Software

This entry is part 1 of 1 in the series Drupal Performance Tips

In the spirit of the computer video game Doom and its skill levels, we’ll review a few ways you can improve your Drupal speed performance and optimize for better results and server response time. These tips that we’ll cover may be at times specific to Drupal 6 versions, although you can always learn the best practices from these examples and apply them on your own code base.

Doom

Using indexes, and proper SQL queries can boost performance by a huge factor, especially if the affected tables are very big (millions of rows). Take a look at the diff below showing a fix to a not so proper, and ill-advised use of querying the database:

The bad performing query took anything between 6 to 60 seconds to run, depending on the data, and database load, and database’s current cache state. The newer query takes milliseconds.

(adsbygoogle = window.adsbygoogle || []).push({});

The post Drupal Performance Tip – “I’m too young to die” – indexes and SQLs appeared first on Liran Tal's Enginx.

The AmazonS3 module allows the drupal local file system to be replaced with S3, where the files can be uploaded or downloaded from S3. I used the following modules to achieve this:

•    Amazon S3(module)
•    Libraries API
•    AWSSDK for PHP(module)
•    AWSSDK For PHP(library)
  • Note: Verify that SDK library meets your system requirements. Refer this: http://docs.aws.amazon.com/aws-sdk-php/guide/latest/requirements.html         

  Download and install these modules and place SDK library at sites/all/libraries/awssdk. Check  'Status report'  for information about the installation of  AmazonS3 and AWSSDK.     Here we go:  

•  In admin/config/media/amazons3, give your default bucket name which you would have created in S3.

          

Often we will encounter something in our Drupal project where we have to make a decision: do I install a module to solve my problem (because let's be honest, it's probably out there), or can I achieve it some other way on my own?

As an example, say qw have the need to embed a YouTube video, or some other form of embedded media like Vimeo, etc., but it needs to be responsive. CSS can't make those elements responsive in the same way it works with images:

img { max-width: 100%; height: auto; }

So we need another solution. The thing is, we only need to do this once. So the thoughtful developer will ask him or herself, "do I really need another module to accomplish this?"

Let's look at some of our options. FitVids

If you're going the module route, you should know about FitVids. The advantage here is that FitVids is a simple module to configure - it provides an interface where you can indicate the HTML element you wish to apply the responsive effect to. We can select

<body>

to apply it to every instance of embedded media in our document. Alternatively, we can be more selective if we have performance concerns, or if for some reason we wish it to not apply to certain instances of our embedded media.

Bootstrap

If you happen to be using Bootstrap as a Front-End framework, you may or may not have discovered this little gem. Somewhat recently added, it allows us to use embedded media in the same way we might make a carousel, by wrapping it in some markup with classes that Bootstrap hooks into to make it work:

<!-- 16:9 aspect ratio --> <div class="embed-responsive embed-responsive-16by9"> <iframe class="embed-responsive-item" src="..."></iframe> </div> <!-- 4:3 aspect ratio --> <div class="embed-responsive embed-responsive-4by3"> <iframe class="embed-responsive-item" src="..."></iframe> </div>

Both of the above options accomplish the same thing - it's up to you to decide which approach to take. Remember, even if you're not using Bootstrap as a base theme or as a front-end framework, you can always download individual components to include in your own theme.

drupal planet bootstrap drupal

Before we go to the future, a little detour to the past…

Enjoy the view from the top of the center of knowledge and mysticism of the Incas, facilitated by the incredible #DrupalPicchu.

Seven years ago, I decided to go in a new direction. I left the non-profit I’d been working for, which focused on my exact academic interests, to join an entertainment company. There, I would be a part of  a team building and using an internet system covered in nodes, blocks, exposed integers and pagers that run on computer time: Drupal.

As I looked into the future, this modular open source “content holder software” seemed poised to be a springboard for a lot of smart, kind, passionate people to come together and build something greater than themselves.

Community is Key

Fueled by meetups, the community has a very involved distributed culture and communication network in which people form alliances around ideas.  There were a lot of aspects reminiscent of some of the indigenous communities funded by the NGO where I’d previously worked. The center of both was “the community” or in Spanish “la communidad.”  Even in a big company, the community is a major part of the story when open source is involved.

