Github Designing Data-intensive Applications - [portable]

GitHub’s architecture reflects this through and reconciliation . Consider the git push operation. Network requests can time out, and clients will retry. If GitHub processes the same push twice, it must not duplicate commits or corrupt the repository. By leveraging Git’s own immutable, content-addressed nature (where the same data yields the same hash), pushes are naturally idempotent. However, metadata operations are harder. When a webhook delivers a “push” event to an integration, the integration might fail. GitHub therefore implements an outbox pattern : the event is written to a persistent queue (like Kafka or their internal Resque system) before being sent. If delivery fails, the queue retries with exponential backoff, guaranteeing at-least-once delivery. The consumer, in turn, must be written to handle duplicates gracefully.

First, they used to offload read queries. The main production database (the leader) handled all writes. A constellation of read-only replicas served SELECT queries for the web interface, API calls, and analytics. This follows Kleppmann’s principle of separating read paths from write paths. However, replication introduced its own classic problem: replication lag . A user might comment on an issue (write to leader) and then immediately refresh the page, only to read from a replica that hasn’t yet applied the change. GitHub solved this with application-level logic: for a short “critical consistency” window after a write, the application forced reads to go to the leader. github designing data-intensive applications

This is where gh-ost (GitHub Online Schema Tool) shines. Traditional ALTER TABLE locks the table, blocking writes for minutes or hours. gh-ost instead creates a shadow table with the new schema, copies data in small chunks, and replays the binary log of writes from the original table onto the shadow table—all while the application continues running. At the final moment, it performs a near-instantaneous atomic swap of table names. This is a direct implementation of Kleppmann’s discussion of and eventual consistency . The system is in a temporary, inconsistent state (rows exist in both tables), but the application logic hides this complexity. The maintainability payoff is immense: GitHub can deploy schema changes hundreds of times per day, a velocity unthinkable in a system that required scheduled maintenance windows. Conclusion: The Eternal Trade-Offs GitHub is not a perfect system. It has suffered outages, data inconsistencies, and scaling pains. But its evolution from a single MySQL database to a global, polyglot data platform exemplifies every major idea in Designing Data-Intensive Applications . It teaches us that there is no “one true way.” Reliable systems use replication, but fight lag. Scalable systems use sharding, but lose distributed transactions. Maintainable systems evolve online, but pay the complexity of dual-writes and temporary inconsistency. If GitHub processes the same push twice, it

To bridge this gap, GitHub employs a classic data-intensive pattern: . The raw Git data is stored on disk in a highly optimized, custom storage layer (historically using libgit2 and later their own git bindings). But the metadata—issues, pull request comments, user profiles, permissions—lives in a relational database (originally MySQL, later sharded MySQL clusters). This dual-engine approach is a key lesson from Designing Data-Intensive Applications : no single tool can handle all access patterns. GitHub does not force Git’s graph structure into SQL tables; instead, it builds a translator layer that writes to both systems consistently, ensuring that a push updates both the Git object store and the relational metadata of the repository. Scalability: The War Against the Database Kleppmann dedicates significant attention to the challenges of scaling databases beyond a single machine. GitHub’s history is a chronicle of these battles. For years, the site’s main relational database (MySQL) grew to an unmanageable size. The classic solution—vertical scaling (buying a bigger server)—reached its limits. The number of connections, the size of indexes, and the working set of memory no longer fit on any single commodity server. When a webhook delivers a “push” event to