SlideShare a Scribd company logo

PHP SA 2014 - Releasing Your Open Source Project

X
xsist10

Learn about how to write open source libraries people won't (completely) hate.

Technology
1 of 91
Download to read offline
Releasing Your Open Source Project How to write libraries people won't (completely) hate By @thomas_shone
WARNING ● Opinionated ● Rambling ● Foul-Mouthed ● Ugly Slides ● Don't feed after midnight
00. Introduction ● No formal education in PHP ● Learnt PHP the hard way ● This talk is about the process ● Connect with personalities
00. Introduction
00. Introduction <?php function isUrlSafe($api_key, $url) { if (!filter_var($url, FILTER_VALIDATE_URL)) { throw new Exception('Invalid URL specified.') } $api_uri = 'https://sb-ssl.google.com/' . 'safebrowsing/api/lookup?client=api&apikey=' . $api_key . '&appver=1.0&pver=3.0&url=' . urlencode($url); $result = file_get_contents($api_uri); return strpos($result, 'malware') === false && strpos($result, 'phishing') === false; } When you've finished reading this code, touch your nose so I know when everyone is done.
10. Security ● Shouldn't be left till last ● Unsure of how to do it properly ● Worst thing that can happen to insecure open source code is it becomes popular
10. Security ● Shouldn't be left till last ● Unsure of how to do it properly ● Worst thing that can happen to insecure open source code is it becomes popular
01. Security ● Shouldn't be left till last ● Unsure of how to do it properly ● Worst thing that can happen to insecure open source code is it becomes popular
01. Security ● Joomla! – 5/133 versions secure – 85 vulnerabilities – 0/322 of scanned sites secured ● WordPress – 2/322 versions secure – 54 vulnerabilities – 313/589 of scanned sites secure
01. Secure Communication What questions do we need to ask to ensure our communication is secure?
01. Secure Communication 1. Can C overhear what A and B are saying? BA C
01. Secure Communication 2. Is A sure s/he is talking to B and C isn't standing in the middle? BA C
01. Secure Communication 3. Does A trust B not to tell C? BA C
01. Secure Communication ● Certificate file sourced from https://github.com/guzzle/guzzle/blob/master/src/cacert.pem ● disable_compression only available in PHP 5.4.13+ (prevents CRIME/BREACH attacks) ● Not required with PHP 5.6+ thanks to this guy... $context = stream_context_create([ 'ssl' => [ 'verify_peer' => true, 'verify_depth' => 5, 'cafile' => 'cacert.pem', 'CN_match' => 'sb-ssl.google.com', 'disable_compression' => true, ] ]); $result = file_get_contents($api_uri, false, $context);
01. Personality Daniel Lowrey (@rdlowrey) PHP SSL/TLS Contributor Saving us from ourselves Itotallygotpermissiontousethisphoto
02. Hosting ● phpclasses.org ● sourceforge.net ● pear.php.net ● bitbucket.org ● github.com
02. Hosting ● phpclasses.org - FUCK NO! ● sourceforge.net - HELL NO! ● pear.php.net - No ● bitbucket.org - No ● github.com - Yes
03. Managing your source ● Source control (already determined) ● Version ● License
03. Credentials ● .gitignore to exclude sensitive data ● If you've pushed sensitive data to github, change your credentials asap https://help.github.com/articles/remove-sensitive-data Don't be that guy
03. Licensing ● MIT – Do whatever you want with it – Must attribute – Don't blame me if it causes a zombie outbreak ● Apache – Same as MIT – contributors grants patent rights to users ● GPL – Must release any changes or improvements – Can't change license – Ditto with the zombies http://choosealicense.com/
03. Versioning MAJOR.MINOR.PATCH-STABILITY ● Breaking backward compatibility? Increase MAJOR ● Adding backwards compatible feature? Increase MINOR ● Adding bugfix? Increase PATCH ● Not production ready? Add stability value (alpha, beta, preview) http://semver.org/
04. Package Management
04. Package Management ● PEAR – No space for alternatives – High requirement levels – Package signing ● Composer – Easy to install/update dependencies – Version locking – Autoloading – Your package becomes smaller – Package signing (almost) – Doubles as a distribution platform (https://packagist.org )
04. Package Management ● PEAR - NO – No space for alternatives – High requirement levels – Package signing ● Composer - YES – Easy to install/update dependencies – Version locking – Autoloading – Your package becomes smaller – Package signing (almost) – Doubles as a distribution platform (https://packagist.org )
04. Composer $ mkdir safebrowser && cd safebrowser $ curl -s http://getcomposer.org/installer | php #!/usr/bin/env php All settings correct for using Composer Downloading... Composer successfully installed to: /home/project/composer.phar Use it: php composer.phar
04. Composer $ php composer.phar init Welcome to the Composer config generator This command will guide you through creating your composer.json config. Package name (<vendor>/<name>) [thomas/project]:xsist10/SafeBrowsing Description []: Google Safe Browsing Client Author [Thomas Shone <xsist10@gmail.com>]: Minimum Stability []: License []: MIT
04. Composer { "name": "xsist10/safebrowser", "description": "Google SafeBrowser Client", "license": "MIT", "authors": [ { "name": "Thomas Shone", "email": "xsist10@gmail.com" } ], "require": { }, "autoload": { "psr-4": { "xsist10SafeBrowsing": "src/" } } }
04. Composer $ php composer.phar install Loading composer repositories with package information Installing dependencies (including require-dev) Nothing to install or update Generating autoload files $ vi index.php <?php require 'vendor/autoload.php';
04. Don't commit vendor/ # Your code src/[Your Library] vendor/[Dependencies] $ echo "vendor" >> .gitignore # Someone using your library src/[Their Project Code] vendor/xsist10/SafeBrowsing/[Your Library] vendor/[Your Library Dependencies] vendor/[Their Dependencies] Some of these might be the same # You don't want this vendor/xsist10/SafeBrowsing/[Your Library]/vendor/
04. Composer $ mkdir src $ vi src/SafeBrowsing.php <?php namespace xsist10SafeBrowsing; class SafeBrowsing { public function __construct($api_key) { $this->api_key = $api_key; } public function isUrlSafe($url) { // ... } }
04. Composer <?php require 'vendor/autoload.php'; use xsist10SafeBrowsingSafeBrowsing; $safeBrowsing = new SafeBrowsing($api_key); $safeBrowsing->isUrlSafe('www.example.com');
04. List on Packagist
04. List on Packagist $ php composer.phar require xsist10/safebrowser=dev-master
04. Setup Webhook
04. Setup Webhook
04. Setup Webhook
04. Setup Webhook
04. Package Signing ● Currently being implemented in Composer – https://github.com/composer/composer/pull/2814 ● Ensure that the package you're installing hasn't been tampered with, like: – Ruby Gem installs – PEAR libraries – Linux packages (deb, rpm, yum) – Windows binaries
04. Package Signing # When you first setup your project $ php composer.phar create-keys --directory /path/ --prefix=mykey --passphrase passphrase to encrypt the private key: $ php composer.phar add-dev-key /path/mykey-private.pem $ php composer.phar sign-dev-keys /path/mykey-private.pem # Last thing you do before you release a new version $ php composer.phar sign /path/mykey-private.pem Enter a passphrase if the private key is encrypted: $ git commit -m “Updated keys” keys.json manifest.json $ git push # Tag you release immediately
04. Version
04. Personality Pádraic Brady (@padraicb) Zend Framework / Composer contributor Working on the signing code Thisguyissoawesomethattheinternetcan't containpicturesofhim.
05. Design Patterns ● Increase flexibility without having to modify the library code ● Provide rules on how to extend
05. Strategy
05. Strategy <?php namespace xsist10SafeBrowsingStrategy; interface Strategy { public function execute($url, $param); } https://en.wikipedia.org/wiki/Strategy_pattern
05. Strategy <?php namespace xsist10SafeBrowsingStrategy; class Get implements Strategy { public function execute($url, $param) { $context = stream_context_create([ 'ssl' => [ 'verify_peer' => true, 'cafile' => 'path/to/cafile', 'CN_match' => 'sb-ssl.google.com' ] ]); $query = $url . '?' . http_build_query($param); return file_get_contents($query, false, $context); } }
05. Strategy <?php namespace xsist10SafeBrowsingStrategy; class Post implements Strategy { public function execute($url, $param) { // Do some curl init stuff ... // Do your security! curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($curl, CURLOPT_CAINFO, 'path/to/cafile'); $result = curl_exec($curl); $code = curl_getinfo($curl, CURLINFO_HTTP_CODE); curl_close($curl); // check some result checks first ... return $result; } }
05. Strategy <?php require 'vendor/autoload.php'; use xsist10SafeBrowsingSafeBrowsing; use xsist10SafeBrowsingStrategyGet; $sb = new SafeBrowsing($api_key, new Get()); $sb->isUrlSafe('www.example.com'); use xsist10SafeBrowsingStrategyPost; $sb = new SafeBrowsing($api_key, new Post()); $sb->isUrlSafe('www.example.com');
05. Chain of Responsibility
05. Chain of Responsibility <?php namespace xsist10SafeBrowsingStrategy; use Exception; class UnavailableException extends Exception {} https://en.wikipedia.org/wiki/Strategy_pattern
05. Chain of Responsibility <?php namespace xsist10SafeBrowsingStrategy; class Get implements Strategy { public function execute($url, $param) { if (!ini_get('allow_url_fopen')) { throw new UnavailableException(); } // ... } }
05. Chain of Responsibility <?php namespace xsist10SafeBrowsingStrategy; class Post implements Strategy { public function execute($url, $param) { if (!function_exists('curl_init')) { throw new UnavailableException(); } // ... } }
05. Chain of Responsibility <?php namespace xsist10SafeBrowsing; use xsist10SafeBrowsingStrategyStrategy; class Chain implements Strategy { public function append(Strategy $strat) { $this->chain[] = $strat; } public function execute($url, $param) { foreach ($this->chain as $strategy) { try { return $strategy->get($url, $param); } catch (UnavailableException $exception) { // We can ignore and move to the next } } throw new Exception('No available strategy.'); } }
