When you have a high test coverage or... a high confidence in your code (in my case the former) you can setup fully automatic releases on GitHub. All driven by bots.
In this post I will show you how I set it up using my own project.
migrator is a DB migration/evolution tool written in Go. It's super fast and lightweight. It is released as a docker image on docker hub: lukasz/migrator.
migrator has a code coverage of 94% and I decided to release a new docker image every time there is a new dependency available: either a new base docker image or a new version of Go dependencies.
lukaszbudnik / migrator
Super fast and lightweight DB migration & evolution tool written in Go
migrator
Super fast and lightweight DB migration tool written in go. migrator consumes 6MB of memory and outperforms other DB migration/evolution frameworks by a few orders of magnitude.
migrator manages and versions all the DB changes for you and completely eliminates manual and error-prone administrative tasks. migrator versions can be used for auditing and compliance purposes. migrator not only supports single schemas, but also comes with a multi-schema support (ideal for multi-schema multi-tenant SaaS products).
migrator runs as a HTTP REST service and can be easily integrated into your continuous integration and continuous delivery pipeline.
The official docker image is available on docker hub at lukasz/migrator. It is ultra lightweight and has a size of 15MB. Ideal for micro-services deployments!
Table of contents
dependabot
First, you need to enable dependabot for your project. It's super easy. Just follow the instructions detailed here: Managing vulnerabilities in your project's dependencies and Keeping your dependencies updated automatically.
dependabot can create a pull request for you whenever there is a known security vulnerability in your 3rd party dependency and there is a fix version available. You can go even further and tell dependabot to create a pull request whenever there is a new version available. I like to live on the edge and I went ahead and enabled both options.
For reference here is the link to my dependabot config file: https://github.com/lukaszbudnik/migrator/blob/master/.github/dependabot.yml.
Protip: Every time pull request is merged to target branch dependabot is rebasing all created pull requests (followed by re-running all checks). I provide different times for every check so that the number of rebases is kept to a minimum.
merge-pull-requests action
The bit missing was automated merging to target branch when all tests were passing. There is an auto-merge feature available in GitHub but dependabot doesn't support it (yet).
I decided to use GitHub Action that was available on the marketplace: GitHub Actions - Merge pull requests.
I used the default configuration file provided by authors. However, the default config was quite permissive and I needed to tweak it a little bit. I wanted to auto-merge pull requests with dependencies
label (all pull requests created by dependabot have it) and (to make sure other people would not abuse the auto-merge functionality) I wanted to auto-merge pulls created by the dependabot[bot]
user only.
For reference here is the link to my configuration file: https://github.com/lukaszbudnik/migrator/blob/master/.github/workflows/automerge.yml
Protip: Make sure you have "Automatically delete head branches" enabled in your repository settings. GitHub will delete merged branches automatically. To keep things nice and tidy.
project-bot app
Optional step. My CI/CD pipeline instructs docker hub to build new latest
tag on every merge to main branch. However, I also wanted to roll up all small changes into official releases. I use GitHub projects (rather than milestones) to organise my work. Every time I release a new version I create a new project which acts as a placeholder for all new work. To help me organise release notes better I wanted to automatically add dependabot pull requests to an open GitHub project.
I decided to use GitHub App that was available here: GitHub Apps - project-bot. In order to include a new pull request in your project just add a new card with the correct markup in one of the columns.
For reference here is my project that uses project-bot integration: https://github.com/lukaszbudnik/migrator/projects/9.
Protip: If you create your projects using "Automated kanban" template GitHub will automatically move merged pull request to Done column. So there is even less configuration required.
bots in action
Below is a link to a sample pull request which was:
- created by
dependabot
- added to v2021.0.1 project by
project-bot
- merged by
merge-pull-requests
- built and published by
dockerhub
And it all happened at 4 AM CEST while I was in a well deserved deep sleep phase :)
Bump github.com/aws/aws-sdk-go from 1.38.14 to 1.38.15 #178
Bumps github.com/aws/aws-sdk-go from 1.38.14 to 1.38.15.
Release notes
Sourced from github.com/aws/aws-sdk-go's releases.
Release v1.38.15 (2021-04-07)
Service Client Updates
service/accessanalyzer
: Updates service API, documentation, and paginatorsservice/elasticache
: Updates service API and documentation
- This release adds tagging support for all AWS ElastiCache resources except Global Replication Groups.
service/ivs
: Updates service API, documentation, and paginatorsservice/mgn
: Updates service API, documentation, paginators, and examplesservice/storagegateway
: Updates service API, documentation, and paginators
- File Gateway APIs now support FSx for Windows as a cloud storage.
Changelog
Sourced from github.com/aws/aws-sdk-go's changelog.
Release v1.38.15 (2021-04-07)
Service Client Updates
service/accessanalyzer
: Updates service API, documentation, and paginatorsservice/elasticache
: Updates service API and documentation
- This release adds tagging support for all AWS ElastiCache resources except Global Replication Groups.
service/ivs
: Updates service API, documentation, and paginatorsservice/mgn
: Updates service API, documentation, paginators, and examplesservice/storagegateway
: Updates service API, documentation, and paginators
- File Gateway APIs now support FSx for Windows as a cloud storage.
Commits
-
d9428af
Release v1.38.15 (2021-04-07) (#3853) - See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Top comments (0)