Updater initiative status report: December 25, 2021

During 2021, a group of contributors worked to update the WordPress updaters and add some features to make auto-updates safer and dependencies more reliable.

The expected outcomes were outlined in this post in May 2021.

Outcomes 1 and 2 – Make sure the zips download and unpacking are safe and create a mechanism to rollback pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party & theme updates in case of failure

The two goals were solved with one solution, which was merged in Core in September. However, due to some failures on the Chassis/Vagrant development environment, the feature, along with other related tickets, was reverted during WordPress 5.9 Beta period.

Next steps

For the feature ready to be shipped with WordPress 6.0, the discovered issue with Chassic/Vagrant should be resolved. Outreach to hosting companies needs to be done to ensure production environments will behave as expected.

Help required – Hosting companies

Would it be possible to get a hosting company to set up different environments to test the patchpatch A special text file that describes changes to code, by identifying the files and lines which are added, removed, and altered. It may also be referred to as a diff. A patch can be applied to a codebase for testing. in multiple scenarios? Including testing on shared servers from hosting providers who aggressively throttle resources.

Outcome 3 – Have managed updates (database migrations)

@aristath did a first exploration, but nothing substantial was presented to the other contributors yet.

Next steps

Evaluate if this is beneficial for plugin developers and create user stories before writing code, to make sure the solution addresses a specific, shared problem.

Outcome 4 – Create a unified JSONJSON JSON, or JavaScript Object Notation, is a minimal, readable format for structuring data. It is used primarily to transmit data between a server and web application, as an alternative to XML. convention for requirements and dependencies

After a lot of conversations, the contributors moved away from a JSON file in favor of a “Requires Plugins” headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes. based on feedback to this PR. Then, they focused on adminadmin (and super admin) UIUI User interface improvements using that header to solve what appears to be the most common use case: protect the user from fatal errors when installing a plugin without the required dependencies and guide them to complete the installation.

Looking back at the conversations (TracTrac An open source project by Edgewall Software that serves as a bug tracker and project management tool for WordPress. and SlackSlack Slack is a Collaborative Group Chat Platform https://slack.com/. The WordPress community has its own Slack Channel at https://make.wordpress.org/chat/.) it looks like there is not enough clarity on the best possible method to solve the user issue, or what “dependencies” mean (soft vs. hard dependencies).

For plugin developers, the main issue is to avoid different plugins introducing implementations to check for the existence of dependencies and take appropriate actions. This is, in fact, something that is already happening. The problem is solved by each plugin developer. Would it be possible to solve it with a unified convention?

For end-users, the issue is with add-ons. For them to work, they need another plugin to be activated. If plugin and theme developers don’t properly check for the existence of plugins before using them, there is a risk of getting fatal errors on the user site.

Next steps

@peterwilsoncc suggested proposing a feature project. Right now, there is a Google Document with some notes about the solutions but the problem and the why are missing. This project is not tied to a release right now since it is still in the discovery phase.

  • Evaluate the problem from the point of view of plugin developers. Is it beneficial to have a unified solution for CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. or does it not make a difference? Help from the plugin team and plugin authors is needed.
  • Write the user stories from the end-of-user point of view.
  • Write a proposal for a feature project with the findings from the two explorations.

Do you want to help?

If you want to help, please join the #core-auto-updates chats, Tuesdays at 5PM UTC in 2022.


Thank you @francina and @aristath for the peer review.