS has a horse in this race. Odd not to see it mentioned yet...

[https://aws.amazon.com/codecommit/pricing/](https://aws.amazon.com/codecommit/pricing/)

~~~
mwfj
And they even named their product in a way so that people could understand
what it is about! That is so unlike them!

------
abluecloud
Slight digression but I find it a bit odd they've used Safari in their
screenshots.

~~~
jmspring
When working with open source, sometimes it is best to use the tools
appropriate to the projects you are working on or people you are working with.

I work in DX/Evangelism at MSFT and a lot of work around containers, etc, at
the moment is easier on *nix than it is on Windows (for me). I've got both
machines as well as a Windows VM on the Mac if I need something there...

~~~
Alupis
> When working with open source, sometimes it is best to use the tools
> appropriate to the projects you are working on or people you are working
> with

Which would be Chrome then (since it dominates browser share), instead of
Safari.

Perhaps the person making the screenshots wanted to use a *nix system, but
didn't want to be caught showing off the competition's product.

~~~
jeffwilcox
I wasn't trying to make a browser politics statement in the post, but am glad
to be able to work in the new Microsoft that is proud of whatever platform and
tool works - including employees.

Personally I use Safari when I'm on battery all day (coffee shops, etc.),
Chrome when I need multiple profile support, and I tend to split Chrome/Edge
when in my Windows VM.

------
ossreality
The tool is really well done and impressive. Yes, it exists to work around
gaps in GitHub's functionality, but it's not like we're going to self host git
repos and use gitolite...

~~~
jeffwilcox
My hope is that I can delete this in the future.

It's a scary place to be in when we're 1) dependent on a third party, 2) we
have to follow GitHub and the API down the rabbit whole, and 3) we are just
trying to enable our team to get going fast and hope in time GitHub can just
give us all the right tools that check at least some boxes we need, i.e. very
granular management to delegate decision making even more.

~~~
EvanPlaice
What's so scary about it?

Any data that is stored on GitHub (ex issues, PRs) can be pulled down via the
REST API. So, it should be relatively easy to build a migration tool or
alternate UI if necessary.

