<p>In the last couple of days I have been playing around with the idea of combining GitHub Actions and GitHub Pages to be able to dynamically build preview environments every time a pull request is opened against a repository hosting a client-side web app.</p><p>The idea is that you can quickly preview the changes made by some contributor, without having to clone their branch and running everything locally, something specially useful for open source projects.</p><p>In this article I will explain how to set everything up, and what are some considerations and problems you may face during the process.</p><h3>Enable github pages</h3><p>The first thing you need to do is enable your project to publish pages on some branch. I recommend creating a new branch for this, let&#x27;s say <code>preview-env</code>, and then enabling publishing on it.</p><p>In order to do that go to your repository and then <strong>Settings</strong> -&gt; <strong>Pages</strong>, look for the <strong>Source</strong> section, and you should see something like this:</p><p><img src="/assets/img/preview-envs/github-pages-before-enabling.png" alt="GitHub pages before enabling"/></p><p>Click in the dropdown and select your new branch, <code>preview-env</code>. Then click <strong>Save</strong>.</p><p><img src="/assets/img/preview-envs/github-pages-after-enabling.png" alt="GitHub pages after enabling"/></p><p>After saving you will see a message at the top of this section telling you what&#x27;s the URL in which the pages are published. It always follows the same pattern. If your organization is <code>my-org</code> and your repository is <code>my-repo</code>, the url will be <code>https://my-org.github.io/my-repo/</code>.</p><h3>Configure the workflow</h3><p>Now we need to configure a workflow that will &quot;deploy&quot; the preview environment for the branch every time a new pull request is created or updated:</p><p>Let&#x27;s imagine we have a React web app that is built with node.js. The configuration could look like this.</p><pre><pre><code class="language-yml"># .github/workflows/deploy-preview.yml
name: Deploy preview