Some Sony connected Drupalers at DC Chicago. Photo credit: Thomas Turnbull

About 2.5 years ago, I started a new chapter at Phase2, continuing along the path that I had started when I decided to see what all the Drupal fuss was about.

Phase2 orange related sign I saw in a cornfield.

As one of the leaders in open source and big Drupal, Phase2 has a high concentration of smart, talented and passionate people in addition to the amazing clients we work with to build amazing open source web systems.

Phase2 team at DC Austin

It’s All Happening.

Seven years later, we stand on the cusp of a very interesting time for open source. Drupal powers a key segment of the web, and its societal power to influence culture is outstanding. You can petition the president, donate to poverty fighting in NYC, buy a bicycle, keep up to date with latest science news or local news,  watch college sports, discuss servers and what software lives on them, coordinate the large amount of information on a humanitarian crisis, catch the latest music video, decide what to major in at your University, visualize a social movement, hear about the latest in international crowd funding,  and launch your own indigenous digital asset management library.

Drupal is not only the enterprise system of record for open source, but it is growing in leaps and bounds throughout the world, supported by its sophisticated multi-lingual underpinning. Over the last year, I’ve had the incredible opportunity to get to know the international community even more through attending and speaking at several amazing camps in South and Central America: Drupal Summit Loja, Drupal Camp Costa Rica, Drupal Picchu & Drupal Camp Mexico City.

Drupal Picchu group shot via Cristian Torres

Right now, Drupal powers academic institutions, Fortune 500 platforms, and global non-profits. This is Drupal. This is what we have to start from! Not to mention Drupal’s greatest asset: the incredible community of people that develop its core, use it to get their content to the world, make it easy to host, consult on strategies, and share approaches with others.

Looking to the Future of Open Source…

Just imagine – if all of the above has happened in the last seven years, what will the next 11 bring?

While the technical advances in Drupal 8 are amazing, it’s the implications for the communities around Drupal which I feel most connected to.

• We are becoming more accessible to non-English languages through the #D8MI (Drupal Multilingual headed up by Gábor Hojtsy). This will allow Drupal to become more globalized than it already is, opening up our ability to interact with even more communities around the world.

• We are becoming more technically accessible as well accessible. By Drupal adopting HTML5, we make it easier to create responsive, and accessible websites for a greater range of abilities and technical capacities.

• Through the ideas in the Drupal as a RESTful data store it will become even easier for us to integrate with other software projects, making us more collaborative, and creating a more positive and open world.

As Drupal continues to evolve in the open source space and expand globally, I hope to see more inspiring stories like this one of a community using open source technology to build and operate their own cellular networks in rural Mexico.

I look forward to continuing to engage and be a part of this awesome community, and I’d like to hear your story as well. How did you get involved in our eclectic and awesome community? In what ways are you most excited to see Drupal evolve in the future?

If you are in the Bay Area this week, check out the Bay Area Drupal Camp (BADCamp) November 6th-9th.  This completely free, volunteer run 4 day conference is yet another example of the power of open source community.  Join me at the BADCamp non profit summit tomorrow to learn how nonprofits are leveraging Drupal to further their organization’s missions and ultimately contribute to our shared global community.

And for those international adventurers and folks in Latin – the first DrupalCon Latin America is February in Bogota, Colombia #vamosalfuturo.

 

In September, Phase2 released a Grunt-based tool for building and testing Drupal sites. We have been working on the tool since January, and after adopting it as part of our standard approach for new Drupal sites, we wanted to contribute it back to the community. We are happy invite you to get started with Grunt Drupal Tasks.

Grunt is a popular JavaScript-based task runner, meaning it’s a framework for automating tasks. It’s gained traction for automating common development tasks, like compiling CSS from Sass, minifying JavaScript, generating sprites, checking code standards, and more. There are thousands of plugins available that can be implemented out-of-the-box to do these common tasks or integrate with other supporting tools. (I mentioned that this is all free and open source software, right?)

