Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to build deppbot
Search
Juanito Fatas
September 24, 2016
Technology
3
550
How to build deppbot
@ RubyConf China 2016
Juanito Fatas
September 24, 2016
Tweet
Share
More Decks by Juanito Fatas
See All by Juanito Fatas
Data Migration with Confidence
juanitofatas
3
850
My Open Source Journey
juanitofatas
1
3k
NSDanger
juanitofatas
1
160
Introducing Danger
juanitofatas
0
270
Twemoji 3.0 in the making and announcement beyond SG50
juanitofatas
0
620
Continuous Updates
juanitofatas
0
120
Ruby Asia and dat bacon cannon
juanitofatas
1
230
Update Early, Update Often
juanitofatas
1
1k
RSpec for Practical Rubyist
juanitofatas
11
760
Other Decks in Technology
See All in Technology
Connect × Server-Side Kotlinで実現する!スキーマ駆動開発と品質改善の実践
sansantech
PRO
1
220
WACATE2024冬セッション資料(ユーザビリティ)
scarletplover
0
160
ずっと昔に Star をつけたはずの思い出せない GitHub リポジトリを見つけたい!
rokuosan
0
130
ニューモーフィズムってどうなの
toridori_dev
0
110
ガバメントクラウドのセキュリティ対策事例について
fujisawaryohei
0
320
ジャンプTOONにおける サイトマップの自動生成手法
assa1605
0
110
IVRyエンジニア忘年LT大会2024 クリティカルユーザージャーニーの整理
abnoumaru
0
160
OpenAIの蒸留機能(Model Distillation)を使用して運用中のLLMのコストを削減する取り組み
pharma_x_tech
3
400
第3回Snowflake女子会_LT登壇資料(合成データ)_Taro_CCCMK
tarotaro0129
0
160
バクラクのドキュメント解析技術と実データにおける課題 / layerx-ccc-winter-2024
shimacos
2
670
podman_update_2024-12
orimanabu
1
220
2024年のModern Data Stackを振り返ろう~分野別の目玉アップデート情報まとめ~
sagara
0
620
Featured
See All Featured
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
5
430
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.3k
A Philosophy of Restraint
colly
203
16k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
How To Stay Up To Date on Web Technology
chriscoyier
789
250k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.4k
RailsConf 2023
tenderlove
29
930
ReactJS: Keep Simple. Everything can be a component!
pedronauck
665
120k
Keith and Marios Guide to Fast Websites
keithpitt
410
22k
4 Signs Your Business is Dying
shpigford
181
21k
The Cost Of JavaScript in 2023
addyosmani
45
6.9k
Transcript
RubyConf China 2016 How to build deppbot Stories from building
https:/ /www.deppbot.com
౯ݝฎ... ኼ睞 I only know a little
deppbot core team @JuanitoFatas
DANGER CONTRIBUTOR danger.systems
None
None
Rails Guides by @AndorChen
None
You may know me from
None
First Time in ౮᮷
None
౯犥獮犖ฎ㮆嘨蜦 聲硬襑穩䋿ࣁݑ犋ԧ ݝঅ㬵樄敋蝍穩ᛔኧ ᄆᄆݪ秚
匍ࣁ౯ᛔ૩樄敋మ 䓄ࠨ疰䓄ࠨ疰ᓒ
ॠሴ聲ৼ犖 犋胼瞲ֵ౯
ᮎ䒍猆 讔簡蝡㱾 瞤硛ک瞨
౮᮷Ӟଷ㬵ԧ 疰犋మ 櫝樄ጱउ૱
None
ࢯࣁ泷Ӥ ૪妿睲綡Ոኞԧ 礬蚎犋ԧ
᯿碝ਧ嬝ԧ 犋ᬘ疰ฎᬘ ᬘ疰ฎ粁ᬘ
How often do you update? !!
LATER EQUALS NEVER
Winston Teo Practice of updating all dependencies to newer versions
several times a month. Founder, Jolly Good Code Continuous Updates
論持續更新 時常更新項⽬ 的 RubyGems 乃最佳實踐也 — 胡適之
Benefits of Continuous Updates
INCREMENTAL IMPROVEMENTS
FIX SECURITY VULNERABILITIES
REDUCE TECHNICAL DEBT
MAKE FUTURE UPGRADE EASIER
DEVELOPER DISLIKE LEGACY GEMS
MAINTAINER LOVE BUGS FROM NEW RELEASES
CONTINUOUS LEARNINGS FROM GEM UPDATES
SHIP LATEST SOFTWARES
deppbot is a… Automated Updates Service
deppbot is a… Security Updates Service
deppbot is a… Dependency Updates Service
None
None
Why built deppbot?
