How to manage a successful InnerSource program


Here, we'll discuss how you can design an InnerSource program to enjoy the best of open-source patterns within any software development organization.

What is InnerSource?

InnerSource is the practice of applying open-source patterns to projects with a limited audience. For example, a company may establish an InnerSource program that mirrors the structure of a typical open-source project, except that it is only accessible to the employees of that company. In effect, it's an open-source program behind your company's firewall.

InnerSource benefits

An InnerSource program can offer numerous benefits beyond what traditional closed-source models provide.

First, they encourage transparency. Access to the source code of other company projects can help developers be more productive when working on their own projects. They can see how different teams solved problems similar to the ones they're facing, and often find code and other assets that they can reuse. Access to team issues, pull requests, and project plans also provide better data for them to understand the velocity and direction of the project.

Next, they reduce friction. If a consumer team is dependent on a bug fix or new feature for a project owned by a different team, they have a channel through which they can propose the changes they need. And if those changes cannot be merged in for any reason, the consumer team has the option of forking the project to meet their needs.

Finally, they standardize practices. A common challenge development organizations face is that different teams often diverge in the ways they operate. Building an InnerSource program is a great opportunity to adopt standard conventions that can be leveraged across every development team, even if they don't follow identical practices. For example, two teams may prefer different processes for accepting contributions. Having them standardize on the way they communicate their different processes makes it much easier for anyone to contribute to either.

These examples are just a few of the benefits enjoyed by InnerSource programs. To learn more, see An introduction to InnerSource.

Setting up an InnerSource program on GitHub

Setting repository visibility and permissions

You can configure GitHub repositories with three levels of visibility. Users who do not meet the visibility requirement will see "not found" pages when trying to access your repository. The levels are:

  • Public repositories are visible to everyone. Use this visibility for projects that are truly open source and offer access to people inside and outside of your organization.
  • Internal repositories are only visible to members of the organization that owns them. Use this visibility for InnerSource projects.
  • Private repositories are only visible to the owner and any teams or individuals they add. Use this visibility for projects that should only be accessed by specific users and groups.

Once you've established repository visibility, you can configure permissions on an individual or team basis. There are five permission levels:

  • Read level is recommended for non-code contributors who want to view or discuss the project.
  • Triage level is recommended for contributors who need to proactively manage issues and pull requests without write access.
  • Write level is recommended for contributors who actively push to the project.
  • Maintain level is recommended for project managers who need to manage the repository without access to sensitive or destructive actions.
  • Admin level is recommended for people who need full access to the project, including sensitive and destructive actions like managing security or deleting a repository.

Learn more about repository access permissions by level.

Creating discoverable repositories

As an InnerSource program grows, the number of repositories will likely scale up significantly. While it's great to have all these assets available to the organization, it can become a challenge to efficiently find content. To proactively address this issue, it is a best practice for teams to consider what they can do to make it easier for others to find and work with their repositories.

A few best practices include:

  • Use a descriptive repository name, such as warehouse-api or supply-chain-web.
  • Include a concise description. A sentence or two should be enough for potential users to know if the project might fit their needs.
  • Include a file in the root of the repository. GitHub uses this file as the landing page when people visit the repository.
    • Articulate the purpose and vision of the project so potential consumers understand whether it fits their needs.
    • Offer visual aids, such as screenshots or code samples, to illustrate the project in action.
    • Include a link to a production or demo version of the app for review.
    • Set expectations for prerequisites and deployment procedures. If the project has disqualifying prerequisites, then let potential users know early.
    • Include references to projects on which you depend. Visitors may only need to use one of the projects you depend on to meet their needs, and this will save everyone time. It's also a good way to promote the work of others.
    • Make use of Markdown to guide readers through properly formatted content.

Check out some Awesome README examples.

Once the project has launched, use email and other networking channels to promote it. Reaching an appropriate audience could produce a significant boost in project participation.

Managing projects on GitHub

As projects gain traction, the influx of users and contributions can require a lot of work to manage. Depending on the project, a significant amount of work may be required just to manage the expectations of project participants.

To proactively address this, GitHub looks for a file in the root (or /docs or /.github) of a repository. Use this file to explain the contribution policy for the project. The exact details may vary, but it's a good idea to let potential contributors know what conventions the project follows, where the team is looking for pull requests, what details are requested for bug reports, and so on.

If a exists, GitHub will present a link to it when users create issues or pull requests to encourage them to follow it.

Contributing guidelines links.

Check out some Awesome examples

Creating issue and pull request templates

GitHub supports starter templates for new issues and pull requests. Use these to provide the initial description text for a newly created issue or pull request.

For example, if your project has .github/, anytime a user starts the process of creating an issue, they will see this content. Rather than having to constantly reference the required details from a, they'll be able to just fill out the issue like a form using the template text.

A new issue using the template.

It's the same for pull requests, except that the path is .github/

Check out some Awesome GitHub issue & pull request templates.

Defining workflows

For projects that encourage external contributions, be sure to specify what workflow the project follows. The workflow should include details about where and how branches should be used for bugs and features, how pull requests should be opened, and any other details people outside the repository team should know before they push code. If you don't yet have a workflow in mind, you should consider the GitHub flow.

You should communicate a strategy for managing releases and deployments. These parts of the workflow will impact day-to-day branching and merging, so it's important to communicate them to contributors. Learn more about how they relate to your Git branching strategy.

Measuring program success

Any team venturing into InnerSource should think about the kinds of metrics they want to track to gauge the success of their program. While traditional metrics like "time to market" and "bugs reported" are still applicable, they aren't necessarily going to illustrate the benefits achieved through InnerSource.

Instead, consider adding metrics that show how external participation has improved project quality. Is the repository receiving pull requests from external sources that fix bugs and add features? Are there active participants in discussions around the project and its future? Is the program inspiring an InnerSource expansion that drives benefits elsewhere in the organization?

In short, metrics are hard, especially when it comes to measuring the value and impact of individual and team contributions. If misused, metrics can harm the culture, existing processes, and diminish the collective sentiment towards the organization or leadership team. When thinking about measuring InnerSource adoption, consider the following:

  • Measure process, not output
    • Code review turnaround time
    • Pull request size
    • Work in progress
    • Time to open
  • Measure against targets and not absolutes
  • Measure teams and not individuals
    • Number of unique contributors to a project
    • Number of projects reusing code
    • Number of cross-team @mentions

Learn about the successes others have enjoyed in these InnerSource case studies.