The InnerSource Journey

A presentation at Codemotion in October 2019 in Milan, Metropolitan City of Milan, Italy by Brent Beer

Slide 1

Slide 1

Hi! First i want to mention what an absolute pleasure it is to be here to be able to talk to you all today. Before we get started: how many people are using GitHub already for personal use how many are using it for work

Slide 2

Slide 2

I’m Brent Beer. I’m a solutions engineer over at github and i love talking to people about GitHub, helping them use it better, and ultimately be happier in their day to day. If i can do that then i’m happy. One way I think I can achieve that is by promoting some cultural changes, and that’s what I’m here to talk to you about! I get overly excited at times, I hope that’s okay =)

Slide 3

Slide 3

Ok. so I want to start out by just level setting to make sure when i talk about inner source, you all know what I’m talking about so when I talk about the problems people are facing (and therefore why it’s becoming popular) you can start to picture some things yourself. Then I want to move on to some core components of InnerSource, how to apply them, and conclude with some next steps to start us on this journey. I talk about some GitHub features for implementation, but these exist in other competitors as well but also I do know these are tools people know or are comfortable with in relation to GitHub.

Slide 4

Slide 4

Slide 5

Slide 5

How many people have heard of the InnerSource Commons? In short, it’s like the projects internally are open source and you want to discover and contribute to those projects, like people do on GitHub.com today. I like to think of it as a tiny little GitHub. or GitHub 8 years ago. or 9 years ago (depending on how many people you have). You all are in a unique position, you’re on GitHub.com! best of both worlds: enterprise and the community

Slide 6

Slide 6

But it’s interesting to think about the problems this solves. if you haven’t thought about it yet, here they are. I think it’s important to note this last part too, if you’ve consumed a bit of open source work…say a javascript library (a statistic i’ll touch on briefly), what if you find a bug in it and now you need to contribute back to it? That’s the circle of life right there.

Slide 7

Slide 7

So, that’s what InnerSource is, but what problems are people facing that they’re trying to solve that is making it so popular?? This by no means is a complete list! obviously.

Slide 8

Slide 8

What i hope is obvious now a days is that at the heart of this change, is the software engineer — we all should feel pretty good about that :) With that said, all of these companies have been using software for decades — its not just about using software to do things, but about changing our mindset to how we develop software One of those things that you hear of, is Devops.

Slide 9

Slide 9

And DevOps of course is the combining of operations and writing of software across the organization so people can get better at collaboration, workflows and automation, security, and this mindset of continuous improvement.

Slide 10

Slide 10

DevOps alone is not enough. everyone is “doing this”. It takes more than just embracing devops to get to the top teir of improvment — if you’re in the 93%, You may also need a culture change, and a set of best practices rooted in Collaboration and Continuous Improvement… So how do the rest get there?

Slide 11

Slide 11

I often mention in DevOps that silos exist. And I think DevOps helps us get rid of these smaller silos we have, but every company has these bigger silos as well between entire business units. and as this slide mentions, these silos can also be a thing that blocks you from the community. Silos won’t always go away, sometimes things need to be private. but we (all of us) have to challenge this if we want to achieve our goals

Slide 12

Slide 12

Even with DevOps, this is a common situation. it may not exist at a company of 20 developers where everyone knows each otther, but a lott of them most people don’t even know about what’s going on everywhere. Code Reuse is severely lacking (there’s also probably not a design systems team, but more on that at the end)

Slide 13

Slide 13

Additionally to the struggle of knowing what’s being developed is closely followed by these

Slide 14

Slide 14

And a lot of these struggles of reuse and discovery can come from Conways law: “organizations which build systems are constrained to produce designs which are copies of the communication structures of these organizations.” Maybe your organization looks like this? or a small department can

Slide 15

Slide 15

And it’s broken into these units maybe. But…How does communication happen here? How does collaboration happen here?

Slide 16

Slide 16

Lord help us, what if it’s more like this?? Organizational distance is a pain in the ass sometimes. Regulations and rules of sharing can get in the way of innovation. But it doesn’t have to

Slide 17

Slide 17

So let’s look at this inner source thing.

