Skip to content

Releases: drevops/vortex

1.40.2

Choose a tag to compare

@github-actions github-actions released this 09 Jul 05:45
7957832

What's new since 1.40.2

Full Changelog: 1.40.1...1.40.2

@AlexSkrypnyk

1.40.1

Choose a tag to compare

@github-actions github-actions released this 08 Jul 05:48
0a9ffdc

What's new since 1.40.1

Full Changelog: 1.40.0...1.40.1

@AlexSkrypnyk, @renovate[bot], Renovate Self Hosted and renovate[bot]

1.40.0 - Spectrum

Choose a tag to compare

@AlexSkrypnyk AlexSkrypnyk released this 01 Jul 06:50
8718f34
vortex-1400-spectrum_2

1.40.0 - Spectrum

This release standardises and hardens the Vortex tooling surface: database commands are unified under a fetch/import/export/push vocabulary, environment variables drop vendor-specific prefixes, and CI gains automated security scanning (Zizmor, Gitleaks), SSH host-key pinning, native test-result reporting, and site-wide accessibility checks. The installer can now target multiple scaffold versions and ship Single Directory Component tooling out of the box.


πŸ” Highlights

  • Automated CI security scanning
    Every project's CI lint stage now runs Zizmor static analysis of GitHub Actions workflows and Gitleaks secret scanning. Both run automatically - no configuration needed.

  • Hardened deployments with SSH host-key pinning
    Deployments can now pin the remote SSH host key instead of disabling strict host-key checking, and the GitHub Actions known_hosts is configurable per step. This closes a long-standing man-in-the-middle gap for artifact and Lagoon deployments.

  • Test results in the GitHub Checks UI
    PHPUnit and Behat results are published natively to the GitHub Checks UI, so failures surface inline on pull requests instead of only in raw CI logs.

  • Site-wide accessibility reporting
    The Behat test suite now produces a site-wide accessibility report and captures animated screenshots on failure, making regressions easier to see and triage.

  • Single Directory Components (SDC) tooling by default
    Vortex ships a sample button component, drupal/sdc_devel in require, and CI validation that fails when sdc-devel:validate reports problems - giving new projects a working SDC baseline.

  • Label-driven deployment gate
    Deployments can be gated behind a pull-request label, giving teams an explicit, auditable switch to control when a branch is allowed to deploy.

  • Unified, hardened database tooling
    The database commands were standardised and hardened: download-db became fetch-db, dedicated import-db and export-db scripts are now reused by both provision and Ahoy, and a platform-agnostic task runner backs hosting operations. See Breaking changes for the variable renames.

  • Multi-version installer
    The installer can now scaffold either the current 1.x or the upcoming 2.x line, and the documentation is versioned per major line.


πŸ’₯ Breaking changes

These changes are applied when you update to 1.40.0. Most are simple find-and-replace renames in your .env file and hosting environment variables.

  • DRUPAL_ENVIRONMENT renamed to ENVIRONMENT_TYPE. Update any references in your settings overrides, CI, and hosting environment variables.

  • VORTEX_LOCALDEV_URL renamed to LOCALDEV_URL. Update any references in your .env and local tooling.

  • Database "download" variables renamed to "fetch". All VORTEX_DOWNLOAD_DB_* and VORTEX_DOWNLOAD_DB2_* variables are now VORTEX_FETCH_DB_* and VORTEX_FETCH_DB2_* (for example VORTEX_DOWNLOAD_DB_URL β†’ VORTEX_FETCH_DB_URL, VORTEX_DOWNLOAD_DB_ENVIRONMENT β†’ VORTEX_FETCH_DB_ENVIRONMENT). Update your .env and hosting configuration. The ahoy fetch-db command keeps download-db as an alias, so scripted command calls keep working, but the environment variables must be renamed.

  • Deployment types changed. The deploy types are now artifact, webhook, and lagoon (previously code, container_registry, webhook). The container_registry deploy type was removed; container-image publishing moved to a dedicated push command and its scripts/variables were renamed from deploy to push.

  • upload-db-s3 renamed to push-db-s3. Update any custom automation that invoked the S3 upload script directly.

  • ahoy reset hard replaced by ahoy reset --hard. The bare hard positional argument is now an option flag.

  • VORTEX_LAGOON_AMAZEEIO_REGION removed. The Lagoon amazee.io trusted-host pattern was simplified and no longer needs a per-region variable.

  • Tooling scripts prefixed with vortex-. Shipped tooling scripts are now prefixed with vortex-, and user-facing ones are exposed as Composer binaries under vendor/bin/vortex-*. Update any project scripts that referenced the old unprefixed script paths.

  • PHPMD removed. PHPMD was dropped from the tooling, CI, installer, and docs. If your project relied on it, add it back locally.

  • oomphinc/composer-installers-extender removed. This abandoned package is no longer required; its functionality is covered by composer/installers.

  • Removed deprecated sid_length and sid_bits_per_character from services.yml. These keys are no longer supported by Drupal 11 core and are removed from the shipped services.yml.


