Drupal and the Software Development Life Cycle (SDLC)

Ashok Modi

About me

  • Software Engineer
    • Programmer
    • Developer
    • Whatever
  • Contributed some open source code here and there
  • KISS is a great way to think about software
  • Just ask questions along the way

Using Drupal in unconventional ways

  • Building apps
    • 100k+ custom lines of code
    • Connects with number of external APIs
    • Uses a number of AWS technologies
      • Well past the traditional LAMP stack
      • Follow OWASP S-SDLC

Technology is empowering

Drupal is empowering

Drupal is also software

We should treat Drupal as such

Drupal and the SDLC

Here I am violating the Don't Repeat Yourself (DRY) principle

Phases of building/development

Planning

  • Get a rough idea of how difficult a given request is
    • Possibly split it off into multiple parts
    • Get rough time cost

Analysis

  • Gather all requirements (Functional, Technical)
    • Possibly filter back to Planning if scope is too big and needs to be split up.
    • Get better timeline and see how it fits into project
    • Create tickets

Design

  • Figure out how feature will be built
    • Use modules
    • Use theme
    • External js library
    • Custom work
    • etc

Implementation

  • Run through plan of attack in Design phase
  • Write code
    • Go through code review
    • Ensure it matches requirements

Testing

  • Automated
  • Manual
  • Ensure nothing else broke
  • Ensure requirements are met by stakeholders
    • Sign off

Release / Maintenance

  • Deploy to servers
  • Keep it maintained
    • Stable
    • Secure

Hardest parts of software

  • Planning
    • Where do you start?
  • Analysis
    • Making sure you're headed in the right direction
  • Maintenance
    • Buildup of everything that happened in the last steps
    • Making sure your software continues to remain stable, secure

Drupal's Strengths

  • Design
    • Drupal is not too shabby on this front.
  • Build
    • Drupal's biggest strength due to number of modules
    • Custom development can be tricky
      • Decoupled apps, removing jquery, etc
      • But that is most software

Not so great

  • Testing
    • Check out Shawn's session on Practical CI and Testing
    • Learn PHPUnit and Behat/Codeception
      • Will go a long way

Weakness

  • Maintenance
    • Lots of external dependencies
    • Lots of tracking
    • Different people manage software differently
  • Not taking away from wholly custom development
    • Security holes
    • Everyone writes shitty code

How do I make planning easier?

Use a planning document

  • Lullabot has a great article on estimation
    • Also includes a planning document
      • Run estimates on next set of steps
      • Rough plan of attack (before analysis stage)
    • Google Docs, Excel are excellent at this
      • Basecamp, Unfuddle can do some of this as well

How do I make analysis easier?

Very collaborative

  • Lullabot document again goes over some of this
    • Involve the developers
      • Get their estimates, preliminary research, hours
      • Compare what they say
        • Huge deviation = requires clarification

How do I make design easier?

Planning

  • Come up with a plan of what needs to be done
    • Do any modules solve this? Hours to enable/configure?
    • Do any vendors solve this? Cost?
    • Custom work? Hours needed?
    • Infrastructure? Is anything custom necessary?
  • This may get separated into multiple tickets
  • Use a ticketing system
    • Jira, Basecamp, Unfuddle are all good options

Use the right tool

  • Don't use Drupal all the time
    • Wordpress
    • Laravel
    • Python/Ruby/Go
    • Squarespace/Wix
  • Try not to self-host
    • Platform, Acquia, Pantheon, etc

Story from hell #1

  • Client uses Drupal 7
    • Does not update core or contrib for over 4 years
    • Gets hacked
    • Has to spend $500 to get things sane again
  • Recommended move to Squarespace

How do I make implementation easier?

Lots of ways

  • Become an expert, for one!
  • Contrib versus custom work
  • Automated testing
  • Peer review to ensure code
    • Works
    • Is not too shitty

Custom code will carry you

  • A custom module or snippet might be just fine for your needs
    • Trying to contribute to complex module
      • Beneficial for others but you may not have time, budget constraints
    • Roll your own
      • Blog about it?

How do I make testing easier?

Learn to write tests

  • Could be as simple as visiting pages in your site/app
  • Could involve logging in and writing a lot of custom steps
  • https://www.drupal.org/project/drupalextension is great for that

Use external services to help you get started

  • Learn jenkins, set it up, etc
  • Or use something like Probo, codeship, bitbucket pipelines, etc
    • Fire on every pull request
  • https://slides.com/btmash/easy-testing-drupal-with-behat

How do we make maintenance easier?

Story from hell #2

  • Client uses Drupal Lightning
    • Does not stay up to date over course of year
  • Lightning requirements weren't pinned
  • Required spending over 30 hours to get back up to date
  • Functionality used from Lightning
    • < 30%

Story from hell #3

  • Client uses Drupal 7
    • Does not stay up to date over course of year
    • Requires over 50 hours over span of 2 weeks to get site to be compatible with PHP7

Story from hell #4

  • Client was upgrading Drupal 8.x to 8.(x+1)
  • Workflow stuffs had changed
  • A robust notifications module was being used
    • Broke
    • Over 1k lines of code
  • Analyzed old code and what was being used
    • Rewrote in under 80 lines of code

Use fewer modules

  • Bring down your list of dependencies
    • Do you really want a Lego bucket if you just need a 2x5 (rules module versus minor custom module)?
    • Do you really need Fontyourface when its a two line snippet to add to your theme library file?
  • Audit the modules as much as you can
    • Some are obviously more difficult than others
      • Maybe pay somebody to do that for you

Know Drupal's weak points

  • Versioning means different things to different people
  • Drupal Schema updates are pretty awesome
    • Entity updates are the exact opposite
      • Drupal tries to guess their schema change
      • Sometimes fails if there is content
    • Might have to go through Drupal module versions one by one
      • Might still not work

Keep custom code up to date

  • Know of the changes coming to Drupal
    • or even PHP (such as moving from PHP5 to PHP7(1,2,3,etc)

Key takeaways

  • Plan, plan, plan
  • Introduce automated testing where possible
  • Drupal is amazing
    • A tool in your toolbox
    • Learn some new tools!
  • Vet your dependencies as much as possible
  • Writing code is a lot of fun
    • Don't be afraid

Other key takeaways

  • Follow security groups
  • Mitigate hosting related issues
    • Acquia
    • Pantheon
    • Platform.sh
    • Wordpress.com

Resources

(Possibly) Related camp sessions

  • Beginners Guide (Rick Pine)
  • Easily Accessible (Rain Breaw Michaels)
  • Intro to performance analysis (Oliver Seldman)
  • Getting Ready for Drupal 9 (Chris Charlton)
  • Configuration Management (Rick Pine)
  • Keeping a Drupal App Simple will make your life easy (Isaac Garcia)
  • Practical CI and Automated Testing (Shawn DeArmond)
  • A world without Features (Jen Lampton)

Thank you :)