Planet Drupal

Commerce Kickstart Covered for SA-CORE-2018-002

On March 21st 2018, the Drupal security team posted a public service announcement that Drupal core would be receiving a security release. The vulnerability affected Drupal 6, Drupal 7, all versions of Drupal 8, and Backdrop (a fork of Drupal during the rewrite to version 8.) On March 28th that security release landed, and the Drupal world went scrambling to apply updates. As maintainers of Commerce Kickstart we have to be conscious of Drupal core releases, especially security ones.

Release bash commands

In preparation for the upcoming security release, we had patches ready to commit. Since there would be no other Drupal core releases before the security update, we could make our prepared changes ahead of time and push them once the releases landed. Within minutes of the security release dropping and the Git backend for drupal.org becoming available, the release tags were pushed.

For our Pantheon users, our first step was to merge in Pantheon’s Drupal 7 upstream and receive the Drupal core security fix. Once the packaging system of drupal.org built the Commerce Kickstart 2.53 release, we pushed that out as well.

All in all, by 3PM CDT the drupal.org releases for Commerce Kickstart 1.51 and 2.53 were out. We experienced some packaging issues due to a malicious attack hitting drupal.org during the security announcement and a backed up packaging queue. However, we monitored chat channels and communicated the process throughout.

Thanks to the Drupal Security and Infrastructure teams for handling this release and all the stress they endured.

Drupal Commerce needs API-first and modern JavaScript in Drupal

Drupal core has two initiatives that are helping modernize our platform and make it easier to work with. There is the API-First Initiative and the proposed JavaScript Framework Initiative. While separate, these two initiatives have a big and somewhat overlapping impact. Together they will make Drupal an even greater eCommerce platform and allow us to do more amazing things with Drupal Commerce.

What is API-First, and why should it matter?

API-First

The initiative has a simple purpose: make it easy for the data managed by Drupal to be consumed anywhere. A common need driving the initiative is the usage of Drupal with a decoupled frontend — i.e. where a JavaScript library or mobile app is rendering content from Drupal but Drupal itself has no part in the render process.

We have our own hot buzzword in the eCommerce realm: omnichannel. What does omnichannel mean? Well, it’s this idea you’re selling anywhere and everywhere. Your products are controlled in one location and appear on Amazon, Walmart.com Marketplace, Google Merchant Seller, custom mobile apps, in-store kiosks, etc. You manage your products in Drupal and push the relevant data out. The API-First initiative will make it easier to integrate with these kinds of services.

It also expands what Drupal Commerce can be, beyond just a full-stack store. In one recent case study, Running a Billion Dollar Business on Drupal Commerce, Drupal Commerce was used in a micro-service architecture. Drupal Commerce has the data model act as a product information manager, inventory management, an order workflow manager, and more — all the components you expect out of an ERP and tools Drupal Commerce users generally already use. The API-First initiative can make it easier to interface with Drupal and allow Drupal Commerce to serve in these capacities.

read more

What's the plan for Commerce Kickstart on Drupal 8?

When Commerce Guys raised $5m in 2012 to grow Drupal Commerce and its ecosystem, we invested a big chunk of it in improving our user experience for both customers and administrators. With competing platforms like Shopify and Magento really coming into their own, we knew it was essential to provide a solid out-of-the-box experience. While Drupal Commerce was and is truly unique as an eCommerce framework natively extending and deeply integrated into a CMS, it turns out "flexibility" doesn't pitch nearly as well as a polished demo.

Investing in Drupal Commerce adoption

The product we developed to address that need is Commerce Kickstart, by far the most popular Drupal distribution ever built. I named it such to underscore the fact that we intended it to be an accelerator, both for Drupal Commerce's own adoption but also for newcomers wondering how to demo and develop with the software. At its height, we supported over 13,000 sites reporting in to drupal.org, and we continue to see new sites launch with it to this day.

Building the distribution proved to be a fantastic learning experience. The project drove improvements that worked their way into many contributed modules and Drupal core itself (e.g. contributions to Views, VBO, Entity Reference, Inline Entity Form). Its broad appeal also gave us a platform to invite Technology Partners to invest in the community in a way that Drupal hadn't seen before, many of whom continue to invest in Drupal today (e.g. Authorize.Net, PayPal, Avalara).

It was a ton of work, but Bojan, Jonathan, and their team accomplished everything we set out to do and more. With the release of Commerce 2.0 last fall, we now find ourselves regularly fielding the question, "What's the plan for Commerce Kickstart on Drupal 8?" The reality is, porting Commerce Kickstart as it is to Drupal 8 would be both too costly for our team today and a poor strategy for the way the Drupal market is developing. We're doing something new again.

Accelerating adoption today

Another frequent question we field is, "Why does Drupal Commerce require Composer?" Composer is often highlighted as a barrier to Drupal 8 adoption, and I can understand why. I always felt the same way about drush. I had a UI; why did I need a CLI? I had my process and never had to battle the command line to make sure drush worked, was up to date, and did what I expected. I always felt that way ... until I buckled down and learned it. Now I can't imagine using Drupal without it.

