SlideShare uma empresa Scribd logo

Drupal Europe 2018: Hackers automate but the drupal community still downloads modules from drupal.org

H
hernanibf

“Automatic Updates for Drupal” was, is and will be a matter of debate. In this open discussion, we want to welcome everyone who wants to learn more about the current state of update processes within the Drupal Community, and especially about possible future scenarios in Drupal. We welcome everyone who’s interested in joining the discussion about auto update possibilities and bringing in critical reflections.

Software
1 de 20
Baixar para ler offline
www.drupaleurope.org
Drupal + Technology 17/3/2018 TRACK SUPPORTED BY
Hernani Borges de Freitas Technical Architect - Freelancer @hernanibf img Joe Noll CEO & Co-Founder of Drop Guard @noljoh
Hackers automate but the Drupal Community still downloads updates on drupal.org Why we need to talk about Auto Updates Hernani Borges de Freitag & Joe Noll
Today we’ll talk about - Status Quo - Updating Drupal - Auto update handling & processing options
The life of a website Developer’s view Site Owner’s view Specification Design/ Architecture Development UAT Launch Maintenance & Support Project Phase Maintenance & Support
Personas Deploy & Ignore: Once the site has the needed functionality, there’s little maintenance or updating. No PSA subscription. Once a year: Site owner deploys and ignores updates - except once a year. Diligent but with Simple Needs: Typically applies updates within a week, non-security updates will take possibly longer. Follows up on PSAs by directly updating the live site. The Sophisticated: Needs to apply at least one build step (for CSS, Composer,...) Runs QA in a pre-production environment. May deploy to a multi-head cluster. * Source: https://www.drupal.org/project/ideas/issues/2940731 * PSA = Public Service Announcements (Security Advisories)
Drupal Community Update Behavior 59% of all Drupal users update by downloading modules from drupal.org 24% of all Drupal 8 users update using drush 22% of all Drupal 8 users update using Composer * According to Driesnote in Vienna, September 2017
Hack Camp Bukarest: Security Focus “Responsible disclosure, cross-project collaboration, and Drupal 8 security” by xjm (Jess from the Drupal Security Team) -> Today at 16:00 SA-CORE-2018-004 (CVE-2018-7602): First automated attempts started after 4 hours CVE-2018-7600: “over 115.000 unpatched websites” two months after security release Security Perspective
Who do we want be? Deploy & Ignore Once a year Diligent but with Simple Needs The Sophisticated
Recommendation - Do highly critical updates (security risk 20 to 25) UNDER 4 hours - Do all other updates on reasonable time after core release schedule
What’s typically involved in an update? Build Review Deploy Test Communicate throughout the process Composer install / Composer update What changed To an non-productive environment Automatically/ Manually To Production Deploy
Multiple environments are available and are up to date. Automated tests exists and have good coverage. Security/Non-security updates are detected automatically ASAP. Developers can review changes before being applied. A CI Pipeline exists to control all this process. How much can we automate? Things get easier when Automation exists
Options Use a SaaS Option Update Drupal Directly Automate Composer Workflow
Automatic Update Initiative Update Drupal Directly ● Aim to have core support for automatic upadtes ● Automatic update initiative ○ https://www.drupal.org/project/ideas/issues /2940731 ○ Proposed Roadmap available ○ Two BOFs in DrupalEurope (Today and tomorrow). ● Low end websites come first in the roadmap ● Composer support later ● Conceptually similar to strategy used in other CMS but more robust.
I have been responsible for maintaining 4 D8 websites over the last 9 months as a hobby Two in Acquia Cloud Using github / Acquia pipelines Drupal.pt and lisbon2018.drupaldays.org Two in self-hosting Bitbucket / Bitbucket pipelines / Deployer (https://deployer.org/) Few minutes per site including build time to have production updated Personal experience Automate Composer Workflow
Assuming your code is versioned in a Git repository. Dev branch contains only composer.json and custom code and pipelines steps Composer artifacts can be tweaked when updating or version constraints might be enough. A code push against dev branch, starts CI pipeline job which will generate a new full build (using composer) and make it available to deploy (dev-build branch). This can be done with any CI like travis, bitbucket pipelines, acquia pipelines, etc.. Build branch is deployed in testing environment Website is tested in testing environment Build branch is merged into master which gets deployed to production environment Update strategy Automate Composer Workflow
Update strategy CI Pipeline Dev Branch Composer.json Custom code CI Pipeline file Build Branch All code that will be deployed CI Staging Environment Deploys Final Build Artifact Production Environment Build Merge to Master or Create a tag or … Push Tested/Approved Manual Automatic
Automating the last bit - Update runner Contributed module - http://drupal.org/project/update_runner Proof of concept module. Targeting an alpha release module soon! Contributions welcome. Automatize the missing piece - detect updates and fire up push for an update job. 1 Update_runner detects available updates using Core updater module. Processor plugins configured to react to them. Available processor plugins are used to push metadata file with the source repository in dev branch. Supports: Github/Bitbucket … more 2 3 A push to the dev branch starts the whole build process described before. Plugins can be written to act in very different ways to the available updates.
Become a Drupal contributor Friday from 9am ● First timers workshop ● Mentored contribution ● General contribution