Slide 18

Slide 18

Just to review, here are the goals - Encourage the natural desire to contribute to other code in an open source sense. that satisfaction users get from contributing to other projects. celebrate it

Slide 19

Slide 19

Based on these, you should be defining what you want to achieve too. I’ll break these down a bit more in terms of strategies around each. And then apply GitHub features to them to make it more concrete on how you can utilize a tool to help you!

Slide 20

Slide 20

Open: Create a level playing field for the open sharing of work. So what does “Open” mean? Well, in repositories its: - finding prior art isn’t possible if things aren’t open in the first place! - reuse as much as possible, this also could be an argument for more microservices, but i’ll save that for another conversation - contribute to those projects you do see and find if you’re using them! bug reports and documentation regret And for contributions its things like: - forking as a workflow is cumbersome, avoid it if you can. more permission with protection (details soon!)

Slide 21

Slide 21

Transparent: Ensure the process as well as the product is visible Being able to see the description of how something like a deployment process works is great. this is valid documentation beyond just explaining what a function does But the communication about how a feature was made? That’s important.

Slide 22

Slide 22

Transparent: Ensure the process as well as the product is visible

Slide 23

Slide 23

Slide 24

Slide 24

Transparent: Ensure the process as well as the product is visible Now you can have a conversation about it and not repeat yourself. new people can discover this a bit easier too don’t you think? What happens when there’s no one to ask?

Slide 25

Slide 25

Transparent: Ensure the process as well as the product is visible This one is all about pull requests and code review

Slide 26

Slide 26

Slide 27

Slide 27

You should think of transparency as a way to start at the top of this funnel. Credit goes to @mikemcquaid of GitHub, who has blogged about the contributor funnel before and also this is from https://opensource.guide/building-community/

Slide 28

Slide 28

Participative: Make it easier for others to collaborate together. Focusing on those 3 roles from the funnel: Users, contributors, maintainers. Those 3 users types for the funnel have main focuses revolving around participating. For the users, You want a low barrier to entry for these users in terms of the discovery (make it easy, this is sometimes done with dashboards of projects, or other exploratory tooling) as well as installation of the project

Slide 29

Slide 29

Participative: Make it easier for others to collaborate together For Contributors, they’re are doing things like opening issues, improving docs, offering insight in conversation, unsolicited improvements! yay, working on backlogs. Ultimately, you want to reduce the friction required to: - submit feedback - get up and running - make sure things are even working - finding ways to contribute Then you’ll have more contributors

Slide 30

Slide 30

Participative: Make it easier for others to collaborate together And reducing that friction is done by the maintainers. These maintainers set the vision, document some process (that past step!) set / maintain tone on the conversations approve / collaborate / deny submissions from contributors, and facilitate the shared ownership of the project. GitHub

Slide 31

Slide 31

Collaborative: Increase quality by increasing quantity This is encouraged with informal teams. These informal teams can do these things. Though you may not be structured in this way yet, let’s take a look at some examples of this to explain what i mean by informal (or adhoc) teams.

Slide 32

Slide 32

traditional engineering teams

Slide 33

Slide 33

teams with common interests: Adhoc teams

Slide 34

Slide 34

Slide 35

Slide 35

Slide 36

Slide 36

Slide 37

Slide 37

By allowing people to organize into interests like these, sharing and collaboration can more fluidly happen between the devGroups. javascript-devs from devGroupA may find solutions to problems that later devGroupC would need to know about. these teams can make it easy for knowledge transfer to happen Additionally, when bringing a team into the conversation on for code review, devGroupB and C javascript devs can get an idea of what their cohorts in the other teams are working on. that helps tie back to that transparency tenet.

Slide 38

Slide 38

Governed: Reduce missteps by providing clear goals and support. Lastly, Maintainers focus on this aspect. Good projects should have a way of reporting issues, and how to contribute (this is sort of like documentation but not about the code or process of using the tool, but helping that

Slide 39

Slide 39

Governed: Reduce missteps by providing clear goals and support And a lot of these policies and procedures are enforced by the maintainers or are automated. There should be Coordinated, and well-defined roles (user, contributor, core committer, mentor), stewardship of the community for these projects if they’re big enough.

