I was just thinking about the most frequently used commands that I use on my main development machine. It did not take me long to work out how to automate this process. My history has the last 10000 commands:


history | awk '{print $2}' | sort | uniq -c | sort -r | head -n 20 | awk '{print $2}' 


Here is the output

git

cd

exercism

cat

curl

docker

yarn

vim

grep

npm

rm

ls

docker-compose

mix

open

./gradlew

mkdir

code

cp

brew

This is a giveaway that I am a mac user, work with groovy, node and elixir. I also do some work in docker and use a mixture of vim and code.

I’d be interested to see what other people have

I have been working with a build pipeline using dependabot this year. At the start of 2019 I took over as team lead on a project. My predecessor had enabled dependabot across the teams pool of repositories. After some pruning we have around 60 of these.

Dependabot is an attempt to solve the upgrade cycle for third party dependencies. It will create a pull request for each new version. If you have a build server configured to run tests that you trust then you can get dependabot to auto merge the passing changes.

The year started with a backlog of 360 PRs. Early in the year I spent the first part of each morning ensuring that almost all of the projects have at least a test pipeline..

This started to make an impact on the backlog. We then encountered our first react update. This added 70 PRs overnight.

One pair on my team automated the deployment of the react libraries to our CDN. This eventually helped (we did have a fun problem with the first bad deploy – if you deploy a bad version of a library to a CDN then its painful to correct – some users will have that version cached potentially forever).

We also needed to restart a lot of broken builds. CD is great but sometimes.cloud infrastructure just fails

Dependabot has a helpful interface in that it has an agent that responds to comments on a PR. This allows you to tell it to rebase/recreate/ignore/merge things.

This week we got the PR total down to 12 by the end of one day. The next day Babel released a new version so we jumped to 70 …

We will never win this race but Dependabot does help keep the code upto date. Note we also get updates from other teams in the organisation. One morning during planning we were able to report that a change we had been waiting on had been released, tested and merged in the time we were meeting.

I have had to raise a few issues with Dependabot support and they did fix them quickly. They had not experienced organisations with over a thousand repos before which made the configuration UI slow – this in now much better.

Our setup of Dependabot, Jenkins and Github did not react well to the introduction of Snyk to the system. Snyk tells Github that it is happy with the security of the dependencies. The problem was this was faster than Jenkins telling Github that it had started testing the change! Dependabot then saw a PR with an ok stamp and then merged the change. We had a fun few days reverting broken builds until we tamed that one.

During the year Dependabot was bought by GitHub and is now free to use.

For now I have disabled Snyk on our projects but will investigate it further in the new year (it appears less configurable than Dependabot).

Here’s to another year of upto date dependencies.