on:
  pull_request: null

jobs:
  deploy:
    runs-on: ubuntu-20.04
    continue-on-error: true
    steps:
      - name: Checkout code
        uses: actions/checkout@v2
      - name: Use node.js 14.15
        uses: actions/setup-node@v1
        with:
          node-version: 14.15
      - name: Generate slug
        id: generate_slug
        run: echo &quot;##[set-output name=slug;]$(echo ${GITHUB_HEAD_REF#refs/heads/} | sed -r &#x27;s/[~\^]+//g&#x27; | sed -r &#x27;s/[^a-zA-Z0-9]+/-/g&#x27; | sed -r &#x27;s/^-+\|-+$//g&#x27; | tr A-Z a-z)&quot;
      - name: Build
        run: npm ci &amp;&amp; npm run build
      - name: Deploy
        uses: JamesIves/github-pages-deploy-action@4.1.1
        with:
          branch: preview-env
          folder: build
          target-folder: ${{ steps.generate_slug.outputs.slug }}
      - name: Publish env
        uses: marocchino/sticky-pull-request-comment@v2
        with:
          header: Preview environment
          message: |
            ## Preview environment
            https://my-org.github.io/my-repo/${{ steps.generate_slug.outputs.slug }}/
</code></pre></pre><blockquote><p>If you are not familiar with GitHub Actions yet, take a look at the <a target="_blank" rel="noopener noreferrer" href="https://docs.github.com/en/actions">official documentation</a>.</p></blockquote><p>This workflow will follow the next steps:</p><ul><li>Checkout the code from the repository.</li><li>Set-up node.js 14.15</li><li>Based on the branch name, generate a slug that we will use to have separated deployment folders for every pull request we receive. The slug is exposed to next steps as an output.</li><li>Build the project. This step will obviously depend on the needs of your project.</li><li>Using <a target="_blank" rel="noopener noreferrer" href="https://github.com/JamesIves/github-pages-deploy-action">JamesIves/github-pages-deploy-action</a>, deploy the contents we previously built in the GitHub page, under a sub-folder matching the slug we generated a few steps above, and under the branch <code>preview-env</code> (remember we enabled GitHub pages for this branch).</li><li>Finally, using <a target="_blank" rel="noopener noreferrer" href="https://github.com/marocchino/sticky-pull-request-comment">marocchino/sticky-pull-request-comment</a>, post a comment in the pull request with a link to the preview environment, so that you can just click on it and see the deployment.</li></ul><p>The steps may change depending on your needs and how you build your project. For example, I have an extra step to update a property in the <code>package.json</code> that is then used to allow serving the app in a sub-path instead of the root of the domain.</p><p>You may also not build your site with node.js, as you could be using any of the multiple existing static site generators out there, but you get the idea.</p><p>Finally, you have probably noticed the config includes <code>continue-on-error: true</code>. This will allow the pull request to be merged even if this process fails for some reason.</p><h3>Considerations when using forks</h3><p>While the configuration above will work perfectly when creating pull requests inside the same repository, there are some limitations when the pull request comes from a fork (which is the usual in OSS projects).</p><p>For security reasons, the <code>GITHUB_TOKEN</code> injected in those cases doesn&#x27;t have write permissions, which will make the &quot;deploy&quot; step fail.</p><p>Also, you cannot define your own token with more permissions and inject it as a secret, as the secrets are not exposed to workflows running on forks.</p><p>However, with a couple small config changes, we can work around these limitations:</p><h4>Change event</h4><p>The first thing we need to do is use the <code>pull_request_target</code> event instead of the <code>pull_request</code> one.</p><pre><pre><code class="language-diff">on:
-  pull_request: null
+  pull_request_target: null
</code></pre></pre><p>According to the documentation, this is equivalent to the <code>pull_request</code> event, but it runs in the scope of the base repository.</p><p>Thanks to this, the <code>GITHUB_TOKEN</code> will come with write permissions, and we will have access to secrets if needed.</p><h4>Checkout the fork</h4><p>The second thing we are going to change is that we now need to specify the repository to checkout.</p><p>In order to do that, we need to add two inputs to the &quot;Checkout code&quot; step, like this:</p><pre><pre><code class="language-diff">    steps:
      - name: Checkout code
        uses: actions/checkout@v2
+       with:
+         repository: ${{ github.event.pull_request.head.repo.full_name }}
+         ref: ${{ github.event.pull_request.head.ref }}
</code></pre></pre><p>This will ensure we checkout from the fork repository, instead of the base one, which is the default, as it&#x27;s the one where the <code>pull_request_target</code> event is scoped to.</p><p>And that&#x27;s it. With these two changes you can now deploy preview environments for pull requests coming from forks.</p><blockquote><p><strong>IMPORTANT!</strong> The limitations of the <code>pull_request</code> event are there for a reason. People could potentially get access to your secrets or manipulate your code. Proceed at your own risk.</p></blockquote><h3>Other considerations</h3><p>Other than the limitations for forks, there are a few other minor things to take into consideration.</p><ul><li>Changes in GitHub Pages do not reflect immediately. It may take up to a couple of minutes for the deployment to be available, but considering you will usually not review a PR right after it has been created, this should not be a big issue.</li><li>As you have seen, every time a pull request is created, the deployment will generate a new folder in your GitHub Pages branch. This may result in a lot of old folders to pile-up, so you may want to set up some way to clean them up periodically or after the pull request has been merged.</li><li>Due to the fact that GitHub Pages only allows static pages to be served, this process cannot be used with apps that require some kind of back-end or server-side logic.</li><li>If your project is already using GitHub Pages for something else (serve the project&#x27;s website or docs), that may conflict with this, preventing you from having this kind of preview envs.</li></ul>

Setting-up a preview environment for your client-side apps with GitHub Actions and GitHub Pages