05. Put the chain links together <?php // ... use xsist10SafeBrowsingChain; $chain = new Chain(); $chain->append(new Post()); $chain->append(new Get()); $sb = new SafeBrowsing($api_key, $chain); $sb->isUrlSafe('www.example.com'); // This still works $sb = new SafeBrowsing($api_key, new Get()); $sb->isUrlSafe('www.example.com');
05. The start of something beautiful <?php // ... use SomeOtherGuySomeOtherPackageCache; $chain = new Chain(); $chain->append(new Cache()); $chain->append(new Post()); $chain->append(new Get()); $sb = new SafeBrowsing($api_key, $chain); $sb->isUrlSafe('www.example.com');
05. Personality Martin Fowler (@martinfowler) Design Pattern Tamer http://www.martinfowler.com/ Hegetssuperpowersfromhishat
So what next? Shamelessly copied from http://thephpleague.com/ ● Follow PSR-2, we use League as our PSR-0 namespace. ● List on Packagist, we list with league as the vendor namespace. ● Shove code in a src folder. ● Write unit tests. Aim for at least 80% coverage for v1.0. ● DocBlock all the things. ● Semantic versioning must be used to manage version numbers. ● Use Travis-CI to automatically check coding standards and run tests. ● Have an extensive README.
06. Why Tests? ● You will always find bugs ● Confidence in libraries ● Prevent regressions ● Ensure new features have been thoroughly vetted
06. PHPUnit $ php composer.phar require --dev phpunit/phpunit=4.0.*@dev ./composer.json has been updated Loading composer repositories with package information Updating dependencies (including require-dev) ... - Installing phpunit/phpunit (4.0.x-dev fca5bc6) Cloning fca5bc6a50d09b26db280c5cc3c84978c9cace3f phpunit/phpunit suggests installing phpunit/php-invoker (~1.1) Writing lock file Generating autoload files
06. PHPUnit $ vi phpunit.xml <?xml version="1.0" encoding="UTF-8"?> <phpunit backupGlobals="false" convertErrorsToExceptions="true" convertWarningsToExceptions="true" convertNoticesToExceptions="true" mapTestClassNameToCoveredClassName="true" bootstrap="vendor/autoload.php" strict="true" verbose="true" colors="true"> <testsuites> <testsuite> <directory>./tests</directory> </testsuite> </testsuites> </phpunit> $ mkdir tests $ vi phpunit.xml
06. PHPUnit $ vi phpunit.xml$ ./vendor/bin/phpunit PHPUnit 4.0.13 by Sebastian Bergmann. Configuration read from /path/to/project/phpunit.xml Time: 116 ms, Memory: 2.00Mb No tests executed!
06. First Tests use xsist10SafeBrowsingSafeBrowsing; use xsist10SafeBrowsingStrategyChain; class SafeBrowsingTest extends PHPUnit_Framework_TestCase { public function testInvalidUrl() { $chain = new Chain(); $safeBrowsing = new SafeBrowsing('', $chain); $message = 'Invalid URL specified.'; $this->setExpectedException('Exception', $message); $safeBrowsing->isUrlSafe('invalid-url'); } } $ vi tests/SafeBrowsingTest.php
06. First Tests public function testSecure() { $mock = $this->getMockBuilder( 'xsist10SafeBrowsingStrategyChain', ['execute'] )->getMock(); // API returns an empty result if the site is secure $mock->expects($this->once()) ->method('execute') ->will($this->returnValue('')); $safeBrowsing = new SafeBrowsing('', $mock); $url = 'http://www.google.com'; $response = $safeBrowsing->isUrlSafe($url); $this->assertTrue($response); }
06. First Tests $ vi phpunit.xml$ ./vendor/bin/phpunit PHPUnit 4.0.13 by Sebastian Bergmann. Configuration read from /path/to/project/phpunit.xml ..... Time: 568 ms, Memory: 4.00Mb OK (5 tests, 9 assertions)
06. Testing Resources ● Can't mock out resources ● Wrap resources in class and mock the class ● Wait! Don't write from scratch. Use your package manager!
06. cURL wrapper $ ./composer.phar search curl ext-curl The curl PHP extension lib-curl The curl PHP library kdyby/curl Curl wrapper for Nette Framework shuber/curl PHP Wrapper for Curl comvi/curl Work with remote servers via cURL much easier than using the native PHP bindings. anlutro/curl Simple OOP cURL wrapper. jyggen/curl A simple and lightweight cURL library with support for multiple requests in parallel. bca/curl cURL wrapper for PHP applications. unikent/curl Laravel Curl Helper Library. mogetutu/curl Simple Curl PHP Helper Library sweelix/curl PHP 5.3+ simple curl requestor lib/curl A simple cURL wrapper for PHP dvelopment/curl PHP OOP wrapper for cURL requests php-curl-class/php-curl-class PHP Curl Class is an object-oriented wrapper of the PHP cURL extension.
06. cURL wrapper $ php composer.phar require shuber/curl=dev-master ./composer.json has been updated Loading composer repositories with package information Updating dependencies (including require-dev) - Installing shuber/curl (dev-master 6624992) Cloning 6624992df201f9fd7262080117385dd09b0ecd2b Writing lock file Generating autoload files
06. Personality Chris Hartjes (@grmpyprogrammer) Testing advocate Being grumpy... so we don't have to Itotallydidn'tgetpermissiontousethisphoto
06. Personality Howhereactstoalackoftests.
07. Code Coverage ● Ensure you test all use cases ● Useful to spot code smell ● Helpful in identifying dead/unreachable code ● Improves confidence in library
07. Coverage Report <phpunit ...> ... <logging> <log type="coverage-html" target="build/report" charset="UTF-8" highlight="false" LowUpperBound="35" HighLowerBound="70" /> </logging> <filter> <whitelist> <directory>src</directory> </whitelist> </filter> </phpunit> $ echo “build” >> .gitignore $ vi phpunit.xml
07. Coverage Report
07. Coverage Report
07. Coverage Report
07. Ignore coverage ● Ignore whole class/function – @codeCoverageIgnore ● Ignore certain lines of code – // @codeCoverageIgnoreStart – // @codeCoverageIgnoreEnd ● Use responsibly
08. Continuous Integration ● Make sure your development branch is always in a deployable state. ● Ingredients: Tests, High Coverage, Automation
08. Travis-CI language: php before_script: - wget http://getcomposer.org/composer.phar - php composer.phar install --dev php: - 5.5 - 5.4 - hhvm script: phpunit $ vi .travis.yml
08. CLI Tools ● Copy paste detector ● Code Sniffer ● Mess Detector ● And lots more at http://phpqatools.org/
07 – Copy/paste detector $ php composer.phar require --dev sebastian/phpcpd=dev-master ./composer.json has been updated Loading composer repositories with package information Updating dependencies (including require-dev) - Installing sebastian/phpcpd (dev-master a946215) Cloning a9462153f2dd90466a010179901d31fbff598365 Writing lock file Generating autoload files $ ./vendor/bin/phpcpd src/ phpcpd 2.0.1 by Sebastian Bergmann. 0.00% duplicated lines out of 195 total lines of code. Time: 32 ms, Memory: 2.75Mb
08. Code Sniffer $ php composer.phar require --dev squizlabs/php_codesniffer=dev-master ./composer.json has been updated Loading composer repositories with package information Updating dependencies (including require-dev) - Installing squizlabs/php_codesniffer (dev-master 623905c) Cloning 623905ce571d64a8cb873826d47b81321cd55011 Writing lock file Generating autoload files $ ./vendor/bin/phpcs -i The installed coding standards are PSR1, PHPCS, Squiz, PEAR, Zend, MySource and PSR2 $ ./vendor/bin/phpcs --standard=PSR2 src/ [WALL OF TEXT]
08. Select a Standard $ ./vendor/bin/phpcs --standard=PSR2 src/ FILE: /path/to/project/SafeBrowsing/src/SafeBrowsing.php ------------------------------------------------------------------- FOUND 3 ERROR(S) AFFECTING 2 LINE(S) ------------------------------------------------------------------- 17 | ERROR | Opening brace should be on a new line 22 | ERROR | Visibility must be declared on method "isUrlSafe" 22 | ERROR | Opening brace should be on a new line ------------------------------------------------------------------- [WALL OF TEXT OMITTED]
08. Custom Standard $ ./vendor/bin/phpcs --standard=/path/to/own/standard src/ FILE: /path/to/project/SafeBrowsing/src/SafeBrowsing.php ------------------------------------------------------------------- FOUND 1 ERROR(S) AFFECTING 1 LINE(S) ------------------------------------------------------------------- 1 | ERROR | Homage to Cthulhu missing from doc header -------------------------------------------------------------------
08. Mess Detector $ php composer.phar require --dev phpmd/phpmd=1.4.* ./composer.json has been updated Loading composer repositories with package information Updating dependencies (including require-dev) - Installing phpmd/phpmd (1.4.1) Downloading: 100% Writing lock file Generating autoload files $ ./vendor/bin/phpmd src text codesize,unusedcode,naming,design Strategy/Get.php:9 Classes should not have a constructor method with the same name as the class
08. Taking it further ● Jenkins – http://jenkins-ci.org/ – Automate all the things ● Behat – http://behat.org/ – Cucumber syntax – Mink extension for website testing – Write human-readable use cases
08. Behat and Mink Feature: Test the login page In order to ensure that customer can use our system I need to make sure that they can log in successfully Scenario: Can I log in with valid details Given I am on the “www.mywebsite.com” When I click on “Login” And I fill “username” with “bob” And I fill “password” with “Password1” And I press “Login” Then I should see “Login Successful”
09. Flair ● General badges (versions, license, etc) – https://poser.pugx.org/ ● Build status – https://travis-ci.org ● Code Coverage – https://coveralls.io ● Code Analysis – https://insight.sensiolabs.com/analyses – https://scrutinizer-ci.com/
10. Engage ● Write a useful README.md – First thing you see on Github – How to install – How to use
10. Engage with developers ● Encourage fork/pull requests – Make sure they add tests – Make sure the old tests still pass – Travis-CI makes this simple
10. Engage with developers ● Promote your library – Twitter? – Google Plus? – I have no idea. I'm still figuring this out. I'm a developer dammit!
Homework ● Docblocks ● phing/ant to automate CLI tools ● Git pre-commit hooks to run tests
Social Awareness Too many pasty white guys @phpwomen http://phpwomen.org/
Questions? Twitter: @thomas_shone Github: https://github.com/xsist10 https://github.com/xsist10/SafeBrowsing

