self-hosted

How we keep our self-hosted Discord bot up to date

Autumn Skerritt

Aug 12, 2023 • 3 min read

Photo by Ricardo Gomez Angel / Unsplash

Over in my Discord we have a cool bot called ✨The Ultimate Hacking Bot✨

Really it's a bot that has a collection of pentesting tools one may find useful.

With many tools come many issues... Dependency issues...

If one of our many dependencies updated, our process was:

Update the dependency in Rust
Build the Docker image
Push it to a registry
Docker pull on the service
Docker compose up -d to run it.

Every. Single. Time.

Here's a quick guide on how we fixed this!

Automating the process away

The first step is updating the dependency.

We use Dependabot to automatically detect when packages update and create pull requests for them.

BUT we had to click "merge" every time. We wanted to automate that away too, so we built a GitHub action to do this:

name: Dependabot auto-approve
on: pull_request

permissions:
  pull-requests: write

jobs:
  dependabot:
    runs-on: ubuntu-latest
    if: ${{ github.actor == 'dependabot[bot]' }}
    steps:
      - name: Dependabot metadata
        id: metadata
        uses: dependabot/fetch-metadata@v1
        with:
          github-token: "${{ secrets.PERSONAL_TOKEN }}"
      - name: Approve a PR
        run: gh pr review --approve "$PR_URL"
        env:
          PR_URL: ${{github.event.pull_request.html_url}}
          GITHUB_TOKEN: ${{secrets.PERSONAL_TOKEN}}

This auto-approves and merges all Dependabot pull requests.

Second, we want to automatically build and publish the Docker image.

Again, we used GitHub actions here:

name: Publish Docker image

on:
  push:
    branches:
      - 'main'

jobs:
  push_to_registry:
    name: Push Docker image to Docker Hub
    runs-on: ubuntu-latest
    steps:
      - name: Check out the repo
        uses: actions/checkout@v3
      
      - name: Log in to Docker Hub
        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      
      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
        with:
          images: my-docker-hub-namespace/my-docker-hub-repository
      
      - name: Build and push Docker image
        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
        with:
          context: .
          file: ./Dockerfile
          push: true
          tags: autumnskerritt/discord-bot:latest

Now we have the latest image pushed to Docker everytime a commit is merged to main branch!

Now we need to update and redeploy the image on our server.

I created a script which pulls the image down and runs Docker Rollout on it:

cd ~/discord-bot
docker pull autumnskerritt/ultimate-hacking-bot:latest
docker rollout -f docker-compose.yml discord_bot

I turned this into a service:

[Unit]
Description=Discord Bot Updater
After=network.target
StartLimitIntervalSec=0
[Service]
Type=simple
Restart=on-failure
RestartSec=1
User=autumn
ExecStart=/usr/bin/env sh /home/autumn/discord-bot/daily_script.sh

[Install]
WantedBy=multi-user.target

Which runs at 4am every day:

[Unit]
Description=Ensures the execution of the Discord bot updater every day at 4:00 AM

[Timer]
OnCalendar=*-*-* 4:00:00
Unit=discord_bot_updater.service

[Install]
WantedBy=basic.target

🥳 And now our bot is automatically up to date with the latest and greatest hacking tools.

Hope you enjoyed this and can use parts of it in your own automated adventures :)

Fancy using the bot yourself? Come try it at: