Embed Size (px)
Citation preview
https://events.drupal.org/losangeles2015/sessions/plain-drupal-english-guide-remaining-drupal-8-criticals
A "PLAIN DRUPAL ENGLISH" GUIDE TO THE REMAINING DRUPAL 8 RELEASE BLOCKERS
A N G I E " W E B C H I C K " B Y R O N
First, some FAQs…
FAQ #1: When will Drupal 8 be released?
"When it's ready"
FAQ #2: When is "when it's ready?"
Sometime after this graph hits zero.
https://www.drupal.org/drupal-8.0/get-involved
Only 26 release blockers left!
beta -> rc -> 8.0.0• While count of critical issues > 0, create monthly
beta releases (we are here)
• If critical issues === 0, start bi-weekly release candidates (same as D6/D7 release windows)
• Only critical fixes or extremely non-disruptive (e.g. docs) patches committed during RC, to prevent regressions.
• Once count, rate, and nature of criticals seem manageable, set a release date >= 3 weeks later
https://www.drupal.org/core/release-cycle#rc
FAQ #3: How can I help?
More money than time? D8 Accelerate.
https://assoc.drupal.org/d8accelerate
What's D8 Accelerate funding?
• Performance improvements
• Security fixes
• Beta-to-beta upgrade path
• DrupalCI (next generation testbot)
• Views / Entity API integration
Who's D8 Accelerate funding?
Andrei Mateescu(amateescu)
Daniel Wehner(dawehner)
Wolfgang Ziegler(fago)
Francesco Placella(plach)
Nat Catchpole(catch)
Fabian Franz(Fabianx)
Klaus Purer(klausi)
Lee Rowlands(larowlan)
Damian Lee(damiankloip)
Bernhard Schussek(webmozart)
Jelle Sebreghts(Jelle_S)
Stéphane Corlosquet(scor)
James Gilliland(neclimdul)
Key
• Upgrade Path: Blocking the beta-to-beta upgrade path in core.
• Blocker: Blocking another critical issue.
• Blocked: Blocked by another issue
• Triaged: Core committers agree this is critical
Configuration Management
#2416109: Validate configuration dependencies before importing
configuration
Multilingual
Multilingual all the things!
• #2486177: Deleting an entity translation from the UI deletes the whole entity
• #2478459: field item callbacks are only called for SQL storage and field API is inconsistent with hooks
Drupal 7
node/1 node/2
Drupal 8
node/1 node/1
"Houston, we have a problem…"
Performance
Goal #1:Figure out where D8 is slow
• #1744302: [meta] Resolve known performance regressions in Drupal 8 Triaged
• #2289201: [Meta] Make drupal install and run within reasonable php memory limits Triaged
Help by profiling/benchmarking!
Here are some tools of the trade
XHProf• Measures "wall time" (CPU +
disk I/O time) of functions + functions they call
• Exclusive (this function only) vs. Inclusive (this function + all child functions)
• Generally, sort by Exclusive Wall Time descending; the top functions are most expensive.
• Can "diff" runs to show +/-
https://pecl.php.net/package/xhprof https://www.drupal.org/node/946182
Flame graphs• Takes numerous samples of
stack data, to help normalize one-off slowness
• Each box represents a function that was called (stack trace; starts at bottom and goes up)
• Wider boxes = more time spent and/or more times called
• Colors / x-axis irrelevanthttp://www.brendangregg.com/flamegraphs.html
https://www.drupal.org/node/2370667
ApacheBench (ab)
• Designed to test performance of web servers
• Tracks how many requests/second can be handled; good for before/after patch testing
• Can send multiple requests (-n100) concurrently (-c10) to simulate load
http://www.brendangregg.com/flamegraphs.html https://www.drupal.org/node/2370667
Goal #2:Fix known areas of slowness
• #1805054: Cache localized, access filtered, URL resolved, and rendered menu trees Triaged
• #2263569: Cache-enabled forms generate cached form data for every user on every request
Goal #3:Render cache all the things
• #2429287: [meta] Finalize the cache contexts API & DX/usage, enable a leap forward in performance Triaged Blocker
• #2381277: Make Views use render caching Triaged
• #2450897: Cache Field views row output Triaged
Drupal 7 page caching
1: Drupal has nice, warm page cache 2: Someone fixes a typo in anode somewhere
3. Entire page cache becomes invalidated "just in case"
4. Start warmin' those caches again!
Drupal 8 caching: a vocabulary lesson
• Cache keys: identify a representation of a thing ['node', 5, 'teaser']
• Cache contexts: identify variations of a thing (contexts it depends on) ['user.roles'] for a block that shows different things depending on role
• Cache tags: identify reasons for a thing to be invalidated (other dependencies) — if these change, refresh the cache ['node:5', 'user:3', 'taxonomy:3']
https://www.drupal.org/developing/api/8/cache
Drupal 8 page caching
4. Page cache instantly updated!
1: Drupal has nice, warm page cache
3. Because it was a typo on node 5, only node:5 cache tag cleared
2: Someone fixes a typo in anode somewhere
BigPipe• Thanks to cache metadata, we
can flag highly dynamic (per-user or un-cacheable) blocks
• Don't prevent those from sending the rest of the page!
• Render and return the "cheap" cached page parts + placeholders fast, fill in placeholders with the dynamic bits as they're built
https://www.facebook.com/notes/facebook-engineering/bigpipe-pipelining-web-pages-for-high-performance/389414033919
https://www.drupal.org/node/2469431
"SmartCache"• On cache miss:
• Controller does queries, builds render array, etc.
• Stores (per-route) both cache contexts + rendered markup (skip post-render cache; keep dynamic placeholders intact)
• On cache hit:
• Bypasses controller altogether, returning pre-rendered markup ready to go! (no queries, render array building, etc.)
• Dynamic content filled in as a second pass.
https://www.drupal.org/node/2429617
"SmartCache"
Find route
Find controller
http://example.com/hello/
Markup cached?
Cache everything between <body> and </body>
Replace dynamic placeholders
Return everything between <body> and </body>
Replace dynamic placeholders
No Yes
Queries, build render array…
Goal #4:Fast By Default
• #2465053: Drupal 8 only allows one user every 6 hours to register when page caching is enabled — caused by entity UUID in form state Triaged
• #2351015: Link CSRF tokens can be hijacked when cached with insufficient contexts Triaged
• #2454439: [META] Support PHP 7 Triaged
What is "fast by default"?• CSS/JS aggregation enabled
by default
• No JS loaded for anon users
• Render caching in core
• Page cache enabled by default
• Drupal 8 ready to go on reverse proxies! (Varnish, CDN, etc.)
http://wimleers.com/article/performance-calendar-2013-making-the-entire-web-fast http://wimleers.com/blog/drupal-8-page-caching-enabled-by-default
PHP 7
http://talks.php.net/fluent15#/drupalbench
• 84% performance increase?! Yes, please!
PHP 7• "Fast by default" FTW! :D
Security
Goal #1: No security regressions from Drupal 7
• #2421503: SA-CORE-2014-002 forward port only checks internal cache Triaged Upgrade Path
• #2461845: Private files that are no longer attached to an entity should not suddenly become accessible to people who couldn't see them before Triaged Upgrade Path
• Any major/critical Drupal 7 or Drupal 6 core issues in private security.drupal.org tracker!
Goal #2: Safe Markup Everywhere
• #2280965: [meta] Document or remove every SafeMarkup::set() call Triaged Blocked
• #2273925: Ensure #markup is XSS escaped in Renderer::doRender() Triaged Blocker
• #2472731: t() variable placeholders not appearing to work in Twig {% trans %}
Safe Markup in Drupal 7<script>alert('Mwahahaha!')</script>
<script>alert("Mwahahaha!")</script>
https://www.drupal.org/writing-secure-code
check_plain()/check_markup() filter_xss()/filter_xss_admin()
t() + @ or %
If you forget…
Safe Markup in Drupal 8<script>alert('Mwahahaha!')</script>
<script>alert("Mwahahaha!")</script>
"Twig autoescape enabled" change record
If you forget…
Avoiding double-escaping• Use a Twig template (recommended!)
• Use a '#type' => 'inline_template'
• Ask Twig service to render inline
• SafeMarkup::format()
• But NOT SafeMarkup::set() (only for internally setting), so we need to fix core to use another option.
"New inline_template render element" change record
Goal #3: Secure REST API• #2364011: [meta] External caches mix up
response formats on URLs where content negotiation is in use Triaged
• #2472323: Move modal / dialog to query parameters Blocker
• #2395831: Entity forms skip validation of fields that are not in the EntityFormDisplay Triaged
How REST works in D8
https://drupalize.me/blog/201401/introduction-restful-web-services-drupal-8
CDN/browser doesn't support Accept headers? You get this at /node.
https://drupalize.me/blog/201401/introduction-restful-web-services-drupal-8
Instead: query-string negotiation
http://example.com/node/1?_format=hal_json
Different URLs = no caching issues!
Format unsupported? Ignore the query string, default to HTML.
Drupal.org
Drupal.org (website/infra) blockers to 8.0.0
• Support for new D8 patterns: PSR-4/YAML/etc.
• Make drupal.org mobile-friendly
• Support for semantic versioning
• Translations support for Drupal 8.x
• Automated testing for all supported PHP versions, databases
https://www.drupal.org/node/2267715
Drupal.org (website/infra) blockers to 8.0.0
• Support for new D8 patterns: PSR-4/YAML/etc.
• Make drupal.org mobile-friendly
• Support for semantic versioning
• Translations support for Drupal 8.x
• Automated testing for all supported PHP versions, databases
https://www.drupal.org/node/2267715
Semantic versioning
• New feature releases of Drupal 8 every 6 months
• Backwards compatibility preserved!
