--- title: "Drupal Auto DevOps jobs" date: "2024-02-14T06:18:38+00:00" summary: "Discover Drupal Auto DevOps jobs for efficient CI/CD pipelines, including build, test, deploy, and automatic update stages." image: type: "page" url: "/acquia-cloud-platform/add-ons/code-studio/drupal-auto-devops-jobs" id: "096ea684-faaa-456a-b581-d458c3f6a9ce" --- Table of contents will be added Code Studio defines the following default jobs: * [Build Drupal stage](#section-build-drupal-stage) * [Build Code job](#section-build-code-job) * [Validate Code Structure job](#section-validate-code-structure-job) * [Manage Secrets job](#section-manage-secrets-job) * [Test Drupal stage](#section-test-drupal-stage) * [Test Drupal](#section-test-drupal-job) * [(conditional) SAST (Static Application Security Testing) job(s)](#section-static-application-security-testing-sast-jobs) * [Secrets Detection](#section-secrets-detection-job) * [Deploy Drupal stage](#section-deploy-drupal-stage) * (merge requests only) Create Acquia CDE job * (merge requests only) Delete Acquia CDE job * [(branches only) Deploy Branch to Acquia job](#section-deploy-branch-to-acquia-and-deploy-tag-to-acquia-jobs) * [(tags only) Deploy Tag to Acquia job](#section-enabling-deploy-tags-in-code-studio) * [Automatic Updates stage](#section-automatic-updates-stage) * [Composer Update job](#section-composer-update-job) * [Deprecated Code Update job](#section-deprecated-code-update-job) For a full list of the Drupal-optimized Auto DevOps jobs, see [Drupal-optimized Auto DevOps jobs](#section-drupal-optimized-auto-devops-jobs). Build Drupal stage ------------------ ### Build Code job The Build Code job installs Composer dependencies. You can extend this job to construct front-end theme dependencies. For more information, see [Adding a before\_script or after\_script to a Code Studio job](/acquia-cloud-platform/add-ons/code-studio/docs/customizing-code-studio/default-code-studio-pipeline/adding-script-or-after-script-code-studio-job). ### Validate Code Structure job The Validate Code Structure job validates that your repository is following the best practices in terms of which files are committed or ignored. This job is permitted to fail. However, failure to follow the best practices can result in unexpected outcomes during the rest of the pipeline. Notably, it can result in problems with your deployment artifact. ### Manage Secrets job The Manage Secrets job is responsible for SSH key management. Test Drupal stage ----------------- ### Test Drupal job The Test Drupal job runs three types of tests. For each type, the tests run only if the defined conditions are met. **Test Name** **Purpose** **Conditions** **To enable:** PHP Code Sniffer Validates that your custom code follows the established Drupal coding standards. * Your application has `acquia/coding-standards` or `squizlabs/php_codesniffer` in the root composer.json `require` or `require-dev` array. * Your root directory contains `phpcs.xml` or `phpcs.xml.dist`. 1. Run `composer require --dev acquia/coding-standards` 2. Copy [phpcs.xml.dist](https://github.com/acquia/drupal-recommended-project/blob/master/phpcs.xml.dist) to your repository root. PHP Stan Validates that your custom code does not rely on deprecated functions or services. * Your application has `phpstan/phpstan-deprecation-rules` and `drupal/core-dev` in the root composer.json `require` or `require-dev` array. * Your root directory contains `phpstan.neon.dist`. 1. Run `composer require --dev phpstan/phpstan-deprecation-rules drupal/core-dev` 2. Copy [phpstan.neon.dist](https://github.com/acquia/drupal-recommended-project/blob/master/phpstan.neon.dist) to your repository root. PHPUnit Validates that your custom unit tests pass. * Your application has `phpunit/phpunit` and `drupal/core-dev` in the root composer.json `require` or `require-dev` array. * Your root directory contains `phpunit.xml.dist`. Code Studio does not support PHPUnit code coverage. 1. Run `composer require --dev phpunit/phpunit drupal/core-dev`. 2. Copy [phpunit.xml.dist](https://github.com/acquia/drupal-recommended-project/blob/master/phpunit.xml.dist) to your repository root. For an example, see [drupal-recommended-project](https://github.com/acquia/drupal-recommended-project). ### Static Application Security Testing (SAST) job(s) The SAST jobs statically scan your code for security vulnerabilities. This may be one or more jobs depending on the types of files committed to your repository. For example: * If PHP files are detected, jobs are scanned with `phpcs-security-audit`. * If Ruby files are detected, jobs are scanned with `brakeman`. For more examples, see [Supported languages and frameworks](https://docs.gitlab.com/ee/user/application_security/sast/#supported-languages-and-frameworks) ### Secrets Detection job The Secrets Detection job scans your code to