Add Drush command to allow running cron updates via console and by a separate user, for defense-in-depth

Wim Leers → credited pwolanin → .

Wim Leers → credited xjm → .

Clarifying that this is meant to address @pwolanin's request at #3284443-19: Enable unattended updates → and @xjm's request at 🌱 Security review of secure signing components for package manager Active :

We should also finish the work to allow autoupdates’ cron job to be triggered by a separate user for defense-in-depth

I’m also very keen on this part of the problem. We spent a lot of effort in Update Manager to support both writable and not-writable web server configurations. It’d be a real step backwards if all the new slickness only supported the writable case.

I can see advantages for having a separate command so it can be run more frequently than cron and is guaranteed to be run from the cli, but also doesn't drush cron also cover the basic use case?

First round of review posted. I have some questions 😊

This is failing for me with manual testing. The composer update appear to work but I get "Automatic updates failed to apply, and the site is in an indeterminate state. Consider restoring the code and database from a backup."

Also the UX is not great because I guessing there is message from Composer STager I am not seeing. I need to check if that is case from the UI too.

Also the UX is not great because I guessing there is message from Composer STager I am not seeing. I need to check if that is case from the UI too.

Given this, should we block this on 📌 Ensure exceptions thrown by event subscribers are logged Fixed , which should be trivial to do and would make the testing here simpler?

re #13
In this case the problem is not coming from any event subscribers. I created 📌 Add Drush command to allow running cron updates via console and by a separate user, for defense-in-depth Fixed

You linked to this issue 😅 Which did you mean to link to?

🫢Whoops, fixed

🤦🏼

So I manually tested this with the changes in 📌 Failure marker message does not contain exception message + backtrace if available Fixed and the message change to a much more meaningful

Automatic updates failed to apply, and the site is in an indeterminate state. Consider restoring the code and database from a backup. Caused by : Failed to copy "/tmp/.package_managerff2a5e14-d9a4-4e06-b0c4-59070929c370/8wDnJ-H-KtVd8_feJmTRN9Fzk7VI5PGep_xeF7qIGns/web/modules/contrib/automatic_updates/.git/objects/pack/pack-ee29fcbd4b76af52c22f4bfd60176f21b3f2391b.idx" to "/Users/ted.bowman/sites/au-drush-update3/web/modules/contrib/automatic_updates/.git/objects/pack/pack-ee29fcbd4b76af52c22f4bfd60176f21b3f2391b.idx"

The actual problem here of trying to copy the .git files I think is an existing issue but I will search the issue queue.

I will probably manually test by just deleting the .git directory first as I am pretty sure this error has nothing to with it being a drush command. Usually when I manually test I am not using a Composer vcs repo. So need to confirm but I think this would happen via the Update form also.

#18: wonderful news!

Clarifying that this is blocked on 📌 Failure marker message does not contain exception message + backtrace if available Fixed .

I don't think we need to block on 📌 Failure marker message does not contain exception message + backtrace if available Fixed . It is an existing issue I just happen to find in this issue it would happen in any case where you had the marker file

@phenaproxima was going to change the drush command to have only 1 command and have a --post-apply=[STAGE_KEY] option.

I manually tested and it updated from 10.0.8 to 10.0.9. I actually had to manually change StagedDatabaseUpdateValidator because it flagged a change to system_requirments has a DB update when it was not. But that is known issue and comment on 📌 Use static analysis to detect new update functions, to reduce false positives in StagedDBUpdateValidator Fixed with not about this case

I think we still don't want to run DB updates in this drush command as MVP because we intended it to be run in server crontab in an unattended way. But we may want a follow-up that would allowing running DB updates.

I will manually test again once @phenaproxima has made further changes

@tedbow in #21: sure — but your comment in #18 made it sound like it was a hard blocker to continue here. So I was just trying to be helpful 😅🙈

@tedbow in #24: EXCITING!!!!!!! 😄

Also, this MR is starting to look great!

AFAICT the post-apply gets called automatically thanks to ConsoleCronUpdateStage::handleCron() calling \Drupal\automatic_updates\CronUpdateStage::handleCron() which calls \Drupal\automatic_updates\CronUpdateStage::performUpdate() which calls $this->triggerPostApply() all the way at the end? 🤔 What am I missing?

Looking good! Just a few suggestions

Needs follow-up for timeout issue in the MR discussions

I think this issue is good. We already have 📌 For web server dependent unattended updates run the entire life cycle in a separate process that will not be affected by hosting time limits Fixed which researching the different places the code can time out.

I am going to manually test this again

Manual testing didn't work

Got a different error manually testing

 [error]  Update applied successfully but failed in post-apply: The command """ 'auto-update' '--post-apply' '--stage-id=gqDxp7iWi8LDO3vkqYDESoeNS53Aa1oFLLIfBH_LPpI' '--from-version=10.0.8' '--to-version=10.0.9'" failed.

Exit Code: 127(Command not found)

Working directory: /Users/ted.bowman/sites/au-drush/web

Output:
================


Error Output:
================
sh: line 0: exec: : not found
 

guessing $command[0] = $this->fileSystem->realpath($command[0]);
didn't work. Maybe `$command[0]` just is "drush"?

Maybe we need the standard drush way for firing off another command. I think maybe Drush::drush(Drush::aliasManager()->getSelf(), $command, $args);

Maybe we need the standard drush way for firing off another command

I agree, but that means we should probably pass the fully built-out Process object to Stage::triggerPostApply(), which I'm not entirely sure how to do...

I manually tested if from /web/sites/default and it worked update it but the only messages I saw was

[INFO] Updating Drupal core to 10.0.9. This may take a while.

So it seems like the io is still not coming back from post apply.

I have an idea on this

Looks good to me if tests pass!

🚢

🥳

I'm pleasantly surprised this landed yesterday! 🤩

But … it seems a bunch of threads were either left open or closed without explanation? 🙈 That makes it difficult for me (or anybody else) to understand the decision making process…

I've noticed that at least one of the remarks in the threads which did not get resolved/explained did start being addressed in another issue: 📌 For web server dependent unattended updates run the entire life cycle in a separate process that will not be affected by hosting time limits Fixed . Hence linking that.

1. We'll need to update \Drupal\automatic_updates\Development\Converter to avoid adding
   • drush.services.yml
   • src/Commands/AutomaticUpdatesCommands.php
   • src/DrushUpdateStage.php

   to the core MR. Feels like that's easiest to do here? Patch attached.

2. This still needs a follow-up to make this work as a generic Symfony console command. This is a great first step, and we were able to leverage Drush to handle the bootstrapping for us. But Drupal core never includes any Drush commands, so we do need to do that second step too 😅
3. There's information in the section that is missing from the follow-ups that are referenced there. We should move that into those existing issues to avoid it being forgotten.

added 📌 Add new setting for how unattended updates will be run Fixed as remaining task

I identified 3 follow-ups when I reopened this in #41:

1. ✅ update core MR converter → @phenaproxima did this in #42
2. ❌ follow-up to make this work as a generic Symfony console command
3. ✅ update issues listed in "remaining tasks"

Or am I just overlooking an already existing issue for making this work as a Symfony console command? 🤔

Added 📌 Add Symfony Console command to allow running cron updates via console and by a separate user, for defense-in-depth Fixed

Thanks!

Automatically closed - issue fixed for 2 weeks with no activity.