Dependable requires access to a user’s source code. The system integrates with hosted version control via GitHub, and requests repo-level access to a user’s profile on GitHub. Dependable stores an OAuth access token from GitHub, and uses it for all interactions with the GitHub API.
Dependable uses the GitHub OAuth access token to clone repositories through a command like this:
`git clone OAUTH_TOKEN@github.com:user/repo`
Dependable pushes branches to GitHub using a typical `git push` command from directory of the cloned repository.
Dependable uses the following GitHub API endpoints:
- create pull request (for a successful update build)
- get pull request (to monitor the open/closed status of system-generated pull requests)
- get branch (to retrieve GitHub commit SHA)
- get combined status for a specific ref (to monitor status of CI-based builds)
- create issue (for an unsuccessful update build)
- get issue (to monitor the open/closed status of system-generated issues)
Dependable constantly monitors for updates to application dependencies. All code operations occur within Docker containers. The source code for a given repository is only ever downloaded within an isolated container. No two repositories are downloaded within a single container. The Dockerfile is deleted immediately, removing every trace of the repository from the host server.
Dependable processes the Gemfile and Gemfile.lock files to construct a representation of application dependencies. The dependencies and their versions are stored and paired with user-configurable settings for update thresholds per dependency. No source code is persisted.
All Docker tasks are performed through non-privileged use of the Docker client.