How to build deppbot - Speaker Deck

Slide 1

Slide 1 text

RubyConf China 2016 How to build deppbot Stories from building https:/ /www.deppbot.com

Slide 2

Slide 2 text

౯ݝฎ... ኼ睞 I only know a little

Slide 3

Slide 3 text

deppbot core team @JuanitoFatas

Slide 4

Slide 4 text

DANGER CONTRIBUTOR danger.systems

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

Rails Guides by @AndorChen

Slide 8

Slide 8 text

No content

Slide 9

Slide 9 text

You may know me from

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

First Time in ౮᮷

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

౯犥獮犖ฎ㮆嘨蜦聲硬襑穩䋿ࣁݑ犋ԧ ݝঅ㬵樄敋蝍穩ᛔኧ ᄆᄆݪ秚

Slide 14

Slide 14 text

匍ࣁ౯ᛔ૩樄敋మ 䓄ࠨ疰䓄ࠨ疰ᓒ

Slide 15

Slide 15 text

ॠሴ聲ৼ犖犋胼瞲ֵ౯

Slide 16

Slide 16 text

ᮎ䒍猆讔簡蝡㱾瞤硛ک瞨

Slide 17

Slide 17 text

౮᮷Ӟଷ㬵ԧ 疰犋మ 櫝樄ጱउ૱

Slide 18

Slide 18 text

No content

Slide 19

Slide 19 text

ࢯࣁ泷໲Ӥ೉஑ ૪妿睲綡Ոኞԧ 礬๜蚎犋ԧ

Slide 20

Slide 20 text

᯿碝ਧ嬝ԧ 犋ᬘ疰ฎᬘ ᬘ疰ฎ粁ᬘ

Slide 21

Slide 21 text

How often do you update? !!

Slide 22

Slide 22 text

LATER EQUALS NEVER

Slide 23

Slide 23 text

Winston Teo Practice of updating all dependencies to newer versions several times a month. Founder, Jolly Good Code Continuous Updates

Slide 24

Slide 24 text

論持續更新時常更新項⽬的 RubyGems 乃最佳實踐也 — 胡適之

Slide 25

Slide 25 text

Beneﬁts of Continuous Updates

Slide 26

Slide 26 text

INCREMENTAL IMPROVEMENTS

Slide 27

Slide 27 text

FIX SECURITY VULNERABILITIES

Slide 28

Slide 28 text

REDUCE  TECHNICAL DEBT

Slide 29

Slide 29 text

MAKE FUTURE UPGRADE EASIER

Slide 30

Slide 30 text

DEVELOPER DISLIKE LEGACY GEMS

Slide 31

Slide 31 text

MAINTAINER  LOVE BUGS FROM NEW RELEASES

Slide 32

Slide 32 text

CONTINUOUS LEARNINGS FROM GEM UPDATES

Slide 33

Slide 33 text

SHIP LATEST SOFTWARES

Slide 34

Slide 34 text

deppbot is a… Automated Updates Service

Slide 35

Slide 35 text

deppbot is a… Security Updates Service

Slide 36

Slide 36 text

deppbot is a… Dependency Updates Service

Slide 37

Slide 37 text

No content

Slide 38

Slide 38 text

No content

Slide 39

Slide 39 text

Why built deppbot?

Slide 40

Slide 40 text

Worked at Consultancy

Slide 41

Slide 41 text

Client Projects

Slide 42

Slide 42 text

Minimum Value Product

Slide 43

Slide 43 text

Ship Latest Gems

Slide 44

Slide 44 text

I like to keep my Gems updated

Slide 45

Slide 45 text

No content

Slide 46

Slide 46 text

No content

Slide 47

Slide 47 text

No content

Slide 48

Slide 48 text

HOWTO USE deppbot

Slide 49

Slide 49 text

1. Sign Up / Sign In

Slide 50

Slide 50 text

2. Subscribe

Slide 51

Slide 51 text

deppbot adds herself to your repo Run Automated Updates every 1.hour do if need_to_update? Run Automated Updates end end

