Sprout Social’s Android cellular app is a strong native utility that retains our prospects plugged in to their social media presence on the go. As a part of our Android app, we keep over 35 dependencies managed by the open supply group that present helpful constructing blocks for our utility.
Our dependencies present myriad performance resembling frameworks for making community calls, async picture loading, testing instruments and different present options that resolve widespread Android growth challenges. A few of these dependencies are required to leverage core Android libraries whereas others assist resolve widespread software program challenges with out having to jot down all of the code from scratch. Every dependency permits us to leverage performance with out having to reinvent the wheel.
On the identical time, every comes with a duty to maintain them present to make sure we all know of recent efficiency, safety, and have updates. This sounds nice on paper, however as any cellular developer is aware of, manually monitoring these updates could be a actual burden.
One in all our values on Sprout’s engineering team is to behave with objective and focus. In that spirit, we determined to implement a wiser answer so we may spend extra time constructing impactful options for our prospects. To perform this, we used the automated dependency administration first get together plugin, Dependabot. Dependabot reduces our quantity of outdated dependencies, simplifies the hassle wanted to replace them, and streamlines our total growth course of.
Shifting away from guide dependency upkeep
In native Android growth, dependencies are declared in a construct.gradle file. By specifying the dependency we’d like with its model, Gradle will resolve it from a central repository and retrieve it for us to have the ability to use inside the utility. If an Android app is multi-module, every module has its personal construct.gradle file that declares the dependencies for that module.
Sustaining these dependencies effectively is crucial for a clean growth course of and offering prospects with an efficient social media administration utility that may sustain with the velocity of social. However preserving dependencies updated turns into a frightening activity that requires an evaluation of labor, model compatibility checks, potential code modifications and testing.
Earlier than Dependabot, we had a guide dependency administration course of. Because the complexity of our utility elevated, so did our time spent on dependency administration. It took important effort for the workforce to determine the necessity for a dependency, then course of it by means of our agile growth workflows to get it prioritized and updated. We’d typically uncover that dependencies wanted updates throughout function growth, which launched the all the time dreaded mission scope-creep. We would have liked a greater manner.
Dependency administration just isn’t a brand new idea. Provided that a lot of the work required to handle dependencies is repetitive and monotonous, our workforce thought this might be the proper candidate for one thing that may very well be automated (with out falling into the entice of getting to jot down the automation ourselves).
We discovered Dependabot suited our wants effectively—it’s a GitHub first-party device that robotically detects newer variations of dependencies and accounts for any compatibility points which may be brought on by upgrading them. It surfaces any model upgrades as they turn out to be obtainable and creates pull requests (PRs) containing details about the improve, which we had been capable of seamlessly combine into our regular engineering workflow. Instantly, we didn’t need to spend lengthy hours manually ensuring all the things was present.
Dependabot intelligently analyzes our construct.gradle recordsdata to find out our dependency tree and creates PRs for any dependencies that should be up to date. To ensure that the implementation to be successful, we would have liked a option to fastidiously overview every PR and streamline the merges of the PRs.
Throughout any utility launch of our Android app, we assign a launch supervisor. We determined to combine this duty into the discharge supervisor’s course of, with the expectation that as much as 5 dependency upgrades be accomplished throughout every launch cycle. The discharge supervisor evaluations the dependency updates uncovered by Dependabot, ensures that our steady integration checks on the PR go and there are not any breaking library modifications, then evaluations the upgrades offered by this model bump, and brings the listing of PRs to the workforce for approval to be merged.
The advantages of automation
Automated dependency administration is a strong device that considerably enhances our growth course of, and the standard of lifetime of our engineers. It additionally offers customers with excessive worth and the most recent options inside our native cellular utility. With a device like Dependabot, we streamlined the retrieval, integration and versioning of dependencies, lowering the quantity of guide effort engineers need to spend and reducing the prospect of conflicts in our dependency tree.
Because the complexity of Android initiatives continues to develop, adopting automated dependency administration was a high-value step so as to guarantee a world-class growth course of for our workforce, and a world-class Android utility for our prospects.
To study extra about Sprout’s engineering workforce and tradition, visit our careers site.