Join Log in
Score:0
Extect avatar Drupal

How to update a module in production?

cn flag
Extect

I am using git to deploy my composer.lock to production. Contrib is not part of my git repo. Therefore, in production I then run composer install to add contrib to production.

What happens when I update a module in dev via composer update, then deploy the updated composer.lock to production and run composer install there? Will it update/replace the existing module code or what is the best practices to update a module in production without having to run the resource hungry composer update command in production?

81
1 + 3
8
leymannx avatar
ne flag
leymannx
Does this answer your question? [Order of drush commands for automated deployment?](https://drupal.stackexchange.com/questions/254407/order-of-drush-commands-for-automated-deployment)
0
Reply
leymannx avatar
ne flag
leymannx
Update locally using composer update drupal/module_name, then run database updates, then export config. Commit updated lock file and config. Deploy. On Live, set the page in maintenance mode, run composer install or deploy latest vendor from CI, run database updates, import config, disable maintenance mode. Done.
1
Reply
Extect avatar
cn flag
Extect
@leymanxx: Very clear. Thanks for summarizing the process
0
Reply
Score:1
Jaypan avatar Drupal
de flag
Jaypan

What happens when I update a module in dev via composer update, then deploy the updated composer.lock to production and run composer install there? Will it update/replace the existing module code

Yes. Running composer install is a fairly lightweight command that will install the components of the system exactly as they have been recorded in composer.lock which is essentially a snapshot of the codebase. As you will have committed composer.lock containing references to the updated code, when you run composer install on any server, it will update the code to match composer.lock which has the updated code.

Running composer update updates code versions, and is much more resource intensive.

I wrote a blog series on Composer and Drupal a couple of years back which explains this all in more depth: https://www.morpht.com/blog/drupal-and-composer-part-1-understanding-composer

0 + 4
Extect avatar
cn flag
Extect
Thank you! That's exactly what I was unsure about. Thanks for clarifying!!!
0
Reply
Jaypan avatar
de flag
Jaypan
Note that many people consider it a security risk to have Composer installed on a production server, as access to the server could allow someone to install software using it.
0
Reply
Extect avatar
cn flag
Extect
Thanks for the watchout!! I would guess that if someone gains access to composer, the problem is not with composer, but with the server config in general. The attacker would have loads of possibilities to do harm even if composer was not installed.
0
Reply
Jaypan avatar
de flag
Jaypan
Yeah, I haven't actually decided which side of the fence I fall on for this one. I'm not a server guy though.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.