Grunt Drupal Tasks is a Grunt plugin that defines processes that we have identified as best practices for building and testing Drupal sites.

Building Drupal

The cornerstone of Grunt Drupal Tasks is the “build” process, which assembles a runnable Drupal site docroot from a Drush make file and custom code and configuration.

The make file defines the version of Drupal core to use, the contrib modules, themes, and libraries to download, and even patches to apply to any of these components. The make file can include components released on Drupal.org or stored in public or private repositories. For patches, our best practice is to reference patches hosted on Drupal.org and associated with an issue. With these options, the entire set of components for a Drupal site can be declared in a make file and consistently retrieved using Drush.

After the Drush make process assembles all external dependencies for the project, the Grunt Drupal Tasks build process adds custom code and configuration. This includes custom installation profiles, modules, and themes, as well as “sites” directory files, like sites.php and settings.php for one or many subsites, and other “static” files to override, like .htaccess and robots.txt. These custom components are added to the built docroot by symlink, so it is not necessary to rebuild for every update to custom source code.

These steps results in a Drupal docroot assembled from custom source in the following structure:

src/   modules/     <custom modules>  profiles/     <custom installation profiles>   sites/     default/       settings.php     <optionally, other subsites or sites.php>   static/     <optionally, overrides for .htaccess or other files>   themes/     <custom themes>   project.make

Grunt Drupal Tasks includes other optional build steps, which can be enabled as needed for projects. One such task is the “compile theme” step will compile Sass files into CSS.

This build process gives us a reliable way for assembling Drupal core and contrib components, for adding our custom code, and integrating development tools like Sass. By using Grunt to automate this procedure, it becomes a portable script that can be shared among the project’s developers and used in deployment environments.

Testing Drupal

In order to help make best practices the default, Grunt Drupal Tasks includes support for a number of code quality and testing tools.

A “validate” task is provided that includes checking basic PHP syntax and Drupal coding standards using PHPLint and PHP Code Sniffer. We highly recommended that developers use this command while coding, and have included it as part of the default build process.

An “analyze” task is also provided, which adds support for the PHP Mess Detector. This task may be longer-running, so it is better suited to run as part of a continuous integration system, like Jenkins.

Finally, a “behat” task is provided for running test scenarios with Behat and the Drupal Extension. This encourages writing Behat tests for the project and committing them with the project code and build tools, so the tests can be run by other developers and in the integration environment by a continuous integration system.

Scaffolding for Drupal Projects

The old starting point for Drupal projects was a vanilla copy of Drupal core. Grunt Drupal Tasks offers scaffolding for Drupal projects that starts with Drush make, integrates custom code and overrides, and provides consistent support for a variety of developer tools.

This scaffolding is provided through the example included with Grunt Drupal Tasks, which is the recommended starting point for new projects. The scaffold structure adds a layer above the aforementioned “src” directory; this layer includes code and configuration related to Grunt Drupal Tasks (Gruntconfig.json and Gruntfile.js), dependencies for the supporting tools (composer.json), and other resources for the tools (features/, behat.yml, and phpmd.xml).

The example includes the following:

features/ src/ .gitignore Gruntconfig.json Gruntfile.js behat.yml composer.json package.json phpmd.xml

For full documentation on starting a new project with Grunt Drupal Tasks, see CONFIG.md.

Learning More

Watch the Phase2 blog for more information about Grunt Drupal Tasks. If you are attending the Bay Area Drupal Camp this week, please check out my session on Using Grunt to Manage Drupal Build and Testing Tools.

We have already spoken about publications on Facebook public pages. Now we want to tell you how to send invitations to friends using Facebook SDK for JavaScript.

Read more

Language Undefined

Kalpana Goel - web developer with Forum One - and I sat down to chat at DrupalCon Amsterdam. We discussed the topic of Dries Buytaert's Amsterdam keynote: the potential benefits of "gamifying" and rewarding companies for supporting contributions, especially to Drupal core; Kalpana's discovery of Drupal; her contribution to the Drupal 8 web services initiative and Drupal's culture of sharing, and some of the benefits that are coming with Drupal 8.

