Violinist - Keep your composer dependencies updated automatically.
Updated: Jul 20, 2022
You are either the one who is creating automation or you are getting automated. - Tom Preston Werner.
Today we will discus about a tool which will help you take, automation in deployement in your project, to a next level. Before we get started a special thanks to Eiriksm, for creating this service named as violinist.io, which will help keep project dependencies up to date automatically.
What is violinist ?
Violinist is a service that continuosly keeps on updating the composer dependencies on your project automatically by creating pull requests on Github. So whenever a new update is found you dont have to update and create the pull request, violinist creates the pull request of the update by itself. It reduces the effort of manually updating composer dependencies to a great extent. A manual updation would take effort of doing the following steps :
Run "composer update package-name" command to update the package.
git checkout -b fix/update-package.
git commit composer.lock -m "Update vendor/package"
git push origin fix/update-package
Open a pull request,
Wait for test to pass.
Where as violinist does all of this by itself.
Violinist is built on top of composer. It does not try to enforce any new ways of defining dependencies, or workarounds to be able to update. It just does the tedious task of updating your composer files and sending pull requests about it.
One of the biggest and the major features of violinist is updating the composer depdencies on a project, example your drupal project may contain module added using composer, it would keep track of the updates available of the dependencies added in composer.json and will create pull requests of the updates automatically.
It is integrated with GitHub and it just works on your repository and provides PRs for the updates(if any). And does not get into the project workflow.
The Pull request contains the information of the Changelog which a deployment manager can review before merging the pull request.
Watch this video that contains an example of how you can integrate Violinist with your project and get going with pull requests of dependencies :
In terms of solving a problem statement where you want to come up with something that streamlines your deployment process and reduces the amount of time your project deployment takes , this service is a way to go. It is currently integrated with just github, integration with other services like bitbucket is what we can expect in future.
The only concern here is , whether we are adding a risk of skipping testing the update on local environments. Once of the major advantages of following the manual updation steps would be to take care that updating the current state of package should not cause regression and should not be the reason of a Disaster. Which means that we need to carefully review and monitor the pull request that violinist bot creates.
Let me know in the comment section below what do you think about this tool.