DEV Community

Łukasz Budnik
Łukasz Budnik

Posted on

Let the bots do the releases for you while you sleep

When you have a high test coverage or... a high confidence in your code (in my case the former) you can setup fully automatic releases on GitHub. All driven by bots.

In this post I will show you how I set it up using my own project.

migrator is a DB migration/evolution tool written in Go. It's super fast and lightweight. It is released as a docker image on docker hub: lukasz/migrator.

migrator has a code coverage of 94% and I decided to release a new docker image every time there is a new dependency available: either a new base docker image or a new version of Go dependencies.

GitHub logo lukaszbudnik / migrator

Super fast and lightweight DB migration & evolution tool written in Go

migrator Build and Test Docker Go Report Card codecov

Super fast and lightweight DB migration tool written in go. migrator consumes 6MB of memory and outperforms other DB migration/evolution frameworks by a few orders of magnitude.

migrator manages and versions all the DB changes for you and completely eliminates manual and error-prone administrative tasks. migrator versions can be used for auditing and compliance purposes. migrator not only supports single schemas, but also comes with a multi-schema support (ideal for multi-schema multi-tenant SaaS products).

migrator runs as a HTTP REST service and can be easily integrated into your continuous integration and continuous delivery pipeline.

The official docker image is available on docker hub at lukasz/migrator. It is ultra lightweight and has a size of 15MB. Ideal for micro-services deployments!

Table of contents

dependabot

First, you need to enable dependabot for your project. It's super easy. Just follow the instructions detailed here: Managing vulnerabilities in your project's dependencies and Keeping your dependencies updated automatically.

dependabot can create a pull request for you whenever there is a known security vulnerability in your 3rd party dependency and there is a fix version available. You can go even further and tell dependabot to create a pull request whenever there is a new version available. I like to live on the edge and I went ahead and enabled both options.

For reference here is the link to my dependabot config file: https://github.com/lukaszbudnik/migrator/blob/master/.github/dependabot.yml.

Protip: Every time pull request is merged to target branch dependabot is rebasing all created pull requests (followed by re-running all checks). I provide different times for every check so that the number of rebases is kept to a minimum.

merge-pull-requests action

The bit missing was automated merging to target branch when all tests were passing. There is an auto-merge feature available in GitHub but dependabot doesn't support it (yet).

I decided to use GitHub Action that was available on the marketplace: GitHub Actions - Merge pull requests.

I used the default configuration file provided by authors. However, the default config was quite permissive and I needed to tweak it a little bit. I wanted to auto-merge pull requests with dependencies label (all pull requests created by dependabot have it) and (to make sure other people would not abuse the auto-merge functionality) I wanted to auto-merge pulls created by the dependabot[bot] user only.

For reference here is the link to my configuration file: https://github.com/lukaszbudnik/migrator/blob/master/.github/workflows/automerge.yml

Protip: Make sure you have "Automatically delete head branches" enabled in your repository settings. GitHub will delete merged branches automatically. To keep things nice and tidy.

project-bot app

Optional step. My CI/CD pipeline instructs docker hub to build new latest tag on every merge to main branch. However, I also wanted to roll up all small changes into official releases. I use GitHub projects (rather than milestones) to organise my work. Every time I release a new version I create a new project which acts as a placeholder for all new work. To help me organise release notes better I wanted to automatically add dependabot pull requests to an open GitHub project.

I decided to use GitHub App that was available here: GitHub Apps - project-bot. In order to include a new pull request in your project just add a new card with the correct markup in one of the columns.
For reference here is my project that uses project-bot integration: https://github.com/lukaszbudnik/migrator/projects/9.

Protip: If you create your projects using "Automated kanban" template GitHub will automatically move merged pull request to Done column. So there is even less configuration required.

bots in action

Below is a link to a sample pull request which was:

  1. created by dependabot
  2. added to v2021.0.1 project by project-bot
  3. merged by merge-pull-requests
  4. built and published by dockerhub

And it all happened at 4 AM CEST while I was in a well deserved deep sleep phase :)

Bump github.com/aws/aws-sdk-go from 1.38.14 to 1.38.15 #178

Bumps github.com/aws/aws-sdk-go from 1.38.14 to 1.38.15.

Release notes

Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.38.15 (2021-04-07)

Service Client Updates

  • service/accessanalyzer: Updates service API, documentation, and paginators
  • service/elasticache: Updates service API and documentation
    • This release adds tagging support for all AWS ElastiCache resources except Global Replication Groups.
  • service/ivs: Updates service API, documentation, and paginators
  • service/mgn: Updates service API, documentation, paginators, and examples
  • service/storagegateway: Updates service API, documentation, and paginators
    • File Gateway APIs now support FSx for Windows as a cloud storage.
Changelog

Sourced from github.com/aws/aws-sdk-go's changelog.

Release v1.38.15 (2021-04-07)

Service Client Updates

  • service/accessanalyzer: Updates service API, documentation, and paginators
  • service/elasticache: Updates service API and documentation
    • This release adds tagging support for all AWS ElastiCache resources except Global Replication Groups.
  • service/ivs: Updates service API, documentation, and paginators
  • service/mgn: Updates service API, documentation, paginators, and examples
  • service/storagegateway: Updates service API, documentation, and paginators
    • File Gateway APIs now support FSx for Windows as a cloud storage.
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Top comments (0)