Automatic updates in Symfony2

With a lot of pride we present our 7th Symfony2 bundle: LswAutomaticUpdateBundle. You could say we are on a role here, since all these bundles were published in the past 3 months! We are very proud that LswGettextTranslationBundle seems to be installed a lot (588 installs so far) and that LswApiCallerBundle was top trending bundle this month on http://knpbundles.com.

automatic_update

Automatic Update Bundle

So, what is new? Well, would’nt it be cool to have a WordPress-style automatic update button? That’s exactly what we deliver with LswAutomaticUpdateBundle! Whether or not this desirable can be argued about, but if you are after fast and consistent deployments, this might work for you. You get an extra icon in the Web Debug Toolbar indicating how long ago you last ran the Composer ‘update’ command. By clicking the icon you get to a panel where you can enter the password to actually execute the upgrade. Before the upgrade is executed the dry-run is executed. Only if all commands succeed, the upgrade button is shown.

update_step1

Features

The bundle does some cool tricks, such as:

  • Showing app/console and composer.phar output in color, thanks to ANSI to HTML support.
  • Showing days not updated to remind you to keep your software up-to-date.
  • Listing all requires and installed versions of the packages with their descriptions.
  • Identifying unstable (dev) packages to encourage you to run stable versions

It also has some password based security, so that it can only be invoked by authorized people.

Pros and Cons

Maybe system administrators could see this bundle as a stability threat, because it enables quick updating of the code. Also, from a security point of view one could argue that this bundle is not desirable, since the use of ‘system()’ calls from PHP to execute shell commands is frowned upon.

On the other hand the bundle encourages frequent updates and use of versioned packages which should enhance security. Also, because this is a single click upgrade, upgrades should not fail because somebody forgot to type a command or makes a mistake in a command.

Installation

As always, you can find the bundle on Github and Packagist. It supports installation using Composer as described in the README.

Share

Leave a Reply

Your email address will not be published. Required fields are marked *