As the “as-code” company, who has built their entire platform on the premise of “Stop ClickOps!”, today, following thousands of deployments, we can see how the practice of codifying resources and managing them as-code has revolutionized the way complex cloud systems are managed at scale. 

Below we’ll explore the benefits of codifying your GitHub resources, and integrating GitHub-as-Code practices, which empowers engineering teams to simplify environment management, secret handling, CI/CD pipeline consistency, infrastructure management, and policy enforcement across repositories. This means teams will be able to derive the same benefits of managing SaaS resources as-code, in this case GitHub, such as version control for your version control, the ability to leverage templating for repeatability, consistency and policy enforcement, alongside automation when SaaS platforms are managed as-code.  

Easier Environment Management - Dev, Staging or Prod

One of the standout benefits of GitHub-as-Code practices is the ease of managing multiple environments––whether it's development, testing, staging, or production. By managing your version control system (VCS) as-code, and in this example we’ll focus specifically on GitHub, each type of development environment, normally managed as standalone repositories, can be defined and managed as-code. This approach makes it simpler to handle secrets and CI/CD configurations when managing GitHub-as-Code. For example, when a secret needs to be updated in one environment, the change can propagate across the entire CI/CD pipeline seamlessly, where previously it would need to be manually updated and environments possibly missed, causing friction and frustration.

Using the same templates for CI/CD pipelines across different environments ensures consistency and reliability. This approach makes managing CI pipelines more straightforward and reduces the chances of discrepancies that can cause breakage. Branch protections, security measures, and policy enforcement become more manageable as they can be defined and synchronized across all repositories.

Policy Enforcement through Governance-as-Code

GitHub-as-Code practices enable robust policy enforcement and governance across repositories, this is true not just for the CI/CD aspects as noted above, but as a standard across the entire engineering organization. By defining specific policies,  for instance, enforcing policies like requiring pull request approvals or defining code owners helps maintain a uniform security posture, and organizations can ensure that all repositories adhere to the same standards that can be defined, maintained, and ultimately propagated across the engineering organization by security teams. This reduces the risk of policy deviations and violations, providing a secure and controlled development environment. Additionally, managing exceptions to policies, such as allowing specific workflows or bypassing certain rules, becomes more structured and auditable.

The Benefits of Self-Service for Dev Velocity and Experience

A few years ago, managing CI/CD with tools like Jenkins required deep knowledge of languages like Groovy (not very popular), and often was hosted on-premises (adding management and maintenance toil just for CI/CD). Terraform, which today has gained more than 90% ecosystem adoption, has evolved significantly, making it easier to manage GitHub workflows and other infrastructure components. By defining everything as a module, the need for opening support tickets and manual intervention decreases, promoting a self-serve model that improves developer velocity, efficiency and experience significantly. This shift means CI/CD management no longer requires constant oversight from DevOps, freeing them to tackle more complex challenges, and developers to move faster with the right guardrails in place.

GitHub-as-Code: The SRE Perspective

One of the greatest concerns for SREs is managing systems with a high degree of quality and predictability––also known as engineering with quality gates.  We’ve historically written about SRE Housekeeping basics that impact resilience and manageability, which are direct indicators of engineering quality.  This is also true when it comes to our selected tooling and managing them as-code, with an emphasis on maintaining our SLIs, SLOs and SLAs, and not exceeding our error budgets.

In typical cloud native operations today, many organizations rely on tooling such as GitHub workflows and ArgoCD for their CI/CD and automation. These workflows, which run on repositories in GitHub, come with dependencies and prerequisites, such as environment variables and deployment destinations. Treating everything as infrastructure—whether it's the workflow itself or the deployment destination such as the Kubernetes (K8s) endpoint —requires careful configuration.

Terraform stands out as the most popular and comprehensive tool for managing infrastructure, and this extends to GitHub workflows. Its extensive coverage allows for managing 95-99% of tasks related to GitHub-as-Code. When developers need a new service, it often requires the creation of a new repository. With everything defined as a module in Terraform, developers can self-serve, creating repositories and CI configurations themselves. This reduces the time and effort required from DevOps teams, allowing them to focus on higher-order problems.

Managing your GitHub-as-Code also provides SREs with a higher degree of quality controls, in order to uphold critical metrics––SLIs, SLOs, and SLAs, and stay within error budgets.  Managing repositories as-code, simplifies such tasks significantly, and enables greater stability, reliability and manageability in the long term for these critical systems.

Making the Transition

Transitioning to a GitHub-as-Code practice involves importing and codifying existing assets. This can be done manually or using tools like Terraform modules to import and manage environments per repository. Tools like Firefly can automate this process, creating Terraform modules for each repository and environment, where each module can then be used to create a "module call" for specific repositories and environments. Automating the codification of these resources can accelerate this transition, and enable engineering teams to achieve time to value much more rapidly.

Adopting As-Code practices offers numerous benefits, from easier environment management and consistent CI/CD pipelines to robust policy enforcement and governance. When leveraging tools like GitHub workflows, ArgoCD, and Terraform, organizations can streamline their DevOps processes, it’s only natural to codify your SaaS platforms to promote self-service, and free up their teams to focus on more strategic tasks. Embracing these practices not only enhances efficiency but also strengthens the overall security and reliability of the development pipeline.

‍