From 685837fb6257f34e782c7761544d4b67fd6243f2 Mon Sep 17 00:00:00 2001 From: Oliver Davies Date: Wed, 24 Jan 2024 00:31:12 +0000 Subject: [PATCH] Add daily email for 2024-01-23 Why use automation tools for dependency updates --- source/_daily_emails/2024-01-23.md | 34 ++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 source/_daily_emails/2024-01-23.md diff --git a/source/_daily_emails/2024-01-23.md b/source/_daily_emails/2024-01-23.md new file mode 100644 index 000000000..0c3cfe346 --- /dev/null +++ b/source/_daily_emails/2024-01-23.md @@ -0,0 +1,34 @@ +--- +title: Why use automation tools for dependency updates +date: 2024-01-23 +permalink: archive/2024/01/23/why-use-automation-tools-for-dependency-updates +snippet: | + What are the benefits of using automation tools like violinist.io for dependency updates? +tags: + - software-development + - php + - drupal + - composer +--- + +Last week, I recorded an episode of [Beyond Blocks][podcast] with Eirik Morland - the Developer of violinist.io, a tool for automating dependency updates in PHP projects. + +Instead of a person manually running `composer update` in each project, tools like Violinist can do that for you and submit pull or merge requests to your project for you to review. + +But why would you want this? + +There are technical reasons, such as not having to rely on everyone having the same local environment and avoiding potential conflicts, and consistency by ensuring the same command is run every time. + +But, the big advantage, in my opinion, is the time it saves and allows you to reuse. + +Instead of manually updating each project's dependencies, I can focus on tasks that deliver value to my customers and clients and move us towards our objectives. + +Dependency updates, such as a new version of Drupal core or a contrib module, don't contain any perceived value compared to other tasks, such as adding a new feature or fixing a bug. + +They happen behind the scenes, often invisibly, without any visual changes to show an update has been done. + +If they aren't done often, they will be riskier to deploy due to the larger changes, and the longer it takes, the greater the potential for insecure versions to be exploited - potentially affecting your reputation and your customer's and with any remedial work taking the focus from other tasks. + +Having a service like Violinist performing the updates for you means they can be applied and deployed more regularly, reducing the risk and making it easier to stay up-to-date and run secure versions of your dependencies. + +[podcast]: {{site.url}}/podcast