Git and GitHub form the foundation of modern software development. Whether you're a solo developer or part of a large team, mastering version control is essential for tracking changes, collaborating effectively, and maintaining reliable deployment pipelines. This comprehensive guide connects all aspects of Git and GitHub mastery.
The Git & GitHub Ecosystem
┌─────────────────────────────────────────────────────────────────────────┐
│ Git & GitHub Ecosystem │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ LOCAL DEVELOPMENT COLLABORATION AUTOMATION │
│ ────────────────────────────────────────────────────────────────────── │
│ │
│ ┌─────────────────┐ ┌─────────────────┐ ┌──────────────┐ │
│ │ Version Control │ │ Pull Requests │ │ GitHub │ │
│ │ • Commits │───────────│ • Code Review │────│ Actions │ │
│ │ • Branches │ │ • Discussions │ │ • CI/CD │ │
│ │ • Merges │ │ • Approvals │ │ • Workflows │ │
│ └─────────────────┘ └─────────────────┘ └──────────────┘ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌─────────────────┐ ┌─────────────────┐ ┌──────────────┐ │
│ │ History Mgmt │ │ Project Mgmt │ │ Security │ │
│ │ • Squash │ │ • Issues │ │ • Secrets │ │
│ │ • Rebase │ │ • Projects │ │ • Scanning │ │
│ │ • Hooks │ │ • Milestones │ │ • OIDC │ │
│ └─────────────────┘ └─────────────────┘ └──────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────┘
Learning Path
This guide connects to specialized articles for deep dives into each topic. Follow the path that matches your experience level:
Beginner Path
- Git Fundamentals - Core concepts and commands
- How to Squash Git Commits - Clean commit history
- GitHub Flavored Markdown - Documentation essentials
- Pull Request Best Practices - Effective collaboration
Intermediate Path
- Git Branching Strategies - Team workflows
- GitHub Actions CI/CD - Automation fundamentals
- Git Hooks & Automation - Local automation
- GitHub Webhooks - External integrations
Advanced Path
- GitHub Actions Security - Secure pipelines
- Git Secrets Management - Credential protection
- GitHub Repository Security - Hardening repos
- Monorepo Management - Large-scale Git
Git Fundamentals
Git is a distributed version control system that tracks changes in your codebase. Every developer has a complete copy of the repository, enabling offline work and reducing single points of failure.
Core Concepts
┌─────────────────────────────────────────────────────────────────────────┐
│ Git Data Flow │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ Working Staging Local Remote │
│ Directory Area Repository Repository │
│ │
│ ┌──────┐ ┌──────┐ ┌──────┐ ┌──────┐ │
│ │ Edit │──────▶│ Stage│────────▶│Commit│────────▶│ Push │ │
│ │Files │ add │Files │ commit │Local │ push │Remote│ │
│ └──────┘ └──────┘ └──────┘ └──────┘ │
│ ▲ │ │ │
│ │ │ │ │
│ │◀──────────────────────────────┘ │ │
│ │ checkout │ │
│ │◀───────────────────────────────────────────────┘ │
│ pull / fetch │
│ │
└─────────────────────────────────────────────────────────────────────────┘
Essential Git Commands
| Command | Purpose | Example |
|---|---|---|
git init | Initialize new repository | git init my-project |
git clone | Copy remote repository | git clone https://github.com/user/repo.git |
git add | Stage changes | git add . or git add file.js |
git commit | Save staged changes | git commit -m "Add feature" |
git push | Upload to remote | git push origin main |
git pull | Download and merge | git pull origin main |
git branch | Manage branches | git branch feature-x |
git checkout | Switch branches | git checkout feature-x |
git merge | Combine branches | git merge feature-x |
git rebase | Reapply commits | git rebase main |
git stash | Temporarily store changes | git stash / git stash pop |
git log | View commit history | git log --oneline --graph |
For a quick reference, use our Git Command Reference tool.
Branching Basics
Branches let you work on features in isolation:
# Create and switch to a new branch
git checkout -b feature/user-auth
# Make changes and commit
git add .
git commit -m "feat(auth): add login form"
# Push branch to remote
git push -u origin feature/user-auth
# Switch back to main
git checkout main
# Merge feature branch
git merge feature/user-auth
For team branching strategies, see our Git Branching Strategies Guide.
