Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Our favorite Dependency updates has been deprived
Search
tt
November 02, 2018
Programming
2
420
Our favorite Dependency updates has been deprived
An introduction of Automated Dependency Updates with Renovate App
tt
November 02, 2018
Tweet
Share
More Decks by tt
See All by tt
戦略的なフロントエンドテストを実施するために
tatsushitoji
0
49
そろそろGraphQLの話をしよう
tatsushitoji
1
250
try Undux but...
tatsushitoji
0
230
Other Decks in Programming
See All in Programming
はてなにおける CSS Modules、及び CSS Modules に足りないもの / CSS Modules in Hatena, and CSS Modules missing parts
mizdra
7
1k
ServerAction で Progressive Enhancement はどこまで頑張れるか? / progressive-enhancement-with-server-action
takefumiyoshii
6
480
Fragment Composition of GraphQL
quramy
13
1.6k
Docker_OSS_ホスティング入門
satokoki645
0
110
デフォルトにして至高、RubyMineの大好きな所
ruzia
0
1.1k
VS Code をプロダクトにどう取り込むか
onomax
1
780
Azure OpenAI Serviceのプロンプトエンジニアリング入門
tomokusaba
3
930
使ってみよう Azure AI Document Intelligence
kosmosebi
2
370
AWS CDKコントリビュートTIPS / aws-cdk-contribution-tips
gotok365
4
540
Sheets API使ってみた
toshi0383
2
170
MetricKitで予期せぬ終了を検知する話 / Detect unexpected termination with MetricKit
nekowen
1
200
ペパボOpenTelemetry革命
pyama86
2
170
Featured
See All Featured
Code Reviewing Like a Champion
maltzj
515
39k
Facilitating Awesome Meetings
lara
43
5.6k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
14
8.4k
What’s in a name? Adding method to the madness
productmarketing
PRO
17
2.7k
Designing the Hi-DPI Web
ddemaree
276
33k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k
A designer walks into a library…
pauljervisheath
201
23k
What's new in Ruby 2.0
geeforr
337
31k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
221
21k
The Pragmatic Product Professional
lauravandoore
26
5.8k
How to Ace a Technical Interview
jacobian
273
22k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
9
1.3k
Transcript
Our Favorite Dependency Updates Has Been Deprived ,BOTBJ/PEF$BNQVTUIQFSJPE !UBUTVTIJUPKJ
Hello World ! w ా࿏ཽ࢜!UBUTVTIJUPKJ w ࣾ ελʔτΞοϓ͓͡͞Μ w 'SPOUFOE&OHJOFFS
w 3FBDU)PPLTͲ͏ͳΔͷ͔ʁ খฒײ
First of all, npm’s documentation recommends that you use SemVer
• major → ϝδϟʔόʔδϣϯ1 • minor → ϚΠφʔόʔδϣϯ5 • patch → ύονόʔδϣϯ4 e.g. ^1.5.4 1.5.4Ҏ্2.0ະຬ
How to update npm packages ? Search for updates on
your own ? npm outdated ? yarn outdated ? yarn upgrade-interactive ? npx npm-check ?
How to update npm packages with apps ? ci-yarn-upgrade ?
green-keeper ? greenkeeper-keeper ? hothouse ?
In any case, There is our work ! But…
On March 15, 2018 Renovate launched !
Automated Dependency Updates Save time and reduce risk by automating
dependency updates in software projects. Fully customizable with a setting to suit every workflow.
Supports • Github • GitLab (APIv4) • VSTS → Azure
DevOps • BitBucket (ରԠத)
Language Supports • WORKSPACE Bazel • travis.yml Travis • Dockerfile
/ docker-compose.yml Docker • go.mod Golang • package.json npm/yarn • requirements.txt Python/PIP • composer.json PHP
Language Supports • JavaScript • package.json ΛͱʹόʔδϣϯΛ֬ೝ • Node.js Versions
• package.jsonͷengines • nvm.rcͷόʔδϣϯ • travis.ymlͷnode_js
some of the web's best-known projects
• ࣗಈͰPR࡞ • configϑΝΠϧͰॊೈʹΧελϚΠζ • OSS(ηϧϑϗεςΟϯάՄೳʂ) • GitHub App ܦ༝Ͱ؆୯ʹಋೖ
None
Our conventional updating work 1 • ߋ৽ϒϥϯνΛͬͯPush • PR࡞ •
GitHub web hook Ͱ CI࿈ܞͤͯ͞ςετ • ςετ݁ՌΛ֬ೝͯ͠ͳ͚ΕϚʔδ
Our conventional updating work 2 • ࣗಈͰߋ৽ϒϥϯνΛͬͯPush • ࣗಈͰPR࡞ •
GitHub web hook Ͱ CI࿈ܞͤͯ͞ςετ • ςετ݁ՌΛ֬ೝͯ͠ͳ͚ΕϚʔδ
Our updating work … ? • ࣗಈͰߋ৽ϒϥϯνΛͬͯPush • ࣗಈͰPR࡞ •
GitHub web hook Ͱ CI࿈ܞͤͯ͞ςετ • ࣗಈͰςετ݁Ռ(PR or branchͷstatus)Λ֬ೝ͠ ͯͳ͚ΕϚʔδ
Installation
• https://github.com/marketplace/renovate • ϓϥϯΛબ
• ͍ͭͮͯϦϙδτϦΛબͯ͠อଘ
͠Β͘͢Δͱ Onboading PR ͕࡞͞ΕΔ
• renovate.json ΛඞཁʹԠͯ͡ΧελϚΠζ • Onboading PR ΛϚʔδ͢Δ Ϛʔδͯ͠͠Β͘͢Δͱ…
RenovateʹΑͬͯࣗಈͰPR͕࡞͞Ε·͢
None
Basic custom config { "extends": [ “config:base”, “:preserveSemverRanges" ], "timezone":
"Asia/Tokyo", "schedule": "before 4am", "automerge": true, "major": { "automerge": false }, "packageRules": [ { "updateTypes": [ "major" ], "labels": [ "UPDATE-MAJOR" ] } ] }
My Favorite Dependency Updates Has Been Deprived
But Major Version …!
Finally … • ྨࣅΞϓϦͷதͰ಄ͻͱͭൈ͖ग़͍ͯΔ • Auto merge ʹରͯ͠৺ཧత҆શͷ֬อͷͨΊʹςετ Λ͔ͬ͠Γॻ͍͓ͯ͘ͱ •
unit_test, End to End, visual regression… • configϑΝΠϧͷઃఆɺςετམͪͨͱ͖ਓؒͷ֬ೝ ͱ͍ͬͨ࡞ۀ͋Δ
thx