Drupal Core Initiative Meetings Recap - August 19th-23rd, 2019

Drupal Core Meetings August Week 4 Recap

Our lead community developer, Alona Oneill, has been sitting in on the latest Drupal Core Initiative meetings and putting together meeting recaps outlining key talking points from each discussion. This article breaks down highlights from meetings this past week. You'll find that the meetings, while also providing updates of completed tasks, are also conversations looking for community member involvement. There are many moving pieces as things are getting ramped up for Drupal 9, so if you see something you think you can provide insights on, we encourage you to get involved.

We've had some gaps in August with limited meetings, so we're happy to be back in the swing of things and reporting a lot of great updates.

Drupal 9 Readiness (08/19/19)

Meetings are for core and contributed project developers as well as people who have integrations and services related to core. Site developers who want to stay in the know to keep up-to-date for the easiest Drupal 9 upgrade of their sites are also welcome.

  • It usually happens every other Monday at 18:00 UTC.
  • It is done over chat.
  • Happens in threads, which you can follow to be notified of new replies even if you don’t comment in the thread. You may also join the meeting later and participate asynchronously!
  • Has a public Drupal 9 Readiness Agenda anyone can add to.
  • The transcript will be exported and posted to the agenda issue.

Symfony development updates

Composer initiative issues affecting D8 and D9

Simpletest deprecation process

The active issue [meta] How to deprecate Simpletest with minimal disruption is one of the biggest deprecations in Drupal 8 while being one of the least trivial to update for, however, work on it is still a priority. 

Composer in Core meeting 08/21/19

  • It usually happens every other Wednesday at 15:30 UTC.
  • It is for contributors to the composer initiative in core who are working on improving drupal's relationship with composer.
  • It is done over chat.
  • Happens in threads, which you can follow to be notified of new replies even if you don’t comment in the thread. You may also join the meeting later and participate asynchronously!
  • Has a public migration meeting agenda anyone can add to.
  • The transcript will be exported and posted to the agenda issue.
  • For anonymous comments, start with a bust in silhouette emoji. To take a comment or thread off the record, start with a no entry sign emoji.

Scaffold files in core

The issue Add core scaffold assets to drupal/core's composer.json extra field is currently waiting on committer attention.

File security component

The issue Add drupal/core-filesecurity component for writing htaccess files has been fixed.

Relocate the scaffold plugin

The issue Relocate Scaffold plugin outside of 'core' directory has also been fixed.

Vendor Hardening Plugin

The issue Add Composer vendor/ hardening plugin to core is ready to be reviewed.

Template files

We have the current template files but still needed are the scaffold files as well as the vendor hardening plugin. Then we will be able to make a template that can be used to make a tarball.

Drupal.org changes to support this

  • Change packaging so that it can package 8.7.x the old way and 8.8.x the new way using composer to create a project.
  • Add a variant of the tool that Webflow uses to generate the drupal/core-pinned-dependencies and drupal/core-development-dependencies into the drupal.org jenkins workflow that publishes those 'somewhere'.

Optionally supporting composer.json for extensions

The issue [PP-3] Provide optional support for using composer.json for dependency metadata still needs work done on it.

Core cross-initiative meeting 8/22/2019

Migrate

Status

  • On 8/21 we discussed the best course of action to resolve.
  • We hoped to deprecate the Drupal 6 migrations and move them to contrib, but we do not have a way to validate how to make deprecations.
  • V Spagnolo has been working on several issues and they are all advancing well.
  • Nathaniel Catchpole shared some criteria for getting into 9.0-beta1.
  • Good progress has been made on multilingual (biggest blocker right now).
  • Multilingual components must land before 9.0-beta1, thankfully the initiative as a whole is pretty stable.

Blockers (Drupal 6 Deprecations)

  • Needs release manager sign-off on the plan to get deprecation made.
  • Plan for moving those elements deprecated into contrib projects.

Next Steps

  • Need release manager criteria for making the multilingual migration stable.
  • Need release manager review on deprecation plan.
    • Need to document it, our target this week.
    • Need sign off on this and what we’ll do next, the target being next week. 
    • Need a way to get deprecated items into contrib. 
      • Are there any dependencies to deprecate items? Do we have to have them in contrib first?

Auto Updates

Status

  • Contrib Alpha-1 was released this week, it includes:
    • Notifying site owners when a public safety announcement has been released by the security team.
      • Optionally this can be done via email, or in a set message on the page (similar to existing alerts).
    • 8 or so readiness checks to determine if your site can be automatically updated.
    • The above features are available in drupal 7 and 8.
    • Signature signed package now on packagist (dev-master), credit to MWDS folks.
      • This will ensure that MITM attacks are not possible because files are known.
      • This is a base that actual automated updates will rely on.
      • Timelines in the initiative update are still accurate.
      • No impact on 8.8, if added they will be new features on the update module.
      • More user-testing is needed for the PSA. We would like it to be in 8, but it could be in contrib in the meantime. The module is future-proofed enough to disable in contrib when it comes time to enable in core.

Blockers

There are currently no blockers.

Next Steps

  • Following the PSA there will be the beta release and user testing.
  • The core release is targetting 8.9?

CMI2

Status

  • The API patch was committed since the last call, it’s in an experimental module.
  • By the 8.8 feature freeze, the UI portion of the module will not yet be ready.
  • This means we can’t release it in core until 9.1.

Blockers

  • Resources are limited, the patch is large, and more people are needed to help with other aspects of the tool (maybe at Drupalcon Amsterdam).
  • The plan requires the release manager review & discussion.

Next Steps

  • Requires sign off for accessibility on WYSIWYG.
  • Two views issues fixed for content moderation.

Drupal 9

Status

Blockers

There are currently no blockers.

Next Steps

Continue working on Symfony4, Drupal 8 not using deprecated API’s and multi-version compatibility Symfony3 requirements to open the Drupal9 branch.

Claro

Status

  • We have made progress to the critical global issues, mini pager, messages, and others are not completed but are looking likely to land. Some specific one-off pages are most at risk.
  • Targeting 8.8 release, but hoping to descope some things to meet this goal.
  • Authoring components still need designs, hoping to get that work done to get into beta for 8.8
  • Roadmap to stabilize Claro.

Blockers

There are two issues the release manager needs to review.

Next Steps

Composer (Much of the information here was covered in the Composer meeting on 8/21)

Status 

  • Moving well, major patches are in which are focused on bells and whistles that will make the experience better.
    • One major patch changed core development workflow there have been no complaints so far (requires composer 1.9 if you’re working w/ 8.8 repo).
  • Scaffolding plan today requires some duplication of some files. It still needs to be confirmed with the core team.
  • Vendor core clean up plugin now strips out all the testing files from the vendor directory and makes sure there is an htaccess file, this is now a vendor hardening plugin. Waiting to be committed.
  • After the scaffolding and vendor hardening plugin are complete we can create a template that will generate a tarball that is composer ready.

Blockers

There are two patches waiting to be committed. 

Next Steps

Demo

Status