Application: govuk-dependencies

A tool to keep track of Dependabot pull requests

• GitHub: govuk-dependencies
• Ownership: #govuk-platform-reliability-team
• Hosting: Heroku
• Category: Utilities
• Links:
  • govuk-dependencies.herokuapp.com/
  • Manage repo

README

A tool for:

• Viewing all of the outstanding open pull requests made by Dependabot to GOV.UK repos
• Sending Slack messages to GDS Teams reminding them of open Dependabot PRs for their applications

Screenshots

Live examples

• https://govuk-dependencies.herokuapp.com/

Technical documentation

This is a Sinatra application that uses the GitHub API in order to get a list of of PRs made by Dependabot and groups them in various ways:

• By application
• By team
• By gem

Dependencies

• octokit/octokit.rb - Used for interacting with the GitHub API

Running the application

bundle exec rackup

Running this will start your application at localhost:9292

Running the test suite

bundle exec rake

Environment variables

• GITHUB_TOKEN - OAuth token generated on GitHub which does not require any special permissions
• SLACK_WEBHOOK_URL - The webhook URL for sending Slack messages to
• DEPENDAPANDA_SECRET - Secret token for manually requesting Slack messages

Rate limiting

If you find yourself being rate limited by GitHub - you can define the GITHUB_TOKEN environment variable. This needs to be a token generated from GitHub, however as the repositories are all public it needs no special permissions.