Our favorite Dependency updates has been deprived

Transcript

1. Our Favorite Dependency Updates Has Been Deprived 
   ,BOTBJ
   /PEF
   $BNQVT
   UI
   QFSJPE !UBUTVTIJUPKJ

2. Hello World ! w ా࿏
   ཽ࢜
   !UBUTVTIJUPKJ
   w ࣾ಺ ελʔτΞοϓ͓͡͞Μ
   w 'SPOUFOE
   &OHJOFFS
   

   w 3FBDU
   )PPLT
   Ͳ͏ͳΔͷ͔ʁ খฒײ

3. First of all, npm’s documentation recommends that you use SemVer

   • major → ϝδϟʔόʔδϣϯ͸1 • minor → ϚΠφʔόʔδϣϯ͸5 • patch → ύονόʔδϣϯ͸4 e.g. ^1.5.4 1.5.4Ҏ্2.0ະຬ

4. How to update npm packages ? Search for updates on

   your own ? npm outdated ? yarn outdated ? yarn upgrade-interactive ? npx npm-check ?

5. How to update npm packages with apps ? ci-yarn-upgrade ?

   green-keeper ? greenkeeper-keeper ? hothouse ?

6. In any case, There is our work ! But…

7. On March 15, 2018 Renovate launched !

8. Automated Dependency Updates Save time and reduce risk by automating

   dependency updates in software projects. Fully customizable with a setting to suit every workflow.

9. Supports • Github • GitLab (APIv4) • VSTS → Azure

   DevOps • BitBucket (ରԠத)

10. Language Supports • WORKSPACE Bazel • travis.yml Travis • Dockerfile

    / docker-compose.yml Docker • go.mod Golang • package.json npm/yarn • requirements.txt Python/PIP • composer.json PHP

11. Language Supports • JavaScript • package.json Λ΋ͱʹόʔδϣϯΛ֬ೝ • Node.js Versions

    • package.jsonͷengines • nvm.rcͷόʔδϣϯ • travis.ymlͷnode_js

12. some of the web's best-known projects

13. • ࣗಈͰPR࡞੒ • configϑΝΠϧͰॊೈʹΧελϚΠζ • OSS(ηϧϑϗεςΟϯάՄೳʂ) • GitHub App ܦ༝Ͱ؆୯ʹಋೖ

14. None

15. Our conventional updating work 1 • ߋ৽ϒϥϯνΛ੾ͬͯPush • PR࡞੒ •

    GitHub web hook Ͱ CI࿈ܞͤͯ͞ςετ • ςετ݁ՌΛ֬ೝͯ͠໰୊ͳ͚Ε͹Ϛʔδ

16. Our conventional updating work 2 • ࣗಈͰߋ৽ϒϥϯνΛ੾ͬͯPush • ࣗಈͰPR࡞੒ •

    GitHub web hook Ͱ CI࿈ܞͤͯ͞ςετ • ςετ݁ՌΛ֬ೝͯ͠໰୊ͳ͚Ε͹Ϛʔδ

17. Our updating work … ? • ࣗಈͰߋ৽ϒϥϯνΛ੾ͬͯPush • ࣗಈͰPR࡞੒ •

    GitHub web hook Ͱ CI࿈ܞͤͯ͞ςετ • ࣗಈͰςετ݁Ռ(PR or branchͷstatus)Λ֬ೝ͠ ͯ໰୊ͳ͚Ε͹Ϛʔδ

18. Installation

19. • https://github.com/marketplace/renovate • ϓϥϯΛબ୒

20. • ͍ͭͮͯϦϙδτϦΛબ୒ͯ͠อଘ

21. ͠͹Β͘͢Δͱ Onboading PR ͕࡞੒͞ΕΔ

22. • renovate.json ΛඞཁʹԠͯ͡ΧελϚΠζ • Onboading PR ΛϚʔδ͢Δ
 Ϛʔδͯ͠͠͹Β͘͢Δͱ…

23. RenovateʹΑͬͯࣗಈͰPR͕࡞੒͞Ε·͢

24. None

25. Basic custom config { "extends": [ “config:base”, “:preserveSemverRanges" ], "timezone":

    "Asia/Tokyo", "schedule": "before 4am", "automerge": true, "major": { "automerge": false }, "packageRules": [ { "updateTypes": [ "major" ], "labels": [ "UPDATE-MAJOR" ] } ] }

26. My Favorite Dependency Updates Has Been Deprived

27. But Major Version …!

28. Finally … • ྨࣅΞϓϦͷதͰ͸಄ͻͱͭൈ͖ग़͍ͯΔ • Auto merge ʹରͯ͠৺ཧత҆શͷ֬อͷͨΊʹςετ Λ͔ͬ͠Γॻ͍͓ͯ͘ͱ •

    unit_test, End to End, visual regression… • configϑΝΠϧͷઃఆɺςετམͪͨͱ͖͸ਓؒͷ֬ೝ ͱ͍ͬͨ࡞ۀ͸͋Δ

29. thx