This guide details how to automatically update Composer dependencies on a specific environment, so that you can test the changes before deploying to production.
You will need:
- A Composer based Platform.sh application (you can start with one of our many templates for Drupal 8, WordPress, Magento, Symfony 4, Laravel)
- An SSH key loaded in an SSH agent and configured in the Platform.sh dashboard
- The Platform.sh CLI installed
Keeping your code base and its dependencies up to date is critical for so many reasons, and it is always possible to forget and miss a security upgrade.
Even though Platform.sh makes it easy to update dependencies, thanks to its support for all the famous package managers (Composer, npm, gem…), it is better to automate that process, so that this issue never happens.
That is the goal of this how-to guide.
machine user that you invite to your project. Get an API token from this
machine user account (read the documentation here) and run the following command:
cd my-platformsh-project/ platform variable:create -e master --level environment --name env:PLATFORMSH_CLI_TOKEN --sensitive true --value 'your API token'
Your local CLI will automatically detect the current project and add the
env:PLATFORMSH_CLI_TOKEN environment variable to your project.
Then install the CLI on your application container via a new build hook defined in
hooks: build: | curl -sS https://platform.sh/cli/installer | php
Create a dedicated
update-dependencies branch where we will automatically run and test Composer updates.
platform branch update-dependencies -e master
On that newly created branch, add the following lines in the
source: operations: update: command: | composer update git add composer.lock git commit -m "Update Composer dependencies."
This configuration defines an arbitrary
update source operation which will run the
composer update command and commit the changes to the
composer.lock file, before redeploying the environment on which it has been triggered.
Define a new cron entry to automatically trigger the
update source operation in
crons: update: # Trigger the update source operation every day at 00:00. spec: '0 0 * * *' cmd: | if [ "$PLATFORM_BRANCH" = update-dependencies ]; then platform environment:sync code data --no-wait --yes platform source-operation:run update --no-wait --yes fi
Every day, this cron will synchronize the
update-dependencies environment with its parent
master, and trigger the
update source operation on it.
Use Git to deploy the changes:
git add .platform.app.yaml git commit -m "Enable automated Composer updates on the update-dependencies branch via cron." git push platform update-dependencies
This is how easy it is to automate the update of Composer dependencies (or any other package manager dependencies if you are not using PHP) on Platform.sh.
The next step should be to enable a Platform.sh notification alert (Email, Slack…) so that you know when the environment has been updated and you can test the changes before deploying those to production.