In light of the recent COVID-19 pandemic - OPTASY would like to offer DRUPAL website support for any Healthcare, Government, Education and Non-Profit Organization(s) with critical crisis communication websites or organizations directly providing relief. Stay Safe and Stay Well.

Automatic Updates in Drupal Core? Top Benefits and Main Concerns With Drupal Updating Itself
Drupal
Drupal 8
News

Automatic Updates in Drupal Core? Top Benefits and Main Concerns With Drupal Updating Itself

by RADU SIMILEANU on Sep 28 2018

 

Just imagine... automatic updates in Drupal core.

Such a feature would put an end to all those never-ending debates and ongoing discussions taking place in the Drupal community about the expectations and concerns with implementing such an auto-update system.

Moreover, it would be a much-awaited upgrade for all those users who've been looking for (not to say “longing for") ways to automate Drupal core and modules for... years now. Who've been legitimately asking themselves:

“Why doesn't Drupal offer an auto-update feature like WordPress?”

And how did we get this far? From idea to a steady-growing initiative?

 

  1. first, it was the need to automate Drupal module and security updates
  2. then, the issues queues filled with opinions grounded in skepticism, valid concerns, and high hopes started to “pile up” on Drupal.org,
  3. then, there was Dries' keynote presentation at Drupalcon Vienna in 2017, raising awareness around the need to re-structure Drupal core in order to support a secure auto-update system
  4. … which grew into the current Auto Update Initiative
  5. that echoed, recently, at Drupal Europe 2018, during the “Hackers Automate, but the Drupal Community still Downloads Modules from Drupal.org” session

     

Many concerns and issues have been pointed out. Many questions have been added to the long list.

Yet, one thing's for sure:

There still is a pressing, ever-growing need for an auto-update feature in Drupal...

So, let me try to answer my best to some of your questions regarding this much-awaited addition to Drupal core:

 

  • What's in it for you precisely? How will an auto-update pre-built feature benefit you? 
  • Does the user persona profile suit you, too? Is it exclusively low-end websites that such a feature would benefit? Or are enterprise-level, company websites targeted, as well?
  • What are the main concerns about this implementation?

     

1. The Automatic Updates Initiative: Goal & Main Challenges 

Let's shift focus instead and pass in review the inconveniences of manually installing updates in Drupal:

 

  • it's time-consuming
  • it's can get risky if you don't know what you're doing
  • it can be an intimidatingly complex process if you have no dedicated Drupal support & maintenance team to rely on
  • it can get quite expensive, especially for a small site or blog owner

     

See where I'm heading at?

This initiative's main objective is to spare Drupal users of all these... inconveniences when it comes to updating and maintaining their websites. Inconveniences that can easily grow into reasons why some might get too discouraged to adopt Drupal in the first place.

The goal is to develop an auto-update mechanism for Drupal core conceptually similar to those already implemented on other platforms (e.g. WordPress).

And now, let's dig up and expose the key challenges in meeting this goal:

 

  • enabling update automation in Drupal core demands a complete re-engineering of the codebase; it calls for a reconstructing of its architecture and code layout in order to support a perfectly secure auto-update system 
  • such an implementation will have a major impact on the development cycle itself, causing unwanted disruption
  • such a built-in auto-update feature could get exploited for distributing and injecting malware into a whole mass of Drupal websites

     

2. Automatic Updates in Drupal: Basic Implementation Requirements 

What would be the ideal context for implementing such a perfectly secure auto-update system? 

Well, its implementation would call for:

 

  • multiple (up to date) environments
  • released updates to be detected automatically and instantly
  • an update pipeline for quality assurance
  • existing automate tests with full coverage
  • a development team to review any changes applied during the update process 

     

3. How Would These Auto-Updates Benefit You, the Drupal User?

Let's see, maybe answering these key questions would help you identify the benefits that you'd reap (if any):

 

  • do you outsource your Drupal Maintenance tasks to a professional team?
  • has it been a... breeze for you so far to cope with Drupal 8's release cycle (one new patch each month and a new minor release every 6 months sure claim for a lot of your time)?
  • have you ever got tangled up in Composer's complexities and a whole load of third-party libraries when trying to update your Drupal 8 website?
  • did you run the Drupalgeddon update fast enough?
  • have you been secretly “fancying” about a functionality that would just update Drupal core and modules, by default, right on the live server?

     

To sum up: having automatic updates in Drupal core would keep your website secured and properly maintained without you having to invest time or money for this.