Slide 40

Slide 40

Okay. we understand some problems, we’ve discussed what innersource sets out to achieve. how do we get there?

Slide 41

Slide 41

So, when implementing InnerSource, we need to think about these specific user types Remember this picture i talked about earlier with respect to getting people to find your project, use your project, contribute to it, and ultimately maintain it so it doesn’t rely on just you (or, you can share the ownership with more teams)

Slide 42

Slide 42

Those three types of people can be focused into these strategies. let’s look at each as a focus and what you can do to drive each one of these

Slide 43

Slide 43

Slide 44

Slide 44

Let’s start out simple. Every time you’re creating a repository or migrating from an existing system into GitHub, ask yourself do you need to keep it hidden from your Coworkers. Why? Sometimes there’s legal requirements buttttt if there isn’t, don’t be shy :)

Slide 45

Slide 45

Internal permission model is the way GitHub is beginning to make this easier. We’re receiving feedback about this every day and we want to improve it, but it’s a great way to get started. Internal repo visibility allows enterprise members to see and collaborate on code with each other, while keeping that IP confidential from outside collaborators (i.e. contractors). tenet: open

Slide 46

Slide 46

This may be a no-brainer and i know you can understand it. sometimes one system can be a pain to log into and get access to, and if you are told it’s in a system you don’t know or haven’t used before or don’t know a lot of people using? can get difficult

Slide 47

Slide 47

Slide 48

Slide 48

Azure/azure-cli This time I’m grabbing the readme, i think this is the best place for contributor docs, or a wiki, but wiki’s are good because they can’t use typical workflows like pull requests to be updated. tenet: collaborate and participative

Slide 49

Slide 49

Home-brew is a great example of general documentation. General public doesn’t need to go looking at the code, it can just read this site and get started. projects that other teams are using should have documentation like this. I think anyways. There’s a lot of good examples of pages sites at https://github.com/collections/github-pages-examples

Slide 50

Slide 50

kong/kong (an API gateway) is quite nice on this. It links to their changelog entry which then also links to each feature brought in through a pull request =)

Slide 51

Slide 51

and if writing those releases notes is hard, take a look at Release Drafter in the GitHub Marketplace for Actions. Make these release notes easy, in fact, automate it.

Slide 52

Slide 52

Or the official GitHub action of creating a release

Slide 53

Slide 53

and then uploading it

Slide 54

Slide 54

Ok. next section: turning those users into contributors

Slide 55

Slide 55

Goal here is to do this

Slide 56

Slide 56

there’s many types of contributions, I’m sure there’s ones I’m not listing here.

Slide 57

Slide 57

Super old blog post, but we have this philosophy still at GitHub about making it easy to hop into another team’s project and very quickly being able to get running. because we set up this years ago and it still happens today. great pattern.

Slide 58

Slide 58

using issue templates make it easy for others to report issues or otherwise give feedback There’s also pull request templates

Slide 59

Slide 59

we are more receptive to feedback from pedantic robots than pedantic people. If you’re familiar with the GitHub interface you may be looking at this and wondering: yes, we do have 52 checks that run on the github/github codebase now 😵 🥴

Slide 60

Slide 60

I discussed some Actions in the previous section, but i think using them can help you as a maintainer. Serverless DevOps Automated workflows as code Flexible and scalable container execution Implement custom logic without an app GitHub

Slide 61

Slide 61

CI/CD focused Linux, macOS, Windows, and containers Support all languages and platforms Matrix builds Live logs Multi container testing JavaScript and container Actions Deploy to any cloud Automate any workflow

Slide 62

Slide 62

Here we have CI running to check our voice to make sure our documentation is solid. makes it easy to review!

Slide 63

Slide 63

“help wanted”, “good first issue” and issues like this are useful

Slide 64

Slide 64

GitHub will also surface these. These are two repos from GitHub.com/spotify that are using the “help wanted” labels

Slide 65

Slide 65

and finally, turning contributors into maintainers.

Slide 66

Slide 66

So here’s our goal.

Slide 67

Slide 67

roles for the maintainers

Slide 68

Slide 68

Creating project boards is a great way to show people what is being worked on.

