Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to build deppbot
Search
Juanito Fatas
September 24, 2016
Technology
3
560
How to build deppbot
@ RubyConf China 2016
Juanito Fatas
September 24, 2016
Tweet
Share
More Decks by Juanito Fatas
See All by Juanito Fatas
Data Migration with Confidence
juanitofatas
3
860
My Open Source Journey
juanitofatas
1
3k
NSDanger
juanitofatas
1
160
Introducing Danger
juanitofatas
0
280
Twemoji 3.0 in the making and announcement beyond SG50
juanitofatas
0
640
Continuous Updates
juanitofatas
0
120
Ruby Asia and dat bacon cannon
juanitofatas
1
230
Update Early, Update Often
juanitofatas
1
1k
RSpec for Practical Rubyist
juanitofatas
11
780
Other Decks in Technology
See All in Technology
プロダクト価値を引き上げる、「課題の再定義」という習慣
moeka__c
0
190
CNAPPから考えるAWSガバナンスの実践と最適化
nrinetcom
PRO
1
290
GitLab SelfManagedをCodePipelineのソースに設定する/SetGitLabSelfManagedtoCodePipeline
norihiroishiyama
1
110
ObservabilityCON on the Road Tokyoの見どころ
hamadakoji
0
140
20250125_Agent for Amazon Bedrock試してみた
riz3f7
2
110
実践!生成AIのビジネス活用 / How to utilize Generative AI in your own business
gakumura
1
200
ChatGPTを使ったブログ執筆と校正の実践テクニック/登壇資料(井田 献一朗)
hacobu
0
110
Tech Blog執筆のモチベート向上作戦
imamura_ko_0314
0
650
20250122_FinJAWS
takuyay0ne
2
360
srekaigi2025-hajimete-ippo-aws
masakichieng
0
190
Makuake*UPSIDER_LightningTalk
upsider_tech
0
120
DevSecOps入門:Security Development Lifecycleによる開発プロセスのセキュリティ強化
yuriemori
0
220
Featured
See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
74
5.4k
How GitHub (no longer) Works
holman
312
140k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
How STYLIGHT went responsive
nonsquared
96
5.3k
Rebuilding a faster, lazier Slack
samanthasiow
79
8.8k
Writing Fast Ruby
sferik
628
61k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
27
1.5k
GraphQLとの向き合い方2022年版
quramy
44
13k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
174
51k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
Transcript
RubyConf China 2016 How to build deppbot Stories from building
https:/ /www.deppbot.com
౯ݝฎ... ኼ睞 I only know a little
deppbot core team @JuanitoFatas
DANGER CONTRIBUTOR danger.systems
None
None
Rails Guides by @AndorChen
None
You may know me from
None
First Time in ౮᮷
None
౯犥獮犖ฎ㮆嘨蜦 聲硬襑穩䋿ࣁݑ犋ԧ ݝঅ㬵樄敋蝍穩ᛔኧ ᄆᄆݪ秚
匍ࣁ౯ᛔ૩樄敋మ 䓄ࠨ疰䓄ࠨ疰ᓒ
ॠሴ聲ৼ犖 犋胼瞲ֵ౯
ᮎ䒍猆 讔簡蝡㱾 瞤硛ک瞨
౮᮷Ӟଷ㬵ԧ 疰犋మ 櫝樄ጱउ૱
None
ࢯࣁ泷Ӥ ૪妿睲綡Ոኞԧ 礬蚎犋ԧ
᯿碝ਧ嬝ԧ 犋ᬘ疰ฎᬘ ᬘ疰ฎ粁ᬘ
How often do you update? !!
LATER EQUALS NEVER
Winston Teo Practice of updating all dependencies to newer versions
several times a month. Founder, Jolly Good Code Continuous Updates
論持續更新 時常更新項⽬ 的 RubyGems 乃最佳實踐也 — 胡適之
Benefits of Continuous Updates
INCREMENTAL IMPROVEMENTS
FIX SECURITY VULNERABILITIES
REDUCE TECHNICAL DEBT
MAKE FUTURE UPGRADE EASIER
DEVELOPER DISLIKE LEGACY GEMS
MAINTAINER LOVE BUGS FROM NEW RELEASES
CONTINUOUS LEARNINGS FROM GEM UPDATES
SHIP LATEST SOFTWARES
deppbot is a… Automated Updates Service
deppbot is a… Security Updates Service
deppbot is a… Dependency Updates Service
None
None
Why built deppbot?