 

4. Drupal Updating Itself: Main Concerns

And concerns increase exponentially as the need for an update automation in Drupal rises (along with the expectations).

Now, let's outline some of the most frequently expressed ones:

 

  • there is no control over the update process, no quality assurance pipeline; basically, there's no time schedule system enabling you to test any given update, in a development environment, before pushing it live
  • there's no clearly defined policy on what updates (security updates only, all updates, highly critical updates etc.) should be pushed
  • with Drupal updating itself, rolling back changes wouldn't be possible anymore (or discouragingly difficult) with no GIT for version control
  • again: automatic updates in Drupal could turn into a vulnerability for hackers to exploit for a mass malware attack 
  • there's no clear policy regarding NodeJS, PHP and all the JS libraries in Drupal 8, all carrying their own vulnerabilities, too
  • it's too risky with all those core and module conflicts and bugs that could break through
  • such a feature should be disabled by default; thus, it would be every site owner's decision whether to turn it on or not
  • could this auto-update system cater to all the possible update workflows and specific behaviors out there? Could it meet all the different security requirements?

     

So, you get the point: no control over the update pipeline and no policy for handling updates are the aspects that concern developers the most.

 

6. Does It Cater for Both Small & Enterprise-Level Websites' Needs? 

There is this shared consensus that implementing automatic updates in Drupal core would:

 

  1. not meet large company websites' security requirements; that it would not fit their specific update workflows
  2. benefit exclusively small, low-end websites that don't benefit from professional maintenance services

     

Even the team behind the automatic updates initiative have prioritized low-end websites in their roadmap.

But, is that really the case?

Should this initiative target small websites, with simple needs and writable systems, that rarely update and to overlook enterprise-level websites by default?

Or should this much-wanted functionality be adjusted so that it meets the latter's needs, as well? 

In this case, the first step would be building an update pipeline that would ensure quality.

What do you think?

 

7. How About Now?"What Are My Options for Automating Updates in Drupal?"

In other words: what are the currently available solutions if you want to automate the Drupal module and security updates? 

 

7.1. You Can Use Custom Scripts to Automate Updates

… one that's executed by Jerkins or another CI platform. 

Note: do bear in mind that properly maintaining a heavy load of scrips and keeping up with all the new libraries, tools, and DevOp changes won't be precisely a “child's play”. Also, with no workflow and no integrated tools, ensuring quality's going to be a challenge to consider.

 

7.2. You Can Opt for a Drupal Hosting Provider's Built-In Solution

“Teaming up” with a Drupal hosting provider that offers you automated updates services, too, is another option at hand.

In this respect, solutions for auto-updating, such as those provided by Pantheon or Acquia, could fit your specific requirements. 

Note: again, you'll need to consider that these built-in solutions do not integrate with your specific DevOps workflows and tools.

 

And my monologue on automatic updates in Drupal ends here, but I do hope that it will grow into a discussion/debate in the comments here below:

Would you turn it on, if such a feature already existed in Drupal core?

  1. Definitely yes
  2. No way
  3. It depends on whether...
Development

We do Web development

Go to our Web development page!

Visit page!

