Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Our favorite Dependency updates has been deprived

tt
November 02, 2018

Our favorite Dependency updates has been deprived

An introduction of Automated Dependency Updates with Renovate App

tt

November 02, 2018
Tweet

More Decks by tt

Other Decks in Programming

Transcript

  1. Our Favorite Dependency Updates Has Been Deprived  ,BOTBJ/PEF$BNQVTUIQFSJPE !UBUTVTIJUPKJ

  2. Hello World ! w ా࿏ཽ࢜!UBUTVTIJUPKJ w ࣾ಺ ελʔτΞοϓ͓͡͞Μ w 'SPOUFOE&OHJOFFS

    w 3FBDU)PPLTͲ͏ͳΔͷ͔ʁ খฒײ
  3. First of all, npm’s documentation recommends that you use SemVer

    • major → ϝδϟʔόʔδϣϯ͸1 • minor → ϚΠφʔόʔδϣϯ͸5 • patch → ύονόʔδϣϯ͸4 e.g. ^1.5.4 1.5.4Ҏ্2.0ະຬ
  4. How to update npm packages ? Search for updates on

    your own ? npm outdated ? yarn outdated ? yarn upgrade-interactive ? npx npm-check ?
  5. How to update npm packages with apps ? ci-yarn-upgrade ?

    green-keeper ? greenkeeper-keeper ? hothouse ?
  6. In any case, There is our work ! But…

  7. On March 15, 2018 Renovate launched !

  8. Automated Dependency Updates Save time and reduce risk by automating

    dependency updates in software projects. Fully customizable with a setting to suit every workflow.
  9. Supports • Github • GitLab (APIv4) • VSTS → Azure

    DevOps • BitBucket (ରԠத)
  10. Language Supports • WORKSPACE Bazel • travis.yml Travis • Dockerfile

    / docker-compose.yml Docker • go.mod Golang • package.json npm/yarn • requirements.txt Python/PIP • composer.json PHP
  11. Language Supports • JavaScript • package.json Λ΋ͱʹόʔδϣϯΛ֬ೝ • Node.js Versions

    • package.jsonͷengines • nvm.rcͷόʔδϣϯ • travis.ymlͷnode_js
  12. some of the web's best-known projects

  13. • ࣗಈͰPR࡞੒ • configϑΝΠϧͰॊೈʹΧελϚΠζ • OSS(ηϧϑϗεςΟϯάՄೳʂ) • GitHub App ܦ༝Ͱ؆୯ʹಋೖ

  14. None
  15. Our conventional updating work 1 • ߋ৽ϒϥϯνΛ੾ͬͯPush • PR࡞੒ •

    GitHub web hook Ͱ CI࿈ܞͤͯ͞ςετ • ςετ݁ՌΛ֬ೝͯ͠໰୊ͳ͚Ε͹Ϛʔδ
  16. Our conventional updating work 2 • ࣗಈͰߋ৽ϒϥϯνΛ੾ͬͯPush • ࣗಈͰPR࡞੒ •

    GitHub web hook Ͱ CI࿈ܞͤͯ͞ςετ • ςετ݁ՌΛ֬ೝͯ͠໰୊ͳ͚Ε͹Ϛʔδ
  17. Our updating work … ? • ࣗಈͰߋ৽ϒϥϯνΛ੾ͬͯPush • ࣗಈͰPR࡞੒ •

    GitHub web hook Ͱ CI࿈ܞͤͯ͞ςετ • ࣗಈͰςετ݁Ռ(PR or branchͷstatus)Λ֬ೝ͠ ͯ໰୊ͳ͚Ε͹Ϛʔδ
  18. Installation

  19. • https://github.com/marketplace/renovate • ϓϥϯΛબ୒

  20. • ͍ͭͮͯϦϙδτϦΛબ୒ͯ͠อଘ

  21. ͠͹Β͘͢Δͱ Onboading PR ͕࡞੒͞ΕΔ

  22. • renovate.json ΛඞཁʹԠͯ͡ΧελϚΠζ • Onboading PR ΛϚʔδ͢Δ
 Ϛʔδͯ͠͠͹Β͘͢Δͱ…

  23. RenovateʹΑͬͯࣗಈͰPR͕࡞੒͞Ε·͢

  24. None
  25. Basic custom config { "extends": [ “config:base”, “:preserveSemverRanges" ], "timezone":

    "Asia/Tokyo", "schedule": "before 4am", "automerge": true, "major": { "automerge": false }, "packageRules": [ { "updateTypes": [ "major" ], "labels": [ "UPDATE-MAJOR" ] } ] }
  26. My Favorite Dependency Updates Has Been Deprived

  27. But Major Version …!

  28. Finally … • ྨࣅΞϓϦͷதͰ͸಄ͻͱͭൈ͖ग़͍ͯΔ • Auto merge ʹରͯ͠৺ཧత҆શͷ֬อͷͨΊʹςετ Λ͔ͬ͠Γॻ͍͓ͯ͘ͱ •

    unit_test, End to End, visual regression… • configϑΝΠϧͷઃఆɺςετམͪͨͱ͖͸ਓؒͷ֬ೝ ͱ͍ͬͨ࡞ۀ͸͋Δ
  29. thx