Recommended

Drupal Development Tips
Drupal Development TipsDrupal Development Tips
Drupal Development TipsChris Tankersley
 
Introduction to PhoneGap and PhoneGap Build
Introduction to PhoneGap and PhoneGap BuildIntroduction to PhoneGap and PhoneGap Build
Introduction to PhoneGap and PhoneGap BuildMartin de Keijzer
 
10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...Otto Kekäläinen
 
Find WordPress performance bottlenecks with XDebug PHP profiling
Find WordPress performance bottlenecks with XDebug PHP profilingFind WordPress performance bottlenecks with XDebug PHP profiling
Find WordPress performance bottlenecks with XDebug PHP profilingOtto Kekäläinen
 
Xdebug, KCacheGrind and Webgrind with WampServer
Xdebug, KCacheGrind and Webgrind with WampServer Xdebug, KCacheGrind and Webgrind with WampServer
Xdebug, KCacheGrind and Webgrind with WampServer Mediovski Technology
 
Testing and updating WordPress - Advanced techniques for avoiding regressions
Testing and updating WordPress - Advanced techniques for avoiding regressionsTesting and updating WordPress - Advanced techniques for avoiding regressions
Testing and updating WordPress - Advanced techniques for avoiding regressionsOtto Kekäläinen
 
Profiling PHP with Xdebug / Webgrind
Profiling PHP with Xdebug / WebgrindProfiling PHP with Xdebug / Webgrind
Profiling PHP with Xdebug / WebgrindSam Keen
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo
 

Recommended

Drupal Development Tips
Drupal Development TipsDrupal Development Tips
Drupal Development TipsChris Tankersley
 
Introduction to PhoneGap and PhoneGap Build
Introduction to PhoneGap and PhoneGap BuildIntroduction to PhoneGap and PhoneGap Build
Introduction to PhoneGap and PhoneGap BuildMartin de Keijzer
 
10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...10 things every developer should know about their database to run word press ...
10 things every developer should know about their database to run word press ...Otto Kekäläinen
 
