Link
Embed
Share
Beginning
This slide
Copy link URL
Copy link URL
Copy iframe embed code
Copy iframe embed code
Copy javascript embed code
Copy javascript embed code
Share
Tweet
Share
Tweet
Slide 1
Slide 1 text
© 2019 CloudBees, Inc. All Rights Reserved. Tame your dependencies! Dependabot Oleg Nenashev (@oleg_nenashev) CloudBees, Inc. St. Petersburg, Oct 25, 2019
Slide 2
Slide 2 text
© 2019 CloudBees, Inc. All Rights Reserved. > whoami @oleg_nenashev oleg-nenashev • Based in Neuchatel, Switzerland • Principal SW Engineer, CloudBees • Jenkins core maintainer 2
Slide 3
Slide 3 text
© 2019 CloudBees, Inc. All Rights Reserved. 3 https://jokerconf.com/en/2019/talks/rjhhmugp5tzqbmlmg3mcm/
Slide 4
Slide 4 text
© 2019 CloudBees, Inc. All Rights Reserved. What’s common between Maven, NPM, и RPM? 4
Slide 5
Slide 5 text
© 2019 CloudBees, Inc. All Rights Reserved. Dependency Hell 5
Slide 6
Slide 6 text
© 2019 CloudBees, Inc. All Rights Reserved. Lib 1 Lib 2 Lib 3 Plugin 1 Plugin 2 Plugin 3 Lib 4 Lib 5 Plugin 4 6 + Tool dependencies
Slide 7
Slide 7 text
© 2019 CloudBees, Inc. All Rights Reserved. 7 > mvn versions:display-updates ... ? ? ?
Slide 8
Slide 8 text
© 2019 CloudBees, Inc. All Rights Reserved. What if we automate updates? 8
Slide 9
Slide 9 text
9 Dependabot, Renovate, Greenkeeper, etc.
Slide 10
Slide 10 text
© 2019 CloudBees, Inc. All Rights Reserved. Dependabot 10 dependabot.com, acquired by GitHub
Slide 11
Slide 11 text
© 2019 CloudBees, Inc. All Rights Reserved. Dependabot ● CLI tool ● SaaS and GitHub App 11 dependabot.com, acquired by GitHub
Slide 12
Slide 12 text
© 2019 CloudBees, Inc. All Rights Reserved. Automatic scans and updates 12
Slide 13
Slide 13 text
13
Slide 14
Slide 14 text
14
Slide 15
Slide 15 text
© 2019 CloudBees, Inc. All Rights Reserved. Step 1. Enable Dependabot 15
Slide 16
Slide 16 text
© 2019 CloudBees, Inc. All Rights Reserved. Step 2. Setup permissions 16
Slide 17
Slide 17 text
© 2019 CloudBees, Inc. All Rights Reserved. Step 3. Configure Dependabot 17
Slide 18
Slide 18 text
© 2019 CloudBees, Inc. All Rights Reserved. Step 4. Just wait a bit… 18
Slide 19
Slide 19 text
© 2019 CloudBees, Inc. All Rights Reserved. Not just pull requests! 19
Slide 20
Slide 20 text
© 2019 CloudBees, Inc. All Rights Reserved. Release notes 20
Slide 21
Slide 21 text
© 2019 CloudBees, Inc. All Rights Reserved. CommentOps 21
Slide 22
Slide 22 text
© 2019 CloudBees, Inc. All Rights Reserved. Configuration-as-Code 22
Slide 23
Slide 23 text
© 2019 CloudBees, Inc. All Rights Reserved. Advanced options ● Filtering of versions and artifacts ● Validated merge ● Integration wit GitHub security engines 23
Slide 24
Slide 24 text
© 2019 CloudBees, Inc. All Rights Reserved. Dependabot in Jenkins • Evaluation started in June 2019 • Enabled in 60+ repositories • 1750+ pull requests • Saves time! 24
Slide 25
Slide 25 text
© 2019 CloudBees, Inc. All Rights Reserved. Contacts: E-mail: onenashev@cloudbees.com GitHub: oleg-nenashev Twitter: @oleg_nenashev QUESTIONS? 25