Skip to main content

Application: govuk-dependencies

A tool to keep track of Dependabot pull requests

Ownership
#govuk-platform-health
Hosting
Heroku

README

A tool for:

  • Viewing all of the outstanding open pull requests made by Dependabot to GOV.UK repos
  • Sending Slack messages to GDS Teams reminding them of open Dependabot PRs for their applications

Screenshots

screenshot

Live examples

Technical documentation

This is a Sinatra application that uses the GitHub API in order to get a list of of PRs made by Dependabot and groups them in various ways:

  • By application
  • By team
  • By gem

Dependencies

Running the application

bundle exec rackup

Running this will start your application at localhost:9292

Running the test suite

bundle exec rake

Environment variables

  • GITHUB_TOKEN - OAuth token generated on GitHub which does not require any special permissions
    • Used to interact with the GitHub API, although not required it will help avoid limiting

  • SLACK_WEBHOOK_URL - The webhook URL for sending Slack messages to
  • DEPENDAPANDA_SECRET - Secret token for manually requesting Slack messages

Rate limiting

If you find yourself being rate limited by GitHub - you can define the GITHUB_TOKEN environment variable. This needs to be a token generated from GitHub, however as the repositories are all public it needs no special permissions.