Git, GitHub & GitHub Actions

Welcome

A practical, first-principles guide to version control with Git, collaboration on GitHub, and automation with GitHub Actions — what each piece does, how it works underneath, when to reach for it, and where the failure modes are.

14 chapters 73 topics covered 7 hours audio 4 case studies Knowledge check on every topic

About This Course

Almost every software project on earth runs on Git, almost every open one lives on GitHub, and a growing share of them ship through GitHub Actions. Most engineers learn the five commands that get them through the day and stop there — until a force-push eats a teammate's work, a rebase goes sideways, or a workflow leaks a secret, and the missing mental model suddenly costs a day.

This course builds that model from the ground up. It starts with what version control actually is and how Git stores history as a graph of immutable snapshots, then works up through branching, rewriting history, and the object model underneath. It covers GitHub as the collaboration layer — pull requests, review, branch protection, ownership — and then GitHub Actions in depth, from the first workflow file to reusable pipelines, environments, OIDC, and supply-chain security.

Every topic follows the same shape: what it is, how it works, when to use it, when not to, the common mistakes that bite real teams, and the practices that prevent them. Where two approaches compete — merge versus rebase, squash versus merge commit, stored secrets versus OIDC — the course compares them and says when each one fits rather than leaving that work to you.

Who This Is For

Engineers who use Git and GitHub daily and want to stop guessing, and those starting from zero who want to build the model right the first time. A beginner can read it in order, from "what is a commit" to self-hosted runners; an experienced engineer can jump to a topic to settle a decision or close a gap. It assumes you are comfortable on the command line; it assumes nothing about Git itself.

What You Should Already Know

Comfort in a terminal — running commands, editing files, basic shell navigation
A rough sense of what a build and a test suite are for your stack
HTTP, SSH, and TLS at the level of what they do, not how they are implemented
No prior Git, GitHub, or CI/CD experience required

How the Course Is Built

The fourteen chapters move from the core outward. The first six cover Git itself — foundations, everyday use, branching and merging, rewriting history, the internals, and remotes. The next three cover GitHub: the platform, collaboration, and the team workflows that tie them together. Three chapters then go deep on GitHub Actions and the security and supply-chain concerns that come with running automation. The book closes with end-to-end case studies and a consolidated set of best practices and anti-patterns.

A few principles run through every chapter. They are worth stating up front, because they explain why the course is shaped the way it is.

Understand the model, not the incantation

Git rewards knowing how it stores history over memorizing flags. Every command in this course is explained from what it does to the object graph before how to type it.

The trade-offs are the point

Merge or rebase, monorepo or polyrepo, hosted or self-hosted runners — each is right somewhere and wrong elsewhere. The course says where, instead of declaring a universal winner.

Safety is a default, not an afterthought

Force-with-lease, branch protection, pinned actions, least-privilege tokens, OIDC over stored keys. The safe path is taught as the normal path, with the consequence of the unsafe one spelled out.

Recoverability beats fear

Most "I destroyed my work" moments are recoverable through the reflog and a clear head. Knowing what survives and what does not turns Git from scary into dependable.

Chapter Map

Chapter 1

Foundations

What version control is and how Git thinks: history as a graph of immutable, content-addressed snapshots, and the three trees — working tree, index, and HEAD — that every command moves content between.

Chapter 2

Everyday Git

The daily loop: creating and cloning repositories, staging and committing, reading state with status, diff, and log, ignoring files, undoing changes without losing work, and stashing.

Chapter 3

Branching and Merging

Branches as cheap movable pointers, the difference between fast-forward and three-way merges, resolving conflicts correctly, rebasing for a linear history, and cherry-picking a single change.

Chapter 4

History and Rewriting

The commit graph in depth: interactive rebase, the reflog as a safety net, bisect to pin a regression, and large-scale rewrites to purge secrets or strip giant files.

Chapter 5

Git Internals

What Git actually stores: the object model, the ref database, the index as a binary file, packfiles and garbage collection, and the hooks that run at each step of the lifecycle.

Chapter 6

Remotes and Large Repositories

Working with other copies: remotes and tracking branches, fetch/pull/push and safe force-pushing, tags and releases, submodules versus subtrees, and taming large files and giant repos.

Chapter 7

GitHub Fundamentals

The collaboration layer on top of Git: what GitHub adds, repositories and their settings, issues, the pull request model, and structured code review.

Chapter 8

Collaborating on GitHub

Working as a team: the forking workflow, branch protection and rulesets, CODEOWNERS, Projects for planning, documentation surfaces, and releases and packages.

Chapter 9

Team Workflows

The conventions that scale a team: choosing a branching model, pull request practices, Conventional Commits and SemVer, monorepos versus polyrepos, and contributing to open source.

Chapter 10

GitHub Actions Fundamentals

Event-driven automation in the repo: the workflow file, events and triggers, jobs, steps, and runners, using and pinning actions, and contexts, expressions, and variables.

Chapter 11

GitHub Actions in Depth

Building real pipelines: CI from scratch, matrix builds, caching and artifacts, secrets, environments and continuous deployment, reusable workflows and composite actions, and self-hosted runners.

Chapter 12

Security and Supply Chain

Hardening the whole chain: authentication and tokens, commit signing, Actions security and OIDC, dependency and secret scanning, securing releases with provenance, and org administration.

Chapter 13

Case Studies

The material assembled into real scenarios: running an open-source project, CI/CD for a web application, releasing a library with automated versioning, and recovering a broken repository.

Chapter 14

Best Practices and Anti-Patterns

What separates a clean repo from a painful one: best practices for Git, for GitHub collaboration, and for Actions, plus a catalog of the anti-patterns that recur across all three and their fixes.

Disclaimer

This course is an independent educational project created and maintained by Sergey Okinchuk. It is provided for learning and reference purposes only.

No affiliation. This course is not affiliated with, sponsored by, endorsed by, or officially connected to GitHub, Inc., Microsoft, the Git project, Software Freedom Conservancy, or any company or project mentioned. All opinions, interpretations, and recommendations expressed are those of the author.

Trademarks. "Git" and the Git logo are trademarks of Software Freedom Conservancy. "GitHub" and the GitHub logo are trademarks of GitHub, Inc. Other names such as "GitLab", "Bitbucket", "Mercurial", "Perforce", and "CircleCI" are trademarks of their respective owners. Use of these names and marks is for identification and educational purposes only and does not imply any endorsement.

Accuracy and currency. Git, GitHub, and GitHub Actions evolve continuously — commands, defaults, UI, pricing, free-tier limits, and Actions features drift over time. Facts in this course reflect the author's understanding at the time of writing and may not be current. Always consult the official Git and GitHub documentation as the authoritative source before making operational decisions.

No warranty. This material is provided "as is" without warranty of any kind. Commands, workflows, and configuration snippets are illustrative, not production-ready, and several describe destructive operations (force-push, history rewriting, hard reset). Run them only when you understand the consequences. The author accepts no liability for any loss or damage arising from reliance on the content.