Lauren MorrisAs developers, we understand how challenging managing dependencies in development can be. As Lagoon users ourselves we want to help you stay current with package updates ensuring you have access to security, performance, and new features.
How to Check for Application Updates
The simplest way to check for available application updates is using your package manage commands
Composer: composer outdated
Yarn: yarn outdated
Python Pip: pip list --outdated
Ruby Bundler: bundle outdated
(Notice the theme here! Your package manager of choice probably also includes this functionality too!)
This command will show you if you're running an older version and what updates are available.
Automating Your Update Workflow
Although you can check updates manually, automated tools deliver the biggest productivity benefits. We recommend implementing an automated dependency manager to handle this for you. Some popular options that our team has tried and tested include:
- Renovate Bot- Free Community Plan
- Dependabot- Integrated with GitHub
- Violinist- Free Version available, only supports PHP/Composer
These tools can:
- Automatically detect new package versions
- Create pull requests for updates
- Integrate with existing CI tooling
- Include changelog information in the PR
- Maintain your desired update schedule
Understanding Lagoon Updates
Uselagoon Images
We wrote a blog post a couple of years ago about this - check it out at https://dev.to/uselagoon/moving-lagoon-to-semantic-versioned-docker-images-57d0. We recommend pinning to specific image tags if your project is under constant development and you’re using automated update tools. If your project has infrequent development, using the :latest\ tags is usually a better option to avoid inadvertently exposing yourself to vulnerabilities.
Drupal Modules
Our Drupal modules, such as Lagoon Logs are packaged through the Drupal.org package system, and updates will be notified through the UI or via composer show\
Drupal Integrations
Our Drupal integrations package, like other components, follows semantic versioning practices. Each release is documented on GitHub with detailed changelog information and published to packagist, making it easy to understand what's changed and whether you need to update (hint, you likely always need to update!).
Lagoon Tools
The tools we manage to help with Local Development are also updated regularly:
- Lagoon CLI - available on Homebrew for Mac&Linux, as a binary and as a Docker Image
- Lagoon Sync - currently only available as a binary, but we’re working on the others
- Pygmy Stack - available on Homebrew for Mac&Linux and buildable from source
We usually recommend running the most recent versions of these tools - and are always on the lookout for any bug reports or improvements.
Lagoon examples
From time to time, we introduce new thinking into our example repos - either to take advantage of newly-available functionality in Lagoon, or to reflect a change or update in best practices. You should keep an eye out for these changes from time-to-time, and look to see what you can incorporate into your projects. Note that there is no automated way to do this, so it’s back to side-by-side eyeballing!
Best Practices
- Pin your dependencies to specific versions for predictability
- Set up automated testing to run when dependency updates are proposed
- Configure your chosen update tool to group related updates
- Review changelog entries before merging updates
Getting Started
To begin automating your dependency management:
- Choose an update manager that fits your workflow
- Configure it to watch your Lagoon-related packages
- Set up appropriate test automation
- Define update schedules that work for your team
Remember, while automation helps, it's still important to review updates before applying them to production environments. The goal is to make the process more efficient while maintaining control over your application's stability.
Staying current with updates helps ensure your applications remain secure, performant, and feature-rich. We encourage you to explore these tools and find the workflow that works best for your team. Your success as a Lagoon user matters to us, and we know that managing dependencies is just one part of your development journey.
If you come across any awesome tools, please let us know!
