Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to build deppbot
Search
Juanito Fatas
September 24, 2016
Technology
3
510
How to build deppbot
@ RubyConf China 2016
Juanito Fatas
September 24, 2016
Tweet
Share
More Decks by Juanito Fatas
See All by Juanito Fatas
Data Migration with Confidence
juanitofatas
3
800
My Open Source Journey
juanitofatas
1
2.9k
NSDanger
juanitofatas
1
160
Introducing Danger
juanitofatas
0
250
Twemoji 3.0 in the making and announcement beyond SG50
juanitofatas
0
540
Continuous Updates
juanitofatas
0
120
Ruby Asia and dat bacon cannon
juanitofatas
1
210
Update Early, Update Often
juanitofatas
1
960
RSpec for Practical Rubyist
juanitofatas
11
710
Other Decks in Technology
See All in Technology
成長期に歩みを止めないための創業期の開発文化形成
mayah
6
420
dxd2024-生成AIに振り回された3か月間の成功と失敗/dxd2024-link-and-motivation
lmi
2
260
AutomatedLabを使って内部ペンテストを勉強しよう! -やられ社内ネットワークの自動構築-
n_etupirka
1
610
データベース研修 DB基礎【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
210
フルリモートワークはエンジニアの夢を叶えたか? #cm_odyssey
mamohacy
2
600
プレイドにおけるDatadog APMの活用方法
plaidtech
PRO
2
120
ギークの理想が7つ集まるエムスリーで夢を叶えよう - エムスリー株式会社
m3_engineering
1
260
MySQLのロックの種類とその競合
yoku0825
6
1.6k
公共領域から学ぶ クラウド移行についてエンジニアが意識していること
kawakawa2222
0
140
LLMアプリケーションの評価の実践と課題 ~PharmaXにおける今後の展望~
pharma_x_tech
2
170
テストケースの自動生成に生成AIの導入を試みた話と生成AIによる今後の期待
shift_evolve
0
190
Luupの開発組織におけるインシデントマネジメントの変遷 ver.RoadtoSRENEXT2024
grimoh
1
270
Featured
See All Featured
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
44
4.7k
Infographics Made Easy
chrislema
238
18k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
17
1.5k
Agile that works and the tools we love
rasmusluckow
325
20k
GraphQLとの向き合い方2022年版
quramy
36
13k
Bootstrapping a Software Product
garrettdimon
PRO
304
110k
Pencils Down: Stop Designing & Start Developing
hursman
118
11k
Web development in the modern age
philhawksworth
203
10k
How GitHub Uses GitHub to Build GitHub
holman
471
290k
Debugging Ruby Performance
tmm1
71
11k
Embracing the Ebb and Flow
colly
81
4.3k
Typedesign – Prime Four
hannesfritz
37
2.2k
Transcript
RubyConf China 2016 How to build deppbot Stories from building
https:/ /www.deppbot.com
౯ݝฎ... ኼ睞 I only know a little
deppbot core team @JuanitoFatas
DANGER CONTRIBUTOR danger.systems
None
None
Rails Guides by @AndorChen
None
You may know me from
None
First Time in ౮᮷
None
౯犥獮犖ฎ㮆嘨蜦 聲硬襑穩䋿ࣁݑ犋ԧ ݝঅ㬵樄敋蝍穩ᛔኧ ᄆᄆݪ秚
匍ࣁ౯ᛔ૩樄敋మ 䓄ࠨ疰䓄ࠨ疰ᓒ
ॠሴ聲ৼ犖 犋胼瞲ֵ౯
ᮎ䒍猆 讔簡蝡㱾 瞤硛ک瞨
౮᮷Ӟଷ㬵ԧ 疰犋మ 櫝樄ጱउ૱
None
ࢯࣁ泷Ӥ ૪妿睲綡Ոኞԧ 礬蚎犋ԧ
᯿碝ਧ嬝ԧ 犋ᬘ疰ฎᬘ ᬘ疰ฎ粁ᬘ
How often do you update? !!
LATER EQUALS NEVER
Winston Teo Practice of updating all dependencies to newer versions
several times a month. Founder, Jolly Good Code Continuous Updates
論持續更新 時常更新項⽬ 的 RubyGems 乃最佳實踐也 — 胡適之
Benefits of Continuous Updates
INCREMENTAL IMPROVEMENTS
FIX SECURITY VULNERABILITIES
REDUCE TECHNICAL DEBT
MAKE FUTURE UPGRADE EASIER
DEVELOPER DISLIKE LEGACY GEMS
MAINTAINER LOVE BUGS FROM NEW RELEASES
CONTINUOUS LEARNINGS FROM GEM UPDATES
SHIP LATEST SOFTWARES
deppbot is a… Automated Updates Service
deppbot is a… Security Updates Service
deppbot is a… Dependency Updates Service
None
None
Why built deppbot?