What's new since 1.39.0

πŸŒ€ Template

  • ✨ New

    • [#2563] Added GitHub Actions security analysis with Zizmor. @AlexSkrypnyk (#2591)
      What it does: Runs Zizmor static analysis over the project's GitHub Actions workflows as part of the CI lint stage, flagging insecure workflow patterns.
      How to use it: Runs automatically on CI for GitHub Actions projects; no configuration needed.
    • [#2562] Added Gitleaks secret scanning to CI lint jobs. @AlexSkrypnyk (#2579)
      What it does: Scans the repository for committed secrets during the CI lint stage and fails the build when a secret is detected.
      How to use it: Runs automatically on CI; no configuration needed.
    • [#2548] Added SSH host key pinning as a secure alternative to disabling strict checking. @AlexSkrypnyk (#2587)
      What it does: Lets deployments verify the remote host against a pinned SSH host key instead of turning off strict host-key checking.
      How to use it: Provide the pinned host key via the deployment SSH variables; combined with #2632, the GitHub Actions known_hosts is configurable per step.
    • [#2566] Published PHPUnit and Behat test results to the GitHub Checks UI. @AlexSkrypnyk (#2576)
      What it does: Surfaces PHPUnit and Behat results as GitHub Checks so failures appear inline on pull requests.
      How to use it: Applies automatically to GitHub Actions projects; results appear on the PR checks tab.
    • [#2651] Added SDC tooling, a sample button component, and CI validation. @AlexSkrypnyk (#2671)
      What it does: Ships a sample Single Directory Component (button), SDC development tooling, and a CI step that validates components.
      How to use it: The sample component lives under the custom theme; CI runs sdc-devel:validate automatically.
    • [#2571] Added label-driven deployment gate to the deploy router. @AlexSkrypnyk (#2575)
      What it does: Allows a deployment to be gated behind a pull-request label so branches only deploy when explicitly approved.
      How to use it: Apply the configured deployment label to a PR to permit its deployment; controlled via the deploy gate variable.
    • [#2719] Added a platform-agnostic task runner for hosting operations. @AlexSkrypnyk (#2721)
      What it does: Introduces a single task runner that abstracts hosting-provider operations behind one entry point.
      How to use it: Hosting operations route through the new task script; no action needed for existing provision flows.
    • [#2720] Extracted a dedicated import-db script reused by provision and Ahoy. @AlexSkrypnyk (#2728)
      What it does: Provides a standalone import-db script shared by the provision flow and ahoy import-db.
      How to use it: Run ahoy import-db; provisioning uses the same script internally.
    • Added *.x version branch CI support behind VORTEX_DEV fences. @AlexSkrypnyk (#2604)
      What it does: Enables CI on *.x development branches, fenced behind VORTEX_DEV so it only affects the template's own development.
      How to use it: No action for consumer projects; this supports Vortex's multi-major development.
  • πŸ›  Changed

    • [#2726] Renamed the download-db command, variables, and installer source to fetch. @AlexSkrypnyk (#2730)
      What it does: Standardises the database-retrieval vocabulary on fetch.
      How to use it: Rename VORTEX_DOWNLOAD_DB_*/VORTEX_DOWNLOAD_DB2_* to VORTEX_FETCH_DB_*/VORTEX_FETCH_DB2_*; ahoy download-db remains an alias of ahoy fetch-db. See Breaking changes.
    • [#2733] Renamed the container-image push scripts and variables from deploy to push and dropped the container-registry deploy type. @AlexSkrypnyk (#2737)
      What it does: Separates container-image publishing (push) from deployment (deploy) and removes the container_registry deploy type.
      How to use it: Deploy types are now artifact, webhook, lagoon; use the push command for container images. See Breaking changes.
    • [#2739] Renamed upload-db-s3 to push-db-s3 and aligned tooling and playground script names. @AlexSkrypnyk (#2740)
      What it does: Aligns the S3 database upload script with the new push vocabulary.
      How to use it: Call push-db-s3 instead of upload-db-s3.
    • Renamed DRUPAL_ENVIRONMENT environment variable to ENVIRONMENT_TYPE. @AlexSkrypnyk (#2750)
      What it does: Drops the DRUPAL_ prefix from the environment-type indicator for a vendor-neutral name.
      How to use it: Replace DRUPAL_ENVIRONMENT with ENVIRONMENT_TYPE in settings, CI, and hosting variables.
    • Renamed VORTEX_LOCALDEV_URL environment variable to LOCALDEV_URL. @AlexSkrypnyk (#2748)
      What it does: Simplifies the local development URL variable name.
      **How to u...
Read more

1.39.0

Choose a tag to compare

@github-actions github-actions released this 03 Jun 11:31
d75239f
vortex-1390-photon_3

1.39.0 - Photon

This release adds opt-in visual regression testing through Diffy, extracts the Vortex shell tooling into the versioned drevops/vortex-tooling Composer package, ships accessibility test coverage out of the box, and refreshes the runtime to PHP 8.4.21 and drevops/ci-runner 26.6.0.


πŸ” Highlights

  • Visual regression testing with Diffy
    A new opt-in GitHub Actions workflow compares a deployed environment against a baseline using Diffy and gates on a PR label, so visual diffs only run when you ask for them. Source and target environments behind HTTP basic auth (Shield, htpasswd) are supported via optional credentials, and results are posted back to the PR.

  • Vortex tooling extracted into the drevops/vortex-tooling Composer package
    The shell scripts that used to live under scripts/vortex/ are now shipped as a versioned Composer package and resolved from vendor/drevops/vortex-tooling/src/. This makes the tooling independently versioned, testable, and upgradable, and keeps your project tree free of vendored framework scripts.

  • Accessibility test coverage out of the box
    A ready-to-run Behat accessibility.feature ships in the template, giving every new project a baseline accessibility check from day one.

  • Cross-tool command aliases
    Common Ahoy commands now answer to names borrowed from other tools - ahoy ssh/shell, ahoy status/describe/ps, ahoy rebuild, ahoy destroy, and ahoy fetch-db/db-download/db-fetch - so muscle memory from Docker, Make, and other stacks just works.

