GH-900: Cheatsheet โ
โ Overview ยท โ Exam Guide
Git Workflow Mnemonic: C-B-C-P โ
Clone โ Branch โ Commit โ Pull Request
| Step | Command / Action |
|---|---|
| Clone | git clone <url> โ get the repo locally |
| Branch | git checkout -b feature/my-work โ isolate changes |
| Commit | git add . && git commit -m "message" โ save snapshots |
| Pull Request | Push branch โ open PR on GitHub โ review โ merge |
For open source add a Fork at the start: F-C-B-C-P
GitHub vs Git: Quick Split โ
| Git | GitHub |
|---|---|
| Commits, branches, merges | Pull Requests, Issues, Discussions |
| Working dir, staging, repo | Actions, Codespaces, Projects |
git push/pull/clone | Marketplace, Stars, Sponsors |
| Runs locally | Runs in the cloud |
Editor Quick Reference โ
| Tool | Terminal? | Run code? | Cost | Open how |
|---|---|---|---|---|
| github.dev | โ | โ | Free | Press . |
| Codespaces | โ | โ | Compute billing | New Codespace button |
| GitHub Desktop | โ | โ | Free | App download |
Merge Strategies โ
| Strategy | Creates merge commit? | History |
|---|---|---|
| Merge commit | โ Yes | Full history preserved |
| Squash and merge | โ No | All commits โ 1 commit |
| Rebase and merge | โ No | Linear, replayed commits |
PR Auto-Close Keywords โ
Fixes ยท Closes ยท Resolves + #issue-number
Only closes when merged to the default branch.
Repo Visibility โ
| Visibility | Who sees it | When to use |
|---|---|---|
| Public | Everyone | Open source |
| Private | Invited collaborators | Personal/commercial |
| Internal | All org members | InnerSource (GHEC only) |
Permission Levels (Low โ High) โ
Read โ Triage โ Write โ Maintain โ Admin
- Outside Collaborators: specific repo access, not org members
- Teams grant permissions across repos at one level
- Highest permission wins when multiple apply
Security Feature Cheatsheet โ
| Feature | What it does |
|---|---|
| Secret scanning | Detects secrets in committed code |
| Push protection | Blocks push if secret detected (before commit) |
| Dependabot alerts | Notifies of vulnerable dependencies |
| Dependabot security updates | Auto-PR to fix vulnerabilities |
| Dependabot version updates | Auto-PR to keep deps current |
| Code scanning | Finds security bugs in code (CodeQL) |
| Branch protection | Enforces review, status checks on branches |
Branch Protection Quick Rules โ
Need CI to pass? โ Require status checks Need 2 approvals? โ Require N approving reviews New commit resets approval? โ Dismiss stale reviews Apply to admins too? โ Include administrators Prevent direct push? โ Restrict who can push
Issues vs Discussions vs Projects vs Milestones โ
| Tool | Best for | Cross-repo? | Links to PR? |
|---|---|---|---|
| Issues | Bugs, tasks | โ Single repo | โ Yes |
| Discussions | Q&A, ideas, announcements | โ Single repo | โ No |
| Projects | Tracking and planning | โ Yes | โ Yes |
| Milestones | Deadline-based grouping | โ Single repo | โ Yes |
Open Source Licenses (Permissive vs Copyleft) โ
| Type | Licenses | Key rule |
|---|---|---|
| Permissive | MIT, Apache 2.0, BSD | Keep copyright notice |
| Copyleft | GPL v3, AGPL | Derivatives must use same license |
| No license | โ | All rights reserved |
GitHub Community Programs โ
- GitHub Stars โ recognition for community educators/influencers
- GitHub Sponsors โ financial support for OSS devs (GitHub takes 0%)
- GitHub Education โ Student Pack (free tools), Classroom (for educators)
- Campus Expert โ student community leaders program
- InnerSource โ open source practices inside an org (internal repos)
Key File Locations โ
| File | Location | Purpose |
|---|---|---|
CODEOWNERS | Root / docs/ / .github/ | Auto-assign PR reviewers |
CONTRIBUTING.md | Root | How to contribute |
CODE_OF_CONDUCT.md | Root | Community behavior rules |
PULL_REQUEST_TEMPLATE.md | .github/ | Default PR description |
ISSUE_TEMPLATE/ | .github/ | Issue submission forms |
dependabot.yml | .github/ | Dependabot configuration |
| Workflow files | .github/workflows/ | GitHub Actions YAML |
devcontainer.json | .devcontainer/ | Codespace configuration |