Topic: DrupalLeadership

Drupal 8 is the first time we introduced the concept of formal initiatives and initiative leads. Over the course of these Drupal 8 initiatives we learned a lot and people are floating several ideas to increase the initiatives' success and provide Drupal initiative leads with more support. As we grow, it is crucial that we evolve our tools, our processes, and our organizational design based on these learnings. We've done so in the past and we'll continue to do so going forward.

But let's be honest, no matter how much support we provide, leading a Drupal initiative will unquestionably remain difficult and overwhelming. As a Drupal initiative lead, you are asked to push forward some of the most difficult and important parts of Drupal.

You will only succeed if you are able to build a strong team of volunteers that is willing to be led by you. You have to learn how to inspire and motivate by articulating a vision. You establish credibility by setting clear objectives and roadmaps in partnership with others. You have to motivate, guide and empower people to participate. You have to plan and over-communicate.

Not only do you have to worry about building and leading a team, you also have to make sure the rest of the community has shared goals and that everyone impacted has a shared understanding of why those decisions are being made. You use data, ideas and feedback from different sources to inform and convince people of your direction. Your "soft skills" are more important than your "hard skills". Regardless, you will lose many battles. You only "win" when you remain open to feedback and value change and collaboration. To lead a community, you need both a thick skin and a big heart.

Success is never a coincidence. You put in long hours to try and keep your initiative on track. You need relentless focus on doing whatever is necessary to succeed; to be the person who fills all the gaps and helps others to be successful. Instead of just doing the things you love doing most, you find yourself doing mundane tasks like updating spreadsheets or planning a code sprint to help others be successful. In fact, you might need to raise money for your code sprint. And if you succeed, you still don't have enough money to achieve what is possible and you feel the need to raise even more. You'll be brushing aside or knocking down obstacles in your path, and taking on jobs and responsibilities you have never experienced before.

Your objectives will constantly shift as Drupal itself iterates and evolves. You will want to go faster and you will struggle with the community processes. Imagine working on something for a month and then having to throw it out completely because you realize it doesn't pass. Frustration levels will be off the charts. Your overall goal of achieving the perfect implementation might never be achieved and that feeling haunts you for weeks or months. You will feel the need to vent publicly, and you probably will. At the worst moments, you'll think about stepping down. In better times, you realize that if most of your initiative succeeds it could take years of follow-up work. You will learn a lot about yourself; you learn that you are bad at many things and really good at other things.

Leading is incredibly hard and yet, it will be one of the best thing you ever did. You work with some of the finest, brightest, and most passionate people in the world. You will see tangible results of your hard work and you will impact and help hundreds of thousands of people for the next decade. There is no better feeling than when you inspire or when you help others succeed. Leading is hard, but many of you will look back at your time and say this was the most gratifying thing you ever did. You will be incredibly proud of yourself, and the community will be incredibly proud of you. You will become a better leader, and that will serve you for the rest of your life.

In Drupal views, we have the option of exposing the filters to users. By default, the exposed filters are displayed as Select boxes. Recently in a multilingual project, there was a requirement to display Courses based on Language. And the Languages had to be shown as links. In order to achieve this functionality, the Views exposed filter had to be customized.

To start with the customization, we need to alter "views_exposed_form" using hook_form_alter

function module_name_form_alter(&$form, &$form_state, $form_id) { global $language; if ($form['#id'] == 'views-exposed-form-course-listing-page') { $links = $form['language']['#options']; $vars = array(); foreach ($links as $tid => $term_name) { if ($language->language != $tid && $tid != 'All')  { $options = array( 'attributes' => array( 'class' => array( 'course-filter-tab' . $tid), 'id' => $tid, ), 'html' => TRUE, ), $language_list = language_list(); $language_title = $language_list[$tid]->name; $vars['items'][] = l($language_title, "course", $options); } } $vars['type'] = 'ul'; $vars['attributes']['class'] = array('course-tabbed-filter'); $prefix = theme('item_list', $vars); $form['links'] = array( '#markup' => $prefix, ); } }

The above code will help us render the select box as link, but to make the links functional we need some jQuery code.

