Do you have better things to do than to do maintenance and security updates on your Drupal site? Of course you do. This is a tale about how violinist.io will help you save money, frustration and possibly sleep.
This article is going to assume a couple of things:
It’s also an advantage to have a pipeline for continuous integration and continuous deployment. …
Composer 2 is coming to PHP dependency managed projects all over the internet, finally! Among many things it can provide your project is memory and time savings, repository priorities, faster download times, partial offline support and run-time platform requirements check. To check all of the changes, have a look at the Composer changelog.
Today, however, we are going to talk about what that means for violinist.io.
If you have reviewed a couple of code changes (in a merge request / pull request) you know that changes to a file like composer.lock can be a bit of a hassle to review. It can be long, it can be hard to parse, and it can be hard to spot what packages are updated. For example, updating a dependency that depend on symfony components could end up updating a whole range of packages, even if you expect such a merge request to contain more or less just updating the main package.
For example, if you want to update the…
Violinist.io was started as a need for a more automated workflow for composer based Drupal projects. We maintain several modules on drupal.org and our website is a Drupal website. Needless to say, we are grateful for having Drupal around, and we want to do our part in having Drupal around in the foreseeable future.
This year, times are different for everyone. The Drupal Association is no exception. As the main Drupal conference is cancelled due to the ongoing covid-19 pandemic, the association is running a funding campaign to (partly) make up for losses and loss of income from this event.
PHP 7.4 was released yesterday. 🥳 As a project built for and by PHP, this is something to celebrate for Violinist.io.
A key feature of Violinist.io is to be able to run the updates of your projects in the same environment as you use on your live site. While there are several ways to run trick composer to run on the wrong version, we have found that making sure that is the case makes for the by far best result. Which is why we are proud to announce that by today (only hours after the release of PHP 7.4) you…
After a period of private testing, we are now very glad to say we consider our brand new Bitbucket integration stable!
If you are already using violinist.io with other version control providers, the image above probably looks familiar to what you are used to. If you are not familiar with the service, here is a very brief explanation:
This can be done by clicking on the login link from the front page, an exercise most readers would be comfortable with.
After logging in, simply add your Bitbucket repo as a project on violinist.io
In PHP land there is one advisory database that rules them all. It is https://github.com/FriendsOfPHP/security-advisories. This database contains Security Advisories from all kinds of composer based projects, including Drupal, Symfony, Magento, Typo3 and many others.
Wouldn’t it be nice if this database also contained all of the security advisories that are being published about Drupal contrib modules? We think so too! Which is why we tried to add this to the advisory database back in February. Unfortunately this had some unexpected consequences.
As supporters and evangelists of open source it is with a certain amount of pride we can say we finally also support a platform that is itself open source. Even though we acknowledge the role of Github in the open source ecosystem, it feels good to provide open source alternatives.
For users using Github as a provider, your repositories will continue being monitored.
For those wanting to start keeping their…
Updating your composer dependencies for you!