Recomendados

Twelve factor apps
Twelve factor appsTwelve factor apps
Twelve factor apps
Alea Soluciones, S.L.
 
Anatomy of a Continuous Integration and Delivery (CICD) Pipeline
Anatomy of a Continuous Integration and Delivery (CICD) PipelineAnatomy of a Continuous Integration and Delivery (CICD) Pipeline
Anatomy of a Continuous Integration and Delivery (CICD) Pipeline
Robert McDermott
 
How Atlassian's Build Engineering Team Has Scaled to 150k Builds Per Month an...
How Atlassian's Build Engineering Team Has Scaled to 150k Builds Per Month an...How Atlassian's Build Engineering Team Has Scaled to 150k Builds Per Month an...
How Atlassian's Build Engineering Team Has Scaled to 150k Builds Per Month an...
Peter Leschev
 
Contineous integration
Contineous integrationContineous integration
Contineous integration
Radhakrishna Mutthoju
 
Introduction to continuous delivery
Introduction to continuous deliveryIntroduction to continuous delivery
Introduction to continuous delivery
Leena N
 
Dev ops for rpa
Dev ops for rpaDev ops for rpa
Dev ops for rpa
Juveria Siddiqui
 
Git and GitFlow branching model
Git and GitFlow branching modelGit and GitFlow branching model
Git and GitFlow branching model
Pavlo Hodysh
 
Increase the Velocity of Your Software Releases Using GitHub and DeployHub
Increase the Velocity of Your Software Releases Using GitHub and DeployHubIncrease the Velocity of Your Software Releases Using GitHub and DeployHub
Increase the Velocity of Your Software Releases Using GitHub and DeployHub
DevOps.com
 

Recomendados

Twelve factor apps
Twelve factor appsTwelve factor apps
Twelve factor apps
Alea Soluciones, S.L.
 
Anatomy of a Continuous Integration and Delivery (CICD) Pipeline
Anatomy of a Continuous Integration and Delivery (CICD) PipelineAnatomy of a Continuous Integration and Delivery (CICD) Pipeline
Anatomy of a Continuous Integration and Delivery (CICD) Pipeline
Robert McDermott
 
How Atlassian's Build Engineering Team Has Scaled to 150k Builds Per Month an...
How Atlassian's Build Engineering Team Has Scaled to 150k Builds Per Month an...How Atlassian's Build Engineering Team Has Scaled to 150k Builds Per Month an...
How Atlassian's Build Engineering Team Has Scaled to 150k Builds Per Month an...
Peter Leschev
 
Contineous integration
Contineous integrationContineous integration
Contineous integration
Radhakrishna Mutthoju
 
Introduction to continuous delivery
Introduction to continuous deliveryIntroduction to continuous delivery
Introduction to continuous delivery
Leena N
 
Dev ops for rpa
Dev ops for rpaDev ops for rpa
Dev ops for rpa
Juveria Siddiqui
 
Git and GitFlow branching model
Git and GitFlow branching modelGit and GitFlow branching model
Git and GitFlow branching model
Pavlo Hodysh
 
