Module Maintenance

The is a comparison of options for handling module maintenance.

Previous Work on this in the later half of this page: Drupal 8 Initial Migration Notes

Module

Option 1: Pantheon Upstream / Hand Module Monitoring

Option 2: Pantheon Upstream / Automated Module Monitoring

Option 3: Manually Monitoring

Option N: Composer

Module

Option 1: Pantheon Upstream / Hand Module Monitoring

Option 2: Pantheon Upstream / Automated Module Monitoring

Option 3: Manually Monitoring

Option N: Composer

Description

Pantheon Upstreams would be used to handle notifications and management of Drupal Core updates (especially Security updates). This would leave the management of all custom modules beyond what the upstream provides to be managed by the API Gateway team.

Same as Option 1, but a custom script would be written which would monitor what versions of the modules are installed on the website and compare that list with what versions are available. The script would notify the API Gateway team when an update was available.

https://ucsb-sist.atlassian.net/browse/CMPRCWA-21

Manully monitoring would be used by checking the Drupal security and module update from system report and apply the update manually by using git / SFTP

The API Gateway Team has considered composer, but feel that it requires attention and maintenance beyond what we can offer. However, our understanding could be out dated.

I think our understanding revolves around the belief that when you use Composer to manage modules, it needs to be the sole module manager. You can’t use a hybrid between Pantheon Upstream for Security Updates and use Composer for Apigee Edge module updates. However, this may not be entirely true?

In general for all modules

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  •  

Pros

  • Composer handles downloading/updating/version management

Cons

  • Requires an API Gateway team member to run composer on a period basis, and perform updates when needed

 

Security Updates

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  • Security updates are not automatically sent to the API Gateway team as a notification to take action

Apigee Edge Module

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  • Requires an API Gateway team member to run composer on a period basis, and perform updates when needed

  • Security updates are not automatically sent to the API Gateway team as a notification to take action

 

UCSB Theme Support

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  •  

Swagger UI Module

On the Drupal 7 site, we actually use a customized version of the module (ucsb/drupal-swagger-ui). The customized version would only be able to be hand updated.

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  •  

Pros

  •  

Cons

  • Requires an API Gateway team member to run composer on a period basis, and perform updates when needed

  • Security updates are not automatically sent to the API Gateway team as a notification to take action