What's in Your Project Root?

Slide 1

Slide 1 text

? What's in your project root? By Jeremy Lindblom (@jeremeamia)

Slide 2

Slide 2 text

Slide 3

Slide 3 text

build/ docs/ src/ tests/ vendor/ .gitignore .gitattributes CHANGELOG.md LICENSE.md README.md Makefile composer.json composer.lock phpunit.xml

Slide 4

Slide 4 text

.php?

Slide 5

Slide 5 text

★ DOCS ★ ★ TESTS ★ ★ BUILD ★ ★ DEPLOY ★

Slide 6

Slide 6 text

EVERYTHING NEEDED TO CODE, TEST, BUILD, & DEPLOY…

Slide 7

Slide 7 text

EVERYTHING NEEDED TO CODE, TEST, BUILD, & DEPLOY… THAT'S NOT SENSITIVE! ★★★★★★★★★★★★★★

Slide 8

Slide 8 text

THAT MEANS... ★ NO ★ DATABASE PASSWORDS ACCESS TOKENS CREDENTIALS API KEYS

Slide 9

Slide 9 text

— I work at — — on the — AWS SDK for PHP @awsforphp ★ aws/aws-sdk-php

Slide 10

Slide 10 text

“My $500 Cloud Security Screwup“ “My $2375 Amazon EC2 Mistake“ “Attackers Scrape GitHub For Cloud Service Credentials, Hijack Account To Mine Virtual Currency“

Slide 11

Slide 11 text

AWS Identity and Access Management We encourage the use of IAM User/Role credentials instead of root-level credentials

Slide 12

Slide 12 text

•  Use IAM instance proﬁle credentials on EC2 •  Use a global credential ﬁle in your $HOME •  Use environment variables (e.g., getenv) In the AWS SDK, we document ways to…

Slide 13

Slide 13 text

What's in your project root?

Slide 14

Slide 14 text

Why is it in your project root?

Slide 15

Slide 15 text

Why is it in your project root? †Does not apply to any actual PHP projects that I'm aware of.

Slide 16

Slide 16 text

No content

Slide 17

Slide 17 text

The 4 C's

Slide 18

Slide 18 text

★ COMPREHENSION ★ CONFIGURATION ★ COMPOSITION ★ CONSISTENCY

Slide 19

Slide 19 text

★ COMPREHENSION ★ CONFIGURATION ★ COMPOSITION ★ CONSISTENCY ★ CREDENTIALS

Slide 20

Slide 20 text

No content

Slide 21

Slide 21 text

? SO, SRSLY, WTH IS IN HERE?

Slide 22

Slide 22 text

IT DEPENDS… ?

Slide 23

Slide 23 text

IT DEPENDS… What are you making? ★ APPLICATION ★ ★ LIBRARY ★ ★ TOOL ★

Slide 24

Slide 24 text

★ DIRS ★ src/ or lib/ tests/ docs/ bin/ build/

Slide 25

Slide 25 text

★ DOCS ★ README.md LICENSE.md or LICENSE CHANGELOG.md CONTRIBUTING.md phpdoc.xml

Slide 26

Slide 26 text

README.md

Slide 27

Slide 27 text

LICENSE(\.md)? MIT, BSD, GPL, LGPL, Apache 2, etc. LICENSES DEFINE THE TERMS FOR HOW OPEN SOURCE SOFTWARE CAN BE USED, MODIFIED, AND SHARED. Need help? choosealicense.com

Slide 28

Slide 28 text

CHANGELOG.md # My Project ## 1.2.6 ### Changed - Added super-awesome rainbow function. Need help? keepachangelog.com semver.org

Slide 29

Slide 29 text

CONTRIBUTING.md

Slide 30

Slide 30 text

★ DOCS ★ README.md LICENSE.md or LICENSE CHANGELOG.md CONTRIBUTING.md phpdoc.xml

Slide 31

Slide 31 text

★ COMPOSER ★ vendor/ composer.json composer.lock

Slide 32

Slide 32 text

$ cat composer.json { "require": { "guzzlehttp/guzzle": "~5.0", "monolog/monolog": "~1.12.0" }, "require-dev": { "phpunit/phpunit": "~4.0" }, "autoload": { "psr-4":{"League\\Http\\":"src/"} } }

Slide 33

Slide 33 text

$ composer install

Slide 34

Slide 34 text

get($url);

Slide 35

Slide 35 text

SHOULD YOU COMMIT YOUR composer.lock FILE? THE ANSWER MAY SHOCK YOU.

Slide 36

Slide 36 text

FOR APPLICATIONS? ★ YES ★ FOR LIBRARIES? ★ SURE ★

Slide 37

Slide 37 text

★ JS/RB/PY ★ package.json (npm) bower.json (bower) Gemﬁle (bundler) requirements.txt (pip)

Slide 38

Slide 38 text

★ GIT ★ .git .gitignore .gitattributes

Slide 39

Slide 39 text

.gitignore Tells Git to "ignore" certain ﬁles, so they are not included in the repo.

