01Fundamentals
Git vs GitHub · the 4-stage architecture · installation
🔧 Git
localA distributed version control system installed on your machine. Tracks every change to your files and lets you branch, merge, and roll back history offline.
☁️ GitHub
remoteA cloud platform built around Git that adds collaboration: pull requests, issues, Actions, code review, and project management.
The Four-Stage Architecture
flowchart LR A[Working Directory] -- "git add" --> B[Staging Area / Index] B -- "git commit" --> C[Local Repository] C -- "git push" --> D[Remote — GitHub] D -- "git pull / fetch" --> A style A fill:#15181b,stroke:#39ff7a,color:#fff style B fill:#15181b,stroke:#4fb6ff,color:#fff style C fill:#15181b,stroke:#ffd166,color:#fff style D fill:#15181b,stroke:#ff5b77,color:#fff
Install & Global Config
git --version
git config --global user.name "Your Name"
git config --global user.email "you@example.com"
git config --global init.defaultBranch main
git config --global core.editor "code --wait"
git config --list02Core Workflow
init, add, commit, status, log, diff
git init # start a new repo
git clone <url> # copy a remote repo
git status # see what changed
git add file.js # stage a file
git add . # stage everything
git commit -m "feat: add login"
git log --oneline --graph --all
git diff # unstaged changes
git diff --staged # staged changes| Command | Purpose |
|---|---|
git restore file | Discard unstaged changes |
git restore --staged file | Unstage a file (modern alternative to git reset) |
git commit --amend | Edit the last commit's message/content |
git show <commit> | Inspect a single commit |
git add -p to stage changes hunk-by-hunk instead of whole files — essential for clean, atomic commits.03Branching & Merging
Branch models · merge strategies · resolving conflicts
gitGraph commit id: "init" branch feature/login checkout feature/login commit id: "add form" commit id: "add validation" checkout main commit id: "hotfix" merge feature/login id: "merge login" branch feature/payments checkout feature/payments commit id: "stripe setup" checkout main merge feature/payments
git branch feature/login # create
git checkout feature/login # switch
git switch -c feature/login # create + switch (modern)
git merge feature/login # merge into current branch
git branch -d feature/login # delete (merged)
git branch -D feature/login # force deleteMerge Conflicts
flowchart TD
A[Two branches edit same lines] --> B{git merge}
B -->|No overlap| C[Auto-merged ✅]
B -->|Overlap| D[Conflict markers added]
D --> E["<<<<<<< HEAD ... ======= ... >>>>>>> branch"]
E --> F[Manually edit file]
F --> G[git add resolved-file]
G --> H[git commit]
style C fill:#0d1f12,stroke:#39ff7a,color:#39ff7a
style D fill:#2b1212,stroke:#ff5b77,color:#ff8a8a
git merge preserves full history with a merge commit; git merge --squash condenses a branch into one commit; git rebase rewrites history into a straight line (see Section 04).04Rebase & History
Linear history · interactive rebase · merge vs rebase
flowchart LR subgraph Merge direction LR m1((A)) --> m2((B)) --> m3((C)) m1 --> m4((D)) --> m5((E)) m3 --> m6((M)) m5 --> m6 end subgraph Rebase direction LR r1((A)) --> r2((B)) --> r3((C)) --> r4((D')) --> r5((E')) end style m6 fill:#0d1f12,stroke:#ffd166,color:#ffd166
git rebase main # rebase current branch onto main
git rebase -i HEAD~3 # interactive: squash/reword/reorder
git rebase --continue
git rebase --abort
git pull --rebase # avoid merge-commit noise on pull05Remote & Collaboration
push, pull, fetch, forks, upstream
flowchart LR L[Local Repo] -- "git push origin main" --> O[origin — your fork] O -- "Pull Request" --> U[upstream — main repo] U -- "git fetch upstream" --> L O -- "git clone" --> L style O fill:#15181b,stroke:#4fb6ff style U fill:#15181b,stroke:#39ff7a
git remote add origin <url>
git remote add upstream <original-repo-url>
git push -u origin main
git pull origin main
git fetch --all --prune
git remote -v06Worktree & Sparse Checkout
Work on multiple branches in parallel · partial clones for huge repos
Worktrees let you check out several branches simultaneously in separate folders without stashing or cloning again — now a first-class feature in GitHub Desktop 3.6, which uses worktrees so Copilot can run isolated parallel agent sessions.
