Drupal and the Software Development Life Cycle (SDLC)
Ashok Modi
About me
Software Engineer
Programmer
Developer
Whatever
Contributed some open source code here and there
KISS is a great way to think about software
Just ask questions along the way
Using Drupal in unconventional ways
Building apps
100k+ custom lines of code
Connects with number of external APIs
Uses a number of AWS technologies
Well past the traditional LAMP stack
Follow OWASP S-SDLC
Technology is empowering
Drupal is empowering
Drupal is also software
We should treat Drupal as such
Drupal and the SDLC
Here I am violating the Don't Repeat Yourself (DRY) principle
Phases of building/development
Planning
Get a rough idea of how difficult a given request is
Possibly split it off into multiple parts
Get rough time cost
Analysis
Gather all requirements (Functional, Technical)
Possibly filter back to Planning if scope is too big and needs to be split up.
Get better timeline and see how it fits into project
Create tickets
Design
Figure out how feature will be built
Use modules
Use theme
External js library
Custom work
etc
Implementation
Run through plan of attack in Design phase
Write code
Go through code review
Ensure it matches requirements
Testing
Automated
Manual
Ensure nothing else broke
Ensure requirements are met by stakeholders
Sign off
Release / Maintenance
Deploy to servers
Keep it maintained
Stable
Secure
Hardest parts of software
Planning
Where do you start?
Analysis
Making sure you're headed in the right direction
Maintenance
Buildup of everything that happened in the last steps
Making sure your software continues to remain stable, secure
Drupal's Strengths
Design
Drupal is not too shabby on this front.
Build
Drupal's biggest strength due to number of modules
Custom development can be tricky
Decoupled apps, removing jquery, etc
But that is most software
Not so great
Testing
Check out Shawn's session on Practical CI and Testing
Learn PHPUnit and Behat/Codeception
Will go a long way
Weakness
Maintenance
Lots of external dependencies
Lots of tracking
Different people manage software differently
Not taking away from wholly custom development
Security holes
Everyone writes shitty code
How do I make planning easier?
Use a planning document
Lullabot has a great article on estimation
Also includes a planning document
Run estimates on next set of steps
Rough plan of attack (before analysis stage)
Google Docs, Excel are excellent at this
Basecamp, Unfuddle can do some of this as well
How do I make analysis easier?
Very collaborative
Lullabot document again goes over some of this
Involve the developers
Get their estimates, preliminary research, hours
Compare what they say
Huge deviation = requires clarification
How do I make design easier?
Planning
Come up with a plan of what needs to be done
Do any modules solve this? Hours to enable/configure?
Do any vendors solve this? Cost?
Custom work? Hours needed?
Infrastructure? Is anything custom necessary?
This may get separated into multiple tickets
Use a ticketing system
Jira, Basecamp, Unfuddle are all good options
Use the right tool
Don't use Drupal all the time
Wordpress
Laravel
Python/Ruby/Go
Squarespace/Wix
Try not to self-host
Platform, Acquia, Pantheon, etc
Story from hell #1
Client uses Drupal 7
Does not update core or contrib for over 4 years
Gets hacked
Has to spend $500 to get things sane again
Recommended move to Squarespace
How do I make implementation easier?
Lots of ways
Become an expert, for one!
Contrib versus custom work
Automated testing
Peer review to ensure code
Works
Is not too shitty
Custom code will carry you
A custom module or snippet might be just fine for your needs
Trying to contribute to complex module
Beneficial for others but you may not have time, budget constraints
Roll your own
Blog about it?
How do I make testing easier?
Learn to write tests
Could be as simple as visiting pages in your site/app
Could involve logging in and writing a lot of custom steps
https://www.drupal.org/project/drupalextension is great for that
Use external services to help you get started
Learn jenkins, set it up, etc
Or use something like Probo, codeship, bitbucket pipelines, etc
Fire on every pull request
https://slides.com/btmash/easy-testing-drupal-with-behat
How do we make maintenance easier?
Story from hell #2
Client uses Drupal Lightning
Does not stay up to date over course of year
Lightning requirements weren't pinned
Required spending over 30 hours to get back up to date
Functionality used from Lightning
< 30%
Story from hell #3
Client uses Drupal 7
Does not stay up to date over course of year
Requires over 50 hours over span of 2 weeks to get site to be compatible with PHP7
Story from hell #4
Client was upgrading Drupal 8.x to 8.(x+1)
Workflow stuffs had changed
A robust notifications module was being used
Broke
Over 1k lines of code
Analyzed old code and what was being used
Rewrote in under 80 lines of code
Use fewer modules
Bring down your list of dependencies
Do you really want a Lego bucket if you just need a 2x5 (rules module versus minor custom module)?
Do you really need Fontyourface when its a two line snippet to add to your theme library file?
Audit the modules as much as you can
Some are obviously more difficult than others
Maybe pay somebody to do that for you
Know Drupal's weak points
Versioning means different things to different people
Drupal Schema updates are pretty awesome
Entity updates are the exact opposite
Drupal tries to guess their schema change
Sometimes fails if there is content
Might have to go through Drupal module versions one by one
Might still not work
Keep custom code up to date
Know of the changes coming to Drupal
or even PHP (such as moving from PHP5 to PHP7(1,2,3,etc)
Key takeaways
Plan, plan, plan
Introduce automated testing where possible
Drupal is amazing
A tool in your toolbox
Learn some new tools!
Vet your dependencies as much as possible
Writing code is a lot of fun
Don't be afraid
Other key takeaways
Follow security groups
Drupal
CVE
Mitigate hosting related issues
Acquia
Pantheon
Platform.sh
Wordpress.com
Resources
Lullabot and art of estimation
Spreadsheet
and
how to use it
OWASP Secure-SDLC
OWASP Top 10 security issues
OWASP Mobile Top 10 security issues
Drupal site problems
(Possibly) Related camp sessions
Beginners Guide (Rick Pine)
Easily Accessible (Rain Breaw Michaels)
Intro to performance analysis (Oliver Seldman)
Getting Ready for Drupal 9 (Chris Charlton)
Configuration Management (Rick Pine)
Keeping a Drupal App Simple will make your life easy (Isaac Garcia)
Practical CI and Automated Testing (Shawn DeArmond)
A world without Features (Jen Lampton)
Thank you :)