Why use automation tools for dependency updates

Last week, I recorded an episode of Beyond Blocks with Eirik Morland - the Developer of violinist.io, a tool for automating dependency updates in PHP projects.

Instead of a person manually running composer update in each project, tools like Violinist can do that for you and submit pull or merge requests to your project for you to review.

But why would you want this?

There are technical reasons, such as not having to rely on everyone having the same local environment and avoiding potential conflicts, and consistency by ensuring the same command is run every time.

But, the big advantage, in my opinion, is the time it saves and allows you to reuse.

Instead of manually updating each project's dependencies, I can focus on tasks that deliver value to my customers and clients and move us towards our objectives.

Dependency updates, such as a new version of Drupal core or a contrib module, don't contain any perceived value compared to other tasks, such as adding a new feature or fixing a bug.

They happen behind the scenes, often invisibly, without any visual changes to show an update has been done.

If they aren't done often, they will be riskier to deploy due to the larger changes, and the longer it takes, the greater the potential for insecure versions to be exploited - potentially affecting your reputation and your customer's and with any remedial work taking the focus from other tasks.

Having a service like Violinist performing the updates for you means they can be applied and deployed more regularly, reducing the risk and making it easier to stay up-to-date and run secure versions of your dependencies.

- Oliver

Was this interesting?

Sign up here and get more like this delivered straight to your inbox every day.

About me

Picture of Oliver

I'm an Acquia-certified Drupal Triple Expert with 17 years of experience, an open-source software maintainer and Drupal core contributor, public speaker, live streamer, and host of the Beyond Blocks podcast.