Magento 2 Patching at Scale
Demo monorepo showcasing approaches for distributing patches across lots of Magento 2 Projects at scale, with practical examples and best practices.
Patch management can become a time sink / unexpected cost for development teams, especially as your client base scales. Stop wasting time and budget and explore options to optimize the process safely.
View the full detailed blog post here: https://www.sdj.pw/posts/magento2-patching/
Problem
Many agencies and development teams struggle to manage patches across large inventory of Magento projects. Leading to missed patches, unexpected client bills, large vulnerability windows, and wasted engineering capacity. This project demonstrates a few examples of different ways to Manage patches across large Magento fleets, to avoid wasting client budget, and keep sites secure.
Solution
Once approach discussed is using Ansible to apply the patch files across your entire fleet. Great for urgent patches such as SessionReaper / CosmicSting, where waiting for your dependency manager, test suite and deployment pipeline introduces a longer vulnerability window.
Another discussed approach is using Composer meta packages, and patch constraints to apply patches based on vulnerable versions. This is the long term approach, which persists across deployments and can be fully automated via your dependency management tooling (Renovate/Dependabot).
Technical Highlights
- Ansible to deploy urgent patches across your entire Magento fleet in seconds
- Support for gradual rollout to validate zero issues before committing
- Easy rollback with patch reversal
- Composer meta package, with patch constraints for long term application
- Dependabot / Renovate support for automatic updates
- E2E test suite allows for fully automatic patch rollout!