Slide 52

Slide 52 text

No content

Slide 53

Slide 53 text

Process

Slide 54

Slide 54 text

git clone works for project hosts on bitbucket, submodules too

Slide 55

Slide 55 text

bundle update Updates Gemﬁle.lock and install gems

Slide 56

Slide 56 text

Travis CI? Not all kinds of gems can be installed on a single VPS

Slide 57

Slide 57 text

bundle lock --update Updates Gemﬁle.lock without installing This command re-introduced in bundler v1.10 #3439

Slide 58

Slide 58 text

diff -u Diﬀ of Gemﬁle.lock (before / after)

Slide 59

Slide 59 text

Delete Repo on VPS immediately when we got the diﬀ

Slide 60

Slide 60 text

Cook Pull Request gem links, compare views, changelogs, time savings

Slide 61

Slide 61 text

Pull Request &YBN QMF

Slide 62

Slide 62 text

nokogiri Query RubyGems.org API Gem authors, please ﬁll in your metadata

Slide 63

Slide 63 text

nokogiri Find GitHub URL from RubyGems data Gem authors, please ﬁll in your metadata

Slide 64

Slide 64 text

1.6.6.4…1.6.7 Parse diﬀ and link_to repository compare view for code review Gem authors, please push your tags when release a gem

Slide 65

Slide 65 text

CHANGELOG Query GitHub API, jollygoodcode/whatsnew Don’t let your friends dump git logs into CHANGELOGs

Slide 66

Slide 66 text

Time Savings Sum every Pull Request processed time

Slide 67

Slide 67 text

Send Pull Request Merged and keep up-to-date

Slide 68

Slide 68 text

Stats

Slide 69

Slide 69 text

Heroku

Slide 70

Slide 70 text

Bundler uses 250MB v1.7.2

Slide 71

Slide 71 text

Some Bundler features only available at v1.9.x

Slide 72

Slide 72 text

Fork buildpack for Custom Bundler version

Slide 73

Slide 73 text

Fork buildpack for Custom Bundler version Digital Ocean

Slide 74

Slide 74 text

Digital Ocean 1CPU Production*1 (2GB) Staging*1 (1GB) Amazon RDS http:/ /stackshare.io/deppbot/deppbot

Slide 75

Slide 75 text

500+ users

Slide 76

Slide 76 text

10% paid

Slide 77

Slide 77 text

No content

Slide 78

Slide 78 text

2150 commits 515 Pull Requests

Slide 79

Slide 79 text

deppbot uses deppbot to build deppbot

Slide 80

Slide 80 text

FAST TEST SUITE FAST FEEDBACK

Slide 81

Slide 81 text

https://www.deppbot.com 8629 Pull Requests Sent 944 hours Engineering Time Saved

Slide 82

Slide 82 text

The Birth of deppbot 2015.09.03 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/3

Slide 83

Slide 83 text

Automated Bundle Updates

Slide 84

Slide 84 text

No content

Slide 85

Slide 85 text

Automated Security Updates 2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15

Slide 86

Slide 86 text

2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15

Slide 87

Slide 87 text

No content

Slide 88

Slide 88 text

Small Features Improvements Bug ﬁxes Refactorings

Slide 89

Slide 89 text

Not only deppbot

Slide 90

Slide 90 text

Other Services

Slide 91

Slide 91 text

https:/ /libraries.io https:/ /gemnasium.com https:/ /requires.io https:/ /david-dm.org Notiﬁcation Only notify you

Slide 92

Slide 92 text

Actionable https:/ /deppbot.com http:/ /pyup.io https:/ /greenkeeper.io http:/ /tachikoma.io Do, don’t tell

Slide 93

Slide 93 text

From idea to product

Slide 94

Slide 94 text

bundle update add, commit, push open a new PR on GitHub.com Issue the Pull Request Manually

Slide 95

Slide 95 text

today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" Script

Slide 96

Slide 96 text

Slide 97

Slide 97 text

Discover tachikoma.io

Slide 98

Slide 98 text

Too Expensive $49/mo

Slide 99

Slide 99 text

Some clients are also interested

Slide 100

Slide 100 text

Decided to create a SaaS

Slide 101

Slide 101 text

Hence deppbot

Slide 102

Slide 102 text

Dependency Bot = depbot

Slide 103

Slide 103 text

depbot is taken

Slide 104

Slide 104 text

Johnny depp is cool

Slide 105

Slide 105 text

deppbot

Slide 106

Slide 106 text

How does it work?

