Because Composer is the widely accepted standard for building Drupal 8 websites, Remote Administration (RA) will be using only Composer builds and updates to ensure that dependencies are included in any Drupal 8 core or contributed module update.
Note, however, that RA will continue to use Drush to detect insecure modules.
Installations of Drupal 8.3.0 or greater should be built with a fully functional
composer.json file that includes all code necessary to run your codebase, and that contains no package conflicts.
Minimum requirements for an RA
The following outlines the minimum requirements for a
composer.json file to be compatible with Remote Administration:
vendordirectory should be located in the repository's root above the
docrootdirectory. This directory must be managed through version control, and the proper autoloading must be set up to redirect Drupal to the new
vendorlocation. For more information, see Drupal scaffold.
- A Drupal
composer.jsonfile must specify at least the following basic information:
- The require section of the
composer.jsonfile needs to list Drupal core as well as all contributed modules and packages required to run your Drupal website.
- All Drupal code must be located within the
- All non-Drupal files added to any directory must either be added as a public repository, added as a private repository, excluded using drupal-scaffold, or able to be recreated through patches that have been declared in your
How RA Automation works with Composer
The Remote Administration update process performs a series of update commands against your website on the RA environment, determines any needed updates, applies the changes, and notifies you, as described in these steps:
- The latest production code and a copy of your production database are copied to the RA environment.
- Your codebase is examined for a valid
composer.jsonfile above the
- If a valid
composer.jsonis located, RA will proceed with the update process.
- If no
composer.jsonfile is located, RA's automation will revert to applying updates using Drush. For Drupal 8 websites, refer to the important note regarding Drupal 8 and using Drush for updates.
- If a valid
- The code is scanned for the following types of updates with the
- Security updates for contributed modules
- Bugfix updates for specified contributed modules
- Bugfix and security updates for Acquia-managed modules
- The most recent version of Composer is temporarily installed on the RA environment.
- Composer updates are determined and applied with the
composer update --dry-runcommand in your RA environment to ensure that your
composer.jsoncontains no errors that will prevent updates from completing. No changes are made to your codebase.
If conflicts requiring resolution prior to applying updates are detected in your
composer.jsonfile, you will receive an Acquia Support ticket notifying you of these conflicts so that they can be resolved.
- Composer performs the
composer update package/name --with-all-dependenciescommand to update your package to the highest available version allowed by the version constraints in your
- Database updates are applied with the
- To provide faster security updates, the Stage File Proxy module is enabled to mirror files—instead of copying them—from your production environment to your RA environment.
- If new updates are identified, you will be notified with an Acquia Support ticket when these updates are ready for testing.
The Acquia RA Composer GitHub repository contains an example
composer.json file that you can use as a starting point for creating your website's
composer.json. The repository contains the following files:
composer.json– An example file for Composer
readme.md– How to use the
annotated.composer.json– An annotated example file with explanations of the configuration sections
To use the example Composer file, you can download the file and copy its contents into your own
composer.json file, or clone the repository and then copy the file to your website's repository.