A new way to update Drupal sites automatically

Drop Guard - Secure your Drupal automatically

Automated Drupal core and contrib updates have been discussed in the Drupal community on Drupla.org as well as on external blogs since Drupalgeddon in October 2014. The result? Automated updates are a good idea and would prevent Drupal sites from being hacked, but they also bring some inherent problems, such as:

  • Updates applied directly to the live site will ignore the development and quality assurance workflow
  • Updates could break the site if manually applied patches are overridden by automatically applied updates
  • If updates aren’t done continuously, the code changes are major and risky when applied as security hotfixes

Those are the most important arguments against automated updates from "the inside", meaning where Drupal updates its code base itself. Because many Drupal sites are developed in a professional environment, enterprise sites in particular, these Drupal development shops need to update their siteswith integration into their development and deployment infrastructure and workflow. This should happen just as a separate team member will do this during her work hours. As monitoring and applying updates continuously is time-consuming, especially when you have many sites to support, the need to keep a site up-to-date is high – but the priority is not. That’s why many Drupal sites are already outdated when they go live after they have passed the development cycle. We want to help the Drupal ecosystem handle updates more professionally and more easily. 

In our latest blog post we described a workflow based on the idea of delivering Drupal updates continuously as a fixed part of the development workflow.
Taking the Drupal community's feedback into consideration, we’ve built a service that updates Drupal sites automatically, respecting both development and deployment workflows as well as module, core and theme patches. We call this new service Drop Guard. 

Drop Guard will help Drupal shops, freelancers and site owners to keep their Drupal installation updated and secure – automatically. 
Now, Drupal shops that provide support services for their clients can automate a big part of their service and extend their offer to include 24/7 security patch support – without losing sleep over critical security updates. 
Drop Guard integrates into the deployment workflow, regardless which tools and hosting environment you use. Currently we support a webhook integration for CI services such as Jenkins, Travis CI, Circle CI or PHP CI; SSH integration; feature branch handling to support GIT branching models such as GIT flow; automated patch detection and application during updates. Drop Guard also has some basic built-in deployment features. For small sites, in a few weeks we’ll be releasing a new feature for "FTP only" workflows without the need to have a GIT-based deployment.

The service is currently available at no cost for interested beta testers. If you want to be one of the first to use Drop Guard to automate and professionalize your Drupal update processes, just register athttp://drop-guard.net and we’ll contact you for a personal on-boarding.