GitHub Collaboration
GitHub transforms Git into a collaboration platform with pull requests, issues, and project management.
Pull Request Workflow
┌─────────────────────────────────────────────────────────────────────────┐
│ Pull Request Lifecycle │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ 1. CREATE 2. REVIEW 3. ITERATE 4. MERGE │
│ │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ Push │ │ Request │ │ Address │ │ Squash & │ │
│ │ Branch │─────▶│ Reviews │──────▶│ Feedback │─────▶│ Merge │ │
│ │ │ │ │ │ │ │ │ │
│ └──────────┘ └──────────┘ └──────────┘ └──────────┘ │
│ │ │ │ │ │
│ ▼ ▼ ▼ ▼ │
│ Description Code Comments New Commits Clean History │
│ CI Checks Suggestions CI Re-runs Deploy │
│ │
└─────────────────────────────────────────────────────────────────────────┘
Best Practices:
- Write descriptive PR titles and descriptions
- Keep PRs small and focused (< 400 lines)
- Request specific reviewers
- Respond to all comments
- Squash commits for clean history
See our complete Pull Request Best Practices Guide for detailed workflows.
GitHub Issues & Projects
Effective project management with GitHub:
## Issue Template Example
**Description**
Clear description of the bug or feature.
**Steps to Reproduce** (for bugs)
1. Go to '...'
2. Click on '...'
3. See error
**Expected Behavior**
What should happen.
**Labels**: bug, priority:high, component:auth
**Assignees**: @username
**Milestone**: v2.0
GitHub Actions CI/CD
GitHub Actions automates your development workflow directly in your repository.
Basic Workflow Structure
# .github/workflows/ci.yml
name: CI Pipeline
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
strategy:
matrix:
node-version: [18, 20, 22]
steps:
- uses: actions/checkout@v4
- name: Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run tests
run: npm test
- name: Build
run: npm run build
Key GitHub Actions Concepts
| Concept | Description |
|---|---|
| Workflow | Automated process defined in YAML |
| Event | Trigger that starts a workflow (push, PR, schedule) |
| Job | Set of steps that run on the same runner |
| Step | Individual task within a job |
| Action | Reusable unit of code (from Marketplace or custom) |
| Runner | Server that executes workflows |
| Artifact | Files produced by a workflow |
| Secret | Encrypted environment variable |
For comprehensive CI/CD setup, see our GitHub Actions CI/CD Guide.
Security Best Practices
Security should be built into every layer of your Git and GitHub workflow.
Repository Security Checklist
┌─────────────────────────────────────────────────────────────────────────┐
│ GitHub Security Layers │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ AUTHENTICATION ACCESS CONTROL CODE SECURITY │
│ ───────────────────────────────────────────────────────────────────── │
│ │
│ □ 2FA for all □ Branch protection □ Secret scanning │
│ members rules enabled │
│ │
│ □ SSH keys or □ CODEOWNERS file □ Dependabot alerts │
│ tokens enabled │
│ │
│ □ SSO (Enterprise) □ Required reviews □ Push protection │
│ │
│ □ IP allowlists □ Status checks □ Code scanning │
│ (CodeQL) │
│ │
│ WORKFLOW SECURITY SECRETS MANAGEMENT AUDIT & MONITORING │
│ ───────────────────────────────────────────────────────────────────── │
│ │
│ □ OIDC for cloud □ Repository secrets □ Audit log review │
│ deployments not org-wide │
│ │
│ □ Minimal □ Rotate secrets □ Security advisories │
│ permissions regularly │
│ │
│ □ Pin action □ Never commit □ Vulnerability │
│ versions secrets reporting │
│ │
└─────────────────────────────────────────────────────────────────────────┘
Preventing Secret Leaks
Use pre-commit hooks to catch secrets before they're committed:
# Install gitleaks
brew install gitleaks # macOS
# or
docker pull zricethezav/gitleaks
# Scan repository
gitleaks detect --source . --verbose
# Add to pre-commit hook
# .git/hooks/pre-commit
#!/bin/bash
gitleaks protect --staged --verbose
For comprehensive guidance, see:
Git Hooks & Automation
Git hooks automate tasks at key points in your workflow.