Slide 107

Slide 107 text

! " Your Project deppbot GitHub Subscribe Automated Updates

Slide 108

Slide 108 text

Normal Updates Security Updates Automated Updates

Slide 109

Slide 109 text

Normal Updates 1. Need update? 2. bundle update 3. Send Pull Request

Slide 110

Slide 110 text

No content

Slide 111

Slide 111 text

Normal Updates 1. Need update? 2. bundle update 3. Send Pull Request

Slide 112

Slide 112 text

bundle update 1. clone & setup 2. start new build 3. bundle update 4. store diﬀ

Slide 113

Slide 113 text

bundle update

Slide 114

Slide 114 text

bundle update

Slide 115

Slide 115 text

Normal Updates 1. Need update? 2. bundle update 3. Send Pull Request

Slide 116

Slide 116 text

Send Pull Request 1. Check if can send? 2. Send it 3. Finish build

Slide 117

Slide 117 text

Send Pull Request

Slide 118

Slide 118 text

Send Pull Request

Slide 119

Slide 119 text

Send Pull Request

Slide 120

Slide 120 text

Security Updates 1. Need update? 2. security update 3. Send Pull Request

Slide 121

Slide 121 text

No content

Slide 122

Slide 122 text

No content

Slide 123

Slide 123 text

No content

Slide 124

Slide 124 text

No content

Slide 125

Slide 125 text

No content

Slide 126

Slide 126 text

Security Updates 1. Need update? 2. security update 3. Send Pull Request

Slide 127

Slide 127 text

No content

Slide 128

Slide 128 text

No content

Slide 129

Slide 129 text

No content

Slide 130

Slide 130 text

No content

Slide 131

Slide 131 text

No content

Slide 132

Slide 132 text

No content

Slide 133

Slide 133 text

No content

Slide 134

Slide 134 text

Problems

Slide 135

Slide 135 text

GitHub Organisations API GitHub permissions https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/11

Slide 136

Slide 136 text

GitHub API limit

Slide 137

Slide 137 text

No content

Slide 138

Slide 138 text

No content

Slide 139

Slide 139 text

ݶӞ㮆Ӯኴ ݶӞ㮆瓵మ

Slide 140

Slide 140 text

1 PR at a time

Slide 141

Slide 141 text

Listen to PR events Track if you merged Don’t send PR if open Webhook

Slide 142

Slide 142 text

Webhook

Slide 143

Slide 143 text

Webhook

Slide 144

Slide 144 text

Webhook

Slide 145

Slide 145 text

Webhook

Slide 146

Slide 146 text

GitHub is down

Slide 147

Slide 147 text

RubyGems.org Downtime

Slide 148

Slide 148 text

Many other tricky cases

Slide 149

Slide 149 text

Conclusion

Slide 150

Slide 150 text

Idea is CHEAP

Slide 151

Slide 151 text

Create value for users

Slide 152

Slide 152 text

Marketing is HARD

Slide 153

Slide 153 text

Bugs are unpredictable

Slide 154

Slide 154 text

Ruby is Elegant and Beautiful

Slide 155

Slide 155 text

Open Source from real app

Slide 156

Slide 156 text

Share what you learned

Slide 157

Slide 157 text

Code is useless till shipped

Slide 158

Slide 158 text

Embrace Changes

Slide 159

Slide 159 text

Raises Awareness of gems

Slide 160

Slide 160 text

Continuous Learnings

Slide 161

Slide 161 text

Continuous Updates

Slide 162

Slide 162 text

Update Early

Slide 163

Slide 163 text

Update Often

Slide 164

Slide 164 text

YES WE CAN DO IT!!

Slide 165

Slide 165 text

#MakeRubyGreatAgain http://blog.testdouble.com/posts/2016-05-09-make-ruby-great-again.html Hopefully