Autopilot Makes Open Source CMS a Reality at Scale

In the following post, I'll go over how using a tool like Pantheon's Autopilot reduces stress on your development team and drives down operational costs when choosing open source for your web content management needs. 

Open source CMS is a great asset for an agile, cost effective approach to your web content management. It gives you control of your roadmap, ownership of your data, and lets you innovate with no limits, leveraging an ecosystem of thousands of free components, savings on license fees, and widespread access to community talent and expertise. 

However, as the old adage goes: With great power comes great responsibility.

For many organizations, the benefit of open source can be lost due to the time investment in setting up and maintaining the software. Further, there are often concerns about the ongoing overhead of keeping systems and software updated to address potential security vulnerabilities.  Many organizations are hesitant to take on these responsibilities, especially in large volume or for mission-critical use cases. 

Here at Pantheon, we believe it’s necessary to drive down the operational cost of open source — in order for the open web to thrive. To date, we’ve eliminated one big impediment: the overhead of running and maintaining servers. Once you adopt a serverless mindset and set aside all that operational complexity and risk, the idea of rapidly evolving your CMS or having many different instances of a CMS within an organization feels a lot more doable. This unlocks a whole new way (which we call WebOps) for organizations to approach how they use the open web to deliver results for their business or organization.

Now, we’re moving further up the stack with Autopilot, which automates routine maintenance, application of urgent security patches, and quality assurance of your websites.

Make The Robots Do The Work!

Going with open source means keeping up with releases and security patches for all your dependencies and components, which can often mean something needs updating every week, if not every other day. Multiply that across the number of sites in your portfolio or that you support, and the fact that sometimes you want these patches applied immediately, and that you have to also test these updates. You now have a sense of what a massive headache this can be. 

Anyone managing a complex web environment knows this can be an even bigger time sink than the already solved server maintenance problems of the past. Unfortunately, it’s a huge part of the problem with an open source CMS. 

Of course, routine updates to underlying components shouldn’t cause issues or break things, and as a rule they usually don’t. But every professional has been burned by the inevitable exceptions to this rule, so you can’t save time by updating blindly. The standard practice is for a developer or admin to apply an update and then quickly inspect the site by clicking around and looking for problems. Ideally, they would catch and fix any problems before anyone notices or roll back the update if it causes issues, assuming that’s even possible. 

The standard practice isn’t great, to say the least. It’s boring, repetitive, and also incredibly high-stakes. This is a terrible combination of attributes for a task done by humans, and it can even drive team members to burnout. The good news is repetitive high-stakes tasks, like website QA, are an excellent job for the robots, which is where Pantheon’s Autopilot software comes into play.  

Autopilot uses a technique called visual regression testing (or VRT), where a web browser is remote-controlled to produce screenshots before and after an update is made. The screenshots are then analyzed algorithmically to detect differences. 

This is great because we can do it at scale, and software never misses anything because it’s tired at the end of the day, or can’t wait to break for lunch. Even better, because it’s being run on top of our proven continuous delivery pipeline and structured agile workflows, when things do crop up, you catch them before they hit the live site. This does a lot to pull stress and angst out of the process, again lowering the operational cost and perceived risks of going with open source.

With an automated approach to VRT, humans need only be brought into the loop for those exceptions to the rule of routine maintenance. Maybe there actually was an expected visual change from the update or maybe the unanticipated change is no big deal. Or maybe something has gone totally sideways and requires debugging. The point is, with Autopilot, your attention is intentionally focused where it’s needed and most effective.

Screenshot of Autopilot's Visual Regression Testing, aka Robots, at work. 

Today, VRT isn’t widely used because it is costly to set up and complex to manage. Autopilot democratizes access to this technology, further helping to expand adoption of open source, particularly for more demanding and high-security use cases, which is important for the long-term health of the open web.

How We Got Here, And Where We Go

Autopilot comes to Pantheon by way of an acquisition. We had many customers who had found a lot of value in a service called StagingPilot, which automates visual regression testing for WordPress sites, and it fit extremely well into our structured agile workflows. So we joined forces.

The first thing we did was look at what would be required to fully integrate and scale what StagingPilot did for WordPress, as well as extend support to Drupal sites. We knew it would take a fair amount of work and we wanted to approach it iteratively. So we began the process by leveraging the technology to bring our Managed Updates service to market in May of 2020. 

Managed Updates uses the same underlying VRT technology and workflow as AutoPilot, but it's monitored and managed by Pantheon’s customer success staff. That means if there’s a need for a human in the loop, and your developer is on vacation, those security updates can still get applied. 

I am excited to see the full vision of Autopilot as an automated platform offering, now coming to market as a tool for Pantheon users with Gold accounts or higher. We’re excited to start adding more features and capabilities immediately after launch. For customers who want or need us to manage these updates for them, Managed Updates will always be there, but for agencies and enterprises with internal WebOps teams leveraging our unique Custom Upstreams capability, stay tuned. There are some very exciting AutoPilot features that will make it even easier, safer, and faster to manage open source CMS at scale.

Autopilot will be available to all Gold account holders and above, so contact your account manager to find out when you can get access or request a demo. For more information, check out our recent webinar on using Autopilot here

Hero image by Patrick Tomasso via Unsplash

You might also like: 

Topics Development, Growth & Scale, Security