Common Hook Use Cases
| Hook | Trigger | Use Case |
|---|---|---|
pre-commit | Before commit created | Lint code, run formatters, check for secrets |
commit-msg | After message entered | Validate commit message format |
pre-push | Before push to remote | Run tests, check branch policies |
post-merge | After merge completes | Install dependencies, rebuild |
post-checkout | After branch switch | Update environment, notify |
Setting Up Husky (JavaScript Projects)
# Install Husky
npm install husky --save-dev
# Initialize
npx husky init
# Add pre-commit hook
echo "npm run lint && npm run test" > .husky/pre-commit
# Add commit-msg hook for conventional commits
echo 'npx --no -- commitlint --edit "$1"' > .husky/commit-msg
For complete automation setup, see our Git Hooks & Automation Guide.
Advanced Topics
Monorepo Management
Large codebases often use monorepos containing multiple projects:
monorepo/
├── apps/
│ ├── web/
│ ├── mobile/
│ └── api/
├── packages/
│ ├── ui-components/
│ ├── shared-utils/
│ └── config/
├── tools/
├── package.json
└── turbo.json (or nx.json)
Tools like Turborepo, Nx, and Bazel optimize monorepo builds. See our Monorepo Management Guide.
Git LFS for Large Files
Standard Git struggles with large binary files. Git LFS stores them efficiently:
# Install Git LFS
git lfs install
# Track large file types
git lfs track "*.psd"
git lfs track "*.zip"
git lfs track "assets/**"
# Verify tracking
cat .gitattributes
# Commit and push normally
git add .gitattributes
git add large-file.psd
git commit -m "Add design assets"
git push
For detailed guidance, see our Git LFS Guide.
GitHub Webhooks
Integrate external services with GitHub events:
// Webhook handler example
app.post('/webhooks/github', (req, res) => {
const event = req.headers['x-github-event'];
const payload = req.body;
switch(event) {
case 'push':
triggerDeployment(payload);
break;
case 'pull_request':
notifySlack(payload);
break;
}
res.status(200).send('OK');
});
See our complete GitHub Webhooks Guide.
Quick Reference
Git Configuration
# Set identity
git config --global user.name "Your Name"
git config --global user.email "[email protected]"
# Set default branch
git config --global init.defaultBranch main
# Enable helpful features
git config --global pull.rebase true
git config --global fetch.prune true
git config --global diff.colorMoved zebra
# Useful aliases
git config --global alias.co checkout
git config --global alias.br branch
git config --global alias.st status
git config --global alias.lg "log --oneline --graph --all"
Common Workflows
Undo last commit (keep changes):
git reset --soft HEAD~1
Amend last commit:
git commit --amend -m "New message"
Stash changes:
git stash push -m "WIP: feature"
git stash list
git stash pop
Cherry-pick specific commit:
git cherry-pick abc123
Find when bug was introduced:
git bisect start
git bisect bad HEAD
git bisect good v1.0
# Git will help you find the problematic commit
Guide Directory
Fundamentals
- How to Squash Git Commits - Clean up commit history
- GitHub Flavored Markdown - Documentation essentials
- Git Branching Strategies - Team workflows
CI/CD & Automation
- GitHub Actions CI/CD - Build, test, deploy
- Git Hooks & Automation - Local workflow automation
- GitHub Webhooks - External integrations
Security
- GitHub Actions Security - Secure CI/CD pipelines
- Git Secrets Management - Protect credentials
- GitHub Repository Security - Harden repositories
Advanced
- Pull Request Best Practices - Effective code review
- Monorepo Management - Large-scale Git
- Git LFS Guide - Handle large files
- GitHub Advanced Features - Codespaces, Copilot, more
Tools
- Git Command Reference - Quick command lookup
- Diff Checker - Compare code changes
Conclusion
Mastering Git and GitHub is essential for modern software development. Start with the fundamentals—commits, branches, and merges—then progress to team workflows, automation with GitHub Actions, and security best practices. Each linked guide provides deep expertise in its topic.
Whether you're setting up your first repository or optimizing enterprise workflows, this guide series provides the knowledge you need. Bookmark this hub and explore the specialized guides as you encounter new challenges.
For more development guides, explore our complete Developer Tools articles.