I felt the same about Composer at first, but I was determined to learn how to use it as I learned Drupal 8 and modern PHP in general. I know I'm not the only person suffering from tool fatigue (cf. Dries ; ), so we're doing what we can to help you ease into using Composer on your own terms.

We started by releasing Ludwig last summer, a Drupal project that lets you manage Composer dependencies similarly to the familiar Libraries module. We also expanded and documented a Composer project template that lets you create a new Commerce 2.x site with composer create-project, and we then began planning how to let users customize a project template via the browser while prototyping a GUI for Composer.

With today's release of the new CommerceKickstart.com, developed in partnership with Acro Media (thanks to Shawn McCabe, Mike Hubbard, et al), we're taking the next step!

Commerce Kickstart for Drupal 8

What you'll find there is that Commerce Kickstart has been reimagined for Drupal 8 rather than rebuilt on Drupal 8. The quickest way to get up and running with Drupal Commerce today is not through a distribution as it was 6 years ago, it's through Composer. This is the tool for modern PHP developers, and we see prioritizing Composer while also making it simpler to use as essential to growing Drupal Commerce adoption both from without and within the Drupal community.

While still in its infancy, CommerceKickstart.com presents a form that lets you construct a Composer JSON file ready-made to support Commerce 2.x and the contributed modules you specify. Module categories include payment and shipping providers, product catalog and search tools, data migration, and more. As with Commerce Kickstart 2.x, it features Technology Partners whose modules we have integrated into Commerce 2.x, and we expect the selection to continue expand.

Future plans for the tool include clarifying and improving the tool's usability, adding additional modules and Technology Partners, and evolving it to continue to lower the barrier to entry for new Composer users. If you give it a whirl, we'd love to hear your ideas as well in the Commerce Kickstart issue queue.

Commerce Braintree integration adds PayPal Express Checkout and PayPal Credit support

Drupal Commerce is more than just a module project. As I laid out in my session at DrupalCon Vienna, it is an entire ecosystem supported by dozens of agencies and powering well over $1.5bn in online transactions annually. This makes Drupal Commerce one of the largest open source eCommerce projects in the world, and it's thanks in no small part to our Technology Partners (comprised primarily of payment providers) that we are able to invest as much of our time in it as we do.

Braintree is one such partner and a fantastic supporter of Commerce 2.x since last Summer. During our sprint to release a beta at DrupalCon Dublin, they sponsored Bojan's time for two weeks to expand and improve the core Payment API.

As a result, they also became the first integrated payment gateway and the test case for any payment provider following their integration pattern - individual iframes embedded into the checkout form for each payment field, making it easy to securely collect payment card data through your own checkout form.

For the initial release of the Commerce Braintree integration on Drupal 8, we targeted basic credit card payment support via their Hosted Fields API. As of this week, we've finalized patches that add support for PayPal Express Checkout and PayPal Credit alongside credit card payment through Braintree. They are a PayPal company, after all!

PayPal Express Checkout modal in Commerce 2.x
Customers can pay via credit card on-site or Express Checkout via a modal dialog.

You can test the new features end to end by grabbing the latest release of the Commerce Braintree module and configuring it to work through the Braintree sandbox. If you get stuck, you can find us in the #commerce channel in the Drupal Slack or open an issue in the queue if that's not possible.

Thanks again to Braintree for their support and development sponsorship. If you'd like to learn more about how Technology Partners benefit our ecosystem, consider joining me and Commerce Braintree's D7 co-maintainer Andy Giles this weekend at DrupalCamp Atlanta (Nov. 3-4). I'll present a longer version of my DrupalCon session, Marketing and Selling the Drupal Commerce Ecosystem, and naturally I'll tap Andy to help me answer all your hardest questions. ; )

Drupal Commerce 2.0 released in time for DrupalCon Vienna

We released Drupal Commerce 2.0-beta1 at DrupalCon Dublin one year ago. Over the next 9 months we tagged 6 more beta releases comprising over 500 commits by 70 different contributors working for at least 10 different companies. Now, just in time for DrupalCon Vienna, we have tagged the full 2.0 release, celebrating the achievement with Drupal contributors around the world on September 20th and 21st.

Celebrating Commerce 2.0 with Circle WF in Pancevo, Serbia.
Celebrating Commerce 2.0 with Circle WF in Pancevo, Serbia.

Our release candidate phase was refreshingly uneventful (as you want it to be), giving us confidence to recommend developers begin using Drupal 8 and Commerce 2.x more broadly to develop their new eCommerce sites. Our team has contributed to a dozen projects directly, including architectural consulting and development. We also continue to see more case studies demonstrating how the new version is performing well at scale, making development teams more productive.