Slide 69

Slide 69

Check out lab.GitHub.com and https://lab.github.com/docs for how you can build your own courses. This is a great thing a maintainer could do to help people know how to use GitHub, work like their team, etc. GitHub

Slide 70

Slide 70

Using something like the sentiment bot from probot.GitHub.io is a great way to ensure people are having civil conversations. As employees this is maybe not hard to imagine that everyone will be nice to one another but, what about the kind of responses you may get from open source developers? you never know

Slide 71

Slide 71

I actually did a pull request on github/github a year ago that got denied at first, but that’s @mhagger’s job. I’m touching a system he’s responsible for and he reviewed the code.

Slide 72

Slide 72

and finally, set up additional roles that can help you transition people better. shared responsibility now with explicitly with the maintain role

Slide 73

Slide 73

  • partnership with National Vulnerability Database (NVD) to provide github with alerts for those libraries with Common Vulnerabilities and Exposures (CVEs) for ruby, javascript, python, java, and .net - we take these alerts and identify them using their respective language dependency management definitions which allows us to parse a repository’s manifest file and alert the administrators to vulnerabilities and what version they need to update to to fix them - since launching this, we’ve seen more than 800,000 vulnerabilities solved

Slide 74

Slide 74

Repositories that have dependabot installed have been proven to date to have way better up to date security, which is to be expected as it’s updating the version and doing the work for you. That’s one of the reasons why I’m excited about dependabot joining the GitHub family.

Slide 75

Slide 75

And though the national vulnerability database is good, it isn’t good enough for us though as we strive to do better. currently, maintainers publicize outside of the NVD to things like mailing lists, their changelogs, open source groups, etc. That’s where security advisories come in to play. they’re for private discussions on the repo With security advisories, only the organization owners and owners of the repository can see it. you can add single people if you need additional collaborators. And when you’re ready to work on a fix, you can create a private fork of that change, work on it just like a regular repository, and have a private pull request for just working on that feature. I cannot mention strongly enough how great i think this is for working on open source work. These advisories can also funnel into our own data to help us notify more people who use this content

Slide 76

Slide 76

I have a few other examples, but for the sake of time, i picked 2

Slide 77

Slide 77

https://github.com/customer-stories/societe-generale To move faster, they realized they needed to embrace two things: Innersource and self-service.

Slide 78

Slide 78

https://github.com/customer-stories/engie Good documentation is crucial to ensure these teams are following best practices for innersourcing.<quote above> By automatically generating technical documentation from their source code, team members can focus on core functionality instead of learning how things work.

Slide 79

Slide 79

Slide 80

Slide 80

If you didn’t know what inner source was but are excited, celebrate if you knew, but saw something you like, yay! I want people to be excited.

Slide 81

Slide 81

You have an amazing team at GitHub that wants to see you successful. If you see people reaching out for help, help them! obviously?

Slide 82

Slide 82

I mentioned a lot of things today, I’ll be sharing these slides with everyone as well (hello if you’re reading this!) but with all of this information it’s best to just pick one thing and start it. -If you don’t have an account yet, get one.

  • Create issue templates for all of your issues
  • Set up the release-drafter action for your organization (if you don’t have access to the beta, tell me, that will be fixed immediately)
  • create a learning lab course for your new coworkers who are new to GitHub, get them started so you can work better together.

Slide 83

Slide 83

From https://noti.st/resource11 / @resource11 on twitter Did anyone see Kathleen’s talk yesterday on Design systems? her talk is at this URL. that’s also her twitter. check it out as a great set of resources to get started This is a GREAT first step into inner source. Start a design system team. Propose the initiative.

Slide 84

Slide 84

the end users could even be the other people in your company. and when thinking about accessibility, a good design systems approach could be to not only make the end users happy with more accessibility, but also the other developers in other departments. make accessibility cool

Slide 85

Slide 85

Questions? Concerns? Comments? Email: brent@GitHub.com twitter: @brntbeer shoot me an email, get a hold of me on twitter, its doesnt matter. I’m available

Slide 86

Slide 86

Thank you!