Worked at Consultancy
Client Projects
Minimum Value Product
Ship Latest Gems
I like to keep my Gems updated
None
None
None
HOWTO USE deppbot
1. Sign Up / Sign In
2. Subscribe
deppbot adds herself to your repo Run Automated Updates every
1.hour do if need_to_update? Run Automated Updates end end
None
Process
git clone works for project hosts on bitbucket, submodules
too
bundle update Updates Gemfile.lock and install gems
Travis CI? Not all kinds of gems can be installed
on a single VPS
bundle lock --update Updates Gemfile.lock without installing This command
re-introduced in bundler v1.10 #3439
diff -u Diff of Gemfile.lock (before / after)
Delete Repo on VPS immediately when we got the
diff
Cook Pull Request gem links, compare views, changelogs, time
savings
Pull Request &YBN QMF
nokogiri Query RubyGems.org API Gem authors, please fill in
your metadata
nokogiri Find GitHub URL from RubyGems data Gem authors,
please fill in your metadata
1.6.6.4…1.6.7 Parse diff and link_to repository compare view for
code review Gem authors, please push your tags when release a gem
CHANGELOG Query GitHub API, jollygoodcode/whatsnew Don’t let your friends
dump git logs into CHANGELOGs
Time Savings Sum every Pull Request processed time
Send Pull Request Merged and keep up-to-date
Stats
Heroku
Bundler uses 250MB v1.7.2
Some Bundler features only available at v1.9.x
Fork buildpack for Custom Bundler version
Fork buildpack for Custom Bundler version Digital Ocean
Digital Ocean 1CPU Production*1 (2GB) Staging*1 (1GB) Amazon RDS http:/
/stackshare.io/deppbot/deppbot
500+ users
10% paid
None
2150 commits 515 Pull Requests
deppbot uses deppbot to build deppbot
FAST TEST SUITE FAST FEEDBACK
https://www.deppbot.com 8629 Pull Requests Sent 944 hours Engineering Time Saved
The Birth of deppbot 2015.09.03 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/3
Automated Bundle Updates
None
Automated Security Updates 2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15
2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15
None
Small Features Improvements Bug fixes Refactorings
Not only deppbot
Other Services
https:/ /libraries.io https:/ /gemnasium.com https:/ /requires.io https:/ /david-dm.org Notification Only
notify you
Actionable https:/ /deppbot.com http:/ /pyup.io https:/ /greenkeeper.io http:/ /tachikoma.io Do,
don’t tell
From idea to product
bundle update add, commit, push open a new PR on
GitHub.com Issue the Pull Request Manually
today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git
pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" Script
today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git
pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" 15 m ins
Discover tachikoma.io
Too Expensive $49/mo
Some clients are also interested
Decided to create a SaaS
Hence deppbot
Dependency Bot = depbot
depbot is taken
Johnny depp is cool
deppbot
How does it work?
! " Your Project deppbot GitHub Subscribe Automated Updates
Normal Updates Security Updates Automated Updates
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
None
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
bundle update 1. clone & setup 2. start new build
3. bundle update 4. store diff
bundle update
bundle update
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
Send Pull Request 1. Check if can send? 2. Send
it 3. Finish build
Send Pull Request
Send Pull Request
Send Pull Request
Security Updates 1. Need update? 2. security update 3. Send
Pull Request
None
None
None
None
None
Security Updates 1. Need update? 2. security update 3. Send
Pull Request
None
None
None
None
None
None
None
Problems
GitHub Organisations API GitHub permissions https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/11
GitHub API limit
None
None
ݶӞ㮆Ӯኴ ݶӞ㮆瓵మ
1 PR at a time
Listen to PR events Track if you merged Don’t send
PR if open Webhook
Webhook
Webhook
Webhook
Webhook
GitHub is down
RubyGems.org Downtime
Many other tricky cases
Conclusion
Idea is CHEAP
Create value for users
Marketing is HARD
Bugs are unpredictable
Ruby is Elegant and Beautiful
Open Source from real app
Share what you learned
Code is useless till shipped
Embrace Changes
Raises Awareness of gems
Continuous Learnings
Continuous Updates
Update Early
Update Often
YES WE CAN DO IT!!
#MakeRubyGreatAgain http://blog.testdouble.com/posts/2016-05-09-make-ruby-great-again.html Hopefully
I have deppbot stickers
Special Thanks @huacnlee @lgn21st
None
Any Questions?
THANK YOU!