Additionally, not only has Commerce 2.x eliminated the need for half of the top 60 contributed modules in Commerce 1.x, many of the major contributed modules still required have seen their own releases or very active development to address important use cases. For example, we released a third beta of Commerce Shipping for Drupal 8 to support stores selling physical products with multiple shipments, flat rate, calculated rates and more. We continue to work on those feature modules ourselves (e.g. Commerce License / Recurring) and in partnership with other Drupal contributors (e.g. Commerce Stock) to make Commerce 2.x ready for more and more use cases.

Drupal Commerce deserves cake. Thanks, Drupak!
Drupal Commerce deserves cake! Thanks, Drupak.

We're believe in Dries Buytaert's vision for Drupal as empowering ambitious digital experiences. For us that means continuing to improve Drupal Commerce to better support any company aspiring to grow their online sales. While our work on the project will never be "done", at this milestone, we couldn't help but pause to celebrate with a bit of cake.

If you'd like to join us in celebrating this achievement, we're hosting a release party with our whole team and our friends from Commerce Guys by Actualys on Tuesday, September 26th, at DrupalCon Vienna a short walk away from the venue. We've timed it for dinner between the opening reception at the venue and the party later in the evening, with drinks and food on us until the tab dries up. Stop by our booth to get your ticket / directions, and come find the dozens of contributors here at DrupalCon to share your Drupal Commerce story with them in turn.

Celebrating the full Drupal Commerce 2.0 release

The Drupal Commerce 2.x development process has been one big adventure! Over the last 2.5 years we've accumulated 2,000 code commits in multiple repositories from over 70 contributors at dozens of agencies. With last week's release of a stable Commerce 2.0-rc2, we've started preparing to celebrate the full release with parties around the world.

Our plan is to release Commerce 2.0 on Wednesday, September 20th, just in time for us to show it off at DrupalCon Vienna. On September 21st, we are coordinating a series of release parties at the offices of a variety of contributing Drupal agencies, including 1xINTERNET, Acro Media, Actualys, Adapt, Blue Oak Interactive, Circle WF, MD Systems, Wunder, and more.

Drupal Commerce 2.0 showcase sites

With over 1,500 sites reporting usage and a growing number of high quality case studies, we can all feel proud of what we've achieved together. Many of these projects directly contributed to the development of core and other essential features in Commerce 2.x, including promotions, coupons, shipping, etc. We've created a Drupal Commerce 2.0 party list and showcase that we'll be updating as we go, and we invite you to get in touch to be added or to find a party near you.

The release parties will give you and your team an opportunity to review the important new features and capabilities Commerce 2.x offers out of the box. We'll provide basic slides covering those topics, and we invite you to add to them for your part to reflect on your agency's experience and involvement with the project thus far. (e.g. What Commerce 2.x sites have you launched? How did those projects go? What parts were contributed back? etc.)

Any other ideas? Leave 'em in the comments and help spread the word!

Sprint with us on Commerce 2.x at DrupalCon New Orleans

Three months ago Commerce Guys separated from Platform.sh to refocus the business around Drupal Commerce. Even as a three-person team (we're now four - welcome, Doug!), we worked hard to dedicate Bojan completely to Commerce 2.x in anticipation of DrupalCon New Orleans. As I discussed in the most recent DrupalEasy podcast, this resulted in great progress both for Commerce 2.x and for Drupal 8 itself. (It also kept us near the top of the most prolific contributors to Drupal. : )

While we're preparing to present the latest in Drupal Commerce in our session at 10:45 AM on Thursday, we're also getting ready to sprint on Commerce 2.x the full week from our booth. This will be our first opportunity to jam on code as a full team since our spinout, and we'd love to have you join us.

Look for us near the permanent coffee station (intentional) beside Platform.sh and Acro Media, our delivery affiliate in the U.S. whose partnership and vision for enterprise Drupal Commerce have been invaluable as we've rebooted our business.

If you'd like to get up to speed on the current status of development, we recommend the following resources:

Naturally, we're happy to help anyone begin to contribute to Drupal 8 / Commerce 2.x. Bojan has mastered the art of integrating developers from a variety of agencies of all skill levels into the development process so far. For an espresso or a Vieux Carré, he may even train you, too. ; )

Commerce Guys Refocusing on Drupal Commerce as Platform.sh Becomes an Independent Company

Commerce Guys has long been a leader in the development of e-commerce websites using Drupal, with our flagship Drupal Commerce project running on over 60,000 sites. Over the last several years, we have also developed and launched a second generation Platform-as-a-Service for web applications, Platform.sh. Platform.sh is now becoming an independent company led by my two partners, Frédéric Plais as CEO and Damien Tournoud as CTO. As the remaining founder, I have acquired Commerce Guys' Drupal Commerce business and am succeeding Fred to manage the company as its President / CEO.

Pages

Subscribe to Planet Drupal
X
In 2019 Commerce Guys rebranded to Centarro.

Change is at the center of eCommerce, but our team and mission remain the same.

Our consulting, development, and support offerings apply our expertise to help you adapt to change and grow.

Find us now at: https://www.centarro.io