<p>I remember many years ago, when I released my first open source project, that every time I had a new release ready, I was never sure what should be the new version number.</p><p>Versioning software is not as straightforward as it might look when you don&#x27;t have a lot of experience.</p><p>In this article I&#x27;ll try to explain the <a target="_blank" rel="noopener noreferrer" href="https://semver.org/">SemVer</a> approach to version software, and some things you might want to take into account on top of that.</p><h3>Semantic Versioning</h3><p>The first thing you need is a solid set of rules that help you decide which should your next version be.</p><p>I remember thinking <em>&quot;is this version big enough as to jump from 1.0 to 2.0?&quot;</em> or <em>&quot;I have seen projects using three numbers for the version, X.Y.Z, should I do the same?&quot;</em></p><p>Those questions are easier to answer if you stick to some standard that tells you what to do, and that will help others more easily understand your intention.</p><p>My recommendation is to use <a target="_blank" rel="noopener noreferrer" href="https://semver.org/">Semantic Versioning</a>, as it defines a solid starting point, and it&#x27;s quite adopted by the community.</p><p>Semantic Versioning states that you should use three numbers to identify versions, <code>MAJOR.MINOR.PATCH</code>, and follow these rules in order to decide which one to increase:</p><ul><li><code>PATCH</code>: the new release includes only bug fixes. People are encouraged to update to this release and no changes are needed in their code bases.</li><li><code>MINOR</code>: the new release includes new backwards-compatible features. People can update to this version without changing their code bases, and make use of the new features afterwards if they wish.</li><li><code>MAJOR</code>: the new release includes <a target="_blank" rel="noopener noreferrer" href="https://en.wikipedia.org/wiki/Backward_compatibility">backward compatibility</a> breaks. Changes in the code base will be needed when updating to this version.</li></ul><blockquote><p>These rules are easier to apply to libraries and frameworks than it is for apps and services. More about this later.</p></blockquote><h3>Try to keep backwards-compatibility</h3><p>Ok, we have some rules now. However, I have seen very frequently people mistaking what <em>can</em> be done with what <em>should</em> be done.</p><p>Yes, if you introduce a breaking change, you can update the major version and that&#x27;s it. However, if you do it too frequently, people won&#x27;t be happy, and you will end up with a fragmented user base, that stop updating to newer versions.</p><p>I remember using a library to deploy stuff that had a new major version every couple of months, changing things like &quot;The <code>host</code> function is now called <code>server</code>&quot;. Yes, ok, but why do I have to change my stuff so frequently.</p><p>It&#x27;s usually better to try to implement things in a backwards-compatible way, and keep track of the things you want to change and do it all at a time.</p><p>You can also deprecate things, and document the way you want those things to be done moving forward. That way you give people the chance to start changing their code and simplify a hypothetical upcoming major release.</p><h3>Provide clear upgrade paths</h3><p>As mentioned above, too frequent major version changes are not desirable, but sooner or later you will want to release a new major version for different reasons.</p><ul><li>Getting rid of that feature which is hard to maintain, introduces lots of bugs, and provides little value.</li><li>Supporting something new which is very hard to implement without breaking backwards compatibility.</li><li>Removing all those deprecated methods you have been dragging for months.</li><li>Fix design issues, where something was architected in the wrong way, and only spotted after some time.</li></ul><p>At the time this happens you will want your users to upgrade to the newer version, as you don&#x27;t want people to report bugs that only affect older versions, or to expect you to backport fixes to older versions because they haven&#x27;t updated to the new one.</p><p>The best way to achieve this is to provide clear and simple upgrade paths:</p><ul><li><p>Prepare your releases for the things to come: If you want to introduce new ways of doing things, do it before the major release, and deprecate the older ones. For example, you can have a new method that gets called by an older one, while you mark the old one as deprecated.</p><p>People will be more willing to update and change their code afterwards. By the time the major release is published, their code will be ready to upgrade.</p></li><li><p>Include a CHANGELOG file in your project, explaining the changes introduced in every version. A very good way to document a change log is the <a target="_blank" rel="noopener noreferrer" href="https://keepachangelog.com/">Keep a changelog</a> initiative.