  • Lagoon database source defaults to the main environment
    New projects configured with a Lagoon database source now default to downloading from the main environment instead of the Acquia-oriented prod, removing a manual post-install fix for Lagoon users.

  • Faster CI through rebalanced PHPUnit test groups
    PHPUnit tests are redistributed across six balanced buckets to cut CI wall-clock time, with no change required from consuming projects.


πŸ’₯ Breaking changes

  • Custom provision scripts moved from scripts/custom/ to scripts/.
    The default VORTEX_PROVISION_SCRIPTS_DIR changed from ./scripts/custom to ./scripts, and scripts/custom is deprecated. Provisioning still auto-runs scripts with a provision- prefix and a .sh extension. Migration: move your custom scripts/custom/provision-*.sh files into scripts/, or set VORTEX_PROVISION_SCRIPTS_DIR=./scripts/custom to keep the previous location.

  • Vortex shell scripts now ship via the drevops/vortex-tooling Composer package.
    The scripts previously under scripts/vortex/*.sh have been removed from the project tree and are installed into vendor/drevops/vortex-tooling/src/. The bundled .ahoy.yml, CI configs, and deployment hooks are updated automatically by the Vortex update. Migration: update any custom references from scripts/vortex/<name>.sh to vendor/drevops/vortex-tooling/src/<name>; CI bootstraps the package with ./scripts/vortex-tooling.sh.


What's new since 1.38.0

πŸŒ€ Template

  • ✨ New

    • [#131] Added Diffy visual regression workflow with PR label gate. @AlexSkrypnyk (#2516)
      What it does: Adds a .github/workflows/test-vr.yml workflow that runs a Diffy visual comparison between a source baseline and the deployed target environment, gated behind a PR label so it only runs on demand. A companion notify-diffy tooling command posts results.
      How to use it: Enable it via the installer's visual regression prompt (ships test-vr.yml). Set the VR_DIFFY_API_KEY secret and VR_DIFFY_PROJECT_ID repository variable, then add the configured PR label to a pull request to trigger a comparison.
    • Bumped Behat dependencies to stable releases and added accessibility coverage. @AlexSkrypnyk (#2527)
      What it does: Moves Behat dependencies to stable releases and ships a ready-to-run tests/behat/features/accessibility.feature with supporting FeatureContext steps.
      How to use it: Run ahoy test-bdd (or ahoy test-bdd -- --tags=@accessibility); the feature is included automatically in new projects.
    • [#2174] Added cross-tool aliases for Ahoy commands. @AlexSkrypnyk (#2510)
      What it does: Registers familiar aliases on core Ahoy commands - rebuild (build), status/describe/ps (info), destroy (down), ssh/shell (cli), and fetch-db/db-download/db-fetch (download-db).
      How to use it: Run the alias instead of the canonical command, e.g. ahoy ssh, ahoy status, ahoy rebuild. No configuration needed.
  • πŸ›  Changed

    • Extracted Vortex shell scripts into the drevops/vortex-tooling Composer package. @AlexSkrypnyk (#2505)
      What it does: Moves all framework shell scripts out of scripts/vortex/ into the independently versioned drevops/vortex-tooling package, resolved from vendor/drevops/vortex-tooling/src/, with its own test suite.
      How to use it: No action for standard projects - the Vortex update reconciles .ahoy.yml, CI configs, and hooks. CI installs the package with ./scripts/vortex-tooling.sh. Update any custom references from scripts/vortex/<name>.sh to vendor/drevops/vortex-tooling/src/<name>.
    • Moved custom provision scripts to scripts and deprecated scripts/custom. @AlexSkrypnyk (#2539)
      What it does: Changes the default custom-provision-scripts directory from ./scripts/custom to ./scripts; scripts with a provision- prefix and .sh extension still run automatically during provisioning.
      How to use it: Move custom provision-*.sh files from scripts/custom/ to scripts/, or set VORTEX_PROVISION_SCRIPTS_DIR=./scripts/custom (default is now ./scripts).
    • Added optional HTTP basic auth credentials to the Diffy visual regression workflow. @AlexSkrypnyk (#2536)
      What it does: Lets the Diffy comparison authenticate against source and/or target environments protected by HTTP basic auth (Shield, htpasswd), forwarding credentials only when both user and password are set.
      How to use it: Optionally set the VR_SOURCE_HTTP_USER / VR_SOURCE_HTTP_PASS and VR_TARGET_HTTP_USER / VR_TARGET_HTTP_PASS repository secrets. Leave them unset for publicly reachable environments.
    • Replaced the visual regression PR comment with hide-and-recreate behavior. @AlexSkrypnyk (#2537)
      What it does: The visual regression PR comment is now hidden and recreated on each run (matching the coverage comment), so the latest result is always the most recent comment.
      How to use it: Automatic; no configuration needed.
    • Renamed region_map to regions and nested message selectors in behat.yml. @AlexSkrypnyk (#2523)
      What it does: Updates the Behat configuration to use regions and nests the message selectors under it for clearer structure.
      How to use it: Applied automatically on update; custom behat.yml overrides that referenced region_map should be renamed to regions.
    • Added patches.lock.json to the CLI Docker container. @AlexSkrypnyk (#2532)
      What it does: Copies patches.lock.json into the CLI image so Composer patches resolve deterministically during the in-container build.
      How to use it: Automatic; no action needed.
    • Added patches.lock.json to the .dockerignore whitelist and sorted entries. @AlexSkrypnyk (#2531)
      What it does: Whitelists patches.lock.json in .dockerignore so it is available to the Docker build context, and sorts the file's entries.
      How to use it: Automatic; no action needed.
    • Rebalanced PHPUnit test groups across 6 buckets to reduce CI wall-clock time. @AlexSkrypnyk (#2521)
      What it does: Redistributes PHPUnit tests into six balanced parallel groups so CI build time is more evenly split.
      How to use it: Automatic in CI; no action needed.
    • [#2518] Removed audit ignore entries for upstream-fixed twig/twig and symfony/polyfill-intl-idn CVEs. @AlexSkrypnyk (#2528)
      What it does: Drops composer audit ignore entries that are no longer needed now that the advisories are fixed upstream, restoring full audit coverage for those packages.
      How to use it: Automatic on next composer update; no configuration needed.
    • Added audit ignore entries for advisories blocking Drupal core install. @AlexSkrypnyk (#2520)
      What it does: Temporarily ignores specific advisories that otherwise blocked installing Drupal core, keeping composer audit actionable.
      How to use it: Automatic; entries are revisited as upstream fixes land.
    • Limited 'Vortex - Publish tooling' to main and vortex-tooling branches. @AlexSkrypnyk (#2508)
      What it does: Restricts the tooling-publish workflow to the relevant branches to avoid unnecessary runs.
      How to use it: Maintenance-only; no consumer impact.
  • 🐞 Fixed

