Introduction
At Zoocha we've been supporting Drupal platforms for over 16 years and managing the tidal waves of updates each month has always been something we’ve battled with. Supporting over 50+ platforms, this challenge has been with us since we first got involved with Drupal.
The importance of keeping every module up to date can’t be overstated, security, stability, and long-term maintainability all rely on it. But staying on top of updates while also pushing forward with new module development and targeted innovation for our clients? This has always been a juggling act.
The Zoocha Monitor - Automated Ticket Creation
Over 5 years ago we started using the Zoocha Monitor. This tool started as a way to automatically raise tickets whenever a new update dropped, essentially flagging the work that needed doing before it fell through the cracks. That alone was a game-changer for us. Zoocha Monitor means our developers weren’t constantly trawling through release logs or manually scanning for patches, with Zoocha Monitor in place, we had already halved the work required to keep our clients' platforms up to date and secure.
Automated Pull Requests (PRs)
Now, we’ve taken automation a massive step further. We’ve combined automated developer workflows with human review to significantly reduce the effort involved in managing hundreds of Drupal upgrades, allowing our team to focus on innovation knowing update-fatigue is a thing of the past.
We’ve automated the creation of pull requests as part of our update workflow. That means the moment a new update becomes available, our system checks its applicability across each of our client platforms and applies the relevant development work.
This process is achieved by triggering a Github Action workflow with a series of inputs which at its core runs the following composer step:
- name: Update Drupal Core with dependencies
uses: php-actions/composer@8a65f0d3c6a1d17ca4800491a40b5756a4c164f3 # v6.1.2
with:
version: ${{ inputs.COMPOSER_VERSION }}
php_version: ${{ inputs.PHP_VERSION }}
php_extensions: gd bcmath zip mongodb soap intl calendar
progress: true
command: update drupal/core-*
args: --prefer-dist --optimize-autoloader --no-interaction --with-all-dependencies
The step follows the Drupal recommended approach to doing updates as outlined in the documentation outlined on Drupal.org here.
A similar step exists for updating Drupal contributed modules to an updated version. The updated code in the Github Action workspace is then committed to Git, and a Pull Request is created ready for review with the following (simplified) step:
- name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@v7
with:
commit-message: '${{ inputs.JIRA_ID }}: Update drupal/core-recommended'
committer: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>
author: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>
signoff: false
branch: ${{ inputs.JIRA_ID }}/update-drupal-core-recommended
delete-branch: true
title: '${{ inputs.JIRA_ID }}: Update Drupal Core'
body: |
## Ticket Details
[${{ inputs.JIRA_ID }}][1]
## Automated Updates
This PR was automatically generated by a Github Action run triggered from the Zoocha Monitor.
Update report:
- Updated `drupal/core-*`
- Auto-generated by [Github Action run][2]
[1]: https://YOUR_JIRA_URL/browse/${{ inputs.JIRA_ID }}
[2]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
labels: |
drupal-update
automated-pr
assignees: can_specify_default_assignee_here
reviewers: can_specify_default_reviewers_here
draft: false This maintains the human element, ensuring we’re able to check and verify the quality of code against our own rigorous standards. We want to leverage automation to help with reducing the load on the team, but not at the expense of quality.
Our engineers now step in only at the final gate: code review and sign-off. Everything up to that point is handled automatically, from monitoring and triage through to patching and PR creation.
This system doesn’t just streamline our process, but it also gives us scalability. We can support a huge number of Drupal platforms without being buried in maintenance work. And because the workflow is both predictable and consistent, we’re catching issues earlier and releasing updates faster.
What's the Benefit?
Automation allows us to focus on the areas of development that require the most complex planning, consideration and innovative solutions. When we're not bogged down by routine processes, regardless how important they are, we're freeing up time to be spent taking more care in the areas that need it most. For our clients, this simply means more of our time can be spent working with you on the complex challenges that are really causing a headache, whilst automation helps to keep your site ticking over, safely and securely.
What's Next?
Automating processes that relieve our team of repetitive tasks, provide greater coverage and increase the time available to spend on value-add innovation is a pillar of our growth strategy. With all implementations of automation or AI-driven support, we ensure that their application is thoughtful, and always supported by expert-led human review.
In addition to this, we’re already starting to integrate more automation into these processes with steps such as unit testing, checking against coding standards and PHPStan, to provide more QA coverage to be able to release updates even faster.
About the author
Joe and Titi have each been part of the Zoocha team for over 10 years. A DrupalCon session presenter and DevOps Wizard, Titi is part of our on-call team of DevOps Engineers here to resolve critical incidents at any hour. With an extensive background in Drupal commerce development and credited with driving innovation at Zoocha, Joe has been responsible for the architecture of many of our high profile Drupal platforms.