</p><p>You can also use some other platform to document the change log, like GitHub releases.</p></li><li><p>Include documentation on how to upgrade to a major release: This is probably the most important one. Document all the steps that need to be followed and all the required changes to update from a release to the next major one.</p><p>A good way to do this is by including an UPGRADE file in your project. You can see <a target="_blank" rel="noopener noreferrer" href="https://github.com/acmailer/acmailer/blob/main/UPGRADE.md">this example</a>.</p></li></ul><h3>Versioning libraries vs apps</h3><p>Semantic Versioning is a good standard to version software, but it plays much better with libraries and frameworks that are installed using some kind of package manager, than it does with apps and services that are not directly depended on.</p><p>For example, how do you identify a backward compatibility break on a web user interface?</p><p>With this kind of software there are more grey areas, and you will end up using your intuition.</p><p>For example, not long ago I released a <a href="/2020/12/24/released-shlink-web-client-v3-0-0/">new major version</a> for a web app I maintain, and it was completely compatible with the previous one. However, it introduced a larger amount of features than usual, and big UI changes, so I decided it was worth the bump.</p><p>Because of this there are projects that use different approaches to version apps. For example:</p><ul><li>Firefox and Chrome have 6-week cycles, and after each one of them they release a new major version no matter what.</li><li>Jetbrains publishes a few releases of their IDEs every year (I think 3) which always start with the year they were released on, like <code>2020.3.0</code>, and they increase the patch number for bugfixes.</li><li>Ubuntu releases 2 versions every year, one in April and one in October, and they are always identified by the year and month they were released on, like <code>19.04</code> or <code>20.10</code>.</li></ul><h3>Special versions</h3><p>There&#x27;s also a set of special versions that can be used to publish the so-called <strong>pre-release</strong> versions. These <a target="_blank" rel="noopener noreferrer" href="https://semver.org/#spec-item-9">are covered</a> by Semantic Versioning, but sometimes they are not so easy to understand.</p><p>It is also very likely that you never have to use these, as only relatively big projects will need this level of granularity, but it&#x27;s still good to know what&#x27;s their purpose and what do they imply.</p><h4>0.x.y</h4><p>It is possible to release a version of your software where the major number is <code>0</code>. When this happens, it means your software is still in its early stages.</p><p>It does not mean it&#x27;s necessarily unstable, but it means you are still introducing frequent changes on it, and therefore, it might be a bit more fragile than a version starting with a number greater than <code>0</code>.</p><h4>Alpha</h4><p>The intention of an alpha release is that a subset of people con test some new functionality, but you don&#x27;t want people to use it in production</p><p>Alpha versions are on their very early stages. Their public API is very likely to change, and they probably contain bugs.</p><p>Semantic Versioning states that alpha versions are identified by this pattern: <code>MAJOR.MINOR.PATCH-alpha.NUMBER</code>, for example <code>2.0.0-alpha.1</code>.</p><h4>Beta</h4><p>Similar to alpha versions, beta versions are also prone to contain bugs, but their API will in theory not change. That means that you could potentially adapt your software to start using a beta version, and when the corresponding stable release is published, you shouldn&#x27;t need that many changes.</p><p>Semantic Versioning defines a pattern similar to the one for alpha versions: <code>MAJOR.MINOR.PATCH-beta.NUMBER</code>, for example <code>2.0.0-beta.1</code>.</p><h4>Release candidate</h4><p>Release candidates (RC) are pre-release versions that you will want to publish for the general user-base to test an upcoming release. You want to publish a RC so that it&#x27;s battle tested by as many people as possible, in order to find possible bugs and edge cases.</p><p>They should not contain many bugs, but some could be found. The public API should not change anymore.</p><p>According to Semantic Versioning, the pattern to identify a RC is <code>MAJOR.MINOR.PATCH-rc.NUMBER</code>, for example <code>2.0.0-rc.1</code>.</p><h3>Conclusion</h3><p>We have seen some approaches and considerations to properly version your software.</p><p>Versioning is not so straightforward when you don&#x27;t have a lot of experience, but as you have seen, you just need to know a small set of rules and use a bit your intuition.</p><p>With those tools, you will be able to properly version your software.</p>

