How to manage your Project's Toolchain in 2016

Transcript

1. HOW TO MANAGE YOUR PROJECT'S TOOLCHAIN IN 2016

2. HOW DO YOU INSTALL AND UPDATE YOUR TOOLS?

3. THE USUAL ANSWER COMPOSER

4. can recursively resolve dependencies and version conflicts between different libraries

   
 provides an autoloader WHY WE USE COMPOSER FOR MANAGING LIBRARIES

5. WHAT WE NEED FOR MANAGING OUR TOOLS can recursively resolve

   dependencies and version conflicts between different libraries 
 provides an autoloader

6. mix of libraries and tools (require-dev) 
 installs a lot

   of code that is only needed by the tools
 /vendor gets polluted USING COMPOSER TO INSTALL TOOLS

7. Loading composer repositories with package information Updating dependencies (including require-dev)

   - Installing myclabs/deep-copy (1.5.1) Loading from cache - Installing sebastian/version (2.0.0) Loading from cache - Installing sebastian/resource-operations (1.0.0) Loading from cache - Installing sebastian/recursion-context (1.0.2) Loading from cache - Installing sebastian/object-enumerator (1.0.0) Loading from cache - Installing sebastian/global-state (1.1.1) Loading from cache - Installing sebastian/exporter (1.2.1) Loading from cache

8. $ phploc vendor phploc 3.0.1 by Sebastian Bergmann. Directories 179

   Files 843 Size Lines of Code (LOC) 93141 Comment Lines of Code (CLOC) 27539 (29.57%) Non-Comment Lines of Code (NCLOC) 65602 (70.43%) Logical Lines of Code (LLOC) 16625 (17.85%) Classes 15569 (93.65%) Average Class Length 14 Minimum Class Length 0 Maximum Class Length 878 Average Method Length 3 Minimum Method Length 0 Maximum Method Length 199 Functions 173 (1.04%) Average Function Length 0 Not in classes or functions 883 (5.31%)

9. version conflicts
 library X needs library Y in version A,

   
 but tool Z needs it in Version B USING COMPOSER TO INSTALL TOOLS

10. security issues no verification of downloaded tools USING COMPOSER TO

    INSTALL TOOLS

11. IT IS NOT THE BEST TOOL FOR THE JOB SO

    MAYBE…

12. format for distributing a PHP application without external dependencies
 can

    be signed 
 single, executable file 
 recommended way to install PHPUnit (and others) PHAR

13. HOW TO INSTALL A PHAR

14. None

15. INSTALLING A PHAR $ wget https://phar.phpunit.de/phpunit.phar $ php phpunit.phar --version

    PHPUnit 5.3.0 by Sebastian Bergmann and contributors.

16. HOW TO INSTALL A PHAR THE RIGHT WAY

17. None

18. STEP 1 DOWNLOAD $ wget https://phar.phpunit.de/phpunit.phar $ wget https://phar.phpunit.de/phpunit.phar.asc

19. STEP 2 VERIFY THE SIGNATURE $ gpg phpunit.phar.asc gpg: Signature

    made Sat 19 Jul 2014 01:28:02 PM CEST using RSA key ID 6372C20A gpg: Can't check signature: public key not found

20. STEP 3 GET THE GPG KEY $ gpg --keyserver pgp.uni-mainz.de

    --recv-keys 0x4AA394086372C20A gpg: requesting key 6372C20A from hkp server pgp.uni-mainz.de gpg: key 6372C20A: public key "Sebastian Bergmann <sb@se…de>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)

21. STEP 4 VERIFY THE KEY $ gpg --list-keys --list-options show-uid-validity

    6372C20A pub 4096R/6372C20A 2014-07-19 uid [ unknown] Sebastian Bergmann <sb@se…de> uid [ unknown] Sebastian Bergmann <[email protected]> uid [ unknown] Sebastian Bergmann <[email protected]> uid [ unknown] Sebastian Bergmann <[email protected]> uid [ unknown] Sebastian Bergmann <sebastian.be@…> uid [ unknown] [jpeg image of size 40635] sub 4096R/35DF48E2 2014-07-19

22. STEP 5 VERIFY THE SIGNATURE $ gpg phpunit.phar.asc gpg: Signature

    made Sat 19 Jul 2014 01:28:02 PM CEST using RSA key ID 6372C20A gpg: Good signature from "Sebastian Bergmann <sb@sebastian-b…>" gpg: aka "Sebastian Bergmann <[email protected]>" gpg: aka "Sebastian Bergmann <[email protected]>" Primary key fingerprint: D840 6D0D 8294 7747 2937 7831 4AA3 9408 6372 C20A

23. STEP 6 MAKE THE PHAR EXECUTABLE $ chmod +x phpunit.phar

24. IF THERE ONLY WAS A TOOL FOR THIS

25. None

26. handles download and verification of PHARs
 shares copies of PHARs

    among projects
 can be used in CI environments
 handles updates PHIVE

27. decentralized
 optional central repository database
 only contains references to existing

    repositories
 direct support for GitHub releases PHIVE

28. TIME FOR A DEMO

29. None

30. ADD YOUR TOOL TO PHIVE

31. Use Semantic Versioning
 Add the PHAR + GPG signature to

    the GitHub Release ADD YOUR TOOL TO PHIVE USING GITHUB RELEASES
32. None

33. Host a phive.xml file pointing to your PHARs can be

    generated by PharSiteGenerator ADD YOUR TOOL TO PHIVE USING PHAR.IO
34. None

35. Open a Pull Request with your repository URL added to

    repositories.xml ADD YOUR TOOL TO PHIVE USING PHAR.IO
36. None

37. THANK YOU ! @phar_io https://github.com/phar-io [email protected] https://phar.io