Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to build deppbot
Search
Juanito Fatas
September 24, 2016
Technology
3
580
How to build deppbot
@ RubyConf China 2016
Juanito Fatas
September 24, 2016
Tweet
Share
More Decks by Juanito Fatas
See All by Juanito Fatas
Data Migration with Confidence
juanitofatas
3
900
My Open Source Journey
juanitofatas
1
3.1k
NSDanger
juanitofatas
1
170
Introducing Danger
juanitofatas
0
320
Twemoji 3.0 in the making and announcement beyond SG50
juanitofatas
0
730
Continuous Updates
juanitofatas
0
140
Ruby Asia and dat bacon cannon
juanitofatas
1
260
Update Early, Update Often
juanitofatas
1
1.1k
RSpec for Practical Rubyist
juanitofatas
11
820
Other Decks in Technology
See All in Technology
生成AI導入の効果を最大化する データ活用戦略
ham0215
0
110
LTに影響を受けてテンプレリポジトリを作った話
hol1kgmg
0
290
【Λ(らむだ)】最近のアプデ情報 / RPALT20250729
lambda
0
230
Claude Codeから我々が学ぶべきこと
s4yuba
9
2.1k
LLM 機能を支える Langfuse / ClickHouse のサーバレス化
yuu26
4
320
AI人生苦節10年で会得したAIがやること_人間がやること.pdf
shibuiwilliam
1
270
風が吹けばWHOISが使えなくなる~なぜWHOIS・RDAPはサーバー証明書のメール認証に使えなくなったのか~
orangemorishita
15
5.5k
AIエージェントを現場で使う / 2025.08.07 著者陣に聞く!現場で活用するためのAIエージェント実践入門(Findyランチセッション)
smiyawaki0820
6
670
LLMでAI-OCR、実際どうなの? / llm_ai_ocr_layerx_bet_ai_day_lt
sbrf248
0
430
データモデリング通り #2オンライン勉強会 ~方法論の話をしよう~
datayokocho
0
110
Google Agentspaceを実際に導入した効果と今後の展望
mixi_engineers
PRO
3
330
【新卒研修資料】数理最適化 / Mathematical Optimization
brainpadpr
25
11k
Featured
See All Featured
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
7
790
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
Writing Fast Ruby
sferik
628
62k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
182
54k
[RailsConf 2023] Rails as a piece of cake
palkan
56
5.7k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2.2k
Transcript
RubyConf China 2016 How to build deppbot Stories from building
https:/ /www.deppbot.com
౯ݝฎ... ኼ睞 I only know a little
deppbot core team @JuanitoFatas
DANGER CONTRIBUTOR danger.systems
None
None
Rails Guides by @AndorChen
None
You may know me from
None
First Time in ౮᮷
None
౯犥獮犖ฎ㮆嘨蜦 聲硬襑穩䋿ࣁݑ犋ԧ ݝঅ㬵樄敋蝍穩ᛔኧ ᄆᄆݪ秚
匍ࣁ౯ᛔ૩樄敋మ 䓄ࠨ疰䓄ࠨ疰ᓒ
ॠሴ聲ৼ犖 犋胼瞲ֵ౯
ᮎ䒍猆 讔簡蝡㱾 瞤硛ک瞨
౮᮷Ӟଷ㬵ԧ 疰犋మ 櫝樄ጱउ૱
None
ࢯࣁ泷Ӥ ૪妿睲綡Ոኞԧ 礬蚎犋ԧ
᯿碝ਧ嬝ԧ 犋ᬘ疰ฎᬘ ᬘ疰ฎ粁ᬘ
How often do you update? !!
LATER EQUALS NEVER
Winston Teo Practice of updating all dependencies to newer versions
several times a month. Founder, Jolly Good Code Continuous Updates
論持續更新 時常更新項⽬ 的 RubyGems 乃最佳實踐也 — 胡適之
Benefits of Continuous Updates
INCREMENTAL IMPROVEMENTS
FIX SECURITY VULNERABILITIES
REDUCE TECHNICAL DEBT
MAKE FUTURE UPGRADE EASIER
DEVELOPER DISLIKE LEGACY GEMS
MAINTAINER LOVE BUGS FROM NEW RELEASES
CONTINUOUS LEARNINGS FROM GEM UPDATES
SHIP LATEST SOFTWARES
deppbot is a… Automated Updates Service
deppbot is a… Security Updates Service
deppbot is a… Dependency Updates Service
None
None
Why built deppbot?