# Add a new worktree for a branch
git worktree add ../hotfix-area hotfix/critical-bug
git worktree list
git worktree remove ../hotfix-area
# Sparse checkout — only pull the folders you need
git clone --filter=blob:none --sparse <url>
git sparse-checkout set src/ docs/
# Partial clone — skip large blob history
git clone --filter=blob:none <url>07Stash, Tags & Reflog
Temporary saves · release markers · the ultimate safety net
📦 Stash
tempShelve uncommitted work to switch context, then bring it back later.
🏷️ Tags
releaseImmutable pointers to a commit — used for versioning (v1.0.0, v2.3.1).
git stash # save working changes
git stash list
git stash pop # reapply + remove from stash
git stash apply stash@{1} # reapply, keep in stash
git tag -a v1.0.0 -m "First release"
git push origin --tags
git reflog # every HEAD movement, ~90 days
git reset --hard HEAD@{2} # time-travel back to a reflog entry08Cherry-pick & Bisect
Pulling single commits · binary-searching for bugs
git cherry-pick abc1234 # apply one commit onto current branch
git bisect start
git bisect bad # current commit is broken
git bisect good v1.2.0 # this old tag was fine
# Git checks out the midpoint — test it, then:
git bisect good # or
git bisect bad
git bisect reset # doneflowchart LR G[good v1.2.0] --> M1((mid)) --> M2((mid)) --> B[bad HEAD] M1 -- "bisect bad" --> M3((narrower mid)) M3 -- "bisect good" --> F[🎯 first bad commit found] style F fill:#0d1f12,stroke:#39ff7a,color:#39ff7a
09Git 2.54 — What's New
The latest stable Git release and its headline features
git replay (maturing)
An experimental command that replays a range of commits onto a new base without touching your working tree — useful for rewriting history on bare repos or automation pipelines. Git 2.54 made it perform atomic reference updates by default, added a --revert mode, support for dropping commits that become empty, and the ability to replay down to the root commit.
git replay --onto main feature~5..feature
git replay --revert main~3..main
git replay --contained --onto main featuregit add -p --no-auto-advance
Normally git add -p auto-advances to the next file once every hunk is decided. The new flag keeps the session on the current file so you can navigate with < / > and review decisions holistically before committing.
git add -p --no-auto-advancegit status on large monorepos, improved partial clone filters, safer default merge strategies (ort), and continued FSMonitor performance work for huge working trees.10Pull Requests & Reviews
Code review · merge queues · branch protection
sequenceDiagram participant Dev as Developer participant Repo as Feature Branch participant PR as Pull Request participant CI as CI Checks participant Main as main Dev->>Repo: git push origin feature Repo->>PR: Open PR PR->>CI: Trigger Actions CI-->>PR: ✅ checks pass PR->>PR: Reviewer approves PR->>Main: Merge (or via Merge Queue)
| Feature | Purpose |
|---|---|
| Merge Queue | Serializes PR merges, re-testing each against the latest main before merging — prevents "broken main" from racing merges |
| CODEOWNERS | Auto-requests review from the right people based on changed file paths |
| Branch Protection Rules | Require reviews, passing checks, signed commits, and linear history before merge |
| Draft PRs | Open work-in-progress PRs for early feedback without triggering "ready to merge" signals |
11GitHub Actions (2026)
Rebuilt core architecture · reusable workflows · OIDC · CI/CD observability
GitHub rebuilt Actions' core execution architecture in 2025–26 to improve performance, workflow flexibility, and reliability, and the 2026 roadmap focuses on secure-by-default policies, org-wide policy controls, and end-to-end CI/CD observability for the software supply chain.
flowchart TD A[Push / PR / Schedule] --> B[Workflow Triggered] B --> C[Job: build] B --> D[Job: test] C --> E[Job: deploy] D --> E E --> F[GitHub Pages / Registry / Cloud] style F fill:#0d1f12,stroke:#39ff7a,color:#39ff7a
name: CI
on:
push: { branches: [main] }
pull_request: { branches: [main] }
workflow_dispatch:
jobs:
build-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: '20' }
- run: npm ci
- run: npm test
- run: npm run buildReusable Workflows & OIDC
# call a shared workflow from another repo
jobs:
call-shared:
uses: org/shared-workflows/.github/workflows/deploy.yml@v2
secrets: inherit
# OIDC — push to cloud without storing long-lived secrets
permissions:
id-token: write
contents: read12Security & Supply Chain
CodeQL · secret scanning · Copilot Autofix · signed commits
🔍 CodeQL
SASTSemantic code analysis that scans every pull request for vulnerabilities before merge.