What to take into account when versioning software

<p>Two days ago I released the first major version in almost 2 years for <a target="_blank" rel="noopener noreferrer" href="https://github.com/shlinkio/shlink-web-client">shlink-web-client</a>, a web UI for <a target="_blank" rel="noopener noreferrer" href="https://shlink.io">shlink</a>, my self-hosted URL shortener.</p><p>This new version introduces several improvements to the project, and I thought it was worth writing a post to explain all of them in depth.</p><h3>New design</h3><p>The project has been using the same design almost since the beginning. It was clean, but it laked a bit of contrast and consistency in many sections.</p><p>Now the main background is light-gray, with components composed in white cards with a slight box shadow, that makes them easier to spot inside the app.</p><p>Also, the main area has now a max-width that prevents components from stretching too much on wide screens.</p><div class="row"><div class="col-md-6  "><img alt="Before" src="/assets/img/shlink-web-client-3/design-before.png" class="gallery-item"/><p class="text-center"><small>Before</small></p></div><div class="col-md-6  "><img alt="After" src="/assets/img/shlink-web-client-3/design-after.png" class="gallery-item"/><p class="text-center"><small>After</small></p></div></div><h3>Overview page</h3><p>Up until now, after connecting to a Shlink server, you went directly to the list of short URLs.</p><p>With this new version, you now see an overview page first, which displays some general stats, a quick short URL creation form, and the latest 5 short URLs.</p><p>From there, you can navigate to the full list of short URLs, with filtering capabilities, or go to the advanced short URL creation form.</p><div class="row"><div class="col-md-8 col-md-offset-2 "><img alt="Overview" src="/assets/img/shlink-web-client-3/overview.png" class="gallery-item"/><p class="text-center"><small>Overview</small></p></div></div><h3>Improved short URL creation form</h3><p>One of the sections with more room for improvement was the short URL creation form. It had all the inputs mixed, displaying just the &quot;long url&quot; one, with the option to un-collapsing the rest at will.</p><p>The new design groups the inputs by context, which makes it more clear. It also displays the inputs all the time, since the &quot;quick form&quot; is now located in the overview page.</p><div class="row"><div class="col-md-6  "><img alt="Before" src="/assets/img/shlink-web-client-3/creation-form-before.png" class="gallery-item"/><p class="text-center"><small>Before</small></p></div><div class="col-md-6  "><img alt="After" src="/assets/img/shlink-web-client-3/creation-form-after.png" class="gallery-item"/><p class="text-center"><small>After</small></p></div></div><h3>Enhanced visits page</h3><p>The visits page had a problem, it was trying to display too much information in a single place.</p><ul><li>Visits over time</li><li>Visits from every platform</li><li>Visits from every location</li><li>A list of visits as a table</li></ul><p>The new approach splits those in subsections with their own sub-route each (<code>/by-location</code>, <code>/by-context</code>, etc). This helps to render a smaller amount of charts at once, since they are a bit CPU greedy.</p><p>Also, only the visits from the last 30 days are loaded by default, making it load way faster for URLs with a lot of visits.</p><div class="row"><div class="col-md-6  "><img alt="Before" src="/assets/img/shlink-web-client-3/visits-before.png" class="gallery-item"/><p class="text-center"><small>Before</small></p></div><div class="col-md-6  "><img alt="After" src="/assets/img/shlink-web-client-3/visits-after.png" class="gallery-item"/><p class="text-center"><small>After</small></p></div></div><h3>Outer sections</h3><p>The app has some sections which are not related to a specific server, like creating/editing servers, or the settings page.</p><p>These sections have also been adapted to the new style, and they also have a max-width for wide screens.</p><div class="row"><div class="col-md-6  "><img alt="Before" src="/assets/img/shlink-web-client-3/create-server-before.png" class="gallery-item"/><p class="text-center"><small>Before</small></p></div><div class="col-md-6  "><img alt="After" src="/assets/img/shlink-web-client-3/create-server-after.png" class="gallery-item"/><p class="text-center"><small>After</small></p></div></div><h3>Date range selector</h3><p>A new component allows selecting date ranges either by relative time ranges (last 30 days, last 90 days...) or by selecting absolute start and end dates.</p><p>This component is used to filter both short URL lists and visits lists.</p><div class="row"><div class="col-md-6  col-md-offset-3"><img alt="Date range selector" src="/assets/img/shlink-web-client-3/date-range-selector.png" class=""/><p class="text-center"><small>Date range selector</small></p></div></div><h3>Domain selector</h3><p>Shlink has had multi-domain support for some versions, but changing the domain from the web client required to set the value manually, which is a bit error-prone.</p><p>This version introduces a new component which allows selecting from domains already used in the past (which is what you will want in most of the cases), preventing accidental typos.</p><p>It also allows setting new values in case you want to use a new domain that you never used before. This domain will then appear in the list the next time.</p><div class="row"><div class="col-md-6  "><img alt="Existing domains" src="/assets/img/shlink-web-client-3/domains-existing.png" class=""/><p class="text-center"><small>Existing domains</small></p></div><div class="col-md-6  "><img alt="New domain" src="/assets/img/shlink-web-client-3/domains-new.png" class=""/><p class="text-center"><small>New domain</small></p></div></div><h3>Other improvements</h3><p>The changes described so far were the major ones. However, v3.0.0 includes a few other minor improvements.</p><ul><li>Result and loading messages have been standardized: They are now more consistent and use the same set of components, which also ensures consistency in the future.</li><li>Error messages are now more descriptive: Instead of showing generic error messages when API calls fail, the actual error message is now always displayed, so that it&#x27;s easier to know what failed.</li><li>Dropped support for Shlink v1: All major versions come with some breaking changes that improve code maintainability. This one drops Shlink v1 support, which allows removing some conditional paths here and there.</li></ul><p>Other than the last point, Shlink v3.0.0 is mostly backwards compatible, so it&#x27;s safe to upgrade if you are already using Shlink v2.x</p><h3>Next steps</h3><p>Of course this doesn&#x27;t end here, and I have a lot of ideas to improve it even further.</p><ul><li>Dark theme: It&#x27;s what the cool kids do these days, and I have already done some experiments around it.</li><li>Shlink dashboard: Next gen web app for Shlink. You can read the whole reasoning in <a target="_blank" rel="noopener noreferrer" href="https://github.com/shlinkio/shlink-web-client/issues/338">this issue</a>.</li><li>Filtering in lists added to URL: Many sections allow filtering lists, but the state is saved in memory, which means it gets lost if the page is refreshed, and it cannot be bookmarked. The intention is to make all filtering params to become part of the URL.</li><li>Exporting visits in CSV: It&#x27;s cool to see charts full of info, but sometimes admins need to feed other services with the data, and consuming the original API is not always an option. Exporting visits to a CSV file will be supported soon by shlink-web-client.</li></ul>

