[BUILD-511] Implement a dependency bot (for boms properties) Created: 27/Aug/21  Updated: 16/Feb/22  Resolved: 03/Sep/21

Status: Closed
Project: Build
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Neutral
Reporter: Maxime Michel Assignee: Maxime Michel
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: JPEG File arch.jpg    
Issue Links:
relation
is related to BUILD-612 Make the dependency bot able to resol... Closed
is related to BUILD-513 Wrap up dependency bot (dependency re... Closed
Template:
Acceptance criteria:
Empty
Epic Link: Dependency bot

 Description   

Considering the release automation webapp:

  • is connected to Jira and Bitbucket
  • can run Maven commands
  • has cron jobs defined

We could implement a dependency bot, considering Dependaroo's status hasn't changed in months. This would help seeing less CVEs.

We'd need to filter out the quantity of upgrades because we're so far behind. A suggestion is to look up the date of the release. If we only look for releases that happened in the last week or so, then we won't be overwhelmed and will be able to process what comes in.


The definitive implementation diagram can be seen at: https://git.magnolia-cms.com/projects/INTERNAL/repos/magnolia-mgmt/browse/magnolia-dependency-bot.svg


Generated at Sun Feb 11 23:42:32 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.