Commerce Kickstart

Commerce Kickstart Covered for SA-CORE-2018-002

On March 21st 2018, the Drupal security team posted a public service announcement that Drupal core would be receiving a security release. The vulnerability affected Drupal 6, Drupal 7, all versions of Drupal 8, and Backdrop (a fork of Drupal during the rewrite to version 8.) On March 28th that security release landed, and the Drupal world went scrambling to apply updates. As maintainers of Commerce Kickstart we have to be conscious of Drupal core releases, especially security ones.

Release bash commands

In preparation for the upcoming security release, we had patches ready to commit. Since there would be no other Drupal core releases before the security update, we could make our prepared changes ahead of time and push them once the releases landed. Within minutes of the security release dropping and the Git backend for drupal.org becoming available, the release tags were pushed.

For our Pantheon users, our first step was to merge in Pantheon’s Drupal 7 upstream and receive the Drupal core security fix. Once the packaging system of drupal.org built the Commerce Kickstart 2.53 release, we pushed that out as well.

All in all, by 3PM CDT the drupal.org releases for Commerce Kickstart 1.51 and 2.53 were out. We experienced some packaging issues due to a malicious attack hitting drupal.org during the security announcement and a backed up packaging queue. However, we monitored chat channels and communicated the process throughout.

Thanks to the Drupal Security and Infrastructure teams for handling this release and all the stress they endured.

What's the plan for Commerce Kickstart on Drupal 8?

When Commerce Guys raised $5m in 2012 to grow Drupal Commerce and its ecosystem, we invested a big chunk of it in improving our user experience for both customers and administrators. With competing platforms like Shopify and Magento really coming into their own, we knew it was essential to provide a solid out-of-the-box experience. While Drupal Commerce was and is truly unique as an eCommerce framework natively extending and deeply integrated into a CMS, it turns out "flexibility" doesn't pitch nearly as well as a polished demo.

Investing in Drupal Commerce adoption

The product we developed to address that need is Commerce Kickstart, by far the most popular Drupal distribution ever built. I named it such to underscore the fact that we intended it to be an accelerator, both for Drupal Commerce's own adoption but also for newcomers wondering how to demo and develop with the software. At its height, we supported over 13,000 sites reporting in to drupal.org, and we continue to see new sites launch with it to this day.

Building the distribution proved to be a fantastic learning experience. The project drove improvements that worked their way into many contributed modules and Drupal core itself (e.g. contributions to Views, VBO, Entity Reference, Inline Entity Form). Its broad appeal also gave us a platform to invite Technology Partners to invest in the community in a way that Drupal hadn't seen before, many of whom continue to invest in Drupal today (e.g. Authorize.Net, PayPal, Avalara).

It was a ton of work, but Bojan, Jonathan, and their team accomplished everything we set out to do and more. With the release of Commerce 2.0 last fall, we now find ourselves regularly fielding the question, "What's the plan for Commerce Kickstart on Drupal 8?" The reality is, porting Commerce Kickstart as it is to Drupal 8 would be both too costly for our team today and a poor strategy for the way the Drupal market is developing. We're doing something new again.

Accelerating adoption today

Another frequent question we field is, "Why does Drupal Commerce require Composer?" Composer is often highlighted as a barrier to Drupal 8 adoption, and I can understand why. I always felt the same way about drush. I had a UI; why did I need a CLI? I had my process and never had to battle the command line to make sure drush worked, was up to date, and did what I expected. I always felt that way ... until I buckled down and learned it. Now I can't imagine using Drupal without it.

I felt the same about Composer at first, but I was determined to learn how to use it as I learned Drupal 8 and modern PHP in general. I know I'm not the only person suffering from tool fatigue (cf. Dries ; ), so we're doing what we can to help you ease into using Composer on your own terms.

We started by releasing Ludwig last summer, a Drupal project that lets you manage Composer dependencies similarly to the familiar Libraries module. We also expanded and documented a Composer project template that lets you create a new Commerce 2.x site with composer create-project, and we then began planning how to let users customize a project template via the browser while prototyping a GUI for Composer.

With today's release of the new CommerceKickstart.com, developed in partnership with Acro Media (thanks to Shawn McCabe, Mike Hubbard, et al), we're taking the next step!

Commerce Kickstart for Drupal 8

What you'll find there is that Commerce Kickstart has been reimagined for Drupal 8 rather than rebuilt on Drupal 8. The quickest way to get up and running with Drupal Commerce today is not through a distribution as it was 6 years ago, it's through Composer. This is the tool for modern PHP developers, and we see prioritizing Composer while also making it simpler to use as essential to growing Drupal Commerce adoption both from without and within the Drupal community.

While still in its infancy, CommerceKickstart.com presents a form that lets you construct a Composer JSON file ready-made to support Commerce 2.x and the contributed modules you specify. Module categories include payment and shipping providers, product catalog and search tools, data migration, and more. As with Commerce Kickstart 2.x, it features Technology Partners whose modules we have integrated into Commerce 2.x, and we expect the selection to continue expand.

Future plans for the tool include clarifying and improving the tool's usability, adding additional modules and Technology Partners, and evolving it to continue to lower the barrier to entry for new Composer users. If you give it a whirl, we'd love to hear your ideas as well in the Commerce Kickstart issue queue.

Commerce Kickstart : Visualizing the birth of a distro



Collaboration in open source is a key element to why it is so successful. You can see the effect of enabling collaboration in this video. In the first minute, it is just a couple guys working on the software. But then, they open a new branch, and invite the whole world to help contribute, and you see a swarm of activity that results as people cooperate and collaborate on building something that benefits everyone.

 

Subscribe to Commerce Kickstart
X
In 2019 Commerce Guys rebranded to Centarro.

Change is at the center of eCommerce, but our team and mission remain the same.

Our consulting, development, and support offerings apply our expertise to help you adapt to change and grow.

Find us now at: https://www.centarro.io