Released shlink-web-client v3.0.0

<p>Let&#x27;s not deny that <a target="_blank" rel="noopener noreferrer" href="https://github.com/features/actions">GitHub actions</a> are hitting hard in the tech community, and many projects are transitioning from other continuous integration systems like <a target="_blank" rel="noopener noreferrer" href="https://circleci.com/">Circle CI</a> or <a target="_blank" rel="noopener noreferrer" href="https://travis-ci.org/">Travis CI</a>.</p><p>Personally I have been using Travis a lot during the past years, for all my OSS projects, and I have gotten very used to it.</p><p>However, people seem to be &quot;abandoning&quot; travis in favor of GitHub Actions, for different reasons. &quot;It&#x27;s faster&quot;, &quot;I can run smaller tasks in parallel&quot;, etc.</p><p>In my case, I have moved a few very specific tasks there, where travis was becoming a bottleneck, but I still have mixed feelings about the very-verbose yaml-based config needed to configure a few GitHub Actions, compared to the more concise travis one.</p><p>In this article I&#x27;ll explain how I improved a travis build to run several smaller tasks in parallel jobs, without having to completely move away from it.</p><h3>Initial state</h3><p>This project&#x27;s travis config is relatively simple. It is used to build a JS project for the web browser, and it has to run the next tasks:</p><ul><li>Lint the code, to make sure it fulfils the project&#x27;s coding standards.</li><li>Run unit tests.</li><li>Run mutation tests.</li><li>Build the docker image, to make sure none of the new changes broke it.</li><li>Conditionally publish a release on GitHub, with a dist file attached to it, if the build is being run for a git tag.</li></ul><pre><pre><code class="language-yaml">dist: bionic

language: node_js

branches:
  only:
    - /.*/

cache:
  directories:
    - node_modules

services:
  - docker

node_js:
  - &#x27;12.16.3&#x27;

install: npm ci

before_script:
  - echo &quot;Building commit range ${TRAVIS_COMMIT_RANGE}&quot;
  - export MUTATION_FILES=$(git diff ${TRAVIS_COMMIT_RANGE:-origin/main} --name-only | grep -E &#x27;src\/(.*).(ts|tsx)$&#x27; | paste -sd &quot;,&quot;)

script:
  - npm run lint
  - npm run test:ci
  - npm run mutate:ci
  - docker build -t project:test .

after_success:
  - node_modules/.bin/ocular coverage/clover.xml

before_deploy: npm run build ${TRAVIS_TAG#?}

deploy:
  - provider: releases
    api_key:
      secure: &lt;key&gt;
    file: &quot;./dist/project_${TRAVIS_TAG#?}_dist.zip&quot;
    skip_cleanup: true
    on:
      tags: true
</code></pre></pre><h3>Problems with this approach</h3><p>This is more or less ok, but the last two commands in <code>script</code> can be relatively slow and can delay the whole process.</p><p>Also, specially the mutation tests one, which is currently always considered successful regardless the result, can make the build reach the maximum run time allowed by travis, making the whole build falsely fail.</p><blockquote><p>The reason for the <code>before_script</code> step is to determine which source code files changed, and run mutation tests on them only, in order to mitigate this.</p></blockquote><p>Other than this, the build config defines &quot;global&quot; customizations that are actually only used for some tasks:</p><ul><li>Running <code>npm ci</code> is not required for the <code>docker build</code> task.</li><li>Getting the <code>docker</code> service is not required by any of the other tasks.</li><li>Determining changed files is only used by the <code>mutation tests</code> task.</li></ul><h3>Making use of jobs</h3><p>One cool feature travis supports is the use of a job <a target="_blank" rel="noopener noreferrer" href="https://docs.travis-ci.com/user/build-matrix/">build matrix</a>, that lets you define multiple jobs that run in parallel as part of the same build, and make each one of them do unrelated tasks.</p><p>Using this feature it is possible to improve the <code>.travis.yml</code> file, making it look like this:</p><pre><pre><code class="language-yaml">dist: bionic

language: node_js

branches:
  only:
    - /.*/

cache:
  directories:
    - node_modules

node_js:
  - &#x27;12.16.3&#x27;

jobs:
  fast_finish: true
  allow_failures:
    - name: &#x27;Mutation tests&#x27;
  include:

    - name: &#x27;Lint&#x27;
      install: npm ci
      script: npm run lint

    - name: &#x27;Unit tests&#x27;
      install: npm ci
      script: npm run test:ci
      after_success:
        - node_modules/.bin/ocular coverage/clover.xml

