We use dependencies.io to monitor external repositories, and open a merge request to the appropriate project when an upgrade is release.
The projects currently using this are
Each repository contains a config file for the integration
When a merge request for the project is opened, it should automatically assign to all the project's maintainers. The pipelines are configured to automatically build and test (where appropriate) a project using the new software.
It is the responsibility of the entire Distribution team to ensure the merge requests are handled in a timely fashion. Team members should assign available merge requests to themselves, removing the other assignees, when they are going to work on them. The team member needs to determine the appropriate milestone to target for the upgrade, and verify the new software version works as expected. If everything looks good, a changelog entry should be added, and the merge request assigned to a maintainer.
The pipeline for the merge requests should run a triggered pipeline, which will build a package, and run gitlab-qa against the package. Depending on the software, manual testing may be required. Once satisfied, a changleog entry should be made, and the merge request should be assigned to a maintainer.
The pipeline will build a new set of images using the required software. An instance of the helm charts should be started, and testing done against that instance. Once complete, the MR should be assigned to a maintainer for merging.
The pipeline will install a review app version of the chart, and both spec and QA tests are run against the review app. Depending on the software, manual testing may be required. Once satisfied, a changelog entry should be made, and the merge request should be assigned to a maintainer.
Running dependencies.io locally is useful for debugging issues or changes to the deps.yml.
In order to run locally, you need to have the deps cli binary installed, then navigate to the root directory of the project you want to run it on, and run the following from your shell:
For debugging it's useful to run with the
-v flag for verbose output.
Add new dependencies to track to the
deps.yml file. See the depenencies.io git component documentation
for specifics on the syntax.
The typical process involves: