I’ve driven auto patching at my org for production. When I got here our builds were basically impossible to safely update. I moved us to modern dependency management, and wrote automation to do updates every Monday for all dependencies.
Comments
Log in with your Bluesky account to leave a comment
Those updates get reviewed by a human after the tests all pass, applied, and it’s just completely normal now. But it took a lot of grit and determination to make it the norm and get people away from the fear of “what if patching breaks something”
It’s pretty sick, though. With containers, modern dependency manifests, and a little bit of GitHub actions work, it’s never been easier to patch very regularly. And if something does break, roll it back and write better tests to validate the usage of the dependency in the first place.
Comments