Increase the Velocity of Your Software Releases Using GitHub and DeployHub
Increase the Velocity of Your Software Releases Using GitHub and DeployHubIncrease the Velocity of Your Software Releases Using GitHub and DeployHub
Increase the Velocity of Your Software Releases Using GitHub and DeployHub
DevOps.com
 
Orchestrate Your End-to-end Mainframe Application Release Pipeline
Orchestrate Your End-to-end Mainframe Application Release PipelineOrchestrate Your End-to-end Mainframe Application Release Pipeline
Orchestrate Your End-to-end Mainframe Application Release Pipeline
DevOps.com
 
Continuous Testing
Continuous TestingContinuous Testing
Continuous Testing
Karim Fanadka
 
Jenkins introduction
Jenkins introductionJenkins introduction
Jenkins introduction
Gourav Varma
 
Jenkins advance topic
Jenkins advance topicJenkins advance topic
Jenkins advance topic
Gourav Varma
 
Continuous integration using Bamboo
Continuous integration using BambooContinuous integration using Bamboo
Continuous integration using Bamboo
Tudor Hornai
 
A Git Workflow Model or Branching Strategy
A Git Workflow Model or Branching StrategyA Git Workflow Model or Branching Strategy
A Git Workflow Model or Branching Strategy
Vivek Parihar
 
Creative Branching Models for Multiple Release Streams
Creative Branching Models for Multiple Release StreamsCreative Branching Models for Multiple Release Streams
Creative Branching Models for Multiple Release Streams
Atlassian
 
Api Versioning
Api VersioningApi Versioning
Api Versioning
Ben Ramsey
 
Continuous delivery - tools and techniques
Continuous delivery - tools and techniquesContinuous delivery - tools and techniques
Continuous delivery - tools and techniques
Mike McGarr
 
Merge hells - Feature Toggles to the rescue
Merge hells - Feature Toggles to the rescueMerge hells - Feature Toggles to the rescue
Merge hells - Feature Toggles to the rescue
Leena N
 
DevOpsDays Openstack Toolchains
DevOpsDays Openstack ToolchainsDevOpsDays Openstack Toolchains
DevOpsDays Openstack Toolchains
DevOpsDays Austin 2014
 
The Right Tool for the Right Project
The Right Tool for the Right ProjectThe Right Tool for the Right Project
The Right Tool for the Right Project
Ori Bendet
 
Continuous Delivery for Front-End Engineers
Continuous Delivery for Front-End EngineersContinuous Delivery for Front-End Engineers
Continuous Delivery for Front-End Engineers
Sergey Bolshchikov
 
Continuous integration - main principles
Continuous integration - main principlesContinuous integration - main principles
Continuous integration - main principles
Lena Petsenchuk
 
Taking your version control to a next level with TFS and Git
Taking your version control to a next level with TFS and GitTaking your version control to a next level with TFS and Git
Taking your version control to a next level with TFS and Git
Alexander Vanwynsberghe
 
Anatomy of a Build Pipeline
Anatomy of a Build PipelineAnatomy of a Build Pipeline
Anatomy of a Build Pipeline
Samuel Brown
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration
Amazon Web Services
 
Building a CICD pipeline for deploying to containers
Building a CICD pipeline for deploying to containersBuilding a CICD pipeline for deploying to containers
Building a CICD pipeline for deploying to containers
Amazon Web Services
 
Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence
Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence
Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence
Parag Gajbhiye
 
Distribute your code with NUget and build vNext
Distribute your code with NUget and build vNextDistribute your code with NUget and build vNext
Distribute your code with NUget and build vNext
Gian Maria Ricci
 
Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018
hernanibf
 
DevOps & DevEx
DevOps & DevExDevOps & DevEx
DevOps & DevEx
Ifunga Ndana
 

Mais conteúdo relacionado

Mais procurados

Orchestrate Your End-to-end Mainframe Application Release Pipeline
Orchestrate Your End-to-end Mainframe Application Release PipelineOrchestrate Your End-to-end Mainframe Application Release Pipeline
Orchestrate Your End-to-end Mainframe Application Release Pipeline
DevOps.com
 
