GitHub turns on money tap for corporate open-source donations, turns off the lights with dark mode design

Microsoft's GitHub has revised its financial plumbing to allow corporate customers to contribute cash to favored open-source projects via GitHub's existing billing setup.

Whether or not businesses will choose to reward developers who provide the free labor that powers today's tech economy is another matter. GitHub is merely offering a convenient conduit for donations, although this is already possible through other channels.

The code storage biz is calling the program GitHub Sponsors for companies, after its similarly named developer-to-developer guilt-assuagement program, which debuted in May, 2019.

Word of the biz-focused reward mechanism arrived on Tuesday at GitHub Universe 2020, the company's annual developer-oriented stage show, gone virtual due to the coronavirus situation.

In an interview with The Register, Shanku Niyogi, SVP of product at GitHub, said the Sponsors program has been well-received. Some developers, he said, "are actually making a pretty good living, getting to a six-figure income," even as he declined to say how many developers make a living wage from donations or to cite a median income figure.

"One of the things that companies have been asking us for a long time is how can we get involved," said Niyogi. "Many of these companies are obviously deeply dependent on open-source projects as a critical part of their supply chain and they want to be able to support that and invest in that ecosystem."

GitHub Sponsors for companies, he said, will let businesses make those contributions without worrying about creating customer relations and setting up a procurement channel, which is often a bureaucratic chore. He pointed to AWS and Stripe as examples of companies he expects will take advantage of this channel for funneling money back to open-source developers.

Niyogi acknowledged that GitHub does recoup its costs for running the service but said GitHub's goal "is to make zero revenue from this."

"It's funny that even for high tech companies, when it comes to building relationships, the thing that's still very cumbersome is adding new vendors," said Max Schoening, VP of product design at GitHub. "That incidentally is why GitHub plays such an important role here: a lot of these companies already have a billing relationship with us."

Schoening said GitHub's goal is to get to a place where open-source maintainers work for the internet rather than having to take corporate jobs to maintain the project's they've created.

I see a red sky...

GitHub also launched a handful of other product revisions, enhancements, and service improvements at its virtual conference.

One is Dark Mode, sure to delight Goths, fans of The Rolling Stones' Paint It Black, and opinionated developers, which is to say many of them. GitHub suggests the newly added preference setting may offer relief from "the visual overstimulation of a bright screen." But mostly this is about giving people options.

"Developers either swear that they need a dark terminal or they swear that they need a light editor," said Schoening. "And I think when it comes to professional tools choice is actually the thing that matters most. We've found that in certain cases, it works well for accessibility."

Schoening suggests that further customization may be incoming – rainbow mode, anyone? "If you go spelunking in the source code, you can actually see how it's implemented, and you will see maybe there's a hint at where we're going next with this, because a lot of this is architected around variables and color preferences. I'll leave it at that."

Another new feature for the cloud-based git hosting service is auto-merge for pull requests. A pull request in git is a suggested code change that a developer submits for review and approval. Auto-merge lets developers have contributors' pull requests merged into their code base automatically once reviews or status checks have been passed, rather than having a separate merge authorization step.

This capability will be offered next week as a public beta for public repos and for private repos on Teams and GitHub Enterprise Cloud plans.

GitHub Discussions, after being tested by a few organizations and large open-source projects like ImageMagick in private beta, has now reached general availability. Discussions is meant to provide an online forum separate from GitHub Issues, which was intended for code-specific concerns but ballooned into a more general forum of interaction, engagement, and griping.

"The clean separation between the two buckets is actually really important for productivity," said Schoening.

He also effused about the dependency review capability, rolling out in beta over the next few weeks, which provides a way to see which code dependencies change as a result of a pull request.

"This is very much the essence of GitHub," he said. "It's making a best practice approachable to millions of users. ... The best way to prevent security vulnerabilities is to not actually commit them in the first place."

Take action

GitHub Actions, the company's workflow automation service, is adding several capabilities, including environments, a way to package apps with deployment rules and environmental secrets – the sort of thing developers get into trouble for committing to code repositories.

"When you're when you're deploying code, often, there's a set of things associated with deployments, in terms of secrets, permissions, and auditing that most companies treat as different from their developer workflow," said Niyogi. "With environments, we can create this kind of really clean separation of concerns between what's happening in the developer workflow and what's happening as part of a deployment."

In addition, Actions is adding the ability to assign required reviewers – so that jobs deployed in an environment get paused until approved by designated reviewers. Also included are workflow visualizations to make it easier to understand continuous integration and continuous deployment operations.

Environments and required reviewers arrive later this month in beta for public repos and private repos on GitHub Enterprise Cloud. Workflow visualizations will be in public beta for any sort of repo.

Lastly, GitHub plans to ship a release candidate for GitHub Enterprise Server 3.0, the company's on-premises offering, in the next few weeks. Niyogi said this represents the first major revision of GitHub-in-a-box since 2014.

"It's got the full code-to-cloud stack with Actions and Packages," he said, also pointing to security features like CodeQL security scanning and the ability to integrate with third-party CI/CD systems.

"If you think about GitHub Actions, which started out on infrastructure that was running on Windows machines on Azure, we've actually brought all of that into a single stack that's running on Linux and it's managed and deployed together," he said.

"And as part of that, we've containerized our entire server architecture and that will form the kind of new basis for our more modern cloud native platform for GitHub going forward." ®