With the latest release from Drupal also including the latest security fixes, it was time to update again. One issue that experienced Drupal Developers are probably quite used to by now are the continual stream of security advisories that need to be addressed, especially if you are managing a site that also includes peoples data. This means regularly maintaining your site to ensure it is kept up to date and secure.
Having gone through this previously, a word of warning, this can be problematic, so any updates should be done first on a non production environment, to allow you to address any issues that may arise from the update. The best practice of updating drupal has changed with the release of Drupal 8. Previously, before the introduction of composer to handle dependencies, Drupal lived in its own ecosystem and updating was handled really smoothly using a tool like drush. WIth Drupal 8, the recommended ways of handling dependencies is to use Composer. Composer falls under a MIT Licence so is permissive free software licence, and is a great tool for managing php packages on the Packagist repo, much like npm allows you to manage your node js dependencies on their repository. Composer has a minimum requirement of PHP 5.3 and supports various PHP Standard Recommendation namespaces including the autoloading standard PSR-4 which is the new standard with the launch of D8.
When working locally my preference is to use the Wodby Drupal Docker Stack when running Drupal 8. I also have Composer installed on my host. One good thing with Composer is you can choose to run the dependency manager on either the host or guest machine. My preference is to use my host. As composer runs in php, in order to get the best performance, I would highly recommend bumping the memory limit own your host machine. Let's first check what the limit is:
php -r "echo ini_get('memory_limit').PHP_EOL;"
If we need to adjust the limit lets find out where the config file is:
php --ini
We can then adjust accordingly. To get the optimal experience try setting to -1 (unlimited).
Ok, So let's first check what needs updating and this may also flag any issues that need addressing.
composer outdated drupal/*
The
outdated
command shows a list of installed packages that have updates available, including their current and latest versions. This is basically an alias forcomposer show -lo
.The color coding is as such:
- green (=): Dependency is in the latest version and is up to date.
- yellow (
~
): Dependency has a new version available that includes backwards compatibility breaks according to semver, so upgrade when you can but it may involve work.- red (!): Dependency has a new version that is semver-compatible and you should upgrade it.
https://getcomposer.org/doc/03-cli.md#outdated
Provided there are no issues, names space conflicts and the like:
composer update --with-dependencies
The --with-dependencies
flag updates also the dependencies of packages in the argument list, except those which are root requirements.
For completeness is is also useful to know how to remove a module with composer
composer remove drupal/pathauto
If you just want to update a single module the command for this is similar:
composer update drupal/geofield --with-dependencies
This will update all your dependencies, including those declared in your drupal project's vendor folder. How you manage these is up to you. If you have the benefit of a Jenkins server or similar to help with your deployments, you can probably get away of just checking the composer.lock and composer.json file in to your codebase, along with any custom code or themes, which you will have to figure out how to deploy with the rest of your codebase, and then build the deployment on a production like environment, with a whole bunch of unit tests and integration tests, prior to an actual release. Personally I do not have that luxury, and have decided the easiest way for now is to simply use git to manage the codebase deployment, As long as the php version is the same on my local and production, this has worked for me so far. Using git just simplifies the whole deployment process.
So hopefully this all went smoothly and your codebase has been updated. Next you need to update the database, along with any hook_updates that may have come bundled with any new code. There are a couple of ways to do this. On my local environment I am using Docker for Drupal and also have drush enabled as part of my environment setup. To run this I need to log into the php shell:
docker-compose exec php bash
From here you can run the following drush command
drush updatedb
After that you will need to clear the cache. In Drupal 8, as with many other things, there as a new command for clearing all the cache called cache rebuild:
drush cr
For what ever reason you do not have access to the shell environment, you can also run these from the ui. Firstly go to yoursite/update.php as an admin user and follow the on screen steps to update the database manually. Then navigate to your config>performance page to clear the cache again manually.
That's it, job done! Drupal 8 is a product of the fantastic open source community and it is amazing what they have achieved to date. Drupal 8.6 is the first version of Drupal to fully support a migration path from Drupal 7. If you are interested in some of the many great features in Drupal 8 now is as good a time as any to upgrade.
Add new comment