Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Jump to content

LibUp

From mediawiki.org
Manual on MediaWiki Tools
libraryupgrader
Release status: stable
Implementation Bot
Description mostly automated tool that manages upgrades of libraries and other developer dependencies for repositories hosted on Gerrit
Author(s) Kunal Mehta, Taavi Väänänen
License AGPL-3.0-or-later
Download No link
Issues : Open tasks · Report a bug

LibUp (aka libraryupgrader) is a mostly automated tool that manages upgrades of libraries and other developer dependencies for repositories hosted on Gerrit. It allows us to ensure consistency across the nearly 1,000 Git repositories we maintain as well as providing prompt security updates for new vulnerabilities. You can view the status of LibUp and the dependencies it tracks at https://libraryupgrader2.wmcloud.org/.

Usage

[edit]

If you'd like to have your repository be monitored by LibUp for coordinated upgrades and automatic security vulnerability scanning, you can add it to the repositories configuration in the repos/ci-tools/libup-config GitLab repository (see the README for the latest documentation).

To update a library across all repositories, update the releases configuration in the same Gerrit repository. That config also allows for defining a weight if the package is not critical enough to merit its own commit. Again, more documentation is available in the README.

Upstream release monitoring

[edit]

LibUp can also notify you when an upstream project makes a new release. When it detects a new release, it will create a Phabricator task in the projects of your choosing or leave a new comment if a task is already open. See T280474 for an example task. It is up to humans what the action to take is once a task has been filed.

You can see the instructions in the repos/ci-tools/libup-config GitLab repository for how to add a new upstream project or file a bug in the LibUp Phabricator project asking for it to be added.

Behind the scenes LibUp uses release-monitoring.org to check projects for new releases. It supports a bunch of different backends so we don't have to. You will need a Fedora or other OpenID account to add new projects there.

Subpages

[edit]
[edit]