On This Page
- GitLab CI Capabilities Missing in GitHub
- GitHub Actions Gaps
- GitLab CI Compliance Differentiators
- GitLab CI Compliance Differentiators
- GitLab vs GitHub CI Configuration Comparison
- GitLab vs GitHub Packet Registry Comparison
- GitLab vs GitHub CI/CD Security Comparison
- GitLab vs GitHub CI/CD Summary Comparison
- GitLab vs GitHub Container Registry comparison
GitLab CI Capabilities Missing in GitHub
| GitLab Capability | Features |
|---|---|
| Built-in CI | No plug-ins or third party components. |
| Simplify DevOps process for new team members | AutoDevOps recognizes the code and automatically sets up the end to end devops template |
| Preview App before Merge to reduce defects, shorten development time | Preview changes with review apps. Environments Autostop for review apps |
| Model and manage large, complex projects and teams | Subgroups within Groups to manage large projects, Group File Templates (templates at the group level to drive standardization), Group drop-down in navigation to easily find groups |
GitHub Actions Gaps
Source: GitHub Actions Community Forum The following table lists key gaps in GitHub Actions and its associated impact. This information is derived from user feedback in GitHub Actions Community Group and was assimilated on April 10, 2020.
| Description | Impact | Reference |
|---|---|---|
| Continuous Integration | ||
| Issues That Increase Operational Costs | ||
| Actions cannot be accessed across other private repositories even when repos are within the same organization. | Hard to reuse code. Need hard to implement workarounds to overcome this limitation | GitHub Community Discussion |
| Cannot delete individual workflow runs from UI | Persistence of failed workflow runs adds to clutter and reduces manageability. | GitHub Community Discussion |
| Continuous Delivery | ||
| Issues That Increase Delivery Time | ||
| Unable to re-run just a single job in a workflow | For example, cannot re-run just some of the failed tests. Users have to rerun the entire workflow, resulting in wasted time/loss of productivity. In a workflow with 10 jobs, you have to re-run all 10. | GitHub Community Discussion |
| Issues That Increase Operational Costs | ||
| Cannot easily trigger different workflows for staging and production environment | Conditional workflows are hard to implement and maintain because GitHub Actions Events do not have types associated with it. Have to implement series of if conditions in the workflow. | GitHub Community Discussion |
| Cannot trigger a new workflow from another workflow using the repository’s GITHUB_TOKEN. Options are to 1) create a bot user and use a personal access token or 2) create a github app. | Cannot easily kick off tests after a code push. Must use one of the prescribed workarounds. | GitHub Community Discussion |
| Cannot trigger actions via Pull Request Messages/Comment | E.g. User does not want some Actions that take long to run to fire on every pull request. Instead add a comment in the PR to prevent certain actions from running. | GitHub Community Discussion |
| Lack of support for YAML anchors and aliases | Prevents code reuse. To overcome this limitation users need to cut and paste code, 5x the workflow size, difficult to maintain. | GitHub Community Discussion |
| Enterprise Readiness | ||
| Issues That Increase Risk | ||
| Making secrets availabe to builds of forks | Increased security vulnerability due to work arounds such as including token in plain text in workflows. | GitHub Community Discussion |
| GitHub Actions requires credentials for accessing Docker Images from a public repository. Works manually through UI. | Need a separate Docker Registry as a workaround. GitHub Packages cannot be accessed through Actions without credentials. | GitHub Community Discussion |
GitLab CI Compliance Differentiators
| GitLab Capability | Features |
|---|---|
| PCI Compliance | GitLab addresses application security, which is a critical element for the enterprise wishing to be PCI-compliant. |
| HIPPA | Identify and manage risks and vulnerabilities, Define and enforce development standards and processes |
| GDPR | Membership locking, rejecting unsigned commits, user permissions, push rules etc. prevent sensitive files from accidentally being pushed to production. |
| IEC 62304:2006 ISO 13485:2016 ISO 26262-6:2018 |
Creating and documenting plans and processes, maintaining end to end traceability etc. help support these compliance needs |
GitLab CI Compliance Differentiators
| GitLab Capability | Features |
|---|---|
| PCI Compliance | GitLab addresses application security, which is a critical element for the enterprise wishing to be PCI-compliant. |
| HIPPA | Identify and manage risks and vulnerabilities, Define and enforce development standards and processes |
| GDPR | Membership locking, rejecting unsigned commits, user permissions, push rules etc. prevent sensitive files from accidentally being pushed to production. |
| IEC 62304:2006 ISO 13485:2016 ISO 26262-6:2018 |
Creating and documenting plans and processes, maintaining end to end traceability etc. help support these compliance needs |
GitLab vs GitHub CI Configuration Comparison
GitLab vs GitHub Packet Registry Comparison
GitLab vs GitHub CI/CD Security Comparison
GitLab vs GitHub CI/CD Summary Comparison
GitLab vs GitHub Container Registry comparison
| Features | GitHub | GitLab |
|---|---|---|
| Docker image support Supports storage and retrieval of Docker style containers |
Yes | Yes |
| Container registry webhooks Trigger actions after a successful push to a registry to integrate Docker Hub with other services. |
Yes | Yes |
| Container registry high availability Highly available through the use of multiple replicas of all containers and metadata such that if a machine fails, the registry continues to operate and can be repaired. |
No | Yes |
| Container Registry geographic replication Supports distributed teams by running multiple registry instances across several regions and syncing between data centers. |
No | Yes |
| Supports private container registries Offers the ability to have private container registries and repositories |
Yes | Yes |
| Image Expiration policies Easily define, manage and update project-level policies to define which images should be removed and preserved. This feature is designed to helpyou reduce storage costs and prevent important images from being deleted. |
No | Yes |
| Self-managed container registry offering Container registry which is available to be self-installed and self-managed in an organizations data center, co-hosted, or in a chosen cloud provider. |
Yes | Yes |
| Use container registry through REST API Enables support for automation and integration of container registry through a REST API. |
No | Yes |
| Lower the cost of storage for the GitLab Container Registry by running garbage collection In the context of the Docker registry, garbage collection is the process of removing blobs from the filesystem when they are no longer referenced by a manifest. |
No | Yes |
| Use search to find a container images Search your group and project’s Container Registry by image name |
Yes | Yes |
| Helm chart repository support Supports storage and retrieval of Helm charts. |
Yes | Yes |