Recommended Stories

DrupalTips
How to Migrate Your Drupal Website to Another Host in 5 Steps

How to Migrate Your Drupal Website to Another Host in 5 Steps

  Website owners may need to migrate their web host at some point during their business journey due to the emergence of more lucrative hosting options, such as VPS, shared, or dedicated hosting. This is why many website managers choose to perform host migration. This article offers guidance on managing hosting server migration, one of the most widely-used DevOps services. It does so by breaking down five crucial steps that can lead to a successful migration. What are the factors to consider when moving a Drupal website to a new hosting server? Deciding to change web hosts can be a challenging decision. However, there are several indications that your website may need hosting updates, which can be identified if you know where to look. Although it may be difficult to admit, taking this step will improve your website's performance. Here's a guide on how to identify these indicators on your Drupal website. There is a recurring problem with downtime. Website downtime can harm your reputation as a service provider. The quality of your hosting equipment and security features can impact your site's availability and protection against cyber-attacks. Your host is hard to reach. Efficient communication between a website owner and their web host is crucial. In the event of a server crash or error, prompt contact with the host is necessary for troubleshooting and restoring the site's functionality. Having an unreliable host can negatively impact website functionality and customer retention. Therefore, having a dependable customer service team available is essential for providing optimal user experiences and promoting business success. Your current hosting fees are high. Running a website can require a significant investment in web hosting. It's a recurring expense that you should choose carefully. The most expensive option may not be necessary. Consider the features and server space that your host provides and compare them to your site's needs. Don't overspend on hosting that doesn't fit your requirements. You can always upgrade to a more expensive plan later. The level of security provided may not meet your requirements. Investing in a secure web host can be advantageous for your website as it prioritizes security measures. Investing in a secure hosting server can prevent data loss, compromised user data, and damage to your credibility with your audience. Consider specific features and plugins, such as Secure Sockets Layer certificates, malware scanning, and server firewalls, when selecting a web host. Instructions for migrating to a different hosting provider The process of migrating a Drupal site to a new host involves contacting the current host, backing up the database, connecting to a new server, and uploading files. It is common for issues to arise during this process, such as corrupted backups. To avoid potential issues, consider hiring a professional agency like Optasy to complete the migration process for you. This may help save resources and ensure a smooth transition. Before migrating to a new web hosting server, it's important to follow essential steps. Let's examine some of them. 1. Turn Drupal caching off. To prevent possible disruptions, the initial action is to access the Drupal admin dashboard and follow these steps. To disable caching, navigate to Configuration, Performance, and Caching, then select "No Caching." To disable "Aggregate CSS files" and "Aggregate JavaScript files" in "bandwidth optimization" and ensure all caches are cleared, click "Clear all caches." 2. It is recommended to create a backup of your Drupal files. To connect to your remote server, enter the connection details and select "QuickConnect" to establish a connection with the server hosting your website. To back up your Drupal files, simply download the content from your main site's folder onto your local device. 3. Export your Drupal database. Access the phpMyAdmin tool located in the Database section of your server's control panel. To export your Drupal site database, select "Check all" and then choose the "Export method" and "SQL" options. 4. Transfer the Drupal database to the new hosting provider. To create a new MySQL database on the target server, click on "Import" located at the top of the database. Afterward, select "Choose File" and click "Go." This will successfully restore your site on the new hosting from the backup. 5. Turn on Drupal caching. Go to Configuration - Performance - Enable Drupal caching. And that's it! Your host migration process is completed. Conclusion Building and managing a Drupal website involves various complexities, with hosting being a particularly challenging aspect. A wide range of hosting options are available, which can make it a daunting task to determine the most suitable one for your website requirements. Optasy's team of Drupal experts can provide assistance and guidance on server migration and hosting server management.   Photo credit: Unsplash.... Read more
Raluca Olariu / Mar 23'2023
DrupalTips
How SEO Helps Your Website Grow

How SEO Helps Your Website Grow

  Search engine optimization (SEO) is a powerful tool for helping your website grow and reach its full potential. SEO involves optimizing your website to make it easier for search engines like Google to find and rank it in their search results. By using SEO techniques such as keyword research, content optimization, link building, and more, you can increase the visibility of your website and attract more visitors. With the right SEO strategy in place, you can drive more traffic to your site and generate more leads and sales. In this article, we'll discuss how SEO can help your website grow and become successful. What is SEO? SEO stands for Search Engine Optimization, and it is the process of optimizing a website to make it easier for search engines like Google to find and rank it in their search results. SEO involves a variety of techniques, such as keyword research, content optimization, link building, and more. By using these techniques, you can increase your website’s visibility and attract more visitors. SEO helps your website become more visible in the search engine results pages (SERPs), which can lead to more traffic, leads, and sales. Benefits of SEO for Website Growth Let's have a look at some of the top benefits of SEO for website growth: Increased visibility: SEO helps your website become more visible in the search query, which can lead to more traffic and leads. Improved user experience: SEO also helps enhance the user experience of your website by making it easier to navigate and providing relevant content. Increased brand awareness: SEO can help boost brand awareness by making your website more visible in the SERPs, which can lead to more people recognizing your brand. Higher conversion rates: SEO can also help increase your website's conversion rate by making it easier for visitors to find what they are looking for and take the desired action. More organic traffic: SEO can help you drive more organic traffic to your website, which is free and highly targeted. Keyword Research for SEO Keyword research is an important part of SEO, and it involves finding the right keywords to target for your website. Keyword research helps you identify the words and phrases that people are searching for when looking for products or services related to your business. By targeting these keywords, you can increase your website’s visibility in the SERPs and attract more organic traffic. When doing keyword research, you can use specialized software to make the job easier. Content Optimization for SEO Content optimization involves optimizing your website’s content to make it more relevant to search engines. Content optimization includes optimizing titles, meta descriptions, headings, images, and other elements of your website’s content. Many companies rely on a solid blog approach to boost their content optimization strategy and highlight their SEO efforts. Link-Building Strategies for SEO Link-building is another top SEO strategy, and it involves creating backlinks to your website from other websites. Backlinks are links from other websites that point to your website, and they can help improve your website’s visibility in the SERPs. There are a variety of link-building strategies you can use to build backlinks for your website. These include guest blogging, directory submissions, social media marketing, and more. Conclusion SEO is an important part of website growth, and it can help you increase your website’s visibility in the SERPs, attract more organic traffic, and boost your conversion rates.  In the competitive digital world, brands that harness the power of SEO are on top of the game.  If you, too, want to integrate SEO into your web development project and are looking for professional advice, don't hesitate to contact Optasy. Optasy is a web development company that provides complete web development and maintenance services that support business growth.  Photo credit: Unsplash.  ... Read more
Raluca Olariu / Feb 14'2023
DrupalTips
Top Drupal Debugging Techniques

