With the latest release from Drupal also including the latest security fixes, it was time to update again. One issue that experienced Drupal developers are probably quite used to by now are the continual stream of security advisories that need to be addressed, especially if you are managing a site that also includes peoples data. This means regularly maintaining your site to ensure it is kept up to date and secure.
Having gone through this previously, a word of warning, this can be problematic, so any updates should be done first on a non production environment, to allow you to address any issues that may arise from the update. The best practice of updating drupal has changed with the release of Drupal 8. Previously, before the introduction of composer to handle dependencies, Drupal lived in its own ecosystem and updating was handled really smoothly using a tool like drush. WIth Drupal 8, the recommended ways of handling dependencies is to use Composer. Composer falls under a MIT Licence so is permissive free software licence, and is a great tool for managing php packages on the Packagist repo, much like npm allows you to manage your node js dependencies on their repository. Composer has a minimum requirement of PHP 5.3 and supports various PHP Standard Recommendation namespaces including the autoloading standard PSR-4 which is the new standard with the launch of D8.
When working locally my preference is to use the Wodby Drupal Docker Stack when running Drupal 8. I also have Composer installed on my host. One good thing with Composer is you can choose to run the dependency manager on either the host or guest machine. My preference is to use my host. Firstly it is worth checking what needs updating and this may also flag any issues that need addressing.
composer outdated drupal/*
Provided there are no issues, names space conflicts and the like:
composer update drupal/core --with-dependencies
This will update all your dependencies, including those declared in the projects vendor folder. How you manage these is up to you. If you have the benefit of a Jenkins server or similar to help with your deployments, you can probably get away of just checking the composer.lock and composer.json file in to your codebase, along with any custom code or themes, which you will have to figure out how to deploy with the rest of your codebase, and then build the deployment on a production like environment, with a whole bunch of unit tests and integration tests, prior to an actual release. Personally I do not have that luxury, and have decided the easiest way for now is to simply use git to manage the codebase deployment, As long as the php version is the same on my local and production, this has worked for me so far. Using git just simplifies the whole deployment process.
So hopefully this all went smoothly and your codebase has been updated. Next you need to update the database, along with any hook_updates that may have come bundled with any new code. There are a couple of ways to do this. On my local I have drush enabled as part of my environment setup. To run this I need to log into the php shell:
docker-compose exec php bash
From here you can run the following drush command
After that you will need to clear the cache. In Drupal 8, as with many other things, there as a new command for clearing all the cache called cache rebuild:
For what ever reason you do not have access to the shell environment, you can also run these from the ui. Firstly go to yoursite/update.php as an admin user and follow the on screen steps to update the database manually. Then navigate to your config>performance page to clear the cache again manually.
That's it, job done! Drupal 8 is a product of the fantastic open source community and it is amazing what they have achieved to date. Drupal 8 is the first version of Drupal to fully support a migration path from Drupal 7. If you are interested in some of the many great features in Drupal 8 now is as good a time as any to upgrade.