    • [#2499] Fixed Jest CI failure when no tests are present. @AlexSkrypnyk (#2503)
      What it does: Prevents the Jest CI step from failing when a project has no JavaScript tests yet.
      How to use it: Automatic; no configuration needed.
    • Fixed eight small issues across Ahoy commands, installer runners, and CI workflows. @AlexSkrypnyk (#2533)
      What it does: A batch of small correctness fixes across .ahoy.yml, the installer command/process runners, and CI workflow files.
      How to use it: Applied automatically on update.
  • ⬆️ Updated

    • Updated drevops/ci-runner to 26.6.0; refreshed the CI database cache key to v26.6.0-db11. @AlexSkrypnyk
    • **Set the platform PHP ve...
Read more

1.38.0 - Prism

Choose a tag to compare

@github-actions github-actions released this 28 Apr 03:56
cd86b15
vortex-1380-prism_2

1.38.0 - Prism

This release sharpens what teams actually use day to day: JavaScript unit tests, more batteries-included Drupal modules, per-channel deployment notifications, hardened access controls on Drupal core text files, opt-in repeated configuration import, manual deploys from the GitHub Actions UI, hardened Renovate config, and a fix for the profile-fallback provisioning path. PHP 8.4 is now the runtime baseline and Lagoon containers are at 26.4.0.


πŸ” Highlights

  • JavaScript unit testing with Jest
    Jest is now configured for JavaScript modules and theme code, alongside the existing PHPUnit and Behat suites. CI runs ahoy test-js and reports coverage. Existing projects: pull the new theme dependencies (yarn install in web/themes/custom/your_site_theme/); the lint and test commands wire in automatically. New projects: it's on by default.

  • More batteries-included Drupal modules
    drupal_helpers, generated_content, testmode, and reroute_email are now part of the default module set, with environment-aware settings. reroute_email intercepts outbound mail on non-production environments using DRUPAL_REROUTE_EMAIL_ADDRESS and DRUPAL_REROUTE_EMAIL_ALLOWED (set DRUPAL_REROUTE_EMAIL_DISABLED=1 to disable). Existing projects: run composer update -W then drush pm:install drupal_helpers generated_content testmode reroute_email to enable.

  • Per-channel branch filtering for deployment notifications
    Each notification channel (Email, Newrelic, Jira, GitHub, Webhook) can now be filtered to specific branches independently. Set VORTEX_NOTIFY_<CHANNEL>_BRANCHES (e.g. VORTEX_NOTIFY_EMAIL_BRANCHES="main,develop") to restrict that channel; leave empty to fire on all branches. Existing projects: behaviour unchanged unless you set the new variables.

  • Blocked access to Drupal core *.txt and *.md files in .htaccess
    Files like web/core/CHANGELOG.txt, INSTALL.txt, README.md, and friends are now blocked at the web-server level, removing a common information-disclosure vector that fingerprints Drupal version. Existing projects: regenerate .htaccess from the template (or copy the new block from this release) and redeploy. No env vars; the protection is automatic once the file is on the server.

  • Opt-in repeated configuration import after the initial import
    Provision can now run a second drush config:import pass after the first one to settle dependent configuration that does not resolve in a single pass. Enable with VORTEX_PROVISION_CONFIG_IMPORT_REPEAT=1 (default 0). Existing projects: behaviour unchanged unless you set the variable; flip it on if your config has known cross-dependency issues.

  • Manual deploys from the GitHub Actions UI
    The deploy job now accepts workflow_dispatch inputs deploy_target (a branch name or PR-<num>) and override_db (boolean). Trigger ad-hoc deploys without pushing a commit. Existing projects: the new inputs appear in the Run workflow panel for build-test-deploy.yml; no configuration needed.

  • Hardened Renovate config
    Renovate now caps concurrent PRs, auto-merges trusted GitHub Actions updates, and labels grouped updates on the dependency dashboard. Existing projects: copy the updated renovate.json from the template. The new limits and auto-merge rules apply on the next Renovate run.

  • Fixed profile-fallback provisioning + cache rebuild after updb
    Two reliability fixes: the fallback profile install (VORTEX_PROVISION_FALLBACK_TO_PROFILE=1) now installs Shield, skips post-provision steps, and avoids a missing-tables crash; and drush cache:rebuild runs automatically after drush updb so the site renders correctly on the first request. Set VORTEX_PROVISION_CACHE_REBUILD_AFTER_DB_UPDATE_SKIP=1 to opt out (default 0 = enabled). Existing projects: applied automatically on next provision.

