Using Drop Guard to automate updates with integration into your DevOp workflows
Automated Drupal updates and security updates in particular have been discussed on Drupal.org intensively. As a result an "auto update feature" in Drupal core will not work due to the lack of integration with development and deployment processes and because of additionally introduced risks.
Nevertheless Drupalgeddon proofed that Drupal needs automated updates to keep millions of sites secure in case critical security issues appear.
Using professional development tools such as testing frameworks, continuous integration, deployable containers and tools for automation, it is not that hard to build an infrastructure to automate Drupal updates "from the outside" continuously.
In this session I want to show which components are needed to automate Drupal updates in a professional environment and which tools exist to automate testing of updates. I will also highlight, how and why an integration with existing development and deployment workflows is needed to ensure quality. In particular I want to give answers to the following questions:
- How to handle different types and criticalities of updates
- How to deal with patches when automating updates
- Why feature branches are a good way to deploy updates fast and continuously
- How to avoid being hacked with continuous update deployment
- Requirements to the hosting and development infrastructure
- How to avoid automated updates breaking your site's functionality
This session will leave some space for discussions on that topic.