continuous updating with versioneye at code.talks 2014
DESCRIPTION
These are the slides from the "Continuous Updating with VersionEye" talk at code.talks 2014 in Hamburg. Nowadays modern software development without open source is almost impossible. In average a modern software project has 100 open source components. How do you keep track of these open source dependencies? How do you know that they are still alive? How do you manage the licenses for these dependencies? These are all important questions which get answered in this talk.TRANSCRIPT
![Page 1: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/1.jpg)
Continuous Updating
![Page 2: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/2.jpg)
Who I am?
• Robert Reiz
• Software Dev since 1998
• I started VersionEye
![Page 3: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/3.jpg)
What I do?
• I write crawlers
• I integrate Package Managers
• I integrate SCMs
![Page 4: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/4.jpg)
VersionEye
• 445K Open Source Projects
• 10 Package Managers
• 3 SCMs
Dependency Management
![Page 5: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/5.jpg)
https://www.versioneye.com/statistics
Why
![Page 6: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/6.jpg)
Why
![Page 7: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/7.jpg)
Why I want to stay up-to-date?
![Page 8: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/8.jpg)
100 libraries per project in avg.
![Page 9: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/9.jpg)
How do you keep track of your Dependencies?
![Page 10: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/10.jpg)
Which Licenses are your dependencies
using?
![Page 11: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/11.jpg)
Are your dependencies still alive?
![Page 12: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/12.jpg)
You don’t know ?
![Page 13: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/13.jpg)
Every dependency is a risk factor.
![Page 14: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/14.jpg)
Requirements
Analysis
Design
Coding
Testing
Accepting
15 years ago we used to work with the WATERFALL MODEL
![Page 15: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/15.jpg)
But today we are AGILE
![Page 16: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/16.jpg)
Everything the Waterfall Model used to execute in one year ...
!
... we nowadays execute in 2 weeks!
![Page 17: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/17.jpg)
The way we develop software today totally changed!
![Page 18: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/18.jpg)
Being AGILE got us
CONTINUOUS Testing
CONTINUOUS Refactoring
CONTINUOUS Integration
CONTINUOUS Delivery
CONTINUOUS Deployment
![Page 19: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/19.jpg)
But what about Continuous Updating?
![Page 20: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/20.jpg)
Why should I care about Continuous Updating?
![Page 21: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/21.jpg)
Core committers don’t release new versions just for fun!
![Page 22: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/22.jpg)
• Bug Fixes
• Security Fixes
• Speed & Memory optimization
• New Features
They always have good reasons
![Page 23: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/23.jpg)
If you can't fly then run, if you can't run then walk, if you can't walk then crawl, but whatever you do you have to keep moving forward. Martin Luther King Jr.
![Page 24: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/24.jpg)
How do you ensure that new versions don’t break the system?
![Page 25: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/25.jpg)
Semantic Versioning Migration Paths
Continuous Testing
![Page 27: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/27.jpg)
1.MAJOR version when you make incompatible API changes
2.MINOR version when you add functionality in a backwards-compatible manner
3.PATCH version when you make backwards-compatible bug fixes.
MAJOR.MINOR.PATCH
![Page 28: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/28.jpg)
Always follow the MIGRATION PATH
![Page 29: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/29.jpg)
Many small steps are better than one big step
!
You can do SMALL MIGRATIONS on the fly. !
BIG MIGRATIONS are risky and expensive. !
If you miss versions, you miss migration paths, too. And that leads to TROUBLE!
![Page 30: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/30.jpg)
1 2 3 4migrate migrate migrate
big migration … expensive!
Don’t miss migration paths!
![Page 31: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/31.jpg)
Always run your TESTS against new versions
![Page 32: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/32.jpg)
2.245.022 New Releases
![Page 33: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/33.jpg)
6%#
94%#
New$Releases$
Major# Minor/Patch#
![Page 34: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/34.jpg)
94% of all new releases are harmless and you can update
without doubt.
![Page 35: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/35.jpg)
Another reason for being current
![Page 36: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/36.jpg)
Do you really believe those young talents
wanna work with COBOL?
Or other OLD SHIT?
![Page 37: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/37.jpg)
Tracking versions is a pain!
![Page 38: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/38.jpg)
SOFTWARE LIBRARIES are NOT like iPhone
Apps!
![Page 39: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/39.jpg)
100 libraries per project in avg.
After 2 weeks the first libraries are OUT-DATED!
![Page 40: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/40.jpg)
Developers are missing critical BUG FIXES and important UPDATES!
![Page 41: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/41.jpg)
Manually checking for updates is no fun!
!
It cost TIME & MONEY! !
NOBODY WANTS TO DO IT!
![Page 42: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/42.jpg)
So, how do you wanna solve this PROBLEM
![Page 43: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/43.jpg)
You have to AUTOMATE
![Page 44: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/44.jpg)
You need a TOOL for that!
![Page 45: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/45.jpg)
GemNotifier Gemnasium VersionEyeLanguages Ruby Ruby, Node.JS,
Python 22 Languages
GitHub no yes yesBitbucket no no yesFile upload no no yes
URL parsing no no yesChangelogs no yes in progress
Security no yes in progressLicenses no no yes
API no no yes
![Page 46: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/46.jpg)
www.VersionEye.comKeeps an eye on more than 445K open source libraries!
Supports 22 Languages and 10 Package Managers! Integrated with GitHub, Bitbucket, Stash.
Open REST JSON API.
![Page 47: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/47.jpg)
Are your dependencies still alive?
![Page 48: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/48.jpg)
KPIs
![Page 49: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/49.jpg)
Heat-map for dead / alive
Dependencies
![Page 50: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/50.jpg)
Tags / Labels
![Page 51: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/51.jpg)
Which Licenses are your dependencies
using?
![Page 52: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/52.jpg)
License Whitelist
![Page 53: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/53.jpg)
DEMO
![Page 55: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/55.jpg)
M2
VersionEye Enterprise
VMVersionEye.com
CI
Intranet
E-Maildata sync
SCM
VersionEye Enterprise
Updates via Docker Containers
![Page 56: Continuous Updating with VersionEye at code.talks 2014](https://reader036.vdocuments.us/reader036/viewer/2022062614/5476d114b4af9f22628b460d/html5/thumbnails/56.jpg)
@RobertReiz #ContinuousUpdating
Questions?