  • PHP 8.4 baseline
    The CLI image, Composer platform, PHPStan, and PHPCS all target PHP 8.4. Existing projects: bump composer.json config.platform.php, phpstan.neon phpVersion, and phpcs.xml testVersion to match (or copy from the template) and run lint to surface any 8.3-only patterns in custom code.


πŸ’₯ Breaking changes

  • PHP 8.4 is now required. Consumer projects pinned to PHP 8.3 must update Composer platform, PHPStan, and PHPCS configuration to PHP 8.4 before running CI on this release.

What's new since 1.37.0

πŸŒ€ Template

  • ✨ New
    • [#2394] Added Jest for JavaScript unit testing. @AlexSkrypnyk (#2418)
      What it does: Adds Jest as the JavaScript unit test runner, with coverage thresholds and CI integration matching the PHP test setup.
      How to use it: Run ahoy test-js locally; CI runs it automatically. Place tests next to the JS source under web/modules/custom/*/tests/ or web/themes/custom/*/tests/. Existing projects: pull the new yarn dependencies in the theme directory.

    • [#2401] Added drupal_helpers, generated_content, and testmode modules. @AlexSkrypnyk (#2414)
      What it does: Three modules join the default stack to support development workflows. drupal_helpers provides utility hooks; generated_content creates fixture data programmatically; testmode flags the site as being in a test mode so behaviour can branch on it.
      How to use it: After updating, run composer update -W and drush pm:install drupal_helpers generated_content testmode. Generated content fixtures live under web/modules/custom/*/src/Plugin/GeneratedContent/. Test-mode aware code can check the testmode.is_test_mode service.

    • [#2422] Added 'reroute_email' module with environment-based settings. @AlexSkrypnyk (#2431)
      What it does: Intercepts outbound mail on non-production environments using the reroute_email module, so staging or development sites do not accidentally email real users.
      How to use it: Enable the module (it's now in composer.json). Configure with DRUPAL_REROUTE_EMAIL_ADDRESS (target inbox) and DRUPAL_REROUTE_EMAIL_ALLOWED (glob pattern that bypasses rerouting). Set DRUPAL_REROUTE_EMAIL_DISABLED=1 on production to turn rerouting off.

    • [#2173] Added per-channel branch filtering for notifications. @AlexSkrypnyk (#2429, #2430)
      What it does: Each notification channel (Email, Newrelic, Jira, GitHub, Slack, Webhook) can be restricted to specific branches independently.
      How to use it: Set VORTEX_NOTIFY_<CHANNEL>_BRANCHES to a comma-separated branch list (e.g. VORTEX_NOTIFY_EMAIL_BRANCHES="main,develop"). Leave empty to fire on all branches. New Relic now defaults to main,master,develop.

    • [#2373] Blocked access to 'web/core/.txt' and '.md' files in '.htaccess'. @AlexSkrypnyk (#2420)
      What it does: Drupal core text and markdown files (CHANGELOG.txt, INSTALL.txt, README.md, etc.) are now blocked from public access at the web-server level.
      How to use it: Existing projects need to regenerate .htaccess from the template (or copy the new block) and redeploy. No env vars - the rule is unconditional.

    • [#2374] Added opt-in repeated configuration import after initial import. @AlexSkrypnyk (#2417)
      What it does: Provision can run a second drush config:import pass after the first one to settle dependent configuration that does not resolve in a single pass.
      How to use it: Set VORTEX_PROVISION_CONFIG_IMPORT_REPEAT=1 to enable (default 0). Existing projects: behaviour unchanged unless flipped on.

    • Allow to manually run deploy from GHA UI. @AlexSkrypnyk (#2405)
      What it does: The deploy workflow now accepts workflow_dispatch inputs to trigger ad-hoc deploys without pushing a commit.
      How to use it: From the Actions tab, run build-test-deploy.yml with deploy_target set to a branch name or PR-<num>, and optionally override_db: true to wipe the existing database. Lint, database, and build jobs are skipped on manual runs.

    • [#2351] Added per-step timing to 'task()' and 'pass()' functions. @AlexSkrypnyk (#2473)
      What it does: Shell scripts now print per-step timings, making it easier to spot where build and provision time is going.
      How to use it: No action needed - timings appear automatically in script output.

    • [#2444] Added 'CodeCoverageProvider' installer prompt with Codecov option. @AlexSkrypnyk (#2464)
      What it does: A new installer prompt lets you opt into Codecov as the coverage provider. CI uploads coverage reports, posts threshold summaries as PR comments, and degrades gracefully when Codecov is unavailable.
      How to use it: Re-run the installer or pick "Codecov" when prompted. Existing projects: set CODECOV_TOKEN in CI variables and copy the relevant CI block from the template.

    • [#2399] Added Behat attribute set to Rector configuration. @AlexSkrypnyk (#2416)
      What it does: Rector now understands Behat PHP attributes, so test step modernisation can run alongside the rest of the codebase.
      How to use it: Run vendor/bin/rector (or ahoy lint); no configuration needed.

    • Add content moderation in search. @AlexSkrypnyk (#2397)
      What it does: Search index integration now respects the Content Moderation state, so unpublished revisions do not leak into search results.
      How to use it: Existing projects on Search API: re-export search index config (drush cex) to pull in the moderation-state filter, or copy the relevant config from the template.

    • Added Jest test coverage and refactored demo test to use 'require()'. @AlexSkrypnyk (#2446)
      What it does: The demo Jest test now reports coverage and uses CommonJS require(), providing a w...

