Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to build deppbot
Search
Juanito Fatas
September 24, 2016
Technology
3
560
How to build deppbot
@ RubyConf China 2016
Juanito Fatas
September 24, 2016
Tweet
Share
More Decks by Juanito Fatas
See All by Juanito Fatas
Data Migration with Confidence
juanitofatas
3
870
My Open Source Journey
juanitofatas
1
3k
NSDanger
juanitofatas
1
170
Introducing Danger
juanitofatas
0
300
Twemoji 3.0 in the making and announcement beyond SG50
juanitofatas
0
670
Continuous Updates
juanitofatas
0
130
Ruby Asia and dat bacon cannon
juanitofatas
1
240
Update Early, Update Often
juanitofatas
1
1k
RSpec for Practical Rubyist
juanitofatas
11
790
Other Decks in Technology
See All in Technology
最近のSRE支援ニーズ考察 | sogaoh's LT @ Road to SRE NEXT@札幌
sogaoh
PRO
1
190
エンジニアリング 💰Moneyジャー / Engineering Money-ger
kenchan
2
310
最近のラズピッピいじり / 20250308-rpijam-13th-birthday
akkiesoft
0
190
エンジニア採用と 技術広報の実践/acaricsummit2025
nishiuma
1
160
完璧を捨てろ! “攻め”のQAがもたらすスピードと革新/20250306 Hiroki Hachisuka
shift_evolve
0
200
StotybookからはじめるVRT -個人開発編-
arrow2nd
1
870
x86-64 Assembly Essentials
latte72
4
1.1k
大人の学び - マイクの持ち方について
kawaguti
PRO
3
430
AIエージェント開発のノウハウと課題
pharma_x_tech
10
6k
Db2 SaaS(Db2 on Cloud Gen3)を見てみよう/20250306-Db2SaaS-dojo
mayumihirano
0
100
Oracle Cloud Infrastructure IaaS 新機能アップデート 2024/12 - 2025/02
oracle4engineer
PRO
0
140
プロダクト開発者目線での Entra ID 活用
sansantech
PRO
0
310
Featured
See All Featured
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
590
Code Reviewing Like a Champion
maltzj
521
39k
We Have a Design System, Now What?
morganepeng
51
7.4k
Site-Speed That Sticks
csswizardry
4
430
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Thoughts on Productivity
jonyablonski
69
4.5k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.3k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
28
2k
Designing on Purpose - Digital PM Summit 2013
jponch
117
7.1k
Designing for Performance
lara
605
68k
Automating Front-end Workflow
addyosmani
1369
200k
Transcript
RubyConf China 2016 How to build deppbot Stories from building
https:/ /www.deppbot.com
౯ݝฎ... ኼ睞 I only know a little
deppbot core team @JuanitoFatas
DANGER CONTRIBUTOR danger.systems
None
None
Rails Guides by @AndorChen
None
You may know me from
None
First Time in ౮᮷
None
౯犥獮犖ฎ㮆嘨蜦 聲硬襑穩䋿ࣁݑ犋ԧ ݝঅ㬵樄敋蝍穩ᛔኧ ᄆᄆݪ秚
匍ࣁ౯ᛔ૩樄敋మ 䓄ࠨ疰䓄ࠨ疰ᓒ
ॠሴ聲ৼ犖 犋胼瞲ֵ౯
ᮎ䒍猆 讔簡蝡㱾 瞤硛ک瞨
౮᮷Ӟଷ㬵ԧ 疰犋మ 櫝樄ጱउ૱
None
ࢯࣁ泷Ӥ ૪妿睲綡Ոኞԧ 礬蚎犋ԧ
᯿碝ਧ嬝ԧ 犋ᬘ疰ฎᬘ ᬘ疰ฎ粁ᬘ
How often do you update? !!
LATER EQUALS NEVER
Winston Teo Practice of updating all dependencies to newer versions
several times a month. Founder, Jolly Good Code Continuous Updates
論持續更新 時常更新項⽬ 的 RubyGems 乃最佳實踐也 — 胡適之
Benefits of Continuous Updates
INCREMENTAL IMPROVEMENTS
FIX SECURITY VULNERABILITIES
REDUCE TECHNICAL DEBT
MAKE FUTURE UPGRADE EASIER
DEVELOPER DISLIKE LEGACY GEMS
MAINTAINER LOVE BUGS FROM NEW RELEASES
CONTINUOUS LEARNINGS FROM GEM UPDATES
SHIP LATEST SOFTWARES
deppbot is a… Automated Updates Service
deppbot is a… Security Updates Service
deppbot is a… Dependency Updates Service
None
None
Why built deppbot?