There is a lot of talk in the Drupal community and media about the Drupal security vulnerability that was fixed in the Oct 15th update (7.32). If you have missed the details, here is a summary:

A highly critical security vulnerability was found in Drupal's database abstraction API. This was fixed with the release of 7.32 on Oct 15th. If you did not upgrade to Drupal 7.32, or apply the patch, by 11pm UTC on Oct 15th, your site may be compromised. Applying the patch after this will not remove any backdoors that may have already been added to your site or server.

So, if you upgraded or applied the patch immediately, or within 7 hours, you are safe (or as safe as you can be). But if you didn't, it is time to take precautionary measures. The best and most effective measure to take is to roll back everything to a state before Oct 15th 2014. And when I say everything, that includes the server not just the web files and database because backdoors could have been added anywhere.

I upgraded my clients site within 1 hour of the 7.32 release, so they are safe. But I had a couple of personal sites where I missed the 7 hour window by a few hours. Despite not seeing evidence of any hacking, I performed the rollback as a precautionary measure. What follows are my notes on how I did this.

Tags: DrupalPlanet Drupal

Published: Wed, 11/05/14Download this episodeDeployotron

• What is Deployotron?
  It’s a deployment tool.
  A low-key approach to easy and safe deployment.
• When did you start developing it?
  Dec. 2013
• Why did you feel it was necessary to add another layer on top of Drush?
  Needed simple, safe, easy to grok deployment process. Not a Swiss army knife. Other solutions proved to be either too complex/feature-rich or require 3rd party software beyond a simple drush command.
• How does it work?
  Deployotron is implemented as a drush command.
  When deploying it runs a set of “actions” that does the different steps of deploying.
• What kinds of actions can you perform with Deployotron?
• Is this extendable? Can other developers add their own commands to be performed during deployment?
• Is there a way to configure deployment per environment? So that certain commands are always performed on Staging but not on Live.
• What needs to be setup before you can use Deployotron?
  Deployotron requires drush and the appropriate ssh public keys on the target servers.
  And Git.
• How does it improve the deployment workflow?
  Easy and fast deployment to other enviroments from the command line.
  Quick to set up for a new project.
• What if you mess up? Is there a rollback feature?
  There’s an OMG command which will import a dump and reset the codebase to the one that was deployed at the time.
• How does this integrate with other tools like Capistrano, Aegir, etc.
  It doesn’t. Deployotron was meant to be more of an alternative; a simpler one.
• So, is this aimed at people hosting on shared hosts? Or do you need a VPS at minimum?
  Not aimed at shared hosts, as such, but it does support it, given that you have ssh access and drush availability of course.

Use Cases

• How are you guys using it at Reload?
  Very carefully :-)
  With careless abandon.
• Do you know of anyone else using it?
  No, not specificly, but there was some interest at the DrupalHagen DrupalCamp.

Episode Links: DeployotronGielfeldt on drupal.orgFini on drupal.orgFini on TwitterGielfeldt on TwitterVisual Testing with Applitools Eyes Reload.dkTags: DeploymentDevelopment WorkflowDrushplanet-drupal

Be a part of the community

You are into Drupal. That's great! But have you really been into Drupal? I mean, have you seen what Drupal is all about?

Drupal is not only a content management framework to build awesome websites! It is way more than that. Behind the technical part of Drupal are the most creative, savvy and kind people I have ever met. Those people-from all over the world-form one of the most active and powerful open source communities around the web.

To fully experience the community it is not enough to participate in the issue queue, commit patches and help others out. Have you ever wondered who is behind "The mother ship" or who created your favourite module? If you want to find out, you have to get active and visit one of the many Drupal Camps or Cons which are being organised around the world.

You might run into Angie Byron (aka webchick), Jeffrey A. McGuire (aka "jam" or as I call him Mr. Moustache), Morten Birch (aka the King of the North, creator of the mother ship), Sebastian Siemmsen (aka fubhy, maintainer of the Omega theme and creator of the widely loved Omega 4 theme) and you might even have an encounter with Dries Buytaert.