Find WordPress performance bottlenecks with XDebug PHP profiling
Find WordPress performance bottlenecks with XDebug PHP profilingFind WordPress performance bottlenecks with XDebug PHP profiling
Find WordPress performance bottlenecks with XDebug PHP profilingOtto Kekäläinen
 
Xdebug, KCacheGrind and Webgrind with WampServer
Xdebug, KCacheGrind and Webgrind with WampServer Xdebug, KCacheGrind and Webgrind with WampServer
Xdebug, KCacheGrind and Webgrind with WampServer Mediovski Technology
 
Testing and updating WordPress - Advanced techniques for avoiding regressions
Testing and updating WordPress - Advanced techniques for avoiding regressionsTesting and updating WordPress - Advanced techniques for avoiding regressions
Testing and updating WordPress - Advanced techniques for avoiding regressionsOtto Kekäläinen
 
Profiling PHP with Xdebug / Webgrind
Profiling PHP with Xdebug / WebgrindProfiling PHP with Xdebug / Webgrind
Profiling PHP with Xdebug / WebgrindSam Keen
 
Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo.com: WordPress Security 101
Seravo.com: WordPress Security 101Seravo
 
Automatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesAutomatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesOtto Kekäläinen
 
WordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress SecurityWordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress SecurityTiia Rantanen
 
Capistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient wayCapistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient waySylvain Rayé
 
Php Power Tools
Php Power ToolsPhp Power Tools
Php Power ToolsMichelangelo van Dam
 
Die .htaccess richtig nutzen
Die .htaccess richtig nutzenDie .htaccess richtig nutzen
Die .htaccess richtig nutzenWalter Ebert
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingOtto Kekäläinen
 
WordPress security 101 - WP Turku Meetup 2.2.2017
WordPress security 101 - WP Turku Meetup 2.2.2017WordPress security 101 - WP Turku Meetup 2.2.2017
WordPress security 101 - WP Turku Meetup 2.2.2017Otto Kekäläinen
 
Search in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize itSearch in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize itOtto Kekäläinen
 
Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress Maurizio Pelizzone
 
Developers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIDevelopers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIWP Engine
 
Why it's dangerous to turn off automatic updates and here's how to do it
Why it's dangerous to turn off automatic updates and here's how to do itWhy it's dangerous to turn off automatic updates and here's how to do it
Why it's dangerous to turn off automatic updates and here's how to do itOnni Hakala
 
Optimising Your Front End Workflow With Symfony, Twig, Bower and Gulp
Optimising Your Front End Workflow With Symfony, Twig, Bower and GulpOptimising Your Front End Workflow With Symfony, Twig, Bower and Gulp
Optimising Your Front End Workflow With Symfony, Twig, Bower and GulpMatthew Davis
 
WordPress Hardening
WordPress HardeningWordPress Hardening
WordPress HardeningMaurizio Pelizzone
 
Quick flask an intro to flask
Quick flask an intro to flaskQuick flask an intro to flask
Quick flask an intro to flaskjuzten
 
Wordpress development: A Modern Approach
Wordpress development: A Modern ApproachWordpress development: A Modern Approach
Wordpress development: A Modern ApproachAlessandro Fiore
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersSeravo
 
wp-cli
wp-cliwp-cli
wp-cliMarcos Schratzenstaller
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017Otto Kekäläinen
 
HTTPS + Let's Encrypt
HTTPS + Let's EncryptHTTPS + Let's Encrypt
HTTPS + Let's EncryptWalter Ebert
 
Martin Aspeli Extending And Customising Plone 3
Martin Aspeli Extending And Customising Plone 3Martin Aspeli Extending And Customising Plone 3
Martin Aspeli Extending And Customising Plone 3Vincenzo Barone
 
Web Security
Web SecurityWeb Security
Web SecurityRene Churchill
 
PhpBB meets Symfony2
PhpBB meets Symfony2PhpBB meets Symfony2
PhpBB meets Symfony2Fabien Potencier
 

More Related Content

What's hot

Automatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesAutomatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesOtto Kekäläinen
 
WordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress SecurityWordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress SecurityTiia Rantanen
 
Capistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient wayCapistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient waySylvain Rayé
 
Die .htaccess richtig nutzen
Die .htaccess richtig nutzenDie .htaccess richtig nutzen
Die .htaccess richtig nutzenWalter Ebert
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingOtto Kekäläinen
 
WordPress security 101 - WP Turku Meetup 2.2.2017
WordPress security 101 - WP Turku Meetup 2.2.2017WordPress security 101 - WP Turku Meetup 2.2.2017
WordPress security 101 - WP Turku Meetup 2.2.2017Otto Kekäläinen
 
Search in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize itSearch in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize itOtto Kekäläinen
 
Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress Maurizio Pelizzone
 
Developers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIDevelopers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIWP Engine
 
Why it's dangerous to turn off automatic updates and here's how to do it
Why it's dangerous to turn off automatic updates and here's how to do itWhy it's dangerous to turn off automatic updates and here's how to do it
Why it's dangerous to turn off automatic updates and here's how to do itOnni Hakala
 
Optimising Your Front End Workflow With Symfony, Twig, Bower and Gulp
Optimising Your Front End Workflow With Symfony, Twig, Bower and GulpOptimising Your Front End Workflow With Symfony, Twig, Bower and Gulp
Optimising Your Front End Workflow With Symfony, Twig, Bower and GulpMatthew Davis
 
Quick flask an intro to flask
Quick flask an intro to flaskQuick flask an intro to flask
Quick flask an intro to flaskjuzten
 
Wordpress development: A Modern Approach
Wordpress development: A Modern ApproachWordpress development: A Modern Approach
Wordpress development: A Modern ApproachAlessandro Fiore
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersSeravo
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017Otto Kekäläinen
 
HTTPS + Let's Encrypt
HTTPS + Let's EncryptHTTPS + Let's Encrypt
HTTPS + Let's EncryptWalter Ebert
 
Martin Aspeli Extending And Customising Plone 3
Martin Aspeli Extending And Customising Plone 3Martin Aspeli Extending And Customising Plone 3
Martin Aspeli Extending And Customising Plone 3Vincenzo Barone
 

What's hot (20)

Automatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themesAutomatic testing and quality assurance for WordPress plugins and themes
Automatic testing and quality assurance for WordPress plugins and themes
 
WordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress SecurityWordCamp Finland 2015 - WordPress Security
WordCamp Finland 2015 - WordPress Security
 
Capistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient wayCapistrano deploy Magento project in an efficient way
Capistrano deploy Magento project in an efficient way
 
Php Power Tools
Php Power ToolsPhp Power Tools
Php Power Tools
 
Die .htaccess richtig nutzen
Die .htaccess richtig nutzenDie .htaccess richtig nutzen
Die .htaccess richtig nutzen
 
Improving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP ProfilingImproving WordPress Performance with Xdebug and PHP Profiling
Improving WordPress Performance with Xdebug and PHP Profiling
 
WordPress security 101 - WP Turku Meetup 2.2.2017
WordPress security 101 - WP Turku Meetup 2.2.2017WordPress security 101 - WP Turku Meetup 2.2.2017
WordPress security 101 - WP Turku Meetup 2.2.2017
 
Search in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize itSearch in WordPress - how it works and howto customize it
Search in WordPress - how it works and howto customize it
 
Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress Use Symfony2 components inside WordPress
Use Symfony2 components inside WordPress
 
Developers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLIDevelopers, Be a Bada$$ with WP-CLI
Developers, Be a Bada$$ with WP-CLI
 