Worked at Consultancy
Client Projects
Minimum Value Product
Ship Latest Gems
I like to keep my Gems updated
None
None
None
HOWTO USE deppbot
1. Sign Up / Sign In
2. Subscribe
deppbot adds herself to your repo Run Automated Updates every
1.hour do if need_to_update? Run Automated Updates end end
None
Process
git clone works for project hosts on bitbucket, submodules
too
bundle update Updates Gemfile.lock and install gems
Travis CI? Not all kinds of gems can be installed
on a single VPS
bundle lock --update Updates Gemfile.lock without installing This command
re-introduced in bundler v1.10 #3439
diff -u Diff of Gemfile.lock (before / after)
Delete Repo on VPS immediately when we got the
diff
Cook Pull Request gem links, compare views, changelogs, time
savings
Pull Request &YBN QMF
nokogiri Query RubyGems.org API Gem authors, please fill in
your metadata
nokogiri Find GitHub URL from RubyGems data Gem authors,
please fill in your metadata
1.6.6.4…1.6.7 Parse diff and link_to repository compare view for
code review Gem authors, please push your tags when release a gem
CHANGELOG Query GitHub API, jollygoodcode/whatsnew Don’t let your friends
dump git logs into CHANGELOGs
Time Savings Sum every Pull Request processed time
Send Pull Request Merged and keep up-to-date
Stats
Heroku
Bundler uses 250MB v1.7.2
Some Bundler features only available at v1.9.x
Fork buildpack for Custom Bundler version
Fork buildpack for Custom Bundler version Digital Ocean
Digital Ocean 1CPU Production*1 (2GB) Staging*1 (1GB) Amazon RDS http:/
/stackshare.io/deppbot/deppbot
500+ users
10% paid
None
2150 commits 515 Pull Requests
deppbot uses deppbot to build deppbot
FAST TEST SUITE FAST FEEDBACK
https://www.deppbot.com 8629 Pull Requests Sent 944 hours Engineering Time Saved
The Birth of deppbot 2015.09.03 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/3
Automated Bundle Updates
None
Automated Security Updates 2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15
2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15
None
Small Features Improvements Bug fixes Refactorings
Not only deppbot
Other Services
https:/ /libraries.io https:/ /gemnasium.com https:/ /requires.io https:/ /david-dm.org Notification Only
notify you
Actionable https:/ /deppbot.com http:/ /pyup.io https:/ /greenkeeper.io http:/ /tachikoma.io Do,
don’t tell
From idea to product
bundle update add, commit, push open a new PR on
GitHub.com Issue the Pull Request Manually
today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git
pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" Script
today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git
pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" 15 m ins
Discover tachikoma.io
Too Expensive $49/mo
Some clients are also interested
Decided to create a SaaS
Hence deppbot
Dependency Bot = depbot
depbot is taken
Johnny depp is cool
deppbot
How does it work?
! " Your Project deppbot GitHub Subscribe Automated Updates
Normal Updates Security Updates Automated Updates
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
None
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
bundle update 1. clone & setup 2. start new build
3. bundle update 4. store diff
bundle update
bundle update
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
Send Pull Request 1. Check if can send? 2. Send
it 3. Finish build
Send Pull Request
Send Pull Request
Send Pull Request
Security Updates 1. Need update? 2. security update 3. Send
Pull Request
None
None
None
None
None
Security Updates 1. Need update? 2. security update 3. Send
Pull Request
None
None
None
None
None
None
None
Problems
GitHub Organisations API GitHub permissions https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/11
GitHub API limit
None
None
ݶӞ㮆Ӯኴ ݶӞ㮆瓵మ
1 PR at a time
Listen to PR events Track if you merged Don’t send
PR if open Webhook
Webhook
Webhook
Webhook
Webhook
GitHub is down
RubyGems.org Downtime
Many other tricky cases
Conclusion
Idea is CHEAP
Create value for users
Marketing is HARD
Bugs are unpredictable
Ruby is Elegant and Beautiful
Open Source from real app
Share what you learned
Code is useless till shipped
Embrace Changes
Raises Awareness of gems
Continuous Learnings
Continuous Updates
Update Early
Update Often
YES WE CAN DO IT!!
#MakeRubyGreatAgain http://blog.testdouble.com/posts/2016-05-09-make-ruby-great-again.html Hopefully
I have deppbot stickers
Special Thanks @huacnlee @lgn21st
None
Any Questions?
THANK YOU!