Group maintainers
Manually updating a Drupal site can be difficult, time-consuming, and expensive, and delays before security updates are applied can result in compromised sites. The goal of the Automatic Updates Initiative is to provide safe, secure automatic updates for Drupal sites.
What are we working on?
The goal is to implement a secure system for automatically installing updates in Drupal, lowering the total cost of ownership of maintaining a Drupal site, improving the security of Drupal sites in the wild, and lowering the barrier to entry to using Drupal.
View the roadmap
Who is the target Audience?
Automatic updates are generally not intended for use by large enterprise organizations that already have their own build workflows and pipelines. Instead, the intent is to support small-to-medium site owners who have a 'set-it-and-forget-it' attitude towards their Drupal installations.
Organizations with more advanced deployment workflows may wish to run automatic updates in a staging environment. The initiative may also provide APIs for integrating verified updates into custom build workflows.
What is and is not in scope for this initiative?
In Scope
The minimum Drupal core implementation will include:
- Automatic updates for Drupal core patch and security releases only
- Site readiness checks to ensure updates can be applied safely
- Code signing and verification for updates from Drupal.org
- Composer integration
- A custom "A/B" bootloader so that updates are done in a separate location from the live site that will switch over when the update is successful and allow rollbacks if the update fails or introduces regressions
Not In Scope
The minimum implementation will not support:
- Core minor and major version updates
- Contributed project updates
Later versions may add support for the above.
How can you help?
The work of this initiative is happening in a few areas. Here is where you can help:
- Issues for Automatic Updates contributed module
- Drupal Core issues marked as important to the initiative
- PHP-TUF and PHP-TUF Composer integration: libraries that implement The Update Framework and provide Composer integration
- Composer Stager: a library that stages Composer commands so they can be safely run on a codebase in production.
Who are we?
Initiative leads
Initiative meetings
Interested contributors are welcome to join the regular initiative meetings:
- Every other Tuesday
- 1700 UTC / 1:00pm EDT
- Drupal Slack
#autoupdateschannel
Session recordings
- Nashville
- Seattle
- DrupalCamp London
- DrupalCon Global
- DrupalCon Europe 2020
- DrupalCon North America 2021 Initiative Keynote
- DrupalCon North America 2021: Technical Overview
Initiative team
The following are some of the active contributors to the initiative.
