Goal
This guide details how to automatically update Composer dependencies on a specific environment, so that you can test the changes before deploying to production.
Assumptions
You will need:
- A Composer based Platform.sh application (you can start with one of our many templates for Drupal 8, WordPress, Magento, Symfony 4, Laravel)
- An SSH key loaded in an SSH agent and configured in the Platform.sh dashboard
- The Platform.sh CLI installed
Problems
Keeping your code base and its dependencies up to date is critical for so many reasons, and it is always possible to forget and miss a security upgrade.
Even though Platform.sh makes it easy to update dependencies, thanks to its support for all the famous package managers (Composer, npm, gem…), it is better to automate that process, so that this issue never happens.
That is the goal of this how-to guide.
Steps
1. Install the CLI on the application container
Create a machine user that you invite to your project. Get an API token from this machine user account (read the documentation here) and run the following command:
cd my-platformsh-project/
platform variable:create -e master --level environment --name env:PLATFORMSH_CLI_TOKEN --sensitive true --value 'your API token'
Your local CLI will automatically detect the current project and add the env:PLATFORMSH_CLI_TOKEN environment variable to your project.
Then install the CLI on your application container via a new build hook defined in .platform.app.yaml:
hooks:
build: |
curl -sS https://platform.sh/cli/installer | php
2. Enable Source Operations
Create a dedicated update-dependencies branch where we will automatically run and test Composer updates.
platform branch update-dependencies -e master
On that newly created branch, add the following lines in the .platform.app.yaml:
source:
operations:
update:
command: |
composer update
git add composer.lock
git commit -m "Update Composer dependencies."
This configuration defines an arbitrary update source operation which will run the composer update command and commit the changes to the composer.lock file, before redeploying the environment on which it has been triggered.
3. Automatically trigger the update source operation
Define a new cron entry to automatically trigger the update source operation in .platform.app.yaml:
crons:
update:
# Trigger the update source operation every day at 00:00.
spec: '0 0 * * *'
cmd: |
if [ "$PLATFORM_BRANCH" = update-dependencies ]; then
platform environment:sync code data --no-wait --yes
platform source-operation:run update --no-wait --yes
fi
Every day, this cron will synchronize the update-dependencies environment with its parent master, and trigger the update source operation on it.
4. Deploy the changes
Use Git to deploy the changes:
git add .platform.app.yaml
git commit -m "Enable automated Composer updates on the update-dependencies branch via cron."
git push platform update-dependencies
Conclusion
This is how easy it is to automate the update of Composer dependencies (or any other package manager dependencies if you are not using PHP) on Platform.sh.
The next step should be to enable a Platform.sh notification alert (Email, Slack…) so that you know when the environment has been updated and you can test the changes before deploying those to production.