Living with Open Source responsibility - PHP Serbia 2021

Transcript

1. Mario Blažek Living with Open Source responsibility @phpanarchist PHP SERBIA

   2021
2. None

3. About me • Mario Blažek • Senior Backend Developer @QAgency

   • Lead Backend Developer @jenz.app • Married with children • Believes in Open Source • Zagreb PHP Meetup organizer (ZgPHP) • Chief Fire Officer

4. Let’s get started

5. Day 0 • You have a piece of code that

   solves your problem • Want to reuse it • Want to make it open-source • Street cred
6. None

7. If it solves the problem for you, it might work

   for others, as well.

8. Day 1 • Start small • MVP • SOLID principles

9. Tests • PHPUnit - https:/ /phpunit.de/ • PHPSpec - http:/

   /www.phpspec.net/ • Kahlan - https:/ /kahlan.github.io/ • Peridot - https:/ /peridot-php.github.io/ • Pest - https:/ /pestphp.com/

10. Code quality tools • PHP Code Style Fixer - php-cs-fixer

    • PHP Static Analysis Tool - PHPStan • Reconstruction tool - rector • Static Analysis Tool - psalm

11. PHP CS Fixer • https:/ /github.com/FriendsOfPHP/PHP-CS-Fixer • Coding Standards Fixer

    • Tool fixes your code to follow standards • .php_cs

12. PHPStan • https:/ /phpstan.org/ • Static analysis tool • phpstan.neon

13. Psalm • https:/ /psalm.dev/ • Static analysis tool • Developed

    by Vimeo • psalm.xml

14. Reconstruction tool - rector • https:/ /getrector.org/ • Provides automated

    way to upgrade and refactor code • Plugin system with “rectors” • More than 450 available • Example: Migration from PHPUnit 4 to PHPUnit 8 in seconds • rector.php

15. And some more • Infection PHP - https:/ /infection.github.io/ •

    PHP Insights - https:/ /phpinsights.com/ • Deptrac - https:/ /github.com/qossmic/deptrac • PHP Mess Detector - https:/ /phpmd.org/

16. Continuous integration tools • TravisCI • GitHub Actions • Scrutinizer

    • CodeCov

17. Travis CI • (Was) De facto standard for GitHub based

    repositories • Losing traction since they decided to shutdown travis-ci.org • .travis.yml

18. .travis.yml language: php cache: directories: - vendor - $HOME/.composer/cache matrix:

    fast_finish: true include: - php: 7.2 - php: 7.3 branches: only: - master before_install: - phpenv config-add travis.php.ini install: - travis_wait composer install script: - ./vendor/bin/phpunit -d memory_limit=-1 --colors -c phpunit.xml --coverage-clover=coverage.xml notification: email: false git: depth: 30 sudo: false after_script: - wget https://scrutinizer-ci.com/ocular.phar && php ocular.phar code-coverage:upload --format=php-clover coverage.clover after_success: - bash <(curl -s https://codecov.io/bash)

19. Travis CI

20. Travis CI

21. GitHub Actions • Provided by GitHub • Free for all

    public repositories • .github/workflows/*.yml

22. An example workflow name: Static analysis on: push: branches: -

    'master' - '[0-9].[0-9]+' pull_request: ~ jobs: static-analysis: name: ${{ matrix.script }} runs-on: ubuntu-latest strategy: fail-fast: false matrix: script: ['phpstan', 'phpstan-tests', 'psalm'] steps: - uses: actions/checkout@v2 - uses: shivammathur/setup-php@v2 with: php-version: '8.0' coverage: none # Install Flex as a global dependency to enable usage of extra.symfony.require # while keeping Flex recipes from applying - run: composer global require --no-scripts symfony/flex - run: composer config extra.symfony.require ~5.2.0 - run: composer update --prefer-dist - run: composer ${{ matrix.script }}

23. GitHub Actions

24. GitHub Actions

25. GitHub Actions

26. GitHub Actions

27. Scrutinizer CI • Paid, but free for open-source projects •

    Supports code analysis • Code coverage, CI/CD, etc • .scrutinizer.yml

28. Scrutinizer CI

29. Scrutinizer CI

30. Scrutinizer CI

31. Scrutinizer CI

32. codecov.io • PHPUnit’s code coverage on steroids • Can’t generate

    code coverage on its own • Other tools need to upload code coverage report • codecov.yml

33. codecov.io

34. codecov.io

35. And some more • CodeClimate • CircleCI • BitBucket Pipelines

    • GitLab CI

36. Documentation • Improves the overall package quality • Showcases the

    best practices • Don’t force developers finding their own way into your package • • Document installation procedure, upgrade guides, configuration, use cases and extension points

37. Documentation • Markdown files • https:/ /readthedocs.org/ • https:/ /docusaurus.io/

    • https:/ /www.mkdocs.org/ • https:/ /www.gitbook.com/

38. Read the Docs

39. Documentation • https:/ /netgen.io/blog/the-most-overlooked-part-in-software-development-writing-project-documentation

40. Documentation is done, what’s next?

41. Licensing • Choose a proper license • An open source

    license protects contributors and users • Businesses and savvy developers won’t touch a project without this protection • Apache, MIT, GPLv3 • https:/ /spdx.org/licenses/ • https:/ /choosealicense.com/licenses/

42. WTFPL license • Do What the Fuck You Want to

    Public License • Very permissive

43. Licensing - Elastic vs AWS • https:/ /www.elastic.co/blog/why-license-change-AWS

44. Versioning and releases • Define the Public API • Try

    to comply with semantic versioning principles • https:/ /semver.org/ • Think about Git strategy

45. Versioning and releases

46. Versioning and releases

47. Versioning and releases

48. Versioning and releases

49. None

50. Changelog • Is a MUST • Changelog != a list

    of commits • https:/ /keepachangelog.com/en/1.0.0/ # Changelog All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] ## [1.0.0] - 2017-06-20 ### Added - New visual identity by [@tylerfortune8](https://github.com/tylerfortune8). - Version navigation. - Links to latest released version in previous versions. ### Changed - Start using "changelog" over "change log" since it's the common usage. - Fix phrasing and spelling in German translation. ### Removed - Section about "changelog" vs "CHANGELOG". ## [0.3.0] - 2015-12-03 ### Added - RU translation from [@aishek](https://github.com/aishek). ## [0.2.0] - 2015-10-06 ### Changed - Remove exclusionary mentions of "open source" since this project can benefit both "open" and "closed" source projects equally. ## [0.1.0] - 2015-10-06 ### Added - Answer "Should you ever rewrite a change log?". ### Changed - Improve argument against commit logs. - Start following [SemVer](https://semver.org) properly. ## [0.0.8] - 2015-02-17 ### Changed - Update year to match in every README example.

51. README.md • Simple structure • Links to license, docs and

    changelog • Badges :)
52. None

53. Badges • https:/ /shields.io/

54. Skeletons • https:/ /github.com/thephpleague/skeleton • https:/ /github.com/php-pds/skeleton

55. None

56. We are ready to go “live” • Publish your package

    to https:/ /packagist.org/ • And now the real work begins • Be responsible, collaborate
57. None

58. Summary • Do small steps • Lack of time •

    Try to devote 1-2 hours a week • Appreciate the feedback • Rewarding experience • Ignore mean people

59. Thank you Mario Blažek @phpanarchist Slides: https:/ /bit.ly/phpsrb-open-source