Ad

Safely Updating An OctoberCMS Website

- 1 answer

The premise to the question

As developers, we need to know that the software being used by the client is exactly as we delivered it to them. We also need the development stack to not be a moving target. To these ends, software updates should be entirely under the control of the developer.


The question

Can I disable all automatic updates (core, plugin, theme) in OctoberCMS?


Preferred approach to updating

To avoid any 'breaking' changes, I would like to update the live (and testing) websites through a combination of
* git-ftp from the development server to testing / live
and
* php artisan october:up


Detail

In https://octobercms.com/docs/plugin/updates there is a section which states,

Update process

October executes the update process automatically when any of the following occurs:
1) When an administrator signs in to the back-end.
2) When the system is updated using the update feature in the back-end area.
3) When the console command php artisan october:up is called in the command line from the application directory.

1) and 3) provide no opportunity to avoid changes which might inadvertently 'break' a live website:

In 1), every time an administrator logs in to the live site, potentially breaking changes might be uploaded and installed.

In 3), the process of updating the database for an updated plugin could cause an update of other parts of the system too which
a) breaks the live site
b) puts the live site out of sync with development and testing.

There is another section on the same page which says,

Important updates

Sometimes a plugin needs to introduce features that will break websites already using the plugin. If an update comment in the version.yaml file begins with three exclamation marks (!!!) then it will be considered Important and will require the user to confirm before updating. An example of an important update comment:

1.1.0: !!! This is an important update that contains breaking changes.

When the system detects an important update it will provide three options to proceed:

Confirm update
Skip this plugin (once only)
Skip this plugin (always)

Confirming the comment will update the plugin as usual, or if the comment is skipped it will not be updated.

However, there are two problems with this:

1) The plugin author must have thoroughly tested the update, be aware of the 'breaking changes', and have added the !!! to the version file.

2) The update might not 'break' the website in the standard sense, but it might cause unwanted side effects which might effectively amount to breakage.

It is possible to disable core updates in the cms.php configuration file:

/*
|--------------------------------------------------------------------------
| Prevents application updates
|--------------------------------------------------------------------------
|
| If using composer or git to download updates to the core files, set this
| value to 'true' to prevent the update gateway from trying to download
| these files again as part of the application update process. Plugins
| and themes will still be downloaded.
|
*/

'disableCoreUpdates' => false,

But, as stated in the associated comment, "Plugins and themes will still be downloaded".
I assume this means downloaded and installed.

So, can I disable all automatic updates (core, plugin, theme) in OctoberCMS?
If not, is there another way to avoid the problems, or should I post this as a much needed feature on the OctoberCMS github page?

It is quite arguable that auto updating plugins is a problem even on a development server:
Whilst developing a website, suddenly it breaks. Is this break due to a change made by the developer, or a background update of a plugin which occurred during a backend login?
Does this mean that whilst developing a website I must leave myself permanently logged in to avoid kicking off the update process?

Ad

Answer

The update process is a bit different then you list it in your question. The process is like the following:

Update process

1) When an administrator signs in to the back-end, any already downloaded updates are installed (migrations etc.)
2) When the system is updated using the update feature in the back-end area, the updates are downloaded and installed.
3) When the console command php artisan october:up is called in the command line from the application directory, already downloaded updates are installed.
4) With the console command php artisan october:update updates are downloaded and installed.
5) When using composer composer update downloads updates and you can install them with php artisan october:up

Ad
source: stackoverflow.com
Ad