Skip to content

Sign up for new dependencies.io payment plan

Context

Dependencies.io is a service we already use, that tracks some of the dependencies we have in Distribution projects. It watches git repos that we have told it to for new tags, and then creates Merge Requests in our Repos automatically to update the dependencies.

Initial issue where we went with dependencies.io v2 is here: #194 (closed)

We've been using this for 1year, but haven't fully made use of all it's potential, only having a few dependencies added to the tracking so far (with TODOs to add many more), and going lengths of time with the service not working at all due to us introducing incompatible version matches to the system without visibility into whether we have broken it or not. (This is something much improved in v3)

Proposal

Our current plan only works for dependencies v2. And deps3 is now out, and I think we should update to the new version. (Requires purchasing a new plan)

Reason

Deps3 introduces a cli tool that devs can use locally to debug the deps file, and the CLI is also used in our own CI, rather than having the dependencies.io server do all the work. The tool just reaches out to dependencies.io to validates the usage token against your payment account.

While the above is a great step forward, the biggest reason to switch is that the developer is spending the most time in v3, and would rather us upgrade to v3 than support our requests on v2.

And unfortunately payment subscriptions are handled differently between the two systems. (Otherwise I would have just upgraded us already)

I have a MR that adds and tests deps3 support for the charts here: gitlab-org/charts/gitlab!981 (merged) (We would also need to do this for omnibus-gitlab and CNG)

Pricing

deps-pricing

As we are not using this service heavily yet, I think we should stick with the lowest priced plan. And should just have myself or someone else on the team purchase and expense it. (I believe this is what @marin has done for the current plan, which we will want to cancel the v2 subscription after we move to v3)

If we start using the system more heavily we can look at an enterprise contract and running this through procurement