Github Designing Data-intensive Applications ✭

Second, and more radically, GitHub implemented (horizontal partitioning) using a custom middleware layer called gh-ost (GitHub Online Schema Transfers) and later, their Vitess-inspired system. They split the massive issues and pull_requests tables by repository ID. This meant that data for a single repository always lived on one shard. This is a thoughtful choice: most queries (e.g., “list all issues in this repo”) are naturally local to a shard, avoiding costly distributed joins. The downside, as Kleppmann warns, is the loss of cross-shard transactional guarantees. For example, moving an issue from one repository to another becomes a complex distributed transaction, something GitHub handles with asynchronous workflows and idempotent retries. Reliability and the Chaos of Large Scale Designing a reliable system at GitHub’s scale means accepting that components will fail—and not just servers, but also network partitions, clock skews, and software bugs. Kleppmann emphasizes that reliability is not about preventing failure, but about building systems that tolerate it.

GitHub’s architecture reflects this through and reconciliation . Consider the git push operation. Network requests can time out, and clients will retry. If GitHub processes the same push twice, it must not duplicate commits or corrupt the repository. By leveraging Git’s own immutable, content-addressed nature (where the same data yields the same hash), pushes are naturally idempotent. However, metadata operations are harder. When a webhook delivers a “push” event to an integration, the integration might fail. GitHub therefore implements an outbox pattern : the event is written to a persistent queue (like Kafka or their internal Resque system) before being sent. If delivery fails, the queue retries with exponential backoff, guaranteeing at-least-once delivery. The consumer, in turn, must be written to handle duplicates gracefully. github designing data-intensive applications

To bridge this gap, GitHub employs a classic data-intensive pattern: . The raw Git data is stored on disk in a highly optimized, custom storage layer (historically using libgit2 and later their own git bindings). But the metadata—issues, pull request comments, user profiles, permissions—lives in a relational database (originally MySQL, later sharded MySQL clusters). This dual-engine approach is a key lesson from Designing Data-Intensive Applications : no single tool can handle all access patterns. GitHub does not force Git’s graph structure into SQL tables; instead, it builds a translator layer that writes to both systems consistently, ensuring that a push updates both the Git object store and the relational metadata of the repository. Scalability: The War Against the Database Kleppmann dedicates significant attention to the challenges of scaling databases beyond a single machine. GitHub’s history is a chronicle of these battles. For years, the site’s main relational database (MySQL) grew to an unmanageable size. The classic solution—vertical scaling (buying a bigger server)—reached its limits. The number of connections, the size of indexes, and the working set of memory no longer fit on any single commodity server. This is a thoughtful choice: most queries (e

First, they used to offload read queries. The main production database (the leader) handled all writes. A constellation of read-only replicas served SELECT queries for the web interface, API calls, and analytics. This follows Kleppmann’s principle of separating read paths from write paths. However, replication introduced its own classic problem: replication lag . A user might comment on an issue (write to leader) and then immediately refresh the page, only to read from a replica that hasn’t yet applied the change. GitHub solved this with application-level logic: for a short “critical consistency” window after a write, the application forced reads to go to the leader. Reliability and the Chaos of Large Scale Designing