One solution that comes to mind for this is for CDN's to have an edge node just outside of the great firewall of China. Even with a simple edge side include, the impact on Github's servers should be near zero.
Putting a dynamic app like Github behind a CDN with page-caching just does not work. Sure they could freeze those projects and serve what is now essentially static HTML, but in day-to-day operations you're left using CDN products that let you serve static parts separately from dynamic parts, which is probably of dubious benefit during a DoS attack.
Github has got a bit of a read mostly situation. If read requests where funneled so that there was only one per URL per edge node at any given point in time (which edge side includes effectively gives you), it would make for pretty easy to manage load for Github.
