Sprout Social’s Android cellular app is a robust native utility that retains our prospects plugged in to their social media presence on the go. As a part of our Android app, we preserve over 35 dependencies managed by the open supply group that present helpful constructing blocks for our utility.
Our dependencies present myriad performance reminiscent of frameworks for making community calls, async picture loading, testing instruments and different present options that resolve frequent Android improvement challenges. A few of these dependencies are required to leverage core Android libraries whereas others assist resolve frequent software program challenges with out having to write down all of the code from scratch. Every dependency permits us to leverage performance with out having to reinvent the wheel.
On the identical time, every comes with a duty to maintain them present to make sure we all know of latest efficiency, safety, and have updates. This sounds nice on paper, however as any cellular developer is aware of, manually monitoring these updates generally is a actual burden.
Considered one of our values on Sprout’s engineering group is to behave with objective and focus. In that spirit, we determined to implement a wiser resolution so we may spend extra time constructing impactful options for our prospects. To perform this, we used the automated dependency administration first celebration plugin, Dependabot. Dependabot reduces our quantity of outdated dependencies, simplifies the hassle wanted to replace them, and streamlines our general improvement course of.
Transferring away from handbook dependency upkeep
In native Android improvement, dependencies are declared in a construct.gradle file. By specifying the dependency we want with its model, Gradle will resolve it from a central repository and retrieve it for us to have the ability to use inside the utility. If an Android app is multi-module, every module has its personal construct.gradle file that declares the dependencies for that module.
Sustaining these dependencies effectively is important for a clean improvement course of and offering prospects with an efficient social media administration utility that may sustain with the pace of social. However protecting dependencies updated turns into a frightening job that requires an evaluation of labor, model compatibility checks, potential code adjustments and testing.
Earlier than Dependabot, we had a handbook dependency administration course of. Because the complexity of our utility elevated, so did our time spent on dependency administration. It took vital effort for the group to determine the necessity for a dependency, then course of it by means of our agile improvement workflows to get it prioritized and updated. We’d usually uncover that dependencies wanted updates throughout characteristic improvement, which launched the at all times dreaded challenge scope-creep. We would have liked a greater manner.
Introducing: Dependabot
Dependency administration shouldn’t be a brand new idea. On condition that a lot of the work required to handle dependencies is repetitive and monotonous, our group thought this might be the proper candidate for one thing that could possibly be automated (with out falling into the lure of getting to write down the automation ourselves).
We discovered Dependabot suited our wants effectively—it’s a GitHub first-party device that robotically detects newer variations of dependencies and accounts for any compatibility points that could be brought on by upgrading them. It surfaces any model upgrades as they turn into obtainable and creates pull requests (PRs) containing details about the improve, which we have been capable of seamlessly combine into our regular engineering workflow. All of a sudden, we didn’t need to spend lengthy hours manually ensuring the whole lot was present.
Implementation
Dependabot intelligently analyzes our construct.gradle information to find out our dependency tree and creates PRs for any dependencies that should be up to date. To ensure that the implementation to be successful, we would have liked a strategy to fastidiously assessment every PR and streamline the merges of the PRs.
Throughout any utility launch of our Android app, we assign a launch supervisor. We determined to combine this duty into the discharge supervisor’s course of, with the expectation that as much as 5 dependency upgrades be accomplished throughout every launch cycle. The discharge supervisor critiques the dependency updates uncovered by Dependabot, ensures that our steady integration checks on the PR move and there are not any breaking library adjustments, then critiques the upgrades offered by this model bump, and brings the checklist of PRs to the group for approval to be merged.
The advantages of automation
Automated dependency administration is a robust device that considerably enhances our improvement course of, and the standard of lifetime of our engineers. It additionally supplies customers with excessive worth and the newest options inside our native cellular utility. With a device like Dependabot, we streamlined the retrieval, integration and versioning of dependencies, lowering the quantity of handbook effort engineers need to spend and decreasing the possibility of conflicts in our dependency tree.
Because the complexity of Android initiatives continues to develop, adopting automated dependency administration was a high-value step so as to guarantee a world-class improvement course of for our group, and a world-class Android utility for our prospects.
To be taught extra about Sprout’s engineering group and tradition, go to our careers website.