Toxic Elephant

Don't bury it in your back yard!

Some development automation

Posted by matijs 10/10/2020 at 14h32

For a long time, part of my weekend routine has been updating the dependencies of all my open source Ruby projects. I had set up some tooling to automatically run bundle outdated on all my project directories and make a nice report. For good measure, it would also run RuboCop and tell me if any work was needed on that front.

I would then go through the list of needed work, adjust the dependencies (using KeepUp where possible), activate new RuboCop cops, fix new RuboCop offenses, create pull requests, wait for builds to be done and then merge. There actually was a certain satisfaction in keeping things up-to-date, keeping things neat.

A few weeks ago, I’d had enough. The process of keeping things up-to-date was starting to become tedious, and it was keeping me from writing actual new software. Having had good experience at work with Dependabot I decided to automate dependency updates for all my open source repo’s.

After some experimenting I made the following changes to my repositories:

  • I added a separate named RuboCop job as part of each repository’s Travis CI configuration. To do this requires using the jobs key instead of rvm, like so:

        - rvm: 2.5
        - rvm: 2.6
        - rvm: 2.7
        - rvm: 2.7
          name: "RuboCop"
          script: bundle exec rubocop
  • I configured GitHub’s native version of Dependabot to create pull requests daily, using a file .github/dependabot.yml in each repository:

    version: 2
    - package-ecosystem: bundler
      directory: "/"
        interval: daily
        time: "04:23"
      open-pull-requests-limit: 10

All this means is that the manual part has been reduced to just checking that the builds are green for the pull requests produced by Dependabot, and potentially any new issues found by newer versions of RuboCop.

no comments no trackbacks


Comments are disabled