How to improve the daily life of PHP developers?

Transcript

1. Comment améliorer le quotidien des Développeurs PHP ?

2. hello! Alexandre Jardin Senior Back-end Developer @EmakinaFR

3. Most Common Problems Local environment used for development not reliable

   Same commands used again and again every day Too much time spent by the team when reviewing the code
4. None

5. 1. Docker Let’s start with your computer

6. Containers VS Virtual Machines

7. Why?

8. Multiple projects = Multiple configurations

9. None

10. Resources used by VMs

11. How?

12. docker-compose.yml “apache” service on port 443 with a shared volume

    for project code “mysql” service on port 3306 with a persistent volume for databases

13. Dockerfile Base Custom packages Custom configuration

14. Migration from PHP 5.6 to PHP 7.2 -FROM php:5.6-fpm +FROM

    php:7.2-fpm docker-php-ext-install -j$(nproc) \ […] - mcrypt \ […] + yes "" | pecl install apcu-4.0.11 lzf mongo redis && \ + docker-php-ext-enable apcu lzf mongo redis && \ - yes "" | pecl install apcu lzf mongodb redis && \ - docker-php-ext-enable apcu lzf mongodb redis && \

15. Symfony Recipes ✘ Docker support in progress ✘ Environment managed

    by the community ✘ Symfony + Composer + Docker = https://github.com/symfony/flex/pull/128

16. Summary ✘ Same environment for each developer ✘ Can be

    shared with the project source ✘ Light & Fast! Less time wasted on your environment, more time to develop things.

17. 2. Code Styles Focus on substance over form

18. Why?

19. None

20. “ Programs must be written for people to read, and

    only incidentally for machines to execute. Abelson & Sussman

21. How?

22. PHP-CS-Fixer

23. ESLint

24. Summary ✘ Code more readable ✘ Commits more relevant ✘

    Code (sometimes) more efficient No matter what rules you choose, consistency is the key.

25. 3. Static Analysis How about (almost) automate the code review?

26. Why?

27. None

28. Time spent by developers from Codacy studies Code review

29. How?

30. IDE real-time analysis

31. PHP Static Analysis Tool (PHPStan)

32. Symfony Linters ✘ Built-in commands ✘ Are able to detect

    syntax errors ✘ Almost instant

33. External Services ✘ Codacy ✘ Scrutinizer ✘ SonarQube ✘ SensioLabsInsight

    ✘ ...

34. Codacy Dashboard Bitbucket integration

35. Summary ✘ Better autonomy of team members ✘ Positive impact

    on the overall project quality ✘ Nice learning process Free or Premium? Choose one or both, it's a must-have!

36. 4. Security Audits Are you sure your dependencies are secure?

37. Why?

38. None

39. Composer = Tons of dependencies

40. 83,245,467 Number of composer.lock files checked since 2014 22,106,532 Total

    number of vulnerabilities found 7,294,964 = 9% Number of composer.lock files with known vulnerabilities

41. How?

42. Roave Security Advisories or SensioLabs Security Checker

43. Symfony Security Monitoring

44. Summary ✘ Easy to integrate ✘ Maintained by the community

    ✘ Can be part of a “quality package” Nobody wants a security breach in its application...

45. 5. Makefile Let's automate a few things

46. Why?

47. None

48. Daily work = Tons of commands

49. Bash aliases

50. How?

51. Overview

52. Summary ✘ Shared with the project source ✘ Easy to

    write/maintain ✘ Can be used to share knowledge Tired of writing a command over and over? Add it in your Makefile!

53. 6. Git Hooks Still too many commands?

54. Why?

55. None

56. Makefile = Fewer commands

57. How?

58. Default templates

59. “commit-msg” example

60. Summary ✘ Can perform additional checks ✘ Can trigger additional

    processes ✘ Work with any programming language With custom hooks, Git can fit nearly any workflow you can imagine.

61. 7. Blackfire Because performance matters

62. Why?

63. None

64. “ 53% of users abandon a website that takes more

    than 3 seconds to load. Google studies

65. Clean code !== Fast code

66. How?

67. Profile example

68. Metrics/Tests example

69. Scenarios example

70. Real examples from a legacy project

71. Summary ✘ Very easy to install and use ✘ Performance

    profiling and recommendations ✘ Can also be used for non-regression testing Before upgrading your infrastructure, have a look to Blackfire!

72. “Never stop measuring” Nicolas Grekas

73. Overview Docker Code Styles Static Analysis Security Makefile Git Hooks

    Blackfire

74. thanks! Any questions? Email: [email protected] GitHub: ajardin // Twitter: alxjrdn