Safely Updating An OctoberCMS Website
The premise to the question
As developers, we need to know that the software being used by the client is exactly as we delivered it to them. We also need the development stack to not be a moving target. To these ends, software updates should be entirely under the control of the developer.
Can I disable all automatic updates (core, plugin, theme) in OctoberCMS?
Preferred approach to updating
To avoid any 'breaking' changes, I would like to update the live (and testing) websites through a combination of
git-ftp from the development server to testing / live
php artisan october:up
In https://octobercms.com/docs/plugin/updates there is a section which states,
October executes the update process automatically when any of the following occurs:
1) When an administrator signs in to the back-end.
2) When the system is updated using the update feature in the back-end area.
3) When the console command
php artisan october:upis called in the command line from the application directory.
1) and 3) provide no opportunity to avoid changes which might inadvertently 'break' a live website:
In 1), every time an administrator logs in to the live site, potentially breaking changes might be uploaded and installed.
In 3), the process of updating the database for an updated plugin could cause an update of other parts of the system too which
a) breaks the live site
b) puts the live site out of sync with development and testing.
There is another section on the same page which says,
Sometimes a plugin needs to introduce features that will break websites already using the plugin. If an update comment in the version.yaml file begins with three exclamation marks (!!!) then it will be considered Important and will require the user to confirm before updating. An example of an important update comment:
1.1.0: !!! This is an important update that contains breaking changes.
When the system detects an important update it will provide three options to proceed:
Confirm update Skip this plugin (once only) Skip this plugin (always)
Confirming the comment will update the plugin as usual, or if the comment is skipped it will not be updated.
However, there are two problems with this:
1) The plugin author must have thoroughly tested the update, be aware of the 'breaking changes', and have added the
!!! to the version file.
2) The update might not 'break' the website in the standard sense, but it might cause unwanted side effects which might effectively amount to breakage.
It is possible to disable core updates in the
cms.php configuration file:
| Prevents application updates
| If using composer or git to download updates to the core files, set this
| value to 'true' to prevent the update gateway from trying to download
| these files again as part of the application update process. Plugins
| and themes will still be downloaded.
'disableCoreUpdates' => false,
But, as stated in the associated comment, "Plugins and themes will still be downloaded".
I assume this means downloaded and installed.
So, can I disable all automatic updates (core, plugin, theme) in OctoberCMS?
If not, is there another way to avoid the problems, or should I post this as a much needed feature on the OctoberCMS github page?
It is quite arguable that auto updating plugins is a problem even on a development server:
Whilst developing a website, suddenly it breaks. Is this break due to a change made by the developer, or a background update of a plugin which occurred during a backend login?
Does this mean that whilst developing a website I must leave myself permanently logged in to avoid kicking off the update process?
The update process is a bit different then you list it in your question. The process is like the following:
1) When an administrator signs in to the back-end, any already downloaded updates are installed (migrations etc.)
2) When the system is updated using the update feature in the back-end area, the updates are downloaded and installed.
3) When the console command
php artisan october:up is called in the command line from the application directory, already downloaded updates are installed.
4) With the console command
php artisan october:update updates are downloaded and installed.
5) When using composer
composer update downloads updates and you can install them with
php artisan october:up
- → "failed to open stream" error when executing "migrate:make"
- → October CMS Plugin Routes.php not registering
- → OctoberCMS Migrate Table
- → OctoberCMS Rain User plugin not working or redirecting
- → October CMS Custom Mail Layout
- → October CMS - How to correctly route
- → October CMS create a multi select Form field
- → October CMS - Conditionally Load a Different Page
- → How to disable assets combining on development in OctoberCMS
- → October CMS - Radio Button Ajax Click Twice in a Row Causes Content to disappear
- → OctoberCms component: How to display all ID(items) instead of sorting only one ID?
- → In OctoberCMS how do you find the hint path?
- → How to register middlewares in OctoberCMS plugin?