The service is rolled out as a public beta. At the moment we cannot guarantee that no breaking changes need to be implemented. Also the service can be turned off at any time. We are curiuos for your feedback.
Automating dependency updates in the Helmholtz Codebase¶
The Helmholtz Codebase is configured in a way that it supports automatic dependency updates using a tool called dependabot-gitlab. Therefore it makes use of dependabot-core which is known from GitHub.
The bot will automatically create Merge Requests for dependency updates helping you to keep your dependencies up-to-date thereby enhancing the security of your project.
The list of supported ecosystems is given here. Among others, Python, Docker or Git submodules are supported.
In order to configure automatic dependency updates for your project a few steps need to be accomplished.
- Add the
hifis-botuser as a member to your project. At least the role
Developerneeds to be assigned.
- Add a file called
.gitlab/dependabot.ymlinto the root of your repository. A minimal configuration for supporting the Python package managers
pipenvis given below.
1 2 3 4 5 6 7
All configuration options are listed in the documentation.
- Within at most an hour the service will take note of the new project
and will start to submit dependency updates according to the definitions in
dependabot.yml. If you configure updates daily it can take at most 24 hours until the first merge requests will be submitted.
Webhooks - Interacting with the Bot¶
In order to communicate with the bot via comments in your Merge Request a webhook needs to be configured. Therefore, please follow these steps:
- In your project navigate to
Settings > Webhooks.
Create a new webhook with these parameters, if not already present:
Push events- default repository branch (typically
Merge request events
Enable SSL verificationenabled.
Save the webhook by clicking
Interacting with the Bot¶
Interacting with the bot is possible via Merge Request commands which are entered as comments. At the time of writing two commands can be issued.
Add the comment
@hifis-bot rebase, which will perform a merge request rebase.
This command does essentially the same action as GitLab built in
@hifis-bot recreate will recreate the merge request
resolving all merge conflicts that might be present.