Why it's dangerous to turn off automatic updates and here's how to do it
Why it's dangerous to turn off automatic updates and here's how to do itWhy it's dangerous to turn off automatic updates and here's how to do it
Why it's dangerous to turn off automatic updates and here's how to do it
 
Optimising Your Front End Workflow With Symfony, Twig, Bower and Gulp
Optimising Your Front End Workflow With Symfony, Twig, Bower and GulpOptimising Your Front End Workflow With Symfony, Twig, Bower and Gulp
Optimising Your Front End Workflow With Symfony, Twig, Bower and Gulp
 
WordPress Hardening
WordPress HardeningWordPress Hardening
WordPress Hardening
 
Quick flask an intro to flask
Quick flask an intro to flaskQuick flask an intro to flask
Quick flask an intro to flask
 
Wordpress development: A Modern Approach
Wordpress development: A Modern ApproachWordpress development: A Modern Approach
Wordpress development: A Modern Approach
 
Less and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developersLess and faster – Cache tips for WordPress developers
Less and faster – Cache tips for WordPress developers
 
wp-cli
wp-cliwp-cli
wp-cli
 
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
WordPress security 101 - WP Jyväskylä Meetup 21.3.2017
 
HTTPS + Let's Encrypt
HTTPS + Let's EncryptHTTPS + Let's Encrypt
HTTPS + Let's Encrypt
 
Martin Aspeli Extending And Customising Plone 3
Martin Aspeli Extending And Customising Plone 3Martin Aspeli Extending And Customising Plone 3
Martin Aspeli Extending And Customising Plone 3
 

Similar to PHP SA 2014 - Releasing Your Open Source Project

Lean Php Presentation
Lean Php PresentationLean Php Presentation
Lean Php PresentationAlan Pinstein
 
Web application security
Web application securityWeb application security
Web application securityRavi Raj
 
Php vulnerability presentation
Php vulnerability presentationPhp vulnerability presentation
Php vulnerability presentationSqa Enthusiast
 
Simplify your professional web development with symfony
Simplify your professional web development with symfonySimplify your professional web development with symfony
Simplify your professional web development with symfonyFrancois Zaninotto
 
Heavy Web Optimization: Backend
Heavy Web Optimization: BackendHeavy Web Optimization: Backend
Heavy Web Optimization: BackendVõ Duy Tuấn
 
Web scraping 101 with goutte
Web scraping 101 with goutteWeb scraping 101 with goutte
Web scraping 101 with goutteJoshua Copeland
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User SecurityDre Armeda
 
Workshop quality assurance for php projects tek12
Workshop quality assurance for php projects tek12Workshop quality assurance for php projects tek12
Workshop quality assurance for php projects tek12Michelangelo van Dam
 
OWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinOWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinTobias Zander
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009Brad Williams
 
関西PHP勉強会 php5.4つまみぐい
関西PHP勉強会 php5.4つまみぐい関西PHP勉強会 php5.4つまみぐい
関西PHP勉強会 php5.4つまみぐいHisateru Tanaka
 
Childthemes ottawa-word camp-1919
Childthemes ottawa-word camp-1919Childthemes ottawa-word camp-1919
Childthemes ottawa-word camp-1919Paul Bearne
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationAnant Shrivastava
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009Brad Williams
 

Similar to PHP SA 2014 - Releasing Your Open Source Project (20)

Web Security
Web SecurityWeb Security
Web Security
 
PhpBB meets Symfony2
PhpBB meets Symfony2PhpBB meets Symfony2
PhpBB meets Symfony2
 
Lean Php Presentation
Lean Php PresentationLean Php Presentation
Lean Php Presentation
 
Web application security
Web application securityWeb application security
Web application security
 
Php vulnerability presentation
Php vulnerability presentationPhp vulnerability presentation
Php vulnerability presentation
 
QA for PHP projects
QA for PHP projectsQA for PHP projects
QA for PHP projects
 
Simplify your professional web development with symfony
Simplify your professional web development with symfonySimplify your professional web development with symfony
Simplify your professional web development with symfony
 
Heavy Web Optimization: Backend
Heavy Web Optimization: BackendHeavy Web Optimization: Backend
Heavy Web Optimization: Backend
 
secure php
secure phpsecure php
secure php
 
Symfony2 - OSIDays 2010
Symfony2 - OSIDays 2010Symfony2 - OSIDays 2010
Symfony2 - OSIDays 2010
 
Web scraping 101 with goutte
Web scraping 101 with goutteWeb scraping 101 with goutte
Web scraping 101 with goutte
 
WordPress End-User Security
WordPress End-User SecurityWordPress End-User Security
WordPress End-User Security
 
Workshop quality assurance for php projects tek12
Workshop quality assurance for php projects tek12Workshop quality assurance for php projects tek12
Workshop quality assurance for php projects tek12
 
OWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinOWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in Berlin
 
WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009WordPress Security - WordCamp NYC 2009
WordPress Security - WordCamp NYC 2009
 
関西PHP勉強会 php5.4つまみぐい
関西PHP勉強会 php5.4つまみぐい関西PHP勉強会 php5.4つまみぐい
関西PHP勉強会 php5.4つまみぐい
 
Childthemes ottawa-word camp-1919
Childthemes ottawa-word camp-1919Childthemes ottawa-word camp-1919
Childthemes ottawa-word camp-1919
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web ApplicationNull bhopal Sep 2016: What it Takes to Secure a Web Application
Null bhopal Sep 2016: What it Takes to Secure a Web Application
 
WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009WordPress Security Updated - NYC Meetup 2009
WordPress Security Updated - NYC Meetup 2009
 
Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010Symfony2 - WebExpo 2010
Symfony2 - WebExpo 2010
 

More from xsist10

Security theatre (Scotland php)
Security theatre (Scotland php)Security theatre (Scotland php)
Security theatre (Scotland php)xsist10
 
Security Theatre (PHP Leuven)
Security Theatre (PHP Leuven)Security Theatre (PHP Leuven)
Security Theatre (PHP Leuven)xsist10
 
Security Theatre - Confoo
Security Theatre - ConfooSecurity Theatre - Confoo
Security Theatre - Confooxsist10
 
I put on my mink and wizard behat - Confoo Canada
I put on my mink and wizard behat - Confoo CanadaI put on my mink and wizard behat - Confoo Canada
I put on my mink and wizard behat - Confoo Canadaxsist10
 
Security Theatre - PHP UK Conference
Security Theatre - PHP UK ConferenceSecurity Theatre - PHP UK Conference
Security Theatre - PHP UK Conferencexsist10
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Beneluxxsist10
 
Security Theatre - AmsterdamPHP
Security Theatre - AmsterdamPHPSecurity Theatre - AmsterdamPHP
Security Theatre - AmsterdamPHPxsist10
 
I put on my mink and wizard behat (talk)
I put on my mink and wizard behat (talk)I put on my mink and wizard behat (talk)
I put on my mink and wizard behat (talk)xsist10
 
I put on my mink and wizard behat (tutorial)
I put on my mink and wizard behat (tutorial)I put on my mink and wizard behat (tutorial)
I put on my mink and wizard behat (tutorial)xsist10
 
I put on my mink and wizard behat
I put on my mink and wizard behatI put on my mink and wizard behat
I put on my mink and wizard behatxsist10
 
PHP SA 2013 - The weak points in our PHP projects
PHP SA 2013 - The weak points in our PHP projectsPHP SA 2013 - The weak points in our PHP projects
PHP SA 2013 - The weak points in our PHP projectsxsist10
 

More from xsist10 (11)