Worked at Consultancy
Client Projects
Minimum Value Product
Ship Latest Gems
I like to keep my Gems updated
None
None
None
HOWTO USE deppbot
1. Sign Up / Sign In
2. Subscribe
deppbot adds herself to your repo Run Automated Updates every
1.hour do if need_to_update? Run Automated Updates end end
None
Process
git clone works for project hosts on bitbucket, submodules
too
bundle update Updates Gemfile.lock and install gems
Travis CI? Not all kinds of gems can be installed
on a single VPS
bundle lock --update Updates Gemfile.lock without installing This command
re-introduced in bundler v1.10 #3439
diff -u Diff of Gemfile.lock (before / after)
Delete Repo on VPS immediately when we got the
diff
Cook Pull Request gem links, compare views, changelogs, time
savings
Pull Request &YBN QMF
nokogiri Query RubyGems.org API Gem authors, please fill in
your metadata
nokogiri Find GitHub URL from RubyGems data Gem authors,
please fill in your metadata
1.6.6.4…1.6.7 Parse diff and link_to repository compare view for
code review Gem authors, please push your tags when release a gem
CHANGELOG Query GitHub API, jollygoodcode/whatsnew Don’t let your friends
dump git logs into CHANGELOGs
Time Savings Sum every Pull Request processed time
Send Pull Request Merged and keep up-to-date
Stats
Heroku
Bundler uses 250MB v1.7.2
Some Bundler features only available at v1.9.x
Fork buildpack for Custom Bundler version
Fork buildpack for Custom Bundler version Digital Ocean
Digital Ocean 1CPU Production*1 (2GB) Staging*1 (1GB) Amazon RDS http:/
/stackshare.io/deppbot/deppbot
500+ users
10% paid
None
2150 commits 515 Pull Requests
deppbot uses deppbot to build deppbot
FAST TEST SUITE FAST FEEDBACK
https://www.deppbot.com 8629 Pull Requests Sent 944 hours Engineering Time Saved
The Birth of deppbot 2015.09.03 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/3
Automated Bundle Updates
None
Automated Security Updates 2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15
2015.12.25 https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/15
None
Small Features Improvements Bug fixes Refactorings
Not only deppbot
Other Services
https:/ /libraries.io https:/ /gemnasium.com https:/ /requires.io https:/ /david-dm.org Notification Only
notify you
Actionable https:/ /deppbot.com http:/ /pyup.io https:/ /greenkeeper.io http:/ /tachikoma.io Do,
don’t tell
From idea to product
bundle update add, commit, push open a new PR on
GitHub.com Issue the Pull Request Manually
today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git
pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" Script
today = Time.current.strftime("%F") new_branch = "bundle-update-#{today}" `git checkout master` `git
pull` `git checkout -b #{new_branch}` `bundle update` `git add Gemfile.lock` `git commit -m ‘Bundle Updates’ `git push origin #{new_branch}` `git pull-request -m "Updates #{today}" 15 m ins
Discover tachikoma.io
Too Expensive $49/mo
Some clients are also interested
Decided to create a SaaS
Hence deppbot
Dependency Bot = depbot
depbot is taken
Johnny depp is cool
deppbot
How does it work?
! " Your Project deppbot GitHub Subscribe Automated Updates
Normal Updates Security Updates Automated Updates
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
None
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
bundle update 1. clone & setup 2. start new build
3. bundle update 4. store diff
bundle update
bundle update
Normal Updates 1. Need update? 2. bundle update 3. Send
Pull Request
Send Pull Request 1. Check if can send? 2. Send
it 3. Finish build
Send Pull Request
Send Pull Request
Send Pull Request
Security Updates 1. Need update? 2. security update 3. Send
Pull Request
None
None
None
None
None
Security Updates 1. Need update? 2. security update 3. Send
Pull Request
None
None
None
None
None
None
None
Problems
GitHub Organisations API GitHub permissions https:/ /github.com/jollygoodcode/jollygoodcode.github.io/issues/11
GitHub API limit
None
None
ݶӞ㮆Ӯኴ ݶӞ㮆瓵మ
1 PR at a time
Listen to PR events Track if you merged Don’t send
PR if open Webhook
Webhook
Webhook
Webhook
Webhook
GitHub is down
RubyGems.org Downtime
Many other tricky cases
Conclusion
Idea is CHEAP
Create value for users
Marketing is HARD
Bugs are unpredictable
Ruby is Elegant and Beautiful
Open Source from real app
Share what you learned
Code is useless till shipped
Embrace Changes
Raises Awareness of gems
Continuous Learnings
Continuous Updates
Update Early
Update Often
YES WE CAN DO IT!!
#MakeRubyGreatAgain http://blog.testdouble.com/posts/2016-05-09-make-ruby-great-again.html Hopefully
I have deppbot stickers
Special Thanks @huacnlee @lgn21st
None
Any Questions?
THANK YOU!