How to build deppbot

771951f55ed37335f238e1a80dfda9cd?s=47 Juanito Fatas
September 24, 2016

How to build deppbot

@ RubyConf China 2016

771951f55ed37335f238e1a80dfda9cd?s=128

Juanito Fatas

September 24, 2016
Tweet

Transcript

  1. RubyConf China 2016 How to build deppbot Stories from building

    https:/ /www.deppbot.com
  2. ౯ݝฎ... ኼ睞 I only know a little

  3. deppbot core team @JuanitoFatas

  4. DANGER CONTRIBUTOR danger.systems

  5. None
  6. None
  7. Rails Guides by @AndorChen

  8. None
  9. You may know me from

  10. None
  11. First Time in ౮᮷

  12. None
  13. ౯犥獮犖ฎ㮆嘨蜦 聲硬襑穩䋿ࣁݑ犋ԧ ݝঅ㬵樄敋蝍穩ᛔኧ ᄆᄆݪ秚

  14. 匍ࣁ౯ᛔ૩樄敋మ 䓄ࠨ疰䓄ࠨ疰ᓒ

  15. ॠሴ聲ৼ犖 犋胼瞲ֵ౯

  16. ᮎ䒍猆 讔簡蝡㱾 瞤硛ک瞨

  17. ౮᮷Ӟଷ㬵ԧ 疰犋మ 櫝樄ጱउ૱

  18. None
  19. ࢯࣁ泷໲Ӥ೉஑ ૪妿睲綡Ոኞԧ 礬๜蚎犋ԧ

  20. ᯿碝ਧ嬝ԧ 犋ᬘ疰ฎᬘ ᬘ疰ฎ粁ᬘ

  21. How often do you update? !!

  22. LATER EQUALS NEVER

  23. Winston Teo Practice of updating all dependencies to newer versions

    several times a month. Founder, Jolly Good Code Continuous Updates
  24. 論持續更新 時常更新項⽬ 的 RubyGems 乃最佳實踐也 — 胡適之

  25. Benefits of Continuous Updates

  26. INCREMENTAL IMPROVEMENTS

  27. FIX SECURITY VULNERABILITIES

  28. REDUCE
 TECHNICAL DEBT

  29. MAKE FUTURE UPGRADE EASIER

  30. DEVELOPER DISLIKE LEGACY GEMS

  31. MAINTAINER
 LOVE BUGS FROM NEW RELEASES

  32. CONTINUOUS LEARNINGS FROM GEM UPDATES

  33. SHIP LATEST SOFTWARES

  34. deppbot is a… Automated Updates Service

  35. deppbot is a… Security Updates Service

  36. deppbot is a… Dependency Updates Service

  37. None
  38. None
  39. Why built deppbot?

  40. Worked at Consultancy

  41. Client Projects

  42. Minimum Value Product

  43. Ship Latest Gems

  44. I like to keep my Gems updated

  45. None
  46. None
  47. None
  48. HOWTO USE deppbot

  49. 1. Sign Up / Sign In

  50. 2. Subscribe

  51. deppbot adds herself to your repo Run Automated Updates every

    1.hour do if need_to_update? Run Automated Updates end end
  52. None
  53. Process

  54. git clone  works for project hosts on bitbucket, submodules

    too
  55. bundle update  Updates Gemfile.lock and install gems

  56. Travis CI? Not all kinds of gems can be installed

    on a single VPS
  57. bundle lock --update  Updates Gemfile.lock without installing This command

    re-introduced in bundler v1.10 #3439
  58. diff -u  Diff of Gemfile.lock (before / after)

  59. Delete Repo on VPS  immediately when we got the

    diff
  60. Cook Pull Request  gem links, compare views, changelogs, time

    savings
  61. Pull Request &YBN QMF

  62. nokogiri  Query RubyGems.org API Gem authors, please fill in

    your metadata
  63. nokogiri  Find GitHub URL from RubyGems data Gem authors,

    please fill in your metadata
  64. 1.6.6.4…1.6.7  Parse diff and link_to repository compare view for

    code review Gem authors, please push your tags when release a gem
  65. CHANGELOG  Query GitHub API, jollygoodcode/whatsnew Don’t let your friends

    dump git logs into CHANGELOGs
  66. Time Savings  Sum every Pull Request processed time