Security theatre (Scotland php)
Security theatre (Scotland php)Security theatre (Scotland php)
Security theatre (Scotland php)
 
Security Theatre (PHP Leuven)
Security Theatre (PHP Leuven)Security Theatre (PHP Leuven)
Security Theatre (PHP Leuven)
 
Security Theatre - Confoo
Security Theatre - ConfooSecurity Theatre - Confoo
Security Theatre - Confoo
 
I put on my mink and wizard behat - Confoo Canada
I put on my mink and wizard behat - Confoo CanadaI put on my mink and wizard behat - Confoo Canada
I put on my mink and wizard behat - Confoo Canada
 
Security Theatre - PHP UK Conference
Security Theatre - PHP UK ConferenceSecurity Theatre - PHP UK Conference
Security Theatre - PHP UK Conference
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Benelux
 
Security Theatre - AmsterdamPHP
Security Theatre - AmsterdamPHPSecurity Theatre - AmsterdamPHP
Security Theatre - AmsterdamPHP
 
I put on my mink and wizard behat (talk)
I put on my mink and wizard behat (talk)I put on my mink and wizard behat (talk)
I put on my mink and wizard behat (talk)
 
I put on my mink and wizard behat (tutorial)
I put on my mink and wizard behat (tutorial)I put on my mink and wizard behat (tutorial)
I put on my mink and wizard behat (tutorial)
 
I put on my mink and wizard behat
I put on my mink and wizard behatI put on my mink and wizard behat
I put on my mink and wizard behat
 
PHP SA 2013 - The weak points in our PHP projects
PHP SA 2013 - The weak points in our PHP projectsPHP SA 2013 - The weak points in our PHP projects
PHP SA 2013 - The weak points in our PHP projects
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 