At Camps and Cons you have plenty of opportunities to engage and connect with others, share know-how, present your module or contribute to core in many different ways. Even summarising an issue in the queue helps a lot.

Drupal is more than just a content management framework. It is also the people behind the scenes. It's about (new) friends and friendship. It's about taking part in a great community. So go on and save the date for the next Drupal Camp or the DrupalCon 2015 in Los Angeles.

Start:  2014-11-06 (All day) - 2014-11-07 (All day) America/New_York Sprint Organizers:  David_Rothstein

The monthly Drupal core bug fix release window is this week, and since it has been a while since the last one, I plan to release Drupal 7.33 during this window. Normally, the release would be on a Wednesday, but this time it will be on either Thursday or Friday in order to give people a bit more time to test the latest code. Per our release policy, this will be a bug fix release only (no security fixes).

The final patches for 7.33 have been committed and the code is frozen (excluding documentation fixes and fixes for any regressions that may be found in the next couple days). So, now is a wonderful time to update your development/staging servers to the latest 7.x code and help us catch any regressions in advance.

There is one relevant change record for Drupal 7.33 which is listed below, as well as a new feature that is particularly worth highlighting. This is not the full list of changes, rather only a list of notable API additions and data structure changes that might affect a number of other modules, so it's a good place to start looking for any problems:

• Added entity_view_mode_prepare() to allow entity-providing modules to invoke hook_entity_view_mode_alter() correctly
• Added an optional sitewide theme debug mode, to provide contextual information in the page's HTML to theme developers. The theme debug mode is based on the one used with Twig in Drupal 8 and can be accessed by setting the "theme_debug" variable to TRUE (see the issue for further details).

You might also be interested in the tentative CHANGELOG.txt for Drupal 7.33 and the corresponding list of important issues that will be highlighted in the Drupal 7.33 release notes.

If you do find any regressions, please report them in the issue queue. Thanks!

Upcoming release windows after this week include:

• Wednesday, November 19 (security release window)
• Wednesday, December 3 (bug fix release window)

For more information on Drupal core release windows, see the documentation on release timing and security releases, and the discussion that led to this policy being implemented.

BADCamp is the largest free Drupal event on the planet and it is happening this week, right here in our back yard, at the Palace of Fine Arts.

Chapter Three Trainings

The event kicks off on Thursday with summits and trainings around specific interest areas.

If Magellan hired shipwrights instead of sailors, we would remember him for having the most seaworthy ships lost at sea. If you tried to get your oil changed at an assembly line instead of an auto body shop, the factory would turn you down, or worse do a slipshod job to get you out of the way and get back to building cars.

Similarly, most web development shops create their process around building websites, not supporting them. Aten built a dedicated Support Team out of recognition that maintaining and extending websites requires its own skill set and organizational structure.

At BADCamp 2014, Sandra and I, both Technical Account Managers and developers on Aten’s Support Team, will present “Old dogs, new tricks: Supporting websites after launch”, Saturday, November 8, 2014 at 1:30pm.

We’ll discuss why it’s important for clients to work with a development team specifically designed to support existing sites, and how Aten’s support approach:

• keeps aging sites relevant with new features;
• keeps sites running longer with less technical debt;
• gives us enormous insight throughout a project’s lifecycle so we can consult on a client’s high level objectives and real world challenges;
• and makes us a flexible partner who can puts clients’ minds at ease, with both a rapid response team for hot fixes, and a technical and strategic resource at the ready for larger blocks of work.

We will also discuss how viewing support and maintenance as an opportunity — not an opportunity cost — benefits Aten as well as our clients, and why we think our approach incentivizes great work from developers while building enduring client relationships.

See you at BADCamp!

I am proud to announce the release of the Behat Drupal Extension 3.0! Since 2012, the Drupal Extension has been used for Behaviour Driven Development of thousands of Drupal sites all over the world. The project began as part of the Drupal.org upgrade, and was quickly generalized to enable the testing of any Drupal site.

Version 3 has many exciting new features, and is compatible with Behat 3. Note version 2 does not exist, wanting to avoid version soup.

