New projects are using a lot of dependencies. From the simple Hello world example to your production application, a tons of dependencies are installed.
To keep them updated, having a reminder like a Merge request is helping you to keep them up to date.
The best tool I know for this kind of work is Renovate. Used by some major Open source projects, it works for NPM, PHP, Docker, Python and other programming language. It also support private registry and that's awesome!
Using a cronjob it can every hour check if a new version of your dependency was released.
Here is an exemple for Kubernetes.
apiVersion: v1
kind: Secret
metadata:
name: renovate-env
namespace: default
type: Opaque
stringData:
renovate-platform: 'gitlab'
renovate-endpoint: 'https://gitlab.evilcorp.com/api/v4'
renovate-token: '****'
github-token: '****'
renovate-autodiscover: 'false'
---
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: renovate
namespace: default
spec:
schedule: "@hourly"
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
containers:
- name: renovate
image: renovate/renovate:latest
imagePullPolicy: IfNotPresent
args:
- evilcorp/evil-project
- evilcorp/white-rose
env:
- name: RENOVATE_PLATFORM
valueFrom:
secretKeyRef:
key: renovate-platform
name: renovate-env
- name: RENOVATE_ENDPOINT
valueFrom:
secretKeyRef:
key: renovate-endpoint
name: renovate-env
- name: RENOVATE_TOKEN
valueFrom:
secretKeyRef:
key: renovate-token
name: renovate-env
- name: GITHUB_COM_TOKEN
valueFrom:
secretKeyRef:
key: github-token
name: renovate-env
- name: RENOVATE_AUTODISCOVER
valueFrom:
secretKeyRef:
key: renovate-autodiscover
name: renovate-env
- name: NO_PROXY
value: "mycustom-registry.localhost"
- name: NODE_TLS_REJECT_UNAUTHORIZED
value: "0"
restartPolicy: Never
You will then have an awesome bot creating MR on your project.