A Git Workflow Model or Branching Strategy
A Git Workflow Model or Branching StrategyA Git Workflow Model or Branching Strategy
A Git Workflow Model or Branching Strategy
Vivek Parihar
 
Api Versioning
Api VersioningApi Versioning
Api Versioning
Ben Ramsey
 
Merge hells - Feature Toggles to the rescue
Merge hells - Feature Toggles to the rescueMerge hells - Feature Toggles to the rescue
Merge hells - Feature Toggles to the rescue
Leena N
 

Mais procurados (20)

Orchestrate Your End-to-end Mainframe Application Release Pipeline
Orchestrate Your End-to-end Mainframe Application Release PipelineOrchestrate Your End-to-end Mainframe Application Release Pipeline
Orchestrate Your End-to-end Mainframe Application Release Pipeline
 
Continuous Testing
Continuous TestingContinuous Testing
Continuous Testing
 
Jenkins introduction
Jenkins introductionJenkins introduction
Jenkins introduction
 
Jenkins advance topic
Jenkins advance topicJenkins advance topic
Jenkins advance topic
 
Continuous integration using Bamboo
Continuous integration using BambooContinuous integration using Bamboo
Continuous integration using Bamboo
 
A Git Workflow Model or Branching Strategy
A Git Workflow Model or Branching StrategyA Git Workflow Model or Branching Strategy
A Git Workflow Model or Branching Strategy
 
Creative Branching Models for Multiple Release Streams
Creative Branching Models for Multiple Release StreamsCreative Branching Models for Multiple Release Streams
Creative Branching Models for Multiple Release Streams
 
Api Versioning
Api VersioningApi Versioning
Api Versioning
 
Continuous delivery - tools and techniques
Continuous delivery - tools and techniquesContinuous delivery - tools and techniques
Continuous delivery - tools and techniques
 
Merge hells - Feature Toggles to the rescue
Merge hells - Feature Toggles to the rescueMerge hells - Feature Toggles to the rescue
Merge hells - Feature Toggles to the rescue
 
DevOpsDays Openstack Toolchains
DevOpsDays Openstack ToolchainsDevOpsDays Openstack Toolchains
DevOpsDays Openstack Toolchains
 
The Right Tool for the Right Project
The Right Tool for the Right ProjectThe Right Tool for the Right Project
The Right Tool for the Right Project
 
Continuous Delivery for Front-End Engineers
Continuous Delivery for Front-End EngineersContinuous Delivery for Front-End Engineers
Continuous Delivery for Front-End Engineers
 
Continuous integration - main principles
Continuous integration - main principlesContinuous integration - main principles
Continuous integration - main principles
 
Taking your version control to a next level with TFS and Git
Taking your version control to a next level with TFS and GitTaking your version control to a next level with TFS and Git
Taking your version control to a next level with TFS and Git
 
Anatomy of a Build Pipeline
Anatomy of a Build PipelineAnatomy of a Build Pipeline
Anatomy of a Build Pipeline
 
Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration Continuous Delivery, Continuous Integration
Continuous Delivery, Continuous Integration
 
Building a CICD pipeline for deploying to containers
Building a CICD pipeline for deploying to containersBuilding a CICD pipeline for deploying to containers
Building a CICD pipeline for deploying to containers
 
Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence
Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence
Introduction to Git(BitBucket) , Continuous Integration (Bamboo) & Confluence
 
Distribute your code with NUget and build vNext
Distribute your code with NUget and build vNextDistribute your code with NUget and build vNext
Distribute your code with NUget and build vNext
 

Semelhante a Drupal Europe 2018: Hackers automate but the drupal community still downloads modules from drupal.org

Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018
hernanibf
 
Our DevOps Journey: 6 Month Waterfalls to 1 Hour Code Deploys
Our DevOps Journey: 6 Month Waterfalls to 1 Hour Code DeploysOur DevOps Journey: 6 Month Waterfalls to 1 Hour Code Deploys
Our DevOps Journey: 6 Month Waterfalls to 1 Hour Code Deploys
Dynatrace
 
From 0 to DevOps in 80 Days [Webinar Replay]
From 0 to DevOps in 80 Days [Webinar Replay]From 0 to DevOps in 80 Days [Webinar Replay]
From 0 to DevOps in 80 Days [Webinar Replay]
Dynatrace
 