Read more

1.37.0 - Resonance

Choose a tag to compare

@github-actions github-actions released this 14 Mar 06:49

1.37.0 - Resonance

This release extracts demo code into a dedicated module, splits linting into a standalone CI job, restructures CircleCI config for maintainability, and includes multiple CI/CD fixes for Docker permissions, coverage reporting, and branch filtering.


πŸ” Highlights

  • Demo Module Extraction
    Demo code (counter block, deploy hooks, CSS/JS, tests) moved from ys_base into a new ys_demo module, making it easy to remove demo content from production projects.

  • Standalone Lint CI Job
    All linting tools extracted into a dedicated CI job that runs in parallel with the build, providing faster code style feedback.

  • CircleCI Config Split
    CircleCI configuration split into multiple files for better maintainability and separation of concerns.

  • CI/CD Hardening
    Fixed Docker permission warnings in GHA, improved coverage comment handling, and corrected branch filtering for feature/bugfix branches.


πŸ’₯ Breaking changes

None


What's new since 1.36.1

πŸŒ€ Template

  • ✨ New

    • [#2340] Moved demo code from ys_base to new ys_demo module. @AlexSkrypnyk (#2349)
      Demo code (counter block with CSS/JS, deploy hooks, and example tests across Unit, Kernel, Functional, and FunctionalJavascript test types) has been extracted into a dedicated ys_demo module. This makes it straightforward to remove all demo content from production projects by simply disabling one module.

    • [#2363] Added colour to ahoy confirm. @AlexSkrypnyk (#2366)
      Confirmation prompts for destructive ahoy commands now display in red with dimmed [y/N] text, making them more visually prominent and harder to accidentally dismiss.

    • [#2353] Allow running CI builds against PR branches. @AlexSkrypnyk (#2354)
      Added pull_request_target trigger to GitHub Actions workflow so that CI builds can run against PR branches. Previously, only push events to specific branches triggered builds.

    • [#2368] Switched git-artifact to download from GitHub Releases with SHA256 verification. @AlexSkrypnyk (#2370)
      The git-artifact deployment tool is now downloaded as a binary from GitHub Releases instead of being installed via Composer. Each download is verified against a SHA256 checksum, improving supply chain security and removing the Composer dependency from the deploy process.

    • Updated posting of coverage comments to replace existing comments. @AlexSkrypnyk (#2380)
      Coverage comments posted to PRs now replace the previous comment instead of creating duplicates. This uses a dedicated post-coverage-comment.sh script that finds and updates existing comments, keeping PR conversations clean.

    • Added consistent Chromium flags to Behat and PHPUnit configs. @AlexSkrypnyk (#2378)
      Added --disable-popup-blocking flag to Chrome browser arguments in both Behat and PHPUnit configurations. This ensures consistent browser behaviour across both testing frameworks and prevents popup-related test flakiness.

  • πŸ›  Changed

    • [#1571] Split CircleCI config into multiple files. @AlexSkrypnyk (#2105)
      The monolithic CircleCI config.yml has been split into config.yml, vortex-test-common.yml, and update-dependencies.yml. This reduces the main config size and makes each CI concern (project builds, Vortex integration tests, dependency updates) independently maintainable. The installer now also cleans up these internal Vortex CI files during installation.

    • [#2154] Extracted linting into standalone lint CI job. @AlexSkrypnyk (#2346)
      All linting tools (PHPCS, PHPStan, PHPMD, Rector, Twig CS Fixer, ESLint, Stylelint, Gherkin Lint) now run in a dedicated lint job that executes in parallel with the build job. This provides faster feedback on code style issues without waiting for the full build to complete.

    • [#2362] Use yield in data providers. @AlexSkrypnyk (#2367)
      Converted all PHPUnit data providers across the project to use yield statements instead of returning arrays. This improves memory efficiency for large test suites and makes data providers more readable by naming each test case inline.

    • Removed stale references to asset-packagist's installer types. @AlexSkrypnyk (#2359)
      Cleaned up leftover asset-packagist references that were no longer relevant after previous dependency changes.

  • 🐞 Fixed

    • Fixed docker permissions in GHA. @AlexSkrypnyk (#2376)
      Set DOCKER_CONFIG=/tmp/.docker at workflow level to work around the Actions runner creating /root/.docker/config.json with permissions that prevent the container from reading it (actions/runner#863).

    • Fixed pushes to feature/* and bugfix/* branches should not run CI builds. @AlexSkrypnyk (#2365)
      Removed feature/** and bugfix/** from the push trigger list. These branches should only trigger CI via pull request events, not on every push.

    • Fixed S3 upload not stopping on failed upload. @AlexSkrypnyk (#2371)
      The S3 upload script now captures the HTTP response status code and fails with an error message on non-2xx responses. Previously, upload failures were silently ignored.

    • [#2350] Fixed local settings file being included during settings unit tests. @AlexSkrypnyk (#2352)
      Added a guard to prevent settings.local.php from being loaded during unit tests. Developer-specific local settings were polluting the test environment and causing inconsistent results.

    • Fixed DB download variables inconsistencies. @AlexSkrypnyk (#2360)
      Standardised variable naming across all database download scripts (download-db-acquia.sh, download-db-s3.sh, download-db-ftp.sh, etc.) and added test coverage for the main download orchestration script.

    • Fixed migration Drupal variables not starting with DRUPAL_. @AlexSkrypnyk (#2357)
      Renamed migration-related environment variables to use the DRUPAL_ prefix, matching the project's variable naming convention.