• Core devs, contrib devs, site builders working on same code base
• Drupal 9? Not until there's enough done to warrant breaking BC
Translations support• Drupal 8 ships with new things to translate, such as
multilingual configuration configuration. localize.drupal.org needs to support it: #1933988: Support for Drupal 8 shipped configuration translatables
• localize.drupal.org is still on Drupal 6. D6 support ends 3 months after D8. Almost done porting to D7! Help test! https://www.drupal.org/node/1424984
• Need place for Drupal 8 to find the most recent translation to download: #2113957: Build server side version fallback system for translations
DrupalCI: Modernizing Testbot Initiative
https://www.drupal.org/project/drupalci
How to help testbot!• Testers! Go through the README and try to set up
DrupalCI locally! bit.ly/drupalci-readme
• Designers! We need your help! results.drupalci.org is just stock Bootstrap.
• Core developers! Help debug and diagnose failures in alternate environments.
• Tinkerers! Play around with creating additiona; job types, such as Behat or Selenium testing.
Upgrade path
Updates, Upgrades, and Migrations, Oh My!
• Starting with Drupal 8, major version changes (e.g. Drupal 6/7 => Drupal 8) go through a migration path.
• Drupal 6 => Drupal 8 migrations already in core; Drupal 7 => Drupal 8 in-progress
• Still in development; no UI; not officially supported
• Upgrade path (as in update.php) is for minor/patch version changes only.
• We don't support an upgrade path for D8 yet, either (need to reinstall after each beta release)
What's left for the upgrade path?
• #2341575: [meta] Provide a beta to beta upgrade path Upgrade Path Triaged Blocked In addition to the below issue, this needs a decision on when to support in core; forcing upgrade paths on all future patches will majorly slow down D8's velocity.
• #2447573: [meta] Make sure 8.x - 8.x hook_update_N() testing is possible Upgrade Path Triaged Blocker
head2head• Early Drupal 8 adopter? Get beta-to-beta
upgrades provided by contrib NOW!
https://www.drupal.org/project/head2head
Also, make sure people can move off the old stuff.
• #2030501: [meta] Ensure that Drupal 6 sites have a functional upgrade path to either Drupal 7 or 8 before Drupal 6 loses security support Triaged Resolve all critical "D7 upgrade path" issues
• #1260938: d6 to d7 update fails on file duplicates '#7061 Integrity constraint violation'
• #2456261: [META] Finalize the Migration system
What's left for Migrate?• Finalize the Migrate API
• Finish the D6 => D8 migration
• D7 => D8 content (nodes, users, taxonomy, comments) migration
• Migrate UI (https://www.drupal.org/project/migrate_upgrade)
• D7 => D8 config migration#2456261: [META] Finalize the Migration system
The final countdown
#2485119: [meta] The Drupal 8.0.0-rc1 Release Checklist
"Fix it or nix it":Alternate database support
• #2454513: [meta] Make Drupal 8 work with SQLite Triaged
• #2157455: [Meta] Make Drupal 8 work with PostgreSQL
• Until DrupalCI is deployed:
• http://d8sqlitebot.erwanderbar.de/
• http://d8pgbot.erwanderbar.de/
"Fix it or nix it":Module install/update UI
• #2352637: Remove the UI for installing/updating modules from update module if not fixed in time for release Triaged Blocked
• #2042447: Install a module user interface does not install modules (or themes) Blocker
Determine level of Migrate support in 8.0.0
• Migrate is not yet officially supported, and won't block release of Drupal 8.0.0.
• Migrate in core will be considered supported (and release-ready) when it is complete, including a UI with sound UX.
• If there are any critical issues with Migrate when Drupal 8.0.0 RC1 is ready, Migrate (or a specific migration path) will be marked as unsupported.
• Supporting those parts of Migrate will be a top priority for 8.1.0 (or whichever minor release after it's release-ready).
https://www.drupal.org/node/2313651
Update ALL the things!
• #2400407: [meta] Ensure vendor (PHP) libraries are on latest stable release Triaged
• #2203431: [meta] Various asset (JavaScript) libraries have to be updated to a (minified) stable release prior to 8.0.0 Triaged
Review 'revisit before release candidate' tag
• Some of the stuff in here:
• Intensive mobile browser testing
• Finish responsive images
• Finalize hook_help() documentation
• Finish deprecated function removal
• Finalize various release management policies
https://www.drupal.org/node/1393358
In summary• Performance
• Security
• Multilingual
• Future-proofing
• Drupal.org
• Upgrade path
• The Final Countdown
See you at the sprints!
https://events.drupal.org/losangeles2015/sprints
WHAT DID YOU THINK?EVAULATE THIS SESSION - LOSANGELES2015.DRUPAL.ORG/SCHEDULE
THANK YOU!