    - name: &#x27;Mutation tests&#x27;
      install: npm ci
      before_script:
        - echo &quot;Building commit range ${TRAVIS_COMMIT_RANGE}&quot;
        - export MUTATION_FILES=$(git diff ${TRAVIS_COMMIT_RANGE:-origin/main} --name-only | grep -E &#x27;src\/(.*).(ts|tsx)$&#x27; | paste -sd &quot;,&quot;)
      script: npm run mutate:ci

    - name: &#x27;Build docker image&#x27;
      services:
        - docker
      install: skip
      script: docker build -t project:test .

    - name: &#x27;Publish release&#x27;
      if: tag IS present
      install: skip
      script: skip
      before_deploy: npm run build ${TRAVIS_TAG#?}
      deploy:
        - provider: releases
          api_key:
            secure: &lt;key&gt;
          file: &quot;./dist/project_${TRAVIS_TAG#?}_dist.zip&quot;
          skip_cleanup: true
          on:
            tags: true
</code></pre></pre><p>This approach introduces all these benefits:</p><ul><li>Now linting, testing, mutation testing and building the docker image run in parallel, making the build finish earlier.</li><li>The mutation testing step is allowed to fail, and thanks to the <code>fast_finish</code> flag, travis won&#x27;t even wait for it to finish, considering the build successful once the rest have passed.</li><li>Configs that are only meaningful for certain jobs are defined in the job itself, instead of globally.</li><li>The &quot;publish release&quot; job only runs conditionally if the build is for a tag, thanks to the <code>if: tag IS present</code> condition. (More info about <a target="_blank" rel="noopener noreferrer" href="https://docs.travis-ci.com/user/conditional-builds-stages-jobs/">conditional jobs</a> in travis).</li><li>As soon as any of the jobs fails, the whole build fails and you don&#x27;t have to continue waiting. Before this, if the third task failed, you still had to wait for the previous two to finish.</li><li>Each job can have a name, making it more clear in travis UI what tasks are being run:</li></ul><p><img src="/assets/img/travis-multiple-jobs/travis-jobs.png" alt="Travis CI jobs"/></p><h3>Conclusion</h3><p>The main purpose of this article was to showcase that travis still has a lot to give. Github Actions are definitely cool, but there&#x27;s usually no silver bullet for everything, and a combination with other tools might be more suitable.</p><p>Also, this allows people using travis to improve their builds without having to change everything. Then, once you have split your tasks, if you still want to move to Github Actions, it should be easier.</p><blockquote><p>If you are curious, this is the project in which I use this travis configuration: <a target="_blank" rel="noopener noreferrer" href="https://github.com/shlinkio/shlink-web-client">shlinkio/shlink-web-client</a>.</p></blockquote>