    • Fixed coverage threshold check not storing results on low values in CI. @AlexSkrypnyk (#2372)
      When coverage values were very low, the threshold check failed to store results, causing CI job summaries to be incomplete.

    • Fixed missed pinned GHA actions not being updated with Renovate. @AlexSkrypnyk (#2375)
      Pinned shimataro/ssh-key-action to a commit SHA digest so Renovate can track and update it automatically. Previously it used a tag reference that Renovate did not manage.

    • Fixed ownership permissions warning in GHA. @AlexSkrypnyk (#2358)

    • Fixed GH test token not being passed to tests in CI. @AlexSkrypnyk (#2364)

    • [#2338] Fixed installer replacement and PHPMD discovery. @AlexSkrypnyk (#2369)
      Fixed PHPMD tool discovery logic in the installer's Tools handler and a replacement issue in the Webroot handler.

  • ⬆️ Updated


πŸŽ› Installer

  • ✨ New

    • [#2340] Added CustomModules handler for selecting custom modules during installation. @AlexSkrypnyk (#2349)
      A new installer prompt allows users to choose which custom modules (Base, Demo, Search) to include. Previously, all modules were always included. The Demo module can now be easily excluded for production projects, and the Search module selection is linked to Solr service availability.
  • πŸ›  Changed

    • [#1571] Installer now removes Vortex-internal CircleCI config files during installation. @AlexSkrypnyk (#2105)
      Internal vortex-*.yml CircleCI configs are cleaned up during installation, matching the existing cleanup of internal GHA workflows.

    • [#2340] Updated Services and ModulePrefix handlers for demo module support. @AlexSkrypnyk (#2349)
      The Services handler now conditionally includes the Solr service based on Search module selection. The ModulePrefix handler applies prefix renaming to the new demo module alongside the base module.

  • 🐞 Fixed


πŸ“– Documentation


πŸ“‹ Release checklist

  • Updated all dependencies outside of the schedule (run Renovate locally)
  • Updated container images to the latest versions and checked that @see links (v26.2.0)
  • Updated PHP version in composer.json for config.platform. (8.3.28 β†’ 8.3.30)
  • Updated PHP version in phpcs.xml for testVersion. (8.3 β€” unchanged, still on 8.3.x)
  • Updated PHP version in phpstan.neon for phpVersion. (80328 β†’ 80330)
  • Updated minor version of all packages in composer.json. (composer update -W && composer bump done)
  • Updated minor version of dependencies in theme's package.json. (yarn upgrade done)
  • Update drevops/ci-runner to the latest version in .circleci/config.yml and `.github/workflows/build-test-deploy....
Read more

1.36.1

Choose a tag to compare

@github-actions github-actions released this 05 Mar 02:40
ddf8061

What's new since 1.36.0

Full Changelog: 1.36.0...1.36.1

@AlexSkrypnyk, @renovate[bot] and renovate[bot]

1.36.0

Choose a tag to compare

@github-actions github-actions released this 19 Feb 23:54
0de6f38

1.36.0 - Phase

This release makes Vortex AI-native, migration-ready, and more production-safe by introducing structured agent support, CI-testable migrations, full-stack JS testing, hardened provisioning, and improved CI/infrastructure capabilities.


πŸ” Highlights

  • Migration Framework Integration
    Added secondary database support during provisioning to import existing sites and run migrations in a controlled, CI-testable sequence.

  • AI-Native Development Support
    Introduced AGENTS.md and an AI-friendly installer with structured schema and validation flags, enabling reliable non-interactive and agent-driven workflows.

  • Functional JavaScript Testing
    Enabled browser-based Functional JS tests via a Chrome container, extending Vortex’s full-stack automated testing capabilities.

  • Safer, More Reliable Provisioning
    Prevent config imports from overriding database updates and simplified provisioning logic to use direct Drush commands.

  • Improved CI & Infrastructure Flexibility
    Added S3 database download support, surfaced coverage thresholds in CI summaries, and improved artifact handling for better visibility and debugging.


πŸ’₯ Breaking changes

None.


What's new since 1.35.3

πŸŒ€ Template

  • ✨ New

    • [#1642] Added support for migrations. @AlexSkrypnyk
      A secondary database can now be used during provisioning to import an existing Drupal site's database dump, and then run the migration commands in a pre-defined order. This allows to test migrations locally and in CI.

    • [#1968] Added a fallback for installing from profile if the DB is not available during provision. @AlexSkrypnyk (#2294)
      When setting up a project in an environment where the database is not available, a "seed" databases is needed. But the environment not exist to seed that database. This change allows to use a Drupal profile to provision a seed database in the environment, and later override it with the real one.

    • [#1654] Added a check that config import does not override database updates during provision. @AlexSkrypnyk (#2304)
      Updated modules may bring databased updates via update hook. When the provision runs, the config import runs after these database updates, and may revert them. This change allows to check the configs before and after import and fail the provision if there are changes that may indicate that database updates were reverted.

    • [#532] Added support for Functional JS tests. @AlexSkrypnyk (#2300)
      Functional JS tests can now run using the Chrome container. The setup is similar to existing Behat configuration.

    • Added support for all AI agents + docs. @AlexSkrypnyk (#2272)
      Vortex now has AGENTS.md file that provides instructions for AI agents on how to work with projects based on Vortex, including how to read generic documentation from https://www.vortextemplate.com/docs, and project-specific documentation from the project's docs/ directory. This allows teams to document only the project-related specifics and let AI agents use the generic documentation for all the common tasks.