DevOps Interview Questions Part - 1 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 1 | Devops Interview Questions And Answers ...DevOps Interview Questions Part - 1 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 1 | Devops Interview Questions And Answers ...
Simplilearn
 
Application depolyment
Application depolymentApplication depolyment
Application depolyment
shriikantL
 

Semelhante a Drupal Europe 2018: Hackers automate but the drupal community still downloads modules from drupal.org (20)

Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018
 
DevOps & DevEx
DevOps & DevExDevOps & DevEx
DevOps & DevEx
 
Continous integration and delivery for single page applications
Continous integration and delivery for single page applicationsContinous integration and delivery for single page applications
Continous integration and delivery for single page applications
 
Our DevOps Journey: 6 Month Waterfalls to 1 Hour Code Deploys
Our DevOps Journey: 6 Month Waterfalls to 1 Hour Code DeploysOur DevOps Journey: 6 Month Waterfalls to 1 Hour Code Deploys
Our DevOps Journey: 6 Month Waterfalls to 1 Hour Code Deploys
 
Why it's dangerous to turn off automatic updates and here's how to do it
Why it's dangerous to turn off automatic updates and here's how to do itWhy it's dangerous to turn off automatic updates and here's how to do it
Why it's dangerous to turn off automatic updates and here's how to do it
 
Office Add-ins community call-March 2019
Office Add-ins community call-March 2019Office Add-ins community call-March 2019
Office Add-ins community call-March 2019
 
Adrian marinica continuous integration in the visual studio world
Adrian marinica continuous integration in the visual studio worldAdrian marinica continuous integration in the visual studio world
Adrian marinica continuous integration in the visual studio world
 
Continuous Everything
Continuous EverythingContinuous Everything
Continuous Everything
 
DevOps Pipeline for Liferay Application
DevOps Pipeline for Liferay ApplicationDevOps Pipeline for Liferay Application
DevOps Pipeline for Liferay Application
 
From 0 to DevOps in 80 Days [Webinar Replay]
From 0 to DevOps in 80 Days [Webinar Replay]From 0 to DevOps in 80 Days [Webinar Replay]
From 0 to DevOps in 80 Days [Webinar Replay]
 
DevOps Delivery Pipeline
DevOps Delivery PipelineDevOps Delivery Pipeline
DevOps Delivery Pipeline
 
DevOps Service | Mindtree
DevOps Service | MindtreeDevOps Service | Mindtree
DevOps Service | Mindtree
 
CI/CD on AWS
CI/CD on AWSCI/CD on AWS
CI/CD on AWS
 
Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0Patna MuleSoft Meetup Anypoint Cloudhub 2.0
Patna MuleSoft Meetup Anypoint Cloudhub 2.0
 
Continuous Integration
Continuous IntegrationContinuous Integration
Continuous Integration
 
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValueDevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
DevOps Continuous Integration & Delivery - A Whitepaper by RapidValue
 
DevOps and Build Automation
DevOps and Build AutomationDevOps and Build Automation
DevOps and Build Automation
 
DevOps Interview Questions Part - 1 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 1 | Devops Interview Questions And Answers ...DevOps Interview Questions Part - 1 | Devops Interview Questions And Answers ...
DevOps Interview Questions Part - 1 | Devops Interview Questions And Answers ...
 
Application depolyment
Application depolymentApplication depolyment
Application depolyment
 
CI/CD with Github Actions
CI/CD with Github ActionsCI/CD with Github Actions
CI/CD with Github Actions
 

Mais de hernanibf

Drupal architectures for flexible content - Drupalcon Barcelona
Drupal architectures for flexible content - Drupalcon BarcelonaDrupal architectures for flexible content - Drupalcon Barcelona
Drupal architectures for flexible content - Drupalcon Barcelona
hernanibf
 
Drupal content editor flexibility
Drupal content editor flexibilityDrupal content editor flexibility
Drupal content editor flexibility
hernanibf
 
One Drupal to rule them all - Drupalcamp London
One Drupal to rule them all - Drupalcamp LondonOne Drupal to rule them all - Drupalcamp London
One Drupal to rule them all - Drupalcamp London
hernanibf
 
One drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp CaceresOne drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp Caceres
hernanibf
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
hernanibf
 
My Site is slow - Drupal Camp London 2013
My Site is slow - Drupal Camp London 2013My Site is slow - Drupal Camp London 2013
My Site is slow - Drupal Camp London 2013
hernanibf
 
My site is slow
My site is slowMy site is slow
My site is slow
hernanibf
 
Oxford DrupalCamp 2012 - The things we found in your website
Oxford DrupalCamp 2012 - The things we found in your websiteOxford DrupalCamp 2012 - The things we found in your website
Oxford DrupalCamp 2012 - The things we found in your website
hernanibf
 
The things we found in your website
The things we found in your websiteThe things we found in your website
The things we found in your website
hernanibf
 
Drupal + selenium
Drupal + seleniumDrupal + selenium
Drupal + selenium
hernanibf
 

Mais de hernanibf (15)

Deployer - Deployment tool for PHP
Deployer - Deployment tool for PHPDeployer - Deployment tool for PHP
Deployer - Deployment tool for PHP
 
Intro to drupal
Intro to drupalIntro to drupal
Intro to drupal
 
Drupal architectures for flexible content - Drupalcon Barcelona
Drupal architectures for flexible content - Drupalcon BarcelonaDrupal architectures for flexible content - Drupalcon Barcelona
Drupal architectures for flexible content - Drupalcon Barcelona
 
Drupal content editor flexibility
Drupal content editor flexibilityDrupal content editor flexibility
Drupal content editor flexibility
 
One Drupal to rule them all - Drupalcamp London
One Drupal to rule them all - Drupalcamp LondonOne Drupal to rule them all - Drupalcamp London
One Drupal to rule them all - Drupalcamp London
 
One drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp CaceresOne drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp Caceres
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 
My Site is slow - Drupal Camp London 2013
My Site is slow - Drupal Camp London 2013My Site is slow - Drupal Camp London 2013
My Site is slow - Drupal Camp London 2013
 
My site is slow
My site is slowMy site is slow
My site is slow
 
Oxford DrupalCamp 2012 - The things we found in your website
Oxford DrupalCamp 2012 - The things we found in your websiteOxford DrupalCamp 2012 - The things we found in your website
Oxford DrupalCamp 2012 - The things we found in your website
 
The things we found in your website
The things we found in your websiteThe things we found in your website
The things we found in your website
 
Acquia Commons
Acquia CommonsAcquia Commons
Acquia Commons
 
Drupal Performance - SerBenfiquista.com Case Study
Drupal Performance - SerBenfiquista.com Case StudyDrupal Performance - SerBenfiquista.com Case Study
Drupal Performance - SerBenfiquista.com Case Study
 
Drupal + selenium
Drupal + seleniumDrupal + selenium
Drupal + selenium
 
Drupal Recipe
Drupal RecipeDrupal Recipe
Drupal Recipe
 

Último

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
harshavardhanraghave
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
mohitmore19
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 

Último (20)

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdfPayment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Vancouver Psychic Readings, Attraction spells,Br...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
SHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions PresentationSHRMPro HRMS Software Solutions Presentation
SHRMPro HRMS Software Solutions Presentation
 
Generic or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisionsGeneric or specific? Making sensible software design decisions
Generic or specific? Making sensible software design decisions
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 

Drupal Europe 2018: Hackers automate but the drupal community still downloads modules from drupal.org