Behavior Driven Development at BADCamp

Before I dive into the new features, it is important to clarify the difference between testing an application, and Behavior Driven Development (BDD).

As everzet pointed out at Drupalcon no business-critical feature starts with

When browsing an article User Should be able to see related articles

rather, it starts with a conversation

In order to read more interesting articles As a reader I need to see related articles to the one I'm reading

While both are testing something, only the latter is truly describing a behavior that matters to a stakeholder. This is the subject of a blog post, or series of posts, in and of itself, so more on this subject later.

What’s new Documentation

Documentation for this project has been integrated into the repository, and is automatically building on readthedocs.org. Thanks to Melissa Anderson for this awesome work!

A starter context

A starter Drupal context that makes no assumptions around the language used for each test, but still provides all the previous functionality to interact directly with Drupal.

Users are encouraged to start tests from this context which will allow them to use truly ubiquitous language that is specific to each project.

Drupal Drivers

The Drupal Drivers now exist in a separate project, allowing for non-Behat applications to interact with Drupal (e.g., calling directly from Mink, or Codeception).

Note that the Drupal 6 driver has been removed, but since drivers are now separate projects, it will be easy to port that over to the Drupal Extension 3, should somebody want.

It should also be noted that Drupal 8 support will require ongoing work as the code base there evolves towards release.

More granular pre-defined step-definitions

Existing step definitions have been split into 4 indepentent contexts:

• DrupalContext – This contains steps for working with content, users, and taxonomies.
• MinkContext – This is an extension to the Mink Extension, providing additional steps for working with regions and forms.
• MessageContext – Provides steps for working with Drupal success/warning/error messages.
• DrushContext – Provides steps for calling drush commands directly from scenarios

This allows for the use of some pre-definied step-definitions, rather than the previous all-or-none approach.

No more regex!

The pre-definied steps now use the new turnip syntax introduced in Behat 3:

Given I am viewing a/an :type (content )with the title :title

rather than

Given /^(?:a|an) "(?P<type>[^"]*)" node with the title "(?P<title>[^"]*)"$/

What’s a ‘node’?!

The term node has been removed from steps and replaced with content in all pre-defined steps.

What’s next?

• A REST driver that would allow the full power of the Drupal API to be utilized from a remote server.
• Testing Drupal core with Mink and the Drupal Drivers?

BDD Mini Summit

I will be attending the Behat mini-summit at BADCamp along with several other folks from Phase 2. I hope to highlight the Drupal Extension 3, and discuss best-practices for the wide variety of testing needs. I also hope to continue discussions around Behat, Mink and Drupal core.

Launching a new Drupal website is exciting and can be a little risky if you aren’t careful. There are several things to accomplish, details that are too essential to overlook, and many people collaborating to make the deployment go smoothly. 

You may have heard some news about the fact that a new theme has been added to Drupal, named Classy. But what kind of theme is it exactly? Is it a pretty new look for Drupal 8? Well, no. You will still see Bartik as the default theme on your Drupal 8 site, so why another theme? Classy is a new base theme in core, which Bartik and Seven will then use as their bases. The idea here is to provide more flexibility to themers when it comes to choosing default CSS classes.

Competition is helping to drive big performance gains in PHP. Alternative ways of running PHP are becoming viable and with them is coming accelerated speed.

Last week’s Public Service Announcement from the Drupal security team caused a lot of attention. And rightfully so – it told us that the vast majority of Drupal 7 sites around the world are considered compromised. A mere 7 hours after critical security patch SA-CORE-2014-005 was released, robots were spotted in the wild, bulk-hacking Drupal 7 sites with this vulnerability. This is something that’s never happened to the Drupal community before, and it is extremely serious. In some way it’s our own version of Heartbleed and other highly-publicized critical vulnerabilities in open source software.