    • [#699] Added support for downloading DB from S3. @AlexSkrypnyk (#2256)
      Added AWS S3 bucket as a new source of the database dump storage. This is useful for when the database dump cannot be sourced directly from the production environment and is stored in the intermediary location, such as S3.

    • [#1913] Allow to modify Drush PHP runtime configuration. @AlexSkrypnyk (#2268)
      This allows to provide a custom drush.ini file with PHP configuration targeted for Drush commands. This is useful for commands that require more memory or longer execution time.

    • [#2198] Added support for ACME challenge in Shield. @AlexSkrypnyk (#2254)
      This allows to use Let's Encrypt certificates with Shield module by bypassing ACME challenge endpoint /.well-known/acme-challenge/*.

    • [#1979] Added support for xmlsitemap module for sitemap.xml generation. @AlexSkrypnyk (#2264)
      This allows to generate sitemap.xml file, which every website should have.

    • Added coverage threshold to CI job summary. @AlexSkrypnyk (#2251)
      Coverage threshold existed before, but it was only visible in the logs. Now it is also added to the CI job summary, so it is more visible and easier to track.

    • Added config to Renovate to update root FE deps. @AlexSkrypnyk (#2278, #2277)
      Renovate was configured to manage PHP, Docker and GitHub Action dependencies, but not the NPM dependencies used for module development. This change adds the root package.json to Renovate's scope, so that it can keep the FE dependencies up to date as well.

  • πŸ›  Changed

    • Simplified provision to use direct commands rather than drush:deploy. @AlexSkrypnyk (#2303)
      We used both drush:deploy and direct Drush commands in the provision script based on whether the configuration files were present or not. This change simplifies the logic by always using direct Drush commands, which are more straightforward and easier to maintain.

    • Added missing namespaced variables to Vortex scripts. @AlexSkrypnyk (#2267)
      Namespaced variables are variables that have a specific prefix to indicate that they are used in a context of a specific script. This allows to target variables more precisely. Some of the scripts did not have namespaced variables, which made certain overrides impossible. This change fixes that.

    • Removed the Docker builder cache to free up CI container space. @AlexSkrypnyk (#2290)
      In some edge cases, the container could run out of space due to the builder cache, which is not needed in CI and can be safely removed.

    • Disabled Renovate for development .vortex files. @AlexSkrypnyk (#2285)
      These dependencies are locked and managed manually.

    • [#2202] Updated Acquia settings to use env variables to include the cloud setting file. @AlexSkrypnyk (#2260)
      Prior to this change, the Acquia settings file was included using the project details specified as strings in the settings.acquia.php file, making it less upgradable.

    • Increased test coverage for Acquia env settings. @AlexSkrypnyk
      Some of the code paths in Acquia settings were not covered by tests, which made it more difficult to maintain and refactor. This change adds more tests to cover these paths.

    • [#1976] Upload SUT test artifacts in vortex-test-workflow CI. @AlexSkrypnyk (#2255)
      This allows to have access to the test artifacts produced by the SUT tests, such as screenshots and logs, which can be useful for debugging test failures.

  • 🐞 Fixed

    • [#2270] Fixed follow-up deployments to mark deployment in GitHub as inactive. @AlexSkrypnyk (#2299)
      This was making follow-up deployments of peer PRs to mark the deployments of the other PRs as inactive. The fix was to correctly name the deployment in GitHub after the PR number or branch.

    • [#2261] Fixed Acquia settings to allow DRUPAL_CONFIG_PATH override independently of config_vcs_directory. @AlexSkrypnyk (#2263)
      This fixes the issues where the config sync directory in Acquia could be overridden with a value from DRUPAL_CONFIG_PATH environment variable only if $settings['config_vcs_directory'] existed. After this fix, the DRUPAL_CONFIG_PATH variable can be used to override the config sync directory in Acquia regardless of the presence of config_vcs_directory setting.

    • Fixed incorrectly prefixed environment variables. @AlexSkrypnyk (#2265)
      Renamed VORTEX_DB_<ACTION>_* to VORTEX_<ACTION>_DB_* for consistency with other variables.

    • Fixed SIGPIPE (exit code 141) in CI coverage threshold check caused by head -1 closing pipe under pipefail. @AlexSkrypnyk (#2289)

    • [#1219] Fixed tag deployment mode skip in Lagoon deploy script. @AlexSkrypnyk (#2301)
      Prior to this change, the tag deployment wouldbe triggered from CI and hiy Lagoon, which would respond with an error, causing the CI job to fail.

    • [#2249] Changed Renovate rangeStrategy to bump. @AlexSkrypnyk (#2250)
      This fixes Renovate configuration to also update composer.json when bumping dependencies. Not adding this earlier when we switched to using "bumping" of versions in composer.json was an oversight.

  • ⬆️ Updated


πŸŽ› Installer

  • ✨ New
    • [#2302] Added support for prompts schema to make the installer AI-friendly. @AlexSkrypnyk (#2306)
      AI agents now can use --schema flag to get structured information about the installer options, requirements and steps, and use it to run the installer in a non-interactive way.
      They can also use --validate flag to validate the config before running the installer.
      There is also a new --agent-help flag that provides detailed information about the installer's commands and options. This is useful for AI age...
Read more

1.35.3

Choose a tag to compare

@github-actions github-actions released this 05 Feb 00:30

What's new since 1.35.2

Full Changelog: 1.35.2...1.35.3

@AlexSkrypnyk, @renovate[bot] and renovate[bot]

1.35.2

Choose a tag to compare

@github-actions github-actions released this 14 Jan 23:52

What's new since 1.35.1

Full Changelog: 1.35.1...1.35.2

@AlexSkrypnyk, @renovate[bot] and renovate[bot]