A Comparison of GitHub Marketplace Apps

I have been using and evaluating dozens of GitHub Marketplace Apps for a few months now for a real-world microservices application built in Go. So, I decided to share what I liked and what I didn’t like about these integrations.

The nice thing about using GitHub Marketplace is that your integrations and billing are all consolidated in one place. As an organization or a billing manager, it is much easier to manage all these different services from a single hub.

CI/CD

GitHub Actions https://github.com/features/actions

• Features:
  • Built-in automation solution for GitHub repositories
  • HCL-based configuration
• Pros:
  • Very simple, highly flexible and so powerful
  • Caching Docker images based on image digests
  • Sharing and reusing actions by referencing them directly from GitHub repositories
• Cons:
  • Currently, it is in beta mode
  • UI/UX is very basic
  • Needs more work to build a full automation
  • Sharing files between actions does not have built-in support

CircleCI https://circleci.com

• Features:
  • Managed/SaaS platform for continuous integration and continuous delivery
  • YAML-based configuration
• Pros:
  • Very easy-to-use documentation
  • High performance, availability and reliability
  • Very flexible and powerful (caching, remote docker engines, etc.)
  • Workflows with parallel jobs, fan-in, and fan-out
  • Powerful and fast debugging through ssh to build jobs
  • Exporting artifacts for each build job
  • Sharing artifacts between build jobs very efficiently and fast
  • Provides build environments using containers and/or machines (VMs)
  • Provides build environment for OS X applications
  • Reusing and sharing code fragments through Orbs
  • Slack integration for alerting on failed builds
• Cons:
  • Mono repo builds do not have built-in support
  • External Orbs need to be packaged and published (they cannot be directly referenced from their code bases)
  • Pipelines are triggered on push to branches and tags (cannot work with other GitHub events such as release)

Codefresh https://codefresh.io

• Features:
  • Managed/SaaS platform for continuous integration and continuous delivery
  • YAML-based configuration
• Pros:
  • Good documentation with examples
  • Native support for Docker, Kubernetes, and Helm workflows
  • Provides managed private Docker registry and Helm repository
  • Extremely flexible pipelines that work with all GitHub events
  • Workflows with parallel steps, fan-in, and fan-out
  • Built-in Selenium/Protractor for automated end-to-end testing
  • Reusing and sharing code fragments through Steps
  • Slack integration for alerting on failed builds
• Cons:
  • No built-in environment for OS X applications
  • Steps/plugins need to be submitted (they cannot be directly referenced from their code bases)

Docker Automated Builds https://cloud.docker.com

• Features:
  • Managed/SaaS build and push automation for Docker images
• Pros:
  • Simple and easy setup
  • Does not require any code
• Cons:
  • Very inflexible
  • Extremely slow
  • Cannot do semantic versioning
  • Configuration is manual and through web interface

Monitoring

Rollbar https://rollbar.com

• Features:
  • Monitoring application errors
  • Automated alerting on errors
  • Real-time insights and analytics
• Pros:
  • Supports a wide range of programming languages and technologies
  • Tracks code versions and deployments
  • Improves observability and visibility
  • Helps with improving stability
  • Powerful configurations and features
  • Integrations with popular tools (GitHub, Slack, PagerDuty, Asana, etc.)
• Cons:
  • Requires configuration per repo
  • Programming API is fairly complex
  • User management and access control need to be done separately on web UI

Airbrake https://airbrake.io

• Features:
  • Monitoring application errors
  • Automated alerting on errors
  • Real-time insights and analytics
• Pros:
  • Supports a wide range of programming languages and technologies
  • Tracks deployments
  • Improves observability and visibility
  • Helps with improving stability
  • Simple UI, simple configuration, and simple programming API
  • Submits onboarding issues on GitHub
  • Integrations with other tools (GitHub, Slack, PagerDuty, Asana, etc.)
• Cons:
  • Requires configuration per repo
  • User management and access control?

Code Review

WIP https://github.com/marketplace/wip

• Features:
  • Blocks work-in-progress pull requests, so you cannot merge them!
• Pros:
  • very simple and zero configuration
  • Configurable terms, title, body, labels, or commit message

Code Climate https://codeclimate.com

• Features:
  • Code coverage reports
  • Automated code review for code quality
  • Managed/SaaS
• Pros:
  • Supports a wide range of programming languages
  • GitHub status for code coverage and diff coverage
  • Configuration-as-code through a yml file in repo
  • GitHub PR checks are very clear and informative
  • Automated pull request comments for better code quality and readability
  • Shows covered and uncovered new lines of code in pull requests through a browser extension
  • Quantifies and measures code quality and promotes reducing technical debt through analytics
  • Provides code coverage and code quality badges
• Cons:
  • Expensive
  • Has its own user access management
  • Most code quality comments are very basic and static, so developers may start to ignore them

