How we keep our self-hosted Discord bot up to date

How we keep our self-hosted Discord bot up to date
Photo by Ricardo Gomez Angel / Unsplash

Over in my Discord we have a cool bot called ✨The Ultimate Hacking Bot✨

Really it's a bot that has a collection of pentesting tools one may find useful.

With many tools come many issues... Dependency issues...

If one of our many dependencies updated, our process was:

  1. Update the dependency in Rust
  2. Build the Docker image
  3. Push it to a registry
  4. Docker pull on the service
  5. Docker compose up -d to run it.

Every. Single. Time.

Here's a quick guide on how we fixed this!

Automating the process away

The first step is updating the dependency.

We use Dependabot to automatically detect when packages update and create pull requests for them.

Bump serde from 1.0.151 to 1.0.158 by dependabot[bot] · Pull Request #28 · bee-san/discord-bot
Bumps serde from 1.0.151 to 1.0.158. Release notes Sourced from serde’s releases. v1.0.158 Fix “expected serde crate attribute to be a string” error when using macro_rules metavariable inside of…

BUT we had to click "merge" every time. We wanted to automate that away too, so we built a GitHub action to do this:

name: Dependabot auto-approve
on: pull_request

  pull-requests: write

    runs-on: ubuntu-latest
    if: ${{ == 'dependabot[bot]' }}
      - name: Dependabot metadata
        id: metadata
        uses: dependabot/fetch-metadata@v1
          github-token: "${{ secrets.PERSONAL_TOKEN }}"
      - name: Approve a PR
        run: gh pr review --approve "$PR_URL"
          PR_URL: ${{github.event.pull_request.html_url}}
          GITHUB_TOKEN: ${{secrets.PERSONAL_TOKEN}}

This auto-approves and merges all Dependabot pull requests.

Second, we want to automatically build and publish the Docker image.

Again, we used GitHub actions here:

name: Publish Docker image

      - 'main'

    name: Push Docker image to Docker Hub
    runs-on: ubuntu-latest
      - name: Check out the repo
        uses: actions/checkout@v3
      - name: Log in to Docker Hub
        uses: docker/login-action@f4ef78c080cd8ba55a85445d5b36e214a81df20a
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
          images: my-docker-hub-namespace/my-docker-hub-repository
      - name: Build and push Docker image
        uses: docker/build-push-action@3b5e8027fcad23fda98b2e3ac259d8d67585f671
          context: .
          file: ./Dockerfile
          push: true
          tags: autumnskerritt/discord-bot:latest

Now we have the latest image pushed to Docker everytime a commit is merged to main branch!

Now we need to update and redeploy the image on our server.

I created a script which pulls the image down and runs Docker Rollout on it:

GitHub - Wowu/docker-rollout: 🚀 Zero Downtime Deployment for Docker Compose
🚀 Zero Downtime Deployment for Docker Compose. Contribute to Wowu/docker-rollout development by creating an account on GitHub.
cd ~/discord-bot
docker pull autumnskerritt/ultimate-hacking-bot:latest
docker rollout -f docker-compose.yml discord_bot

I turned this into a service:

Description=Discord Bot Updater
ExecStart=/usr/bin/env sh /home/autumn/discord-bot/


Which runs at 4am every day:

Description=Ensures the execution of the Discord bot updater every day at 4:00 AM

OnCalendar=*-*-* 4:00:00


🥳 And now our bot is automatically up to date with the latest and greatest hacking tools.

Hope you enjoyed this and can use parts of it in your own automated adventures :)

Fancy using the bot yourself? Come try it at:

Join the beesec Discord Server!
Programming & Cyber Security server | 1311 members