PHP SA 2014 - Releasing Your Open Source Project

  • 1. Releasing Your Open Source Project How to write libraries people won't (completely) hate By @thomas_shone
  • 3. 00. Introduction ● No formal education in PHP ● Learnt PHP the hard way ● This talk is about the process ● Connect with personalities
  • 5. 00. Introduction <?php function isUrlSafe($api_key, $url) { if (!filter_var($url, FILTER_VALIDATE_URL)) { throw new Exception('Invalid URL specified.') } $api_uri = 'https://sb-ssl.google.com/' . 'safebrowsing/api/lookup?client=api&apikey=' . $api_key . '&appver=1.0&pver=3.0&url=' . urlencode($url); $result = file_get_contents($api_uri); return strpos($result, 'malware') === false && strpos($result, 'phishing') === false; } When you've finished reading this code, touch your nose so I know when everyone is done.
  • 6. 10. Security ● Shouldn't be left till last ● Unsure of how to do it properly ● Worst thing that can happen to insecure open source code is it becomes popular
  • 7. 10. Security ● Shouldn't be left till last ● Unsure of how to do it properly ● Worst thing that can happen to insecure open source code is it becomes popular
  • 8. 01. Security ● Shouldn't be left till last ● Unsure of how to do it properly ● Worst thing that can happen to insecure open source code is it becomes popular
  • 9. 01. Security ● Joomla! – 5/133 versions secure – 85 vulnerabilities – 0/322 of scanned sites secured ● WordPress – 2/322 versions secure – 54 vulnerabilities – 313/589 of scanned sites secure
  • 10. 01. Secure Communication What questions do we need to ask to ensure our communication is secure?
  • 11. 01. Secure Communication 1. Can C overhear what A and B are saying? BA C
  • 12. 01. Secure Communication 2. Is A sure s/he is talking to B and C isn't standing in the middle? BA C
  • 13. 01. Secure Communication 3. Does A trust B not to tell C? BA C
  • 14. 01. Secure Communication ● Certificate file sourced from https://github.com/guzzle/guzzle/blob/master/src/cacert.pem ● disable_compression only available in PHP 5.4.13+ (prevents CRIME/BREACH attacks) ● Not required with PHP 5.6+ thanks to this guy... $context = stream_context_create([ 'ssl' => [ 'verify_peer' => true, 'verify_depth' => 5, 'cafile' => 'cacert.pem', 'CN_match' => 'sb-ssl.google.com', 'disable_compression' => true, ] ]); $result = file_get_contents($api_uri, false, $context);
  • 15. 01. Personality Daniel Lowrey (@rdlowrey) PHP SSL/TLS Contributor Saving us from ourselves Itotallygotpermissiontousethisphoto
  • 17. 02. Hosting ● phpclasses.org - FUCK NO! ● sourceforge.net - HELL NO! ● pear.php.net - No ● bitbucket.org - No ● github.com - Yes
  • 18. 03. Managing your source ● Source control (already determined) ● Version ● License
  • 19. 03. Credentials ● .gitignore to exclude sensitive data ● If you've pushed sensitive data to github, change your credentials asap https://help.github.com/articles/remove-sensitive-data Don't be that guy
  • 20. 03. Licensing ● MIT – Do whatever you want with it – Must attribute – Don't blame me if it causes a zombie outbreak ● Apache – Same as MIT – contributors grants patent rights to users ● GPL – Must release any changes or improvements – Can't change license – Ditto with the zombies http://choosealicense.com/
  • 21. 03. Versioning MAJOR.MINOR.PATCH-STABILITY ● Breaking backward compatibility? Increase MAJOR ● Adding backwards compatible feature? Increase MINOR ● Adding bugfix? Increase PATCH ● Not production ready? Add stability value (alpha, beta, preview) http://semver.org/
  • 23. 04. Package Management ● PEAR – No space for alternatives – High requirement levels – Package signing ● Composer – Easy to install/update dependencies – Version locking – Autoloading – Your package becomes smaller – Package signing (almost) – Doubles as a distribution platform (https://packagist.org )
  • 24. 04. Package Management ● PEAR - NO – No space for alternatives – High requirement levels – Package signing ● Composer - YES – Easy to install/update dependencies – Version locking – Autoloading – Your package becomes smaller – Package signing (almost) – Doubles as a distribution platform (https://packagist.org )
  • 25. 04. Composer $ mkdir safebrowser && cd safebrowser $ curl -s http://getcomposer.org/installer | php #!/usr/bin/env php All settings correct for using Composer Downloading... Composer successfully installed to: /home/project/composer.phar Use it: php composer.phar
  • 26. 04. Composer $ php composer.phar init Welcome to the Composer config generator This command will guide you through creating your composer.json config. Package name (<vendor>/<name>) [thomas/project]:xsist10/SafeBrowsing Description []: Google Safe Browsing Client Author [Thomas Shone <xsist10@gmail.com>]: Minimum Stability []: License []: MIT
  • 27. 04. Composer { "name": "xsist10/safebrowser", "description": "Google SafeBrowser Client", "license": "MIT", "authors": [ { "name": "Thomas Shone", "email": "xsist10@gmail.com" } ], "require": { }, "autoload": { "psr-4": { "xsist10SafeBrowsing": "src/" } } }
  • 28. 04. Composer $ php composer.phar install Loading composer repositories with package information Installing dependencies (including require-dev) Nothing to install or update Generating autoload files $ vi index.php <?php require 'vendor/autoload.php';
  • 29. 04. Don't commit vendor/ # Your code src/[Your Library] vendor/[Dependencies] $ echo "vendor" >> .gitignore # Someone using your library src/[Their Project Code] vendor/xsist10/SafeBrowsing/[Your Library] vendor/[Your Library Dependencies] vendor/[Their Dependencies] Some of these might be the same # You don't want this vendor/xsist10/SafeBrowsing/[Your Library]/vendor/
  • 30. 04. Composer $ mkdir src $ vi src/SafeBrowsing.php <?php namespace xsist10SafeBrowsing; class SafeBrowsing { public function __construct($api_key) { $this->api_key = $api_key; } public function isUrlSafe($url) { // ... } }
  • 31. 04. Composer <?php require 'vendor/autoload.php'; use xsist10SafeBrowsingSafeBrowsing; $safeBrowsing = new SafeBrowsing($api_key); $safeBrowsing->isUrlSafe('www.example.com');
  • 32. 04. List on Packagist
  • 33. 04. List on Packagist $ php composer.phar require xsist10/safebrowser=dev-master
  • 38. 04. Package Signing ● Currently being implemented in Composer – https://github.com/composer/composer/pull/2814 ● Ensure that the package you're installing hasn't been tampered with, like: – Ruby Gem installs – PEAR libraries – Linux packages (deb, rpm, yum) – Windows binaries
  • 39. 04. Package Signing # When you first setup your project $ php composer.phar create-keys --directory /path/ --prefix=mykey --passphrase passphrase to encrypt the private key: $ php composer.phar add-dev-key /path/mykey-private.pem $ php composer.phar sign-dev-keys /path/mykey-private.pem # Last thing you do before you release a new version $ php composer.phar sign /path/mykey-private.pem Enter a passphrase if the private key is encrypted: $ git commit -m “Updated keys” keys.json manifest.json $ git push # Tag you release immediately
  • 41. 04. Personality Pádraic Brady (@padraicb) Zend Framework / Composer contributor Working on the signing code Thisguyissoawesomethattheinternetcan't containpicturesofhim.
  • 42. 05. Design Patterns ● Increase flexibility without having to modify the library code ● Provide rules on how to extend
  • 44. 05. Strategy <?php namespace xsist10SafeBrowsingStrategy; interface Strategy { public function execute($url, $param); } https://en.wikipedia.org/wiki/Strategy_pattern
  • 45. 05. Strategy <?php namespace xsist10SafeBrowsingStrategy; class Get implements Strategy { public function execute($url, $param) { $context = stream_context_create([ 'ssl' => [ 'verify_peer' => true, 'cafile' => 'path/to/cafile', 'CN_match' => 'sb-ssl.google.com' ] ]); $query = $url . '?' . http_build_query($param); return file_get_contents($query, false, $context); } }
  • 46. 05. Strategy <?php namespace xsist10SafeBrowsingStrategy; class Post implements Strategy { public function execute($url, $param) { // Do some curl init stuff ... // Do your security! curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($curl, CURLOPT_CAINFO, 'path/to/cafile'); $result = curl_exec($curl); $code = curl_getinfo($curl, CURLINFO_HTTP_CODE); curl_close($curl); // check some result checks first ... return $result; } }
  • 47. 05. Strategy <?php require 'vendor/autoload.php'; use xsist10SafeBrowsingSafeBrowsing; use xsist10SafeBrowsingStrategyGet; $sb = new SafeBrowsing($api_key, new Get()); $sb->isUrlSafe('www.example.com'); use xsist10SafeBrowsingStrategyPost; $sb = new SafeBrowsing($api_key, new Post()); $sb->isUrlSafe('www.example.com');
  • 48. 05. Chain of Responsibility
  • 49. 05. Chain of Responsibility <?php namespace xsist10SafeBrowsingStrategy; use Exception; class UnavailableException extends Exception {} https://en.wikipedia.org/wiki/Strategy_pattern
  • 50. 05. Chain of Responsibility <?php namespace xsist10SafeBrowsingStrategy; class Get implements Strategy { public function execute($url, $param) { if (!ini_get('allow_url_fopen')) { throw new UnavailableException(); } // ... } }
  • 51. 05. Chain of Responsibility <?php namespace xsist10SafeBrowsingStrategy; class Post implements Strategy { public function execute($url, $param) { if (!function_exists('curl_init')) { throw new UnavailableException(); } // ... } }
  • 52. 05. Chain of Responsibility <?php namespace xsist10SafeBrowsing; use xsist10SafeBrowsingStrategyStrategy; class Chain implements Strategy { public function append(Strategy $strat) { $this->chain[] = $strat; } public function execute($url, $param) { foreach ($this->chain as $strategy) { try { return $strategy->get($url, $param); } catch (UnavailableException $exception) { // We can ignore and move to the next } } throw new Exception('No available strategy.'); } }
