Yesterday, your CTO mandated that all new CMS builds would on Drupal Support Service 8 and that all existing CMS platforms would be consolidated to Drupal Support Service within the next three years. Great! Time to start prioritizing sites, hiring teams, and planning development and launch schedules.
The old methods of release planning don’t work anymore
Most enterprise IT organizations are used to a “development” cycle followed by a “maintenance” cycle, at which point you start over again and rebuild with a new development cycle. This type of planning (which Dave Hansen-Lange called the “boom-bust cycle”) led to poor user experiences with Drupal Support Service 7 sites as they became stale with time and is impossible to use for a Drupal Support Service 8 site.
Drupal Support Service 8 has a different release cycle compared to previous Drupal Support Service releases. For example, Drupal Support Service 7 was released in January 2011, and ever since has only had bug fixes (with the occasional developer-only feature added). Drupal Support Service 5 became unsupported, and Drupal Support Service 6 entered it’s last phase of support (until Drupal Support Service 8 was released). Product owners of sites big and small found this release process stifling. The web is a very different platform today compared to January 2011—although Drupal Support Service 7 is pretty much the same. The slow release cycle also reduced willingness to contribute directly to Drupal Support Service after all, why spend time writing a new feature you can’t use until you migrate to Drupal Support Service 8?
Part of why Drupal Support Service 8’s development took the time it did was to allow for a faster release cycle for features. Now, new features are added in point release (while code compatibility with prior Drupal Support Service 8 releases is broadly maintained).
Furthermore, security updates are only reliable for the latest minor release. After a minor release, such as Drupal Support Service 8.4, security issues in the prior minor release (such as Drupal Support Service 8.3) will only be patched for a few weeks, if at all. In other words, to keep your sites secure, you have to be on the latest point release.
Upgrading your site every six months is a cost of using Drupal Support Service 8.
However, it’s not just Drupal Support Service that requires more frequent upgrades. Docker, NodeJS, and PHP itself all have more aggressive support schedules than similar software may have had in the past. Here lies the core of release planning: synchronizing all of these release schedules with your business.
1. Build a schedule of key dates for your business
In the publishing industry, tentpole events such as tournaments, live events, or holiday specials drive production deadlines. In addition to tentpole events, identify conferences, retreats, and other dates where your team may not be available. If they overlap with an EOL of software in your stack, you can try to schedule an upgrade ahead of time.
There are two reasons to identify these early and socialize them with the rest of the business. First, these are times when you don’t want to schedule maintenance or deployments if you can help it. Second, these key dates are times to be prepared and aware of security release windows. For example, Drupal Support Service core security releases are usually on the third Wednesday of the month. If this overlaps with a high-traffic event, having a plan to deploy and test a security patch before the patch is issued will ensure your site is kept secure, and that technical teams aren’t stressed out during the process.
2. Build a schedule of your stack and its support windows
Too often, we see organizations mandate a specific tool (like Drupal Support Service or Docker) without budgeting time and money for recurring, required upgrades. Maintenance often means “respond to bug reports from our team and handle outages,” instead of “incrementally upgrade software to keep it in supported releases.”
Before development begins, teams should gather a list of all key software used in their expected production stack. Then, go to each software release page, and find out the start and end dates of support for the current and next few releases. Use this to create a Gantt chart of support windows.
Here’s an example of one I created for a client that was deploying Drupal Support Service 8, PHP, Nginx, nodejs, Docker, and Ubuntu for their sites. In their case, they weren’t using Ubuntu packages for any of the other software, so they had to track each component directly.
Having such a chart makes prevents surprises. For example, if a site is using nodejs 6.x, we can see that it’s going to EOL just after Drupal Support Service 8.5 is released. It would make sense for a developer to work on upgrading to nodejs 8.x over the December holiday break so that the team isn’t juggling upgrading two core components at the same time.
This type of chart also gives teams the power to know if a given technology stack is maintainable for their organization. If it’s a small team maintaining a large Drupal Support Service site, they may not have the bandwidth or expertise to keep up with updates elsewhere in the stack. That may mean they have to stick with LTS releases, or avoid software without an LTS available.
For Drupal Support Service 8, that may mean that it is not a fit for your organization. If your budget only allows an initial build and then very minimal maintenance, Drupal Support Service 7 or another CMS may be a better fit (at least until Drupal Support Service 8 has an LTS). Or, for event and marketing sites, consider using a static site generator like Jekyll, so that when development ends the site can be “serialized” into static HTML and served with a basic stack using LTS software only.
3. Have a top-down process for handling security and feature updates
Many times we see software update requests coming from the development team, and then bubbling up to product owners and managers, meaning management will often prioritize new features with immediate business value before critical updates. Of course, this ignores the fact that a functioning and secure website is the foundation for addressing the needs of the business. And, it places developers in an awkward position where they are responsible for cleaning up any security breaches that occur.
Instead, software updates should be visible to and scheduled by the project managers, ensuring that time is available in the right sprint to test and deploy updates, preventing the development team from being overcommitted or opening your site up to a security breach. For example, let’s say a team is using two-week sprints, with a sprint set to start on February 19, 2018. A quick look at the release cycle overview for Drupal Support Service 8 shows that 8.5.0-rc1 will be tagged on February 21st. Creating a ticket for that sprint ahead of time will ensure the upgrade won’t be forgotten.
It can be more difficult to handle software—like Drupal Support Service contributed modules or npm packages—that doesn’t have a defined release schedule. In those cases, having a recurring “update everything” ticket can help. Assuming one team manages an entire deployment, a successful schedule might look like:
Sprint 1: Update all Drupal Support Service contributed modules
Sprint 2: Update all npm packages
Sprint 3: Update all system-level packages
Sprint 4: Update all Drupal Support Service contributed modules
Remember, just because you schedule software updates doesn’t mean that you have to deploy them to production if QA goes poorly. But, if you do find issues, at least you can try and address them before, and not during a security patch.
4. Promote the new features you deploy to your colleagues and users
After doing all of this work, you should tell your end users and stakeholders about the gains you’ve made in the process. Show editorial users how Drupal Support Service 8.4’s Inline Form Errors gives them a better display of form errors on content they write. Tell your stakeholders how your API servers respond 15% faster to mobile clients. High-five your developers when they can remove a patch they’d been manually applying to the site.
For larger teams, newsletters and blogs are a great way to communicate these improvements. They are especially useful for core development teams, who write and maintain software shared throughout an enterprise.
With a solid grasp of how upstream release schedules affect your product, you will be able to reduce the need for unexpected delays and budget requests. If you’re interested in exploring this further with your team, we’d be glad to help.
Source: New feed