🔑 Secret Scanning
leakDetects leaked API keys, tokens, and credentials in commits — can block pushes containing secrets.
🩹 Copilot Autofix
AIGenerates automatic patches for ~90% of common alert types across JS, TS, Java, and Python.
✍️ Signed Commits
GPG/SSHCryptographically verify commit authorship; branch protection can require it.
git config --global commit.gpgsign true
git config --global user.signingkey <KEY_ID>
git commit -S -m "signed commit"
git log --show-signature -113Copilot & AI Agents
Coding agent · agent mode · MCP · remote control
flowchart LR A[Assign issue to Copilot] --> B[Copilot Coding Agent] B --> C[Runs in GitHub Actions sandbox] C --> D[Writes code in isolated worktree] D --> E[Opens Pull Request] E --> F[Human review & merge] G[Mobile / github.com] -- "remote control" --> B style B fill:#0d1f12,stroke:#39ff7a,color:#39ff7a
- Copilot coding agent — assign an issue, it runs autonomously in a GitHub Actions sandbox and submits a PR for review.
- Agent mode + MCP support — in VS Code, Copilot can call Model Context Protocol tools to read docs, run tests, and act across your toolchain.
- Remote control — start a Copilot session from VS Code or the CLI and finish it from GitHub Mobile or github.com.
- GitHub Desktop 3.6 — Copilot SDK powers AI commit-message generation and AI-assisted merge-conflict resolution, plus native worktree support for parallel agent sessions.
- Code review agent — Copilot can review PRs automatically and leave inline suggestions before a human ever looks.
14Hooks & Submodules
Automate local checks · nest repositories
# .git/hooks/pre-commit (make executable)
#!/bin/sh
npm run lint || exit 1
git submodule add <url> libs/shared
git submodule update --init --recursive
git submodule foreach git pull origin main| Hook | Fires |
|---|---|
pre-commit | Before a commit is created — lint/format checks |
commit-msg | Validates commit message format (e.g. Conventional Commits) |
pre-push | Before pushing — run tests, block on failure |
15Quick Reference Cheatsheet
Everything on one screen
📁 SETUP
git initgit clone urlgit config --global user.name🔍 STATUS
git statusgit log --oneline --graphgit diff➕ STAGING
git add .git add -pgit restore --staged file💾 COMMIT
git commit -m "msg"git commit --amendgit commit -S -m "msg"🌿 BRANCH
git switch -c namegit merge namegit branch -d name☁️ REMOTE
git push -u origin maingit pull --rebasegit fetch --prune🔄 ADVANCED
git rebase -i HEAD~3git replay --onto main A..Bgit cherry-pick <sha>📦 STASH/TAG
git stash / stash popgit tag -a v1.0.0git reflog🧩 WORKTREE
git worktree add ../x brgit sparse-checkout set src/git clone --filter=blob:none🎯 Key Takeaways
- Git = local version control. GitHub = remote collaboration + automation platform.
- 4 stages: Working Directory → Staging → Local Repo → Remote (GitHub).
- Rebase = linear history; merge = preserved history. Never rebase shared/public branches.
- Worktrees let you (and Copilot agents) work on several branches at once without stashing.
git replayis the modern, working-tree-free way to move commits onto a new base.- Merge queues + branch protection keep
maingreen even with concurrent PRs. - Security is default-on in 2026: CodeQL, secret scanning, signed commits, OIDC over static secrets.
- Copilot coding agent turns an assigned issue straight into a reviewable pull request.
- Reflog is your 90-day safety net — almost nothing in Git is truly unrecoverable.
- Sparse checkout + partial clone keep massive monorepos fast for humans and agents alike.