wiki:web-app-auto-upgrade

Version 4 (modified by https://id.mayfirst.org/jamie, 19 months ago) (diff)

--

Web Application Auto Upgrade Service

[NOTE: Not yet implemented, still under development.]

May First/People Link provides a service to automatically provide security updates to your web applications. If you opt-in, your web application will be checked every night to see if any security updates are available and, if so, they will be installed.

By using this service, you will greatly improve the protection of your web site against compromise while also incurring a very small chance that something might go wrong during the upgrade.

This service is currently available for Drupal and WordPress only. The automatic upgrader only performs security/minor updates.

[Note: when fully implemented, users can enable via the control panel.] An admin can enable this protection by creating a directory in a sites hidden .red directory (e.g. /home/members/mayfirst/sites/mayfirst.org/.red): web-app-auto-upgrade and place one or more files in it.

To indicate that you want to have your web application automatically upgraded, please create a file or files with the following names to indicate what you want upgraded.

  • drupal-core
  • drupal-modules
  • wordpress-core
  • wordpress-plugins

If your web application is directly in your web directory, leave the file empty. If it is in a subdirectory, then put the full, absolute path to the root of your web directory in the file.

For example, if you want to upgrade both drupal core and drupal modules for a web appication located directly in your web folder, create two files: one called drupal-core and one called drupal-modules in this directory.

If you have two WordPress installations, one in the web directory and one in a subdirectory called "outreach" and you just want to auto upgrade the core WordPress code for both of them, create a single file called wordpress-core that contains the absolute path to your main web directory on one line and the absolute path to your outreach directory on the second line (note - when specifying additional directories, you have to specify the web directory if you want it included).

Technical Details

All upgrades are run as the user who owns the index.php file in the given directory.

Drupal core upgrades are run via drush with the following command:

drush -y pm-update drupal --security-only

Drupal module upgrade are run with the following command:

drush -y pm-update --no-core --security-only

WordPress upgrades are handled via the following wp-cli commands:

wp core update --minor

And WordPress plugin updates via:

wp plugin update --all

NOTE: WordPress sites with a functioning cron job that are higher than version 3.7 already have auto-updates enabled so this step is not necessary, however, it doesn't hurt either.