Creating a Github Bot to Automatically Verify Snapshot Usage in a Pull Request
In this tutorial, we will be creating a Github bot that helps to check in a pull request if snapshot dependencies are being used.
Typically, we use snapshot dependencies during development/testing. However, we may want to avoid snapshot dependencies in main branches, as they might not be stable.
To help developers/reviewers of removing snapshot versions in pull requests, the bot will monitor pull requests and make a comment in case it finds a snapshot dependency.
Prerequisites:
- Node.js 8.3.0 or later
- Git/Github knowledge
Introduction
Github Apps can help automate tasks and extend Github functionality. Using its API, a Github App can comment on pull requests, open and close issues, manage repositories and more.
Github provides a framework to create apps in Node.js — Probot. It does all the complicated stuff for you (such as validating payloads, managing authentication and so on), so you can focus on creating the functionality.
This tutorial will use the Probot framework. For more details, visit the official page Probot page.
The app created in this tutorial will help review pull requests by looking for usage of snapshot versions in dependencies.
The app is a server which listens to Github events through webhooks. Every time there is an event the app is interested in, it receives a payload from Github, and it takes some actions based on the payload received.
The underlying goals of the tutorial are: to show how to create a Github Bot, how to fetch pull request contents and how to comment on them. Hopefully, after this reading, you’ll be able to make one yourself and add new features to it.
Github and Probot Quickstart
1. In Github, create a repository (or use an already existing one). This tutorial assumes the version of the project is located in a pom.xml file. So you might as well add one.
2. Using npm, we can quickly start a project by running:
npx create-probot-app tutorial-github-bot
3. Follow the instructions on the terminal. It should be something like the following:
? App name: tutorial-github-bot
? Description of app: a probot app tutorial
? Author’s full name: Diego Rodrigues
? Which template would you like to use? basic-js => Comment on new issues
Configuring Github access
We need to configure the app to receive the payloads from Github via webhooks. Thankfully, Probot helps us configure it. Let’s configure and start the app:
1. Edit the app.yml file: under default_events section uncomment the pull request lines (#38, #39, #40), and under default_permissions section, uncomment pull_requests (#85) and change permission to write. Keep in mind that YAML files need to be correctly indented.
cd tutorial-github-bot
npm start
If everything goes right, you should be able to open http://localhost:3000.
Follow the instructions to register the app and select a repository (or all of them) so the bot can monitor it. The bot will only monitor the repositories selected here.
Restart the server, so the configurations can be applied.
npm start
The Probot app already has with a pre-coded function to make a comment when an Issue is open. Let’s test if the bot is working by opening a new issue in the repository:
The bot should receive a message from Github and it should comment on the issue:
⚠️ At the time of writing, there was a problem with the Probot dependency (v12.2.4 — check the version in package.json). If the bot did not publish a comment (there should be an error in the terminal logs), try stopping the application in the terminal, change the version to 11.0.1, and run:
npm install package.json
npm start
and finally, open a new issue.
Checking versions
Let’s edit index.js to add functionality to check the dependencies versions in the pull request. The goal of the bot is to notify the author of the pull request if the versions of the dependencies are snapshots. To simplify, the bot assumes the dependencies versions will be described in a pom.xml file inside a <version> tag.
When a pull request is opened the bot fetches the contents of the pull request; Then, it checks if the pom.xml file was changed and if the dependencies versions contain the SNAPSHOT tag. If this happens, the bot publishes a comment stating the pull request has snapshot dependencies and asks the requester to update the file. Otherwise, the bot comments the versions in the pull request are approved.
To accomplish that, we are going to add a handler that will be called every time a pull request is either opened, reopened or edited (code can be copied from the repository link at the end):
We also need to add some helper functions, one to identify the lines of code containing the snapshot tag and their position in the diff (hence the comment is properly placed), and another function to publish the comments in the pull request using the Github API.
And done. The bot should be ready. Remember to stop the application and start it again so the changes take effect.
npm start
Testing
To test the bot, we must go into our repository, create a feature branch and add/edit a pom.xml file with a <version> tag.
Commit the file to the feature branch, and push it to the repository:
git add pom.xml
git commit -m ‘adding pom file’
git push origin feature-branch
In Github, go to the feature branch and open a pull request. You can expect one of two outcomes:
🟣 If a dependency version in the feature branch uses the snapshot tag, the bot will publish a comment suggesting removing the tag:
🟣 If the dependency versions are all good, the bot congratulates the requester:
And that is it! Github apps can do much more and they can suit the specific needs of different projects. Hopefully, this tutorial helped to introduce them and now it’s up to you to create new features for it.
Related links:
🟣 Repository with the code: https://github.com/diego-rodrigues/version-bot-gh-app
🟣 Creating Github apps with Probot: https://dev.to/gh-campus-experts/create-your-first-github-bot-with-probot-e6o
🟣 Create Probot App: https://github.com/probot/create-probot-app
🟣 Octokit — Github API docs: https://github.com/octokit/plugin-rest-endpoint-methods.js/tree/master/docs
🟣 Probot: https://probot.github.io/
🟣 Github Apps: https://github.com/marketplace?type=apps