Worked at Consultancy
Client Projects
Minimum Value Product
Ship Latest Gems
I like to keep my Gems updated
None
None
None
HOWTO USE deppbot
1. Sign Up / Sign In
2. Subscribe
deppbot adds herself to your repo Run Automated Updates every
1.hour do if need_to_update? Run Automated Updates end end
None
Process
git clone works for project hosts on bitbucket, submodules
too
bundle update Updates Gemfile.lock and install gems
Travis CI? Not all kinds of gems can be installed
on a single VPS
bundle lock --update Updates Gemfile.lock without installing This command
re-introduced in bundler v1.10 #3439
diff -u Diff of Gemfile.lock (before / after)
Delete Repo on VPS immediately when we got the
diff
Cook Pull Request gem links, compare views, changelogs, time
savings
Pull Request &YBN QMF
nokogiri Query RubyGems.org API Gem authors, please fill in
your metadata
nokogiri Find GitHub URL from RubyGems data Gem authors,
please fill in your metadata
1.6.6.4…1.6.7 Parse diff and link_to repository compare view for
code review Gem authors, please push your tags when release a gem
CHANGELOG Query GitHub API, jollygoodcode/whatsnew Don’t let your friends
dump git logs into CHANGELOGs
Time Savings Sum every Pull Request processed time
Send Pull Request Merged and keep up-to-date
Stats
Heroku
Bundler uses 250MB v1.7.2
Some Bundler features only available at v1.9.x
Fork buildpack for Custom Bundler version
Fork buildpack for Custom Bundler version Digital Ocean
Digital Ocean 1CPU Production*1 (2GB) Staging*1 (1GB) Amazon RDS http:/
/stackshare.io/deppbot/deppbot
500+ users
10% paid
None
2150 commits 515 Pull Requests
deppbot uses deppbot to build deppbot
FAST TEST SUITE FAST FEEDBACK
https://www.deppbot.com 8629 Pull Requests Sent 944 hours Engineering Time Saved
The Birth of deppbot 2015.09.03 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/3
Automated Bundle Updates
None
Automated Security Updates 2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15
2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15
None
Small Features Improvements Bug fixes Refactorings
Not only deppbot
Other Services
https:/ /libraries.io https:/ /gemnasium.com https:/ /requires.io https:/ /david-dm.org Notification Only
notify you
Actionable https:/ /deppbot.com http:/ /pyup.io https:/ /greenkeeper.io http:/ /tachikoma.io Do,
don’t tell
From idea to product
bundle update add, commit, push open a new PR on
GitHub.com Issue the Pull Request Manually
today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git
pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" Script
today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git
pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" 15 m ins
Discover tachikoma.io
Too Expensive $49/mo
Some clients are also interested
Decided to create a SaaS
Hence deppbot
Dependency Bot = depbot
depbot is taken
Johnny depp is cool
deppbot
How does it work?
! " Your Project deppbot GitHub Subscribe Automated Updates
Normal Updates Security Updates Automated Updates
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
None
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
bundle update 1. clone & setup 2. start new build
3. bundle update 4. store diff
bundle update
bundle update
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
Send Pull Request 1. Check if can send? 2. Send
it 3. Finish build
Send Pull Request
Send Pull Request
Send Pull Request
Security Updates 1. Need update? 2. security update 3. Send
Pull Request
None
None
None
None
None
Security Updates 1. Need update? 2. security update 3. Send
Pull Request
None
None
None
None
None
None
None
Problems
GitHub Organisations API GitHub permissions https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/11
GitHub API limit
None
None
ݶӞ㮆Ӯኴ ݶӞ㮆瓵మ
1 PR at a time
Listen to PR events Track if you merged Don’t send
PR if open Webhook
Webhook
Webhook
Webhook
Webhook
GitHub is down
RubyGems.org Downtime
Many other tricky cases
Conclusion
Idea is CHEAP
Create value for users
Marketing is HARD
Bugs are unpredictable
Ruby is Elegant and Beautiful
Open Source from real app
Share what you learned
Code is useless till shipped
Embrace Changes
Raises Awareness of gems
Continuous Learnings
Continuous Updates
Update Early
Update Often
YES WE CAN DO IT!!
#MakeRubyGreatAgain http://blog.testdouble.com/posts/2016-05-09-make-ruby-great-again.html Hopefully
I have deppbot stickers
Special Thanks @huacnlee @lgn21st
None
Any Questions?
THANK YOU!