Worked at Consultancy
Client Projects
Minimum Value Product
Ship Latest Gems
I like to keep my Gems updated
None
None
None
HOWTO USE deppbot
1. Sign Up / Sign In
2. Subscribe
deppbot adds herself to your repo Run Automated Updates every
1.hour do if need_to_update? Run Automated Updates end end
None
Process
git clone works for project hosts on bitbucket, submodules
too
bundle update Updates Gemfile.lock and install gems
Travis CI? Not all kinds of gems can be installed
on a single VPS
bundle lock --update Updates Gemfile.lock without installing This command
re-introduced in bundler v1.10 #3439
diff -u Diff of Gemfile.lock (before / after)
Delete Repo on VPS immediately when we got the
diff
Cook Pull Request gem links, compare views, changelogs, time
savings
Pull Request &YBN QMF
nokogiri Query RubyGems.org API Gem authors, please fill in
your metadata
nokogiri Find GitHub URL from RubyGems data Gem authors,
please fill in your metadata
1.6.6.4…1.6.7 Parse diff and link_to repository compare view for
code review Gem authors, please push your tags when release a gem
CHANGELOG Query GitHub API, jollygoodcode/whatsnew Don’t let your friends
dump git logs into CHANGELOGs
Time Savings Sum every Pull Request processed time
Send Pull Request Merged and keep up-to-date
Stats
Heroku
Bundler uses 250MB v1.7.2
Some Bundler features only available at v1.9.x
Fork buildpack for Custom Bundler version
Fork buildpack for Custom Bundler version Digital Ocean
Digital Ocean 1CPU Production*1 (2GB) Staging*1 (1GB) Amazon RDS http:/
/stackshare.io/deppbot/deppbot
500+ users
10% paid
None
2150 commits 515 Pull Requests
deppbot uses deppbot to build deppbot
FAST TEST SUITE FAST FEEDBACK
https://www.deppbot.com 8629 Pull Requests Sent 944 hours Engineering Time Saved
The Birth of deppbot 2015.09.03 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/3
Automated Bundle Updates
None
Automated Security Updates 2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15
2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15
None
Small Features Improvements Bug fixes Refactorings
Not only deppbot
Other Services
https:/ /libraries.io https:/ /gemnasium.com https:/ /requires.io https:/ /david-dm.org Notification Only
notify you
Actionable https:/ /deppbot.com http:/ /pyup.io https:/ /greenkeeper.io http:/ /tachikoma.io Do,
don’t tell
From idea to product
bundle update add, commit, push open a new PR on
GitHub.com Issue the Pull Request Manually
today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git
pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" Script
today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git
pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" 15 m ins
Discover tachikoma.io
Too Expensive $49/mo
Some clients are also interested
Decided to create a SaaS
Hence deppbot
Dependency Bot = depbot
depbot is taken
Johnny depp is cool
deppbot
How does it work?
! " Your Project deppbot GitHub Subscribe Automated Updates
Normal Updates Security Updates Automated Updates
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
None
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
bundle update 1. clone & setup 2. start new build
3. bundle update 4. store diff
bundle update
bundle update
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
Send Pull Request 1. Check if can send? 2. Send
it 3. Finish build
Send Pull Request
Send Pull Request
Send Pull Request
Security Updates 1. Need update? 2. security update 3. Send
Pull Request
None
None
None
None
None
Security Updates 1. Need update? 2. security update 3. Send
Pull Request
None
None
None
None
None
None
None
Problems
GitHub Organisations API GitHub permissions https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/11
GitHub API limit
None
None
ݶӞ㮆Ӯኴ ݶӞ㮆瓵మ
1 PR at a time
Listen to PR events Track if you merged Don’t send
PR if open Webhook
Webhook
Webhook
Webhook
Webhook
GitHub is down
RubyGems.org Downtime
Many other tricky cases
Conclusion
Idea is CHEAP
Create value for users
Marketing is HARD
Bugs are unpredictable
Ruby is Elegant and Beautiful
Open Source from real app
Share what you learned
Code is useless till shipped
Embrace Changes
Raises Awareness of gems
Continuous Learnings
Continuous Updates
Update Early
Update Often
YES WE CAN DO IT!!
#MakeRubyGreatAgain http://blog.testdouble.com/posts/2016-05-09-make-ruby-great-again.html Hopefully
I have deppbot stickers
Special Thanks @huacnlee @lgn21st
None
Any Questions?
THANK YOU!