confirm that you have not accidentally committed any secrets, such as login credentials, to your repository. For more information, see [Secret Detection](https://docs.gitlab.com/ee/user/application_security/secret_detection/). If you enable the Test Drupal job, Code Studio sets up the Drupal site before it performs the tests. For more information about enabling the Drupal site setup during the pipeline, and choosing a setup strategy, see [Selecting the Drupal setup strategy in Code Studio](/acquia-cloud-platform/add-ons/code-studio/selecting-drupal-setup-strategy "Selecting the Drupal setup strategy"). Deploy Drupal stage ------------------- ### Deploy Branch to Acquia and Deploy Tag to Acquia jobs The Deploy Branch to Acquia and Deploy Tag to Acquia jobs construct a build artifact that includes committed, contributed, and vendor directories. For example, it includes `vendor` and `docroot/modules/contrib` even if these directories are not committed to the source repository. This job uses `acli push:artifact` to create the artifact. Each time a pipeline runs in Code Studio on any branch, the system generates an artifact from that branch and pushes it to Acquia Cloud. The uploaded branch appears on Acquia Cloud with the name: `CodestudioBranchName-codestudio-build` Note `CodestudioBranchName` refers to the branch name in Code Studio where the pipeline ran. To deploy the branch to any environment on Acquia Cloud, follow these steps: 1. Log in to Acquia Cloud. 2. Select your application and go to the **Environment** section. 3. Select the **Switch code** button for your target environment. ![codestudio-enviornment](https://acquia.widen.net/content/0d94fa78-9419-44f0-b525-b3588f9c11d5/web/2e46a_codestudio-enviornment.png?w=720&itok=dyvpnSX8) 4. Enter the branch name, using the same branch name as in Code Studio. The branch name on Acquia Cloud appears as `CodestudioBranchName-codestudio-build`. ![codestudio-branchname](https://acquia.widen.net/content/a9a6be42-cbf3-4441-8203-53385b0b7930/web/26b69_codestudio-branchname.png?w=480&itok=2EKnhImn) 5. Select the branch for deployment. ### **Enabling deploy tags in Code Studio** To automate the tag creation process during deployment, set the `ACQUIA_JOBS_DEPLOY_TAG_ARTIFACT` CI/CD job to _true_ in your Code Studio project. After you set this job to _true_, Code Studio automatically performs the following steps every time you create a tag in Code Studio: 1. Generates a deployment artifact 2. Tags the artifact 3. Pushes the tag to Cloud Platform 4. Deploys the tag to production To configure this variable for all tags: 1. Modify the settings of your CI/CD variable `ACQUIA_JOBS_DEPLOY_TAG_ARTIFACT`. 2. Do one of the following: * Clear the **Protect variable** checkbox. * Select the **Protect variable** checkbox and configure Code Studio to protect your tags automatically at `https://code.acquia.com/help/user/project/protected_tags.md`. To automatically deploy tags to an environment other than production, set the `ACQUIA_CLOUD_SOURCE_ENVIRONMENT_ID` CI/CD variable to be the environment ID of your target environment. For more information about configuring continuous delivery in Code Studio, see [How to implement real Continuous Delivery for Drupal](https://dev.acquia.com/tutorial/how-implement-real-continuous-delivery-drupal) on the [Acquia Developer Portal](https://dev.acquia.com/). Automatic Updates stage ----------------------- ### Composer Update job The Composer Update job runs `composer update` against your repository, and submits any changes in a merge request. ### Deprecated Code Update job The Deprecated Code Update job scans your custom code, such as custom modules and themes, for deprecated code. Using [Drupal Rector](https://github.com/palantirnet/drupal-rector), the job automatically replaces the deprecated code with updated, supported replacements. This is designed to preserve the same functionality, while removing any dependencies on deprecated functions, methods, classes, and so on. Drupal-optimized Auto DevOps jobs --------------------------------- **Build Drupal** **Test Drupal** **Automatic Updates** **Deploy Drupal** Build code Test Drupal Composer update Create artifact from branch Validate code sast Drush update Create artifact from tag bandit-sast Deprecated code update Create Acquia CDE brakeman-sast Delete Acquia CDE eslint-sast flawfinder-sast   kubsec-sast gosec-sast mobsf-android-sast mobsf-ios-sast nodejs-scan-sast phpcs-security-audit pmd-apex-sast security-code-scan semgrep-sast sobelow-sast spotbugs-sast secret\_detection code\_quality Note For more information about: * Auto DevOps pipeline, see [Auto DevOps pipeline steps](https://acquia.widen.net/s/5dfdhscdpl/code-studio_autodevops). * Automatic updates pipeline, see [Automatic updates pipeline steps](https://acquia.widen.net/s/phr6r8dtff/code-studio_automatic-updates).