Roundcrisis

home about talks rss feed  rss

Running scala steward on private repos

15 Aug 2020

Motivation

Keep the dependencies in many repositories up to date as automatically as possible. Warn me when they can’t be updated automatically without breaking the build.

How to run

You can run by cloning the repo and running it, check the instructions.If you want to run this on private repos on some CI I find that it might be easier to run from Docker. I especially like that you can use a particular version you know works and move when you are ready.

To run from Docker, execute something like this from where you checked out scala-steward(setup the necessary env vars STEWARD_DIR, LOGIN and EMAIL accordingly):

docker run -v $STEWARD_DIR:/opt/scala-steward -it fthomas/scala-steward:latest \
  --workspace  "/opt/scala-steward/workspace" \
  --repos-file "/opt/scala-steward/repos.md" \
  --default-repo-conf "/opt/scala-steward/default.scala-steward.conf" \
  --git-author-email ${EMAIL} \
  --vcs-api-host "https://api.github.com" \
  --vcs-login ${LOGIN} \
  --git-ask-pass "/opt/scala-steward/.github/askpass/$LOGIN.sh" \
  --sign-commits \
  --env-var FOO=BAR

Let’s break this down

The first few options are for docker to run and mount the current directory as a volume then there is the scala steward options:

Now that you have Scala steward set up you might want to select a test repo to update. Before you add that to the repos-file set up pull request building in your CI or externally. There are many options here, I tested a jenkins plugin (it was painful and didn’t work well in my case), Aws CodeBuild and Github Actions. The last two were pretty painless.

Optionally you might want to also set up Mergify or something like that, to automatically merge certain PRs.

Depdendency Management over time

So with PR building set up you might be tempted to add all your repos at once. That might be a bad idea. This tools creates one PR per change, it is very likely you might want to update many libraries at once. To know what is out of date you can simple use sbt dependecyUpdates Also you don’t want to block CI for a while (if that is your setup). I suggest you add a few repos at a time and see what happens. This is a good task to do while waiting for something else.

source: https://xkcd.com/303/

Since not so long ago Scalafix updates are enabled by default, a nice enhancement. Also you can add your custom scalafix changes.

Please note, you can set up configuration per project if you want to stop particular updates. If you have questions, the FAQ is pretty good.

Some other ways

Since this is all about managing dependencies, these are some interesting projects that I am planning to check out(but haven’t yet):