How to build deppbot

Transcript

1. RubyConf China 2016 How to build deppbot Stories from building

   https:/ /www.deppbot.com

2. ౯ݝฎ... ኼ睞 I only know a little

3. deppbot core team @JuanitoFatas

4. DANGER CONTRIBUTOR danger.systems

5. None
6. None

7. Rails Guides by @AndorChen

8. None

9. You may know me from

10. None

11. First Time in ౮᮷

12. None

13. ౯犥獮犖ฎ㮆嘨蜦 聲硬襑穩䋿ࣁݑ犋ԧ ݝঅ㬵樄敋蝍穩ᛔኧ ᄆᄆݪ秚

14. 匍ࣁ౯ᛔ૩樄敋మ 䓄ࠨ疰䓄ࠨ疰ᓒ

15. ॠሴ聲ৼ犖 犋胼瞲ֵ౯

16. ᮎ䒍猆 讔簡蝡㱾 瞤硛ک瞨

17. ౮᮷Ӟଷ㬵ԧ 疰犋మ 櫝樄ጱउ૱

18. None

19. ࢯࣁ泷໲Ӥ೉஑ ૪妿睲綡Ոኞԧ 礬๜蚎犋ԧ

20. ᯿碝ਧ嬝ԧ 犋ᬘ疰ฎᬘ ᬘ疰ฎ粁ᬘ

21. How often do you update? !!

22. LATER EQUALS NEVER

23. Winston Teo Practice of updating all dependencies to newer versions

    several times a month. Founder, Jolly Good Code Continuous Updates

24. 論持續更新 時常更新項⽬ 的 RubyGems 乃最佳實踐也 — 胡適之

25. Benefits of Continuous Updates

26. INCREMENTAL IMPROVEMENTS

27. FIX SECURITY VULNERABILITIES

28. REDUCE
 TECHNICAL DEBT

29. MAKE FUTURE UPGRADE EASIER

30. DEVELOPER DISLIKE LEGACY GEMS

31. MAINTAINER
 LOVE BUGS FROM NEW RELEASES

32. CONTINUOUS LEARNINGS FROM GEM UPDATES

33. SHIP LATEST SOFTWARES

34. deppbot is a… Automated Updates Service

35. deppbot is a… Security Updates Service

36. deppbot is a… Dependency Updates Service

37. None
38. None

39. Why built deppbot?

40. Worked at Consultancy

41. Client Projects

42. Minimum Value Product

43. Ship Latest Gems

44. I like to keep my Gems updated

45. None
46. None
47. None

48. HOWTO USE deppbot

49. 1. Sign Up / Sign In

50. 2. Subscribe

51. deppbot adds herself to your repo Run Automated Updates every

    1.hour do if need_to_update? Run Automated Updates end end
52. None

53. Process

54. git clone  works for project hosts on bitbucket, submodules

    too

55. bundle update  Updates Gemfile.lock and install gems

56. Travis CI? Not all kinds of gems can be installed

    on a single VPS

57. bundle lock --update  Updates Gemfile.lock without installing This command

    re-introduced in bundler v1.10 #3439

58. diff -u  Diff of Gemfile.lock (before / after)

