Want to open up an online store to sell a handmade phone case? Are you an author looking to sell a self-published book? Or maybe you are ready to turn that hobby into your next big venture. Whatever you need to take your next big step, there’s a good chance you can build it on Shopify—an eCommerce platform that allows people to start and grow their online businesses. With Shopify’s tools, you can set up everything from payment processing, shipping, and hosting product catalogs, with no coding experience required.
The company hosts more than 2.5 million websites across 175 countries on its platform. Every 28 seconds, a person will make a new purchase from a small business hosted on Shopify. Supporting all of this commerce requires massive infrastructure. “We have one of the biggest monolithic Ruby on Rails applications in the world, and it’s hosted in a single GitHub repository,” says Mark Côté, Senior Manager of Developer Infrastructure. The company’s core application has more than 2.8 million lines of code and 500,000 commits. And it’s still growing. With new merchants kick-starting their businesses on Shopify each day, scaling the platform to keep up with the company’s growth requires development at speed.
“Deployment automation and DevOps is a superpower at Shopify,” Director of Ecosystem Engineering Derek Watson says. “This year, our production applications changed more than 50 times a day, and it’s changing even faster now. GitHub helps us meet this demand.”
GitHub serves as a one-stop shop for developers working in Shopify’s bespoke environment. “We’re operating at an unusually large scale and pace, so we take every opportunity we can to optimize our development process,” Watson explains. “We’ve been able to streamline our workflows by automating them with GitHub or replace some of our custom-built applications with GitHub functionality.”
At the heart of many of these workflows are GitHub Issues and projects. The company chose Issues to replace its third-party project management tools like Jira, Asana, and Zenhub. “GitHub Issues with projects gives us a high-level overview so we can look at all our projects across the board, and triage priorities quickly,” explains Lisa Vanderschuit, Engineering Program Manager, Office of the CTO. “Plus the Kanban flow is easy to follow and is already familiar to most developers.”
Issues, meanwhile, ties into many of Shopify’s other internal systems. For example, the company integrates Issues with Slack, which enables Shopify to archive internal threads regarding their development process using a single Slack command. “Issues is great for recording ideas, decisions, and requests for comments, and other discussions so that we can mine them for insights later on” explains Côté.
GitHub Issues with projects gives us a high-level overview so we can look at all our projects across the board, and triage priorities quickly. Plus the Kanban flow is easy to follow and is already familiar to most developers.
Automation plays a key role in executing the company’s workflows. For example, they use GitHub Actions to automate many development tasks including adding labels to Issues, assigning Issues to project boards, and its documentation builds. Actions has enabled the company to consolidate third party tools such as CircleCI and Travis into one seamless experience. “We have mandated using GitHub Actions for any automation that updates our source code repositories,” says Côté.
In addition to Actions, Shopify uses GitHub Advanced Security and Dependabot to automate security functions within the organization. Shopify uses a wide variety of open source packages, so the software supply chain is a primary concern. “We need to be sure that the code we’re pulling down from third-party open source contributors is safe, that it does what it’s supposed to do, and that it’s free from tampering,” says Côté. “GitHub Advanced Security enables that.”
Dependabot runs in the background and if it detects an insecure or out-of-date dependency, will generate an alert along with a recommended fix in a pull request. The user then can review and remediate the issue before merging any changes. This frees up developers to work on new features and helps to further secure code from attack.
We need to be sure that the code we’re pulling down from third-party open source contributors is safe, that it does what it’s supposed to do, and that it’s free from tampering. GitHub Advanced Security enables that.
Innersourcing is another vital part of the development process at Shopify. By opening its repositories to multiple different teams, the company can leverage the skills and expertise of each developer while also streamlining the development process. “By default, everyone at Shopify with GitHub access can access our repos. All developers, project managers, and UX teams have read/write access to 99% of our repositories,” explains Côté. “One out of three developers contributes to our core Rails monolith. There’s no way this would work without using an innersource approach through GitHub.”
Shopify looks to constantly expand and develop new features to change the landscape of ecommerce. One of the company’s latest product launches, Hydrogen and Oxygen, enables merchants to build custom, or “headless,” storefronts and deploy them to the cloud directly using GitHub Actions. By leveraging GitHub, the company gives its developers the tools to continue delivering a cutting-edge ecommerce experience for merchants of all kinds. “When developers sit down and open up their first PR, chances are they already know the workflow. Because of GitHub, they’ve already done it before; they don’t need to learn something brand new,” says Côté. “Anything that helps us scale and leverage existing knowledge allows us to concentrate on building amazing features for our clients.”