Codecov https://codecov.io

• Features:
  • Code coverage reports
  • Managed/SaaS
• Pros:
  • Pricing is per user
  • Provides code coverage badge
  • Supports organization-wide configurations for all repos
  • Supports configuration-as-code through a yml file in repo
  • Can post coverage reports as comments on pull requests
  • Reuses GitHub user permissions for user access management
• Cons:
  • No code quality feature

Coveralls https://coveralls.io

• Features:
  • Code coverage reports
  • Managed/SaaS
• Pros:
  • Pricing is fixed (not per repo)
  • GitHub status for code coverage
  • Provides code coverage badge
• Cons:
  • Bad UI/UX
  • No code quality feature
  • diff coverage GitHub status is combined with total coverage GitHub status
  • Shows a check on master causing master branch goes red in repos with not enough coverage

GolangCI https://golangci.com

• Features:
  • Automated code review comments on pull requests
  • Pricing is per user
• Pros:
  • Accurate and useful comments for Golang
  • Configuration as code
• Cons:
  • Only works for Golang
  • Cannot detect bot users
  • Very basic control panel
  • Some comments can become very noisy

Dependency Management

Renovate https://renovatebot.com

• Features:
  • Automated dependency updates
• Pros:
  • Supports a wide range of programming languages and technologies
  • An out-of-box solution (submits an onboarding pull request)
  • Highly configurable through a configuration file in the repo
  • Supports private npm repositories and packages
• Cons:
  • Currently, cannot work with private Go modules
  • Can become very noisy with mono repos
  • For disabling the bot with GitHub all repositories* permission approach, the configuration file needs to be kept in repo

Dependabot https://dependabot.com

• Features:
  • Automated dependency updates
• Pros:
  • Configurable either via a separate web UI or a configuration file in the repo
  • Supports security updates
  • Supports private Go modules
  • Labels pull requests
• Cons:
  • Requires configuration for each repo
  • Security updates are not available for Go
  • Mono repos require a fairly large deal of manual configuration

Finding Vulnerabilities

Snyk https://snyk.io

• Features:
  • Finding and fixing vulnerabilities in your dependencies
• Pros:
  • Free
  • Automates the process of finding common vulnerabilities and exposures (CVE)
• Cons:
  • Currently, does not support Go modules
  • Supports Go only through command-line interface (not integrated with GitHub)

WhiteSource Bolt https://bolt.whitesourcesoftware.com/github

• Features:
  • Finding and fixing open source vulnerabilities
• Pros:
  • Free
  • Automates the process of finding common vulnerabilities and exposures (CVE)
  • Supports configuration through a configuration file in the repo
• Cons:
  • Currently, does not support Go modules

Communication

Slack + GitHub https://slack.github.com

• Features:
  • Updates for pull requests, issues, build checks, etc.
  • Shows details of pull requests and issues directly on Slack
• Pros:
  • FREE
  • Centralize pull requests and issues and make them visible
  • Easy configuration through /github command on Slack
• Cons:
  • Could become very noisy

Pull Reminders https://pullreminders.com

• Features:
  • Sends periodic reminders for pull requests to reviewers
• Pros:
  • Helps with prioritizing pull requests and reduce lead time
  • Flexible configurations for GitHub repos, GitHub teams, and Slack channels
• Cons:
  • Needs configuration on its own website
  • Can become chatty and cause people to ignore the reminders

Documentation

GitBook https://www.gitbook.com

• Features:
  • Managed/SaaS
  • Centralized documentation
• Pros:
  • Simple and responsive UI
  • Supports bi-directional integration with GitHub
  • Non-technical people can use the WYSIWYG interface
  • Documentation can be searched from Slack
• Cons:
  • Billing is not through GitHub

Work Management

ZenHub https://www.zenhub.com

• Features:
  • Kanban-style project management
  • Customizable workflows
• Pros:
  • Automated workflow with GitHub pull requests and issues
  • The UI can be viewed on GitHub via a browser extension
  • Provides analytics and metrics (velocity, burndown, etc.)
  • Can have workspace per repo or a workspace with multiple repos
  • Integration with Slack
• Cons:
  • Cannot delete a workspace once created
  • Modifies the GitHub interface and experience

Zube https://zube.io

• Features:
  • Kanban-style project management
  • Customizable workflows
• Pros:
  • Automated workflow with GitHub pull requests and issues
  • Provides analytics and metrics (velocity, burndown, etc.)
  • Integration with Slack
• Cons:
  • The UI is not accessible on GitHub

Analytics