Here at Kubiya.ai, we love GitHub apps! They give us better ways to get our work done, integrating and automating the tools we use every single day as developers. As a DevOps at heart, I often use and try out various GitHub apps to make my life easier. Sure, some are disappointing—failing to create the time or labor savings they’ve promised—but others become favorites for life.
Here are some of the better apps I have tried out recently.
Tired of pull requests and stale issues piling up? Well, this first app may be a little controversial, but I’ve used it at times and found it tremendously valuable.
Rather than just letting those stale issues idle, this bot lets you tidy up. It warns users that threads with little or no activity will be closed, and then it automates the closure process so you don’t have to do a thing.
Sounds simple, but it’s stirred up a ton of controversy. Developer Jeff Geerling (675 GH stars) is a fan. He calls these old issues “zombie issues” and says they can really weigh developers down. As Jeff writes, “There are currently over 1,500 open issues across my 194 GitHub repositories, and there’s no way I can keep up with all of them.”
I feel Jeff’s pain, and that’s why Stale bot has been so helpful to me. But it’s worth looking at why others feel differently, including developer Drew DeVault (106 GH stars), who calls this category of bot “a terrible, horrible, no good, very bad idea.”
Why? Drew says having lots of open issues simply reflects your project’s popularity. It doesn’t mean (at least according to him) that you have any responsibility to address or deal with those issues in any way, shape, or form. And when you cut off stale issues, according to Drew, it denies “users access to an important mutual support resource, and a crucial funnel to bring new contributors into your project.”
The debate continues over at Reddit. Some Redditors support stale bots, saying they help keep projects clean and manageable; others see them as a form of censorship, cutting off the chance that old issues will ever be resolved.
What are your thoughts on Stale bot? Frankly, I believe it’s here to stay and, used responsibly, can be very indispensable in maintaining busy projects.
Get it here: https://github.com/probot/stale
This next tool is slightly less controversial, and I’ve found it helpful. Nobody wants to reinvent the wheel; that’s why all software today contains dependencies. Code reuse is universal, incorporating connections to existing code libraries or packages.
But dependencies also leave you vulnerable, and they’ve played a huge role in recent software supply-chain attacks. So it’s more important than ever to be vigilant and keep all software dependencies up to date. Yet that’s easier said than done.
To fix outdated dependencies, developers have recently started turning to bots like Dependabot to secure your software supply chain and fix vulnerabilities before they become a huge problem.
Dependabot will alert you when your repository includes a dependency with a known vulnerability, and it can even update dependencies automatically so you always have the latest version.
However, as I said above, dependency-updating bots may be less problematic than stale bots, but they’re not completely perfect. According to a recent Chinese study, two factors have made Dependabot and others like it less effective than they could be: update suspicion, meaning developers fear that an automated bot update will break their code, and notification fatigue, meaning the bots can generate an excessively large number of pull requests.
Despite all that, Dependabot definitely remains one of my personal favorites, and it’s free for GitHub projects.
Get it here: https://github.com/dependabot
Here’s one GitHub bot that truly makes your life simpler; no question about it.
Because so much software development today revolves around open source, from a wide range of sources and repositories, it can be really tough to keep your open-source dependencies up to date, especially when they get up into the hundreds or even thousands.
Yet even beyond vulnerabilities, having the latest and greatest updates can offer you better power and performance. Plus, the consequences can be a nightmare if you don’t keep them current, ranging from unpredictable performance and annoying warnings to applications actually breaking in production.
Like many developers, you may still be struggling to update open-source dependencies manually, yet the task is becoming more and more complex with every passing year.
Renovate solves this for you. It’s a free, open-source tool that detects all dependencies in any repository, and then automatically generates pull requests if it discovers that a more current version is available. All you have to do is click to approve and merge the changes, and all your dependencies are updated and ready for testing.
Get it here: https://github.com/renovatebot
These days, with so many other developers dependent on your code, sensible versioning has become more important than ever. Everybody down the line needs to know the status of an update.
That’s why using Semantic Release can help keep you out of versioning hell.
You probably already know that semantic versioning is a standardized specification to help software producers make sense of how version numbers are assigned and incremented. Even if you don’t know the dictionary definition, you intuitively understand how it works: It’s the “major.minor.patch” format that almost every software release has used since forever.
But without automation, keeping track of all these numbers as you assign them and release can get complicated. That’s where Semantic Release comes in, automating the workflow to help you release NPM packages, including determining the next version number, generating changelog and release notes, and publishing the package.
Forget about manual release processes… instead turn the whole thing over to Semantic Release so everything is properly versioned. This makes it much safer to iterate and lets others know they can count on your code to not break things on their end while letting repos choose to update at their pace.
Get it here: https://github.com/semantic-release/
This one’s short but sweet. Goreleaser is the kind of tool that doesn’t get enough credit, but it should. It just makes things simple—the way they should be.
As a release automation tool for Go projects, Goreleaser eliminates a ton of the tedious work of building binaries and release packages for a range of different OSes and architectures. Just download the app and execute it in your build script.
This app not only creates the Go binaries, it also manages GitHub releases, including Docker builds, go builds, cross-architecture builds, and more. In short… it’s pretty amazing.
Get it here: https://github.com/goreleaser/goreleaser
Last but not least is Super-Linter. This one is relatively new to me but does seem very well-known in the tech community.
The idea of linting is nothing new, of course. The term refers to static code analysis for common problems and coding errors that represents your first line of defense against problems with code and the headaches that can result.
Linting tools give you basic screening for common developer-level problems, like issues with formatting, non-adherence to coding standards and conventions, potential logic errors, and suspicious constructs. And depending on the tool, they may also flag some more sophisticated problems.
Ideally, you should lint your code before every single code review. But that’s not always simple because until now, there hasn’t been just a single linter that could pick up every problem with your code.
- Some linters focus on a particular programming language (PyPI, npm, etc).
- Others focus by topic, such as on security, coding conventions, or formatting.
Choosing and running linters has typically added significantly to the work that developers have to do on a day-to-day basis. Even when you add in automation, you’re inevitably dealing with a wide range of linting tools.
And then… Super-Linter came along.
Super-Linter is a universal linter that supports a huge range of languages. It was originally created by the GitHub services DevOps engineering team to help them keep their documentation and code consistent while also making the process more productive. And then they turned around and released it open-source so that the entire community could use and improve it.
Once you try it out, I think you’ll see why it’s quickly becoming one of the more popular GitHub apps around.
Get it here: https://github.com/github/super-linter
Tired of Repetitive Dev Tasks?
One thing all six of these indispensable GitHub apps have in common is that they solve real-world problems for our dev team. They make our jobs easier every single day by helping us offload repetitive requests and tasks, replacing them with automation and creating more intelligent, developer-friendly workflows.
Kubiya is another useful DevOps tool that frees ops teams from repetitive dev requests by providing them with secure, self-serve access to cloud infrastructure, operational workflows and knowledge all directly from Slack.
As developers ourselves, we know you can achieve maximum velocity only when all your teams have the tools they need to get their job done. To find out more about streamlining your DevOps to better fit the way your teams work, get in touch.