59. Delete Repo on VPS  immediately when we got the

    diff

60. Cook Pull Request  gem links, compare views, changelogs, time

    savings

61. Pull Request &YBN QMF

62. nokogiri  Query RubyGems.org API Gem authors, please fill in

    your metadata

63. nokogiri  Find GitHub URL from RubyGems data Gem authors,

    please fill in your metadata

64. 1.6.6.4…1.6.7  Parse diff and link_to repository compare view for

    code review Gem authors, please push your tags when release a gem

65. CHANGELOG  Query GitHub API, jollygoodcode/whatsnew Don’t let your friends

    dump git logs into CHANGELOGs

66. Time Savings  Sum every Pull Request processed time

67. Send Pull Request  Merged and keep up-to-date

68. Stats

69. Heroku

70. Bundler uses 250MB v1.7.2

71. Some Bundler features only available at v1.9.x

72. Fork buildpack for Custom Bundler version

73. Fork buildpack for Custom Bundler version Digital Ocean

74. Digital Ocean 1CPU Production*1 (2GB) Staging*1 (1GB) Amazon RDS http:/

    /stackshare.io/deppbot/deppbot

75. 500+ users

76. 10% paid

77. None

78. 2150 commits 515 Pull Requests

79. deppbot uses deppbot to build deppbot

80. FAST TEST SUITE FAST FEEDBACK

81. https://www.deppbot.com 8629 Pull Requests Sent 944 hours Engineering Time Saved

82. The Birth of deppbot 2015.09.03 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/3

83. Automated Bundle Updates

84. None

85. Automated Security Updates 2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15

86. 2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15

87. None

88. Small Features Improvements Bug fixes Refactorings

89. Not only deppbot

90. Other Services

91. https:/ /libraries.io https:/ /gemnasium.com https:/ /requires.io https:/ /david-dm.org Notification Only

    notify you

92. Actionable https:/ /deppbot.com http:/ /pyup.io https:/ /greenkeeper.io http:/ /tachikoma.io Do,

    don’t tell

93. From idea to product

94. bundle update add, commit, push open a new PR on

    GitHub.com Issue the Pull Request Manually

95. today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git

    pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" Script

96. today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git

    pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" 15 m ins

97. Discover tachikoma.io

98. Too Expensive $49/mo

99. Some clients are also interested

100. Decided to create a SaaS

101. Hence deppbot

102. Dependency Bot = depbot

103. depbot is taken

104. Johnny depp is cool

105. deppbot

106. How does it work?

107. ! " Your Project deppbot GitHub Subscribe Automated Updates

108. Normal Updates Security Updates Automated Updates

109. Normal Updates 1. Need update? 2. bundle update 3. Send

     Pull Request
110. None

111. Normal Updates 1. Need update? 2. bundle update 3. Send

     Pull Request

112. bundle update 1. clone & setup 2. start new build

     3. bundle update 4. store diff

113. bundle update

114. bundle update

115. Normal Updates 1. Need update? 2. bundle update 3. Send

     Pull Request

116. Send Pull Request 1. Check if can send? 2. Send

     it 3. Finish build

117. Send Pull Request

118. Send Pull Request

119. Send Pull Request

120. Security Updates 1. Need update? 2. security update 3. Send

     Pull Request
121. None
122. None
123. None
124. None
125. None

126. Security Updates 1. Need update? 2. security update 3. Send

     Pull Request
127. None
128. None
129. None
130. None
131. None
132. None
133. None

134. Problems

135. GitHub Organisations API GitHub permissions https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/11

136. GitHub API limit

137. None
138. None

139. ݶӞ㮆Ӯኴ ݶӞ㮆瓵మ

140. 1 PR at a time

141. Listen to PR events Track if you merged Don’t send

     PR if open Webhook

142. Webhook

143. Webhook

144. Webhook

145. Webhook

146. GitHub is down

147. RubyGems.org Downtime

148. Many other tricky cases

149. Conclusion

150. Idea is CHEAP

151. Create value for users

152. Marketing is HARD

153. Bugs are unpredictable

154. Ruby is Elegant and Beautiful

155. Open Source from real app

156. Share what you learned

157. Code is useless till shipped

158. Embrace Changes

159. Raises Awareness of gems

160. Continuous Learnings

161. Continuous Updates

162. Update Early

163. Update Often

164. YES WE CAN DO IT!!

165. #MakeRubyGreatAgain http://blog.testdouble.com/posts/2016-05-09-make-ruby-great-again.html Hopefully

166. I have deppbot stickers

167. Special Thanks @huacnlee @lgn21st

168. None

169. Any Questions?

170. THANK YOU!