  • 3. Hernani Borges de Freitas Technical Architect - Freelancer @hernanibf img Joe Noll CEO & Co-Founder of Drop Guard @noljoh
  • 4. Hackers automate but the Drupal Community still downloads updates on drupal.org Why we need to talk about Auto Updates Hernani Borges de Freitag & Joe Noll
  • 5. Today we’ll talk about - Status Quo - Updating Drupal - Auto update handling & processing options
  • 6. The life of a website Developer’s view Site Owner’s view Specification Design/ Architecture Development UAT Launch Maintenance & Support Project Phase Maintenance & Support
  • 7. Personas Deploy & Ignore: Once the site has the needed functionality, there’s little maintenance or updating. No PSA subscription. Once a year: Site owner deploys and ignores updates - except once a year. Diligent but with Simple Needs: Typically applies updates within a week, non-security updates will take possibly longer. Follows up on PSAs by directly updating the live site. The Sophisticated: Needs to apply at least one build step (for CSS, Composer,...) Runs QA in a pre-production environment. May deploy to a multi-head cluster. * Source: https://www.drupal.org/project/ideas/issues/2940731 * PSA = Public Service Announcements (Security Advisories)
  • 8. Drupal Community Update Behavior 59% of all Drupal users update by downloading modules from drupal.org 24% of all Drupal 8 users update using drush 22% of all Drupal 8 users update using Composer * According to Driesnote in Vienna, September 2017
  • 9. Hack Camp Bukarest: Security Focus “Responsible disclosure, cross-project collaboration, and Drupal 8 security” by xjm (Jess from the Drupal Security Team) -> Today at 16:00 SA-CORE-2018-004 (CVE-2018-7602): First automated attempts started after 4 hours CVE-2018-7600: “over 115.000 unpatched websites” two months after security release Security Perspective
  • 10. Who do we want be? Deploy & Ignore Once a year Diligent but with Simple Needs The Sophisticated
  • 11. Recommendation - Do highly critical updates (security risk 20 to 25) UNDER 4 hours - Do all other updates on reasonable time after core release schedule
  • 12. What’s typically involved in an update? Build Review Deploy Test Communicate throughout the process Composer install / Composer update What changed To an non-productive environment Automatically/ Manually To Production Deploy
  • 13. Multiple environments are available and are up to date. Automated tests exists and have good coverage. Security/Non-security updates are detected automatically ASAP. Developers can review changes before being applied. A CI Pipeline exists to control all this process. How much can we automate? Things get easier when Automation exists
  • 14. Options Use a SaaS Option Update Drupal Directly Automate Composer Workflow
  • 15. Automatic Update Initiative Update Drupal Directly ● Aim to have core support for automatic upadtes ● Automatic update initiative ○ https://www.drupal.org/project/ideas/issues /2940731 ○ Proposed Roadmap available ○ Two BOFs in DrupalEurope (Today and tomorrow). ● Low end websites come first in the roadmap ● Composer support later ● Conceptually similar to strategy used in other CMS but more robust.
  • 16. I have been responsible for maintaining 4 D8 websites over the last 9 months as a hobby Two in Acquia Cloud Using github / Acquia pipelines Drupal.pt and lisbon2018.drupaldays.org Two in self-hosting Bitbucket / Bitbucket pipelines / Deployer (https://deployer.org/) Few minutes per site including build time to have production updated Personal experience Automate Composer Workflow
  • 17. Assuming your code is versioned in a Git repository. Dev branch contains only composer.json and custom code and pipelines steps Composer artifacts can be tweaked when updating or version constraints might be enough. A code push against dev branch, starts CI pipeline job which will generate a new full build (using composer) and make it available to deploy (dev-build branch). This can be done with any CI like travis, bitbucket pipelines, acquia pipelines, etc.. Build branch is deployed in testing environment Website is tested in testing environment Build branch is merged into master which gets deployed to production environment Update strategy Automate Composer Workflow
  • 18. Update strategy CI Pipeline Dev Branch Composer.json Custom code CI Pipeline file Build Branch All code that will be deployed CI Staging Environment Deploys Final Build Artifact Production Environment Build Merge to Master or Create a tag or … Push Tested/Approved Manual Automatic
  • 19. Automating the last bit - Update runner Contributed module - http://drupal.org/project/update_runner Proof of concept module. Targeting an alpha release module soon! Contributions welcome. Automatize the missing piece - detect updates and fire up push for an update job. 1 Update_runner detects available updates using Core updater module. Processor plugins configured to react to them. Available processor plugins are used to push metadata file with the source repository in dev branch. Supports: Github/Bitbucket … more 2 3 A push to the dev branch starts the whole build process described before. Plugins can be written to act in very different ways to the available updates.
  • 20. Become a Drupal contributor Friday from 9am ● First timers workshop ● Mentored contribution ● General contribution