  67. Send Pull Request  Merged and keep up-to-date

  68. Stats

  69. Heroku

  70. Bundler uses 250MB v1.7.2

  71. Some Bundler features only available at v1.9.x

  72. Fork buildpack for Custom Bundler version

  73. Fork buildpack for Custom Bundler version Digital Ocean

  74. Digital Ocean 1CPU Production*1 (2GB) Staging*1 (1GB) Amazon RDS http:/

    /stackshare.io/deppbot/deppbot
  75. 500+ users

  76. 10% paid

  77. None
  78. 2150 commits 515 Pull Requests

  79. deppbot uses deppbot to build deppbot

  80. FAST TEST SUITE FAST FEEDBACK

  81. https://www.deppbot.com 8629 Pull Requests Sent 944 hours Engineering Time Saved

  82. The Birth of deppbot 2015.09.03 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/3

  83. Automated Bundle Updates

  84. None
  85. Automated Security Updates 2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15

  86. 2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15

  87. None
  88. Small Features Improvements Bug fixes Refactorings

  89. Not only deppbot

  90. Other Services

  91. https:/ /libraries.io https:/ /gemnasium.com https:/ /requires.io https:/ /david-dm.org Notification Only

    notify you
  92. Actionable https:/ /deppbot.com http:/ /pyup.io https:/ /greenkeeper.io http:/ /tachikoma.io Do,

    don’t tell
  93. From idea to product

  94. bundle update add, commit, push open a new PR on

    GitHub.com Issue the Pull Request Manually
  95. today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git

    pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" Script
  96. today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git

    pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" 15 m ins
  97. Discover tachikoma.io

  98. Too Expensive $49/mo

  99. Some clients are also interested

  100. Decided to create a SaaS

  101. Hence deppbot

  102. Dependency Bot = depbot

  103. depbot is taken

  104. Johnny depp is cool

  105. deppbot

  106. How does it work?

  107. ! " Your Project deppbot GitHub Subscribe Automated Updates

  108. Normal Updates Security Updates Automated Updates

  109. Normal Updates 1. Need update? 2. bundle update 3. Send

    Pull Request
  110. None
  111. Normal Updates 1. Need update? 2. bundle update 3. Send

    Pull Request
  112. bundle update 1. clone & setup 2. start new build

    3. bundle update 4. store diff
  113. bundle update

  114. bundle update

  115. Normal Updates 1. Need update? 2. bundle update 3. Send

    Pull Request
  116. Send Pull Request 1. Check if can send? 2. Send

    it 3. Finish build
  117. Send Pull Request

  118. Send Pull Request

  119. Send Pull Request

  120. Security Updates 1. Need update? 2. security update 3. Send

    Pull Request
  121. None
  122. None
  123. None
  124. None
  125. None
  126. Security Updates 1. Need update? 2. security update 3. Send

    Pull Request
  127. None
  128. None
  129. None
  130. None
  131. None
  132. None
  133. None
  134. Problems

  135. GitHub Organisations API GitHub permissions https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/11

  136. GitHub API limit

  137. None
  138. None
  139. ݶӞ㮆Ӯኴ ݶӞ㮆瓵మ

  140. 1 PR at a time

  141. Listen to PR events Track if you merged Don’t send

    PR if open Webhook
  142. Webhook

  143. Webhook

  144. Webhook

  145. Webhook

  146. GitHub is down

  147. RubyGems.org Downtime

  148. Many other tricky cases

  149. Conclusion

  150. Idea is CHEAP

  151. Create value for users

  152. Marketing is HARD

  153. Bugs are unpredictable

  154. Ruby is Elegant and Beautiful

  155. Open Source from real app

  156. Share what you learned

  157. Code is useless till shipped

  158. Embrace Changes

  159. Raises Awareness of gems

  160. Continuous Learnings

  161. Continuous Updates

  162. Update Early

  163. Update Often

  164. YES WE CAN DO IT!!

  165. #MakeRubyGreatAgain http://blog.testdouble.com/posts/2016-05-09-make-ruby-great-again.html Hopefully

  166. I have deppbot stickers

  167. Special Thanks @huacnlee @lgn21st

  168. None
  169. Any Questions?

  170. THANK YOU!