Automate Drupal updates effortlessly with GitHub Actions!

One of the least favorable things to do is always to keep up to date with Drupal core and all third-party Drupal-contributed modules. 
Tracking every release is impossible. Project teams usually set up some processes based on a weekly/monthly basis where they perform regular upgrades. If you miss performing them over some time, even minor releases can be painful because you deal with dozens of them.

To mitigate this problem and try to automate as much as possible, we now use a "Drupal Composer updates" GitHub action for our projects.

What this GitHub action does:

  • it checks for outdated projects within a namespace drupal/*
  • it updates dependencies based on the provided update type
    • semver-safe-update - minor and security updates
    • all - tries to perform security, minor, and major upgrades
  • provides a Markup formatted table with the status of each project
  • optionally, you can create PR on GitHub using this action 
  • the script can be run outside Github; you can quickly adapt it to any other CI/CD tool

The main goal for us was to run this action on a scheduled daily basis, and to have an overview of what is updated, and whether any patches need to be reviewed. 

Most importantly, to automate incremental updates to be run as often as possible. So that our upgrades, in most cases, are minor, and easy to review. And, with that, it is more effortless to merge.

The setup is pretty straightforward. Grabbing an example from the project page, we set our GitHub action to run like this.

Provided example does the following:

  • runs Drupal Composer updates with "Drupal Composer updates" GitHub action
  • create a PR with the updated composer.lock in a branch drupal-automated-updates

You can customize pull requests to your needs. See here all the options available.

name: Automated Drupal updates
    - cron: '0 0 * * *'
    runs-on: ubuntu-latest
      - uses: actions/checkout@v2
      - name: Check updates
        id: updates
        uses: valicm/drupal-update@v4
      - name: create pull-request
        uses: peter-evans/create-pull-request@v5
          token: ${{ secrets.MY_PERSONAL_TOKEN }}
          commit-message: Automated Drupal updates
          title: Automated Drupal updates
          body: ${{ env.DRUPAL_UPDATES_TABLE }}
          branch: drupal-automated-updates
          delete-branch: true