  • 53. 05. Put the chain links together <?php // ... use xsist10SafeBrowsingChain; $chain = new Chain(); $chain->append(new Post()); $chain->append(new Get()); $sb = new SafeBrowsing($api_key, $chain); $sb->isUrlSafe('www.example.com'); // This still works $sb = new SafeBrowsing($api_key, new Get()); $sb->isUrlSafe('www.example.com');
  • 54. 05. The start of something beautiful <?php // ... use SomeOtherGuySomeOtherPackageCache; $chain = new Chain(); $chain->append(new Cache()); $chain->append(new Post()); $chain->append(new Get()); $sb = new SafeBrowsing($api_key, $chain); $sb->isUrlSafe('www.example.com');
  • 55. 05. Personality Martin Fowler (@martinfowler) Design Pattern Tamer http://www.martinfowler.com/ Hegetssuperpowersfromhishat
  • 56. So what next? Shamelessly copied from http://thephpleague.com/ ● Follow PSR-2, we use League as our PSR-0 namespace. ● List on Packagist, we list with league as the vendor namespace. ● Shove code in a src folder. ● Write unit tests. Aim for at least 80% coverage for v1.0. ● DocBlock all the things. ● Semantic versioning must be used to manage version numbers. ● Use Travis-CI to automatically check coding standards and run tests. ● Have an extensive README.
  • 57. 06. Why Tests? ● You will always find bugs ● Confidence in libraries ● Prevent regressions ● Ensure new features have been thoroughly vetted
  • 58. 06. PHPUnit $ php composer.phar require --dev phpunit/phpunit=4.0.*@dev ./composer.json has been updated Loading composer repositories with package information Updating dependencies (including require-dev) ... - Installing phpunit/phpunit (4.0.x-dev fca5bc6) Cloning fca5bc6a50d09b26db280c5cc3c84978c9cace3f phpunit/phpunit suggests installing phpunit/php-invoker (~1.1) Writing lock file Generating autoload files
  • 59. 06. PHPUnit $ vi phpunit.xml <?xml version="1.0" encoding="UTF-8"?> <phpunit backupGlobals="false" convertErrorsToExceptions="true" convertWarningsToExceptions="true" convertNoticesToExceptions="true" mapTestClassNameToCoveredClassName="true" bootstrap="vendor/autoload.php" strict="true" verbose="true" colors="true"> <testsuites> <testsuite> <directory>./tests</directory> </testsuite> </testsuites> </phpunit> $ mkdir tests $ vi phpunit.xml
  • 60. 06. PHPUnit $ vi phpunit.xml$ ./vendor/bin/phpunit PHPUnit 4.0.13 by Sebastian Bergmann. Configuration read from /path/to/project/phpunit.xml Time: 116 ms, Memory: 2.00Mb No tests executed!
  • 61. 06. First Tests use xsist10SafeBrowsingSafeBrowsing; use xsist10SafeBrowsingStrategyChain; class SafeBrowsingTest extends PHPUnit_Framework_TestCase { public function testInvalidUrl() { $chain = new Chain(); $safeBrowsing = new SafeBrowsing('', $chain); $message = 'Invalid URL specified.'; $this->setExpectedException('Exception', $message); $safeBrowsing->isUrlSafe('invalid-url'); } } $ vi tests/SafeBrowsingTest.php
  • 62. 06. First Tests public function testSecure() { $mock = $this->getMockBuilder( 'xsist10SafeBrowsingStrategyChain', ['execute'] )->getMock(); // API returns an empty result if the site is secure $mock->expects($this->once()) ->method('execute') ->will($this->returnValue('')); $safeBrowsing = new SafeBrowsing('', $mock); $url = 'http://www.google.com'; $response = $safeBrowsing->isUrlSafe($url); $this->assertTrue($response); }
  • 63. 06. First Tests $ vi phpunit.xml$ ./vendor/bin/phpunit PHPUnit 4.0.13 by Sebastian Bergmann. Configuration read from /path/to/project/phpunit.xml ..... Time: 568 ms, Memory: 4.00Mb OK (5 tests, 9 assertions)
  • 64. 06. Testing Resources ● Can't mock out resources ● Wrap resources in class and mock the class ● Wait! Don't write from scratch. Use your package manager!
  • 65. 06. cURL wrapper $ ./composer.phar search curl ext-curl The curl PHP extension lib-curl The curl PHP library kdyby/curl Curl wrapper for Nette Framework shuber/curl PHP Wrapper for Curl comvi/curl Work with remote servers via cURL much easier than using the native PHP bindings. anlutro/curl Simple OOP cURL wrapper. jyggen/curl A simple and lightweight cURL library with support for multiple requests in parallel. bca/curl cURL wrapper for PHP applications. unikent/curl Laravel Curl Helper Library. mogetutu/curl Simple Curl PHP Helper Library sweelix/curl PHP 5.3+ simple curl requestor lib/curl A simple cURL wrapper for PHP dvelopment/curl PHP OOP wrapper for cURL requests php-curl-class/php-curl-class PHP Curl Class is an object-oriented wrapper of the PHP cURL extension.
  • 66. 06. cURL wrapper $ php composer.phar require shuber/curl=dev-master ./composer.json has been updated Loading composer repositories with package information Updating dependencies (including require-dev) - Installing shuber/curl (dev-master 6624992) Cloning 6624992df201f9fd7262080117385dd09b0ecd2b Writing lock file Generating autoload files
  • 67. 06. Personality Chris Hartjes (@grmpyprogrammer) Testing advocate Being grumpy... so we don't have to Itotallydidn'tgetpermissiontousethisphoto
  • 69. 07. Code Coverage ● Ensure you test all use cases ● Useful to spot code smell ● Helpful in identifying dead/unreachable code ● Improves confidence in library
  • 70. 07. Coverage Report <phpunit ...> ... <logging> <log type="coverage-html" target="build/report" charset="UTF-8" highlight="false" LowUpperBound="35" HighLowerBound="70" /> </logging> <filter> <whitelist> <directory>src</directory> </whitelist> </filter> </phpunit> $ echo “build” >> .gitignore $ vi phpunit.xml
  • 74. 07. Ignore coverage ● Ignore whole class/function – @codeCoverageIgnore ● Ignore certain lines of code – // @codeCoverageIgnoreStart – // @codeCoverageIgnoreEnd ● Use responsibly
  • 75. 08. Continuous Integration ● Make sure your development branch is always in a deployable state. ● Ingredients: Tests, High Coverage, Automation
  • 76. 08. Travis-CI language: php before_script: - wget http://getcomposer.org/composer.phar - php composer.phar install --dev php: - 5.5 - 5.4 - hhvm script: phpunit $ vi .travis.yml
  • 77. 08. CLI Tools ● Copy paste detector ● Code Sniffer ● Mess Detector ● And lots more at http://phpqatools.org/
  • 78. 07 – Copy/paste detector $ php composer.phar require --dev sebastian/phpcpd=dev-master ./composer.json has been updated Loading composer repositories with package information Updating dependencies (including require-dev) - Installing sebastian/phpcpd (dev-master a946215) Cloning a9462153f2dd90466a010179901d31fbff598365 Writing lock file Generating autoload files $ ./vendor/bin/phpcpd src/ phpcpd 2.0.1 by Sebastian Bergmann. 0.00% duplicated lines out of 195 total lines of code. Time: 32 ms, Memory: 2.75Mb
  • 79. 08. Code Sniffer $ php composer.phar require --dev squizlabs/php_codesniffer=dev-master ./composer.json has been updated Loading composer repositories with package information Updating dependencies (including require-dev) - Installing squizlabs/php_codesniffer (dev-master 623905c) Cloning 623905ce571d64a8cb873826d47b81321cd55011 Writing lock file Generating autoload files $ ./vendor/bin/phpcs -i The installed coding standards are PSR1, PHPCS, Squiz, PEAR, Zend, MySource and PSR2 $ ./vendor/bin/phpcs --standard=PSR2 src/ [WALL OF TEXT]
  • 80. 08. Select a Standard $ ./vendor/bin/phpcs --standard=PSR2 src/ FILE: /path/to/project/SafeBrowsing/src/SafeBrowsing.php ------------------------------------------------------------------- FOUND 3 ERROR(S) AFFECTING 2 LINE(S) ------------------------------------------------------------------- 17 | ERROR | Opening brace should be on a new line 22 | ERROR | Visibility must be declared on method "isUrlSafe" 22 | ERROR | Opening brace should be on a new line ------------------------------------------------------------------- [WALL OF TEXT OMITTED]
  • 81. 08. Custom Standard $ ./vendor/bin/phpcs --standard=/path/to/own/standard src/ FILE: /path/to/project/SafeBrowsing/src/SafeBrowsing.php ------------------------------------------------------------------- FOUND 1 ERROR(S) AFFECTING 1 LINE(S) ------------------------------------------------------------------- 1 | ERROR | Homage to Cthulhu missing from doc header -------------------------------------------------------------------
  • 82. 08. Mess Detector $ php composer.phar require --dev phpmd/phpmd=1.4.* ./composer.json has been updated Loading composer repositories with package information Updating dependencies (including require-dev) - Installing phpmd/phpmd (1.4.1) Downloading: 100% Writing lock file Generating autoload files $ ./vendor/bin/phpmd src text codesize,unusedcode,naming,design Strategy/Get.php:9 Classes should not have a constructor method with the same name as the class
  • 83. 08. Taking it further ● Jenkins – http://jenkins-ci.org/ – Automate all the things ● Behat – http://behat.org/ – Cucumber syntax – Mink extension for website testing – Write human-readable use cases
  • 84. 08. Behat and Mink Feature: Test the login page In order to ensure that customer can use our system I need to make sure that they can log in successfully Scenario: Can I log in with valid details Given I am on the “www.mywebsite.com” When I click on “Login” And I fill “username” with “bob” And I fill “password” with “Password1” And I press “Login” Then I should see “Login Successful”
  • 85. 09. Flair ● General badges (versions, license, etc) – https://poser.pugx.org/ ● Build status – https://travis-ci.org ● Code Coverage – https://coveralls.io ● Code Analysis – https://insight.sensiolabs.com/analyses – https://scrutinizer-ci.com/
  • 86. 10. Engage ● Write a useful README.md – First thing you see on Github – How to install – How to use
  • 87. 10. Engage with developers ● Encourage fork/pull requests – Make sure they add tests – Make sure the old tests still pass – Travis-CI makes this simple
  • 88. 10. Engage with developers ● Promote your library – Twitter? – Google Plus? – I have no idea. I'm still figuring this out. I'm a developer dammit!
  • 89. Homework ● Docblocks ● phing/ant to automate CLI tools ● Git pre-commit hooks to run tests
  • 90. Social Awareness Too many pasty white guys @phpwomen http://phpwomen.org/