Slide 40

Slide 40 text

$ cat .gitignore phpunit.xml  composer.phar  composer.lock  vendor/  build/artifacts/  .idea *.log  .DS_STORE  Thumbs.db

Slide 41

Slide 41 text

.DS_STORE  Thumbs.db WHY?!?!?!?

Slide 42

Slide 42 text

.gitattributes Among other things… It allows you choose which ﬁles to include in an archive of your repo.

Slide 43

Slide 43 text

$ cat .gitattributes /tests export-ignore /vendor export-ignore /demos export-ignore .gitattributes export-ignore .gitignore export-ignore .travis.yml export-ignore build.xml export-ignore

Slide 44

Slide 44 text

$ git archive -o proj.zip v1.0.2 — It affects —

Slide 45

Slide 45 text

$ git archive -o proj.zip v1.0.2 $ composer install — It affects — — and —

Slide 46

Slide 46 text

★ TEST ★ phpunit.xml phpunit.xml.dist features/ phpspec.yml

Slide 47

Slide 47 text

★ TEST ★ phpunit.xml phpunit.xml.dist features/ phpspec.yml

Slide 48

Slide 48 text

???? YACF ???? (Yet Another Conﬁg Format?) TEXT MARKDOWN XML JSON YAML INI RUBY BASH

Slide 49

Slide 49 text

★ TEST ★ phpunit.xml phpunit.xml.dist features/ phpspec.yml PHPUnit

Slide 50

Slide 50 text

No content

Slide 51

Slide 51 text

No content

Slide 52

Slide 52 text

★ TEST ★ phpunit.xml phpunit.xml.dist features/ phpspec.yml Behat

Slide 53

Slide 53 text

★ TEST ★ phpunit.xml phpunit.xml.dist features/ phpspec.yml PHPSpec

Slide 54

Slide 54 text

★ BUILD ★ *.sh or *.bat Makeﬁle build.xml Rakeﬁle

Slide 55

Slide 55 text

Makeﬁle

Slide 56

Slide 56 text

★ ENV ★ Vagrantﬁle Dockerﬁle

Slide 57

Slide 57 text

Vagrant.configure(2) do |config| config.vm.box = "ubuntu/trusty64" config.vm.provider "virtualbox" do |vb| vb.memory = "2048" end config.vm.provision "shell", inline: <<-SHELL sudo apt-get update sudo apt-get install -y apache2 git hhvm sudo service apache2 restart sudo service hhvm restart SHELL end

Slide 58

Slide 58 text

$ vagrant up

Slide 59

Slide 59 text

JEDI MIND TRICK?

Slide 60

Slide 60 text

★ CI ★ .travis.yml .scrutinizer.yml (also: Code Climate & SensioLabsInsight) .coveralls.yml

Slide 61

Slide 61 text

language: php php: - 5.5 - 5.6 - 7.0 - hhvm install: composer install script: vendor/bin/phpunit matrix: allow_failures: - php: 7.0 - php: hhvm fast_finish: true

Slide 62

Slide 62 text

No content

Slide 63

Slide 63 text

ARE WE DONE YET?

Slide 64

Slide 64 text

★ ETC ★ .hhconﬁg Procﬁle (heroku) fortrabbit.yml Other PaaS/Tools

Slide 65

Slide 65 text

★★★★★★★ WHERE SHOULD YOU START? ★★★★★★★

Slide 66

Slide 66 text

No content

Slide 67

Slide 67 text

★ thephpleague/skeleton ★ src/ tests/ .gitignore .gitattributes .scrutinizer.yml .travis.yml CHANGELOG.md CONTRIBUTING.md LICENSE.md README.md composer.json phpunit.xml.dist

Slide 68

Slide 68 text

? What's in your project root?

Slide 69

Slide 69 text

CODE DOCS TESTS BUILD DEPLOY TEXT MD JSON XML YAML INI BASH RUBY README.md LICENSE composer.json .gitignore .gitattributes phpunit.xml build.xml Vagrantﬁle .scrutinizer.yml .travis.yml

Slide 70

Slide 70 text

CODE DOCS TESTS BUILD DEPLOY TEXT MD JSON XML YAML INI BASH RUBY README.md LICENSE composer.json .gitignore .gitattributes phpunit.xml build.xml Vagrantﬁle .scrutinizer.yml .travis.yml NO CREDENTIALS!!!

Slide 71

Slide 71 text

Mr. Jackson admires his project root.

Slide 72

Slide 72 text

Questions? By Jeremy Lindblom (@jeremeamia) https://joind.in/13084 WHAT'S IN YOUR PROJECT ROOT?

Slide 73

Slide 73 text

Resources •  h"ps://github.com/thephpleague/skeleton •  h"ps://travis-‐ci.org/ •  h"ps://scru9nizer-‐ci.com/ •  h"p://choosealicense.com/ •  h"p://opensource.org/licenses •  h"p://keepachangelog.com/ •  h"p://semver.org/ •  h"p://vagrantup.com/ •  h"ps://phpunit.de/manual/current/en/appendixes.conﬁgura9on.html •  h"ps://www.phing.info/ •  h"p://www.phpdoc.org/ •  h"ps://help.github.com/ar9cles/github-‐ﬂavored-‐markdown/ •  h"ps://github.com/aws/aws-‐sdk-‐php