Verifying your Drupal site’s configuration against changes from dependency updates

Matt Glaman
4 min readFeb 12, 2024

Previously, I wrote about leveraging Dependabot to automate dependency updates for my Drupal projects. Automating dependency updates saves a lot of time. However, Drupal core or contributed modules may perform updates that modify the configuration state of your Drupal site that needs to be re-exported. A standard continuous integration pipeline that only performs code linting and tests will miss these changes. For my projects, I have a job that runs the update process for the Drupal site and fails if the configuration has been modified at runtime by these updates. This lets me know I have to perform a manual action locally to update the exported configuration.

I primarily use GitHub Actions nowadays, and this post will walk through the steps in that format. But it is easily translatable to any CI system. I’ll provide a more generic alternative example at the end.

Defining the config_verification job

First, we define the basics of the job.

name: Verify configuration changes
runs-on: ubuntu-latest

I’m adding a MySQL service to the job so that I can install the Drupal site.

image: mysql:5.7
- 3306
options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3

Now, we can define the steps for the job. The workflow begins by checking out the main branch of our repository. This step ensures we start from a stable, up-to-date baseline before applying any new changes.

- name: Checkout master
uses: 'actions/checkout@v4
ref: 'main'

Next, we set up PHP for use within the job using setup-php.

- name: "Install PHP"
uses: "shivammathur/setup-php@v2"
coverage: none
php-version: 8.1

Using Composer, we install the original dependencies of the project. This step ensures that all the necessary components are in place as they were during the last stable build.

- name: Composer install original dependencies
run: composer install



Matt Glaman

PHP software engineer, open source contributor, and speaker