This issue should not reflect badly on the Drupal community, or the Drupal product at all. Vulnerabilities happen to every software project – particularly the large and complex ones like Drupal! In this case it was the result of a choice in the database abstraction layer to use emulated prepared statements. There’s a great dissection of the whole vulnerability at ircmaxell, but the point here is that it was an intentional decision. We were aware of a theoretical security risk, just as we are in making lots of decisions. But theoretical risks don’t mean much compared with real, measurable losses from the available alternatives. As I said before, this can happen to any software project, and Drupal is a relatively responsible, well written one. What’s interesting now, is the response.

First of all, I am amazed to read responses from many Drupal users who are panicked at having to run a diff of their sites, because they don’t have appropriate tools in place. If you are developing without a VCS and automated backups, you are doing more harm than good. Just stop. Take a week to learn the basic requirements of a development environment, and start employing them. End of story.

I’m not concerned for those people – their sites were disasters waiting for an excuse anyway. What’s frightening about this particular situation is that even if you are working with backups and a VCS, even if you patch critical security vulnerabilities on an aggressive schedule, it still wasn’t good enough.

All of my Drupal 7 sites are affected by this PSA. I work for a large, well-respected agency, with access to leading-edge workflows and tools. We follow best practices. All of my sites are secured well beyond PCI requirements. But PCI requirements say that critical security patches have to be applied within 30 days of release. Our best practices include patch review from the tech lead, and validating patches on test environments before pushing them live. With only 7 hours between patch release and exploits in the wild, there isn’t time for any of that.

I’ve heard people complain that it’s too difficult to update Drupal. “drush up —security-only” seems pretty simple to me, or at least simple enough that further simplification won’t address the real problem. That’s because the real problem isn’t that it’s difficult to apply updates – it’s that a human be ing has to initiate them. I live in the Central European timezone, GMT+6. The patch was released at 10PM for me, and bots were exploiting it by 5AM the following morning. I went to work that day and initiated the patching process, so that my patches could be “responsibly” deployed to live with 24-48 hours of client validation time on my dev and staging environments. Despite being relatively on top of patches and responding relatively quickly, the fact that I’m human, and my clients are human, meant we never stood a chance of patching this issue fast enough. Even if we skipped validation, and even if the update process was just one button (rather than two commands), we would still have failed to update in time. I find myself reminded of the Battlestar Galactica pilot, where the Cylon robots are chasing the humans. After each hyperspace jump, the humans have 33 minutes to complete the calculations for another jump before the machines catch up with them. After 130 hours and 237 jumps, it becomes apparent that the humans’ need for sleep is a critical vulnerability.

The only solution is automated patching. It’s hard to figure out a workflow that allows it; indeed you’re forced into post-hoc testing, which means engineering an easy rollback solution. The truth is that 99% of security patches will not affect any of the functionality you’ve customized or upon which you rely, so hopefully this will be an edge case. But it’s a problem that actually has to be addressed. Here’s how I’m adapting my own projects over the coming weeks:

Every wednesday, every hour, my Jenkins instance runs a script which checks modules and core for each project for security updates. When an update is available, it automatically creates a branch off of Stable (my staging branch), applies the updates, and pushes the result up to the server. My git scripts already create a new subdirectory environment for every pushed branch. Once the environment is ready, Jenkins runs all available behat tests against the new branch. If all tests pass, the branch is automatically merged back into Master, Stage, and Live, and pushed. This push operation triggers a normal Jenkins deployment, which takes a backup anyway. An email is generated to the project administrator advising them which security updates were automatically applied, and linking to the relevant changefiles.

I’m excited about implementing this new layer of automation, because it builds on the best practice workflows I already like (test driven development, git flow VCS organization, automated deployment and backups…) to produce a tangible time savings and security improvement for my sites. At the same time, I can’t say that this is something I recommend for EVERYONE, precisely because it requires such a high level of environment maintenance. When you’re a one-person development shop, it’s hard to afford the time to set up the perfect development environment. It’s hard to convince those bottom-of-the-food-chain clients to pay for things like automated testing and deployment. And certainly once you have those things set up, you don’t get paid for maintaining them!

I’m going to be keeping my eyes open for better solutions that can be applied by the “developer on the street.” Something relatively easy, but which allows the same kind of automated, fast response time for security patches. I’m interested in any ideas you want to post in the comments!