Top Drupal Debugging Techniques

  Debugging is an essential part of developing any website, and Drupal is no exception. Debugging in Drupal can be a complex process due to the complexity of the system and its many components. However, with the right techniques, it is possible to identify and resolve issues quickly. In this article, we will discuss some of the top debugging techniques for Drupal that can help you troubleshoot your website more efficiently. We will cover topics such as using the Devel module, using Xdebug, and other helpful tips and tricks. With these techniques in hand, you'll be able to recognize and repair any problems on your Drupal site quickly.     Using the Devel Module for Debugging The Devel module is a powerful tool for debugging Drupal websites. It provides a suite of tools to help you quickly identify and resolve issues. The Devel module includes features such as the ability to view database queries, generate dummy content, and debug PHP code. It also has an API that allows developers to create custom debugging tools. Using the Devel module can be helpful when trying to identify the source of an issue. It can also be used to generate dummy content for testing purposes.     Utilizing Xdebug for Troubleshooting Xdebug is a powerful debugging tool that can be used to troubleshoot issues on Drupal websites. It provides detailed information about the code execution, including stack traces and variable values. This can help developers quickly identify the source of an issue and resolve it more efficiently. Xdebug also has features such as breakpoints, which allow developers to pause the execution of code at certain points to inspect the application's state. This can be helpful when trying to identify and fix complex issues.     Leveraging Drupal's Logging System Drupal's logging system is a powerful tool for debugging websites. It provides detailed information about the events that occur on the website, including errors and warnings. This can be helpful when trying to identify the source of an issue. The logging system also allows developers to set up custom log levels, which can be used to filter out unnecessary information and focus on specific types of events. This can help developers quickly identify and resolve issues.   Using the Drupal Console for Debugging The Drupal Console is a command-line interface that can be used to debug Drupal websites. It provides commands for inspecting the database, generating dummy content, and running tests. This can be helpful when trying to identify and fix issues quickly. The Drupal Console also has an API that allows developers to create custom commands for debugging purposes.   Have You Completed Your Drupal 10 Migration? The release of Drupal 10 marks a major milestone for the platform, and it is important to ensure that your website is up-to-date with the latest version. Migrating to Drupal 10 can be a complex process, but it is essential for ensuring that your website remains secure and performs optimally. When migrating to Drupal 10, it is important to test the website thoroughly and use debugging techniques to identify and resolve any issues. The Devel module, Xdebug, and Drupal's logging system can all be used to troubleshoot any problems that may arise during the migration process. Don't forget to ensure that all of the modules and themes used on the website are compatible with Drupal 10. It is recommended to use the Update Status module to check for any available updates and apply them before migrating to Drupal 10. Additionally, it is a good idea to create a backup of your website before beginning the migration process in case something goes wrong. By taking these steps, you can ensure that your website is properly migrated and running smoothly on Drupal 10.     Conclusion Debugging in Drupal can be a complex process, but with the right techniques, it is possible to debug your website faster and easier. If you need more advice on your next web development project or on your Drupal 10 migration, our team of experts is here to help you. Contact us for more details.   Photo credit: Unpslash.... Read more
Raluca Olariu / Jan 16'2023

Need a new Project?

Dare us to shape and boost your idea(s)!

Start a Project

(416) 243-2431

Contact

(416) 243-2431

Toronto Downtown

First Canadian Place,
100 King St. W. Suite 5700, Toronto

Toronto West

2275 Upper Middle
Rd. E, Suite 101
Toronto

New York

1177 Avenue of the
Americas, 5th Floor,
New York