Running several steps of a Travis CI build in parallel

<p>Asynchronous and non-blocking runtimes are pretty usual in many programming languages, as well as long-lived web apps that stay in memory and are capable of dispatching multiple HTTP requests without having to be fully bootstrapped every time. This has not been traditionally the case with PHP apps. </p><p>However, many projects are starting to get some adoption, that bring this long-lived approach to the PHP world.</p><p>The problem with this is that PHP developers are not used to this, and they tend to continue acting as they have always done. Also, libraries might have made some assumptions, making them not work as expected when used under this context.</p><p>Some of these projects are <a target="_blank" rel="noopener noreferrer" href="https://www.swoole.co.uk">swoole</a>, <a target="_blank" rel="noopener noreferrer" href="https://reactphp.org/">ReactPHP</a> or <a target="_blank" rel="noopener noreferrer" href="https://amphp.org/">Amphp</a>, to give some examples.</p><p>In this article, I will be focusing on the first one, and explain how to approach some of the pain points I have found after using it for a year and a half on an <a target="_blank" rel="noopener noreferrer" href="https://github.com/shlinkio/shlink">existing PHP project</a>.</p><h3>Introducing Swoole</h3><p>The main difference swoole has compared to other similar projects is that it&#x27;s written as a native PHP extension, and needs to be installed with <code>pecl</code>.</p><p>This is obviously a bit cumbersome, but the benefit is that, since it&#x27;s written in C++, it has a better handling of memory allocation, which is very important to achieve what it tries to do.</p><p>What swoole does is running a main process which bootstraps the PHP application once, and then keeps it in memory so that it can continue dispatching requests without having to load resources every time. This makes it really fast.</p><p>Those HTTP requests are handled by a set of child processes called &quot;web workers&quot;. Swoole forks the contents in memory for the main process to each one of the workers, so each worker has a &quot;copy&quot; of the application in memory.</p><p>Each worker is independent, but each one of them can only handle one request at a time, so you have to increase the number of workers if you expect a lot of concurrent traffic.</p><p>Other than web workers, swoole also has another set of child processes called &quot;task workers&quot;, which can be used to delegate long tasks at runtime to prevent web workers from getting blocked.</p><p>Here you can see a diagram of swoole&#x27;s architecture.</p><p><img src="https://www.swoole.co.uk/images/how-swoole-works.png" alt="How Swoole works"/></p><blockquote><p>More information can be found in <a target="_blank" rel="noopener noreferrer" href="https://www.swoole.co.uk/how-it-works">Swoole&#x27;s website</a>.</p></blockquote><h3>Problems to solve</h3><p>Now that we know how swoole works, let&#x27;s see some of the challanges I have faced in th past, which are usually not that ovbious when you are used to think in terms of &quot;blocking&quot; and &quot;short-lived&quot;.</p><h4>Database connections are kept open</h4><p>One of the first things you find out is that, since the application stays in memory, any database connection that has been opened by a worker (either web or task worker), will be kept open and reused in subsequent executions or HTTP requests served by the app.</p><p>This, which is in theory good, has a side effect, which is not obvious during development: <strong>the opened connection will eventually expire</strong>.</p><p>Since most of the popular database abstraction layers in PHP are coming from the times in which PHP was just a bootstrap-on-every-request technology, they never cared too much about expired database connections, as they would be opened again on next request.</p><p>However, when using swoole and the like, you have to implement some mechanism which takes care of reconnecting or gracefully recovering when this happens.</p><blockquote><p>I wrote an article explaining how I solved this on a middleware-based app served with swoole and using doctrine: <a href="/2019/11/04/how-to-properly-handle-a-doctrine-entity-manager-on-an-expressive-application-served-with-swoole/">How to properly handle a doctrine entity manager on an expressive application served with swoole</a></p></blockquote><p>Obviously, swoole (and also others) provides some tools to work with databases (like this <a target="_blank" rel="noopener noreferrer" href="https://www.swoole.co.uk/docs/modules/swoole-async-mysql-client">MySQL client</a>), which I&#x27;m sure do not have this problem (although, I haven&#x27;t personally tried this), but they are more limited than other well adopted libraries.</p><h4>In-memory caches don&#x27;t behave as expected</h4><p>It is a frequent practice to use local in-memory caches, like APCu, to improve applications performance in production.</p><p>Usually APCu is faster than other options, like redis or memcached, so it&#x27;s the choice when you only have one instance of your app running (meaning, you don&#x27;t have a cluster behind a load balancer).</p><p>However, even if you are running your app on just one server with swoole, because of the web worker system explained earlier, you actually have several copies of your app in memory, and each one of them will have a separated and not shared cache when using APCu.</p><p>This can lead to inconsistencies which are hard to debug, so you need to have it in mind.</p><p>Also, since the information that is being loaded is kept in memory anyway, you will not notice such a big improvement by using APCu or other in-memory caches.</p><blockquote><p>Notice that this problem does not happen when using distributed/centralized caching solutions, such as redis or memcached, as in that case, the caching technology is shared by all workers.</p></blockquote><h4>No need to optimize file including/requiring</h4><p>Many projects have complex configuration systems which are spread into several files. While this make it more maintainable, it also has a performance impact when all those files need to be loaded on every request.</p><p>Because of that, there are libraries like <a target="_blank" rel="noopener noreferrer" href="https://github.com/laminas/laminas-config-aggregator">laminas-config-aggregator</a> that can dynamically load config from many sources and, if some conditions are met, they can merge the result in a single bigger file that can be used in later requests.</p><p>In the case of swoole, as all the files will be kept in memory once loaded for the first time, there&#x27;s no need for this kind of optimization.</p><h4>Class autoloading happens once</h4><p>This point is very related with the previous one.</p><p>Composer offers a lot of optimization options so that class autoloading is faster in production. While you usually will still want to use some of those so that the first time a class is being loaded it is still reasonably fast, any subsequent hits will just use the class which is already in memory.</p><p>One of the composer flags you will probably don&#x27;t want use with swoole is <code>--apcu-autoloader</code>, because of the reasons mentioned two points above this one.</p><h4>Services should be truly stateless</h4><p>This is something that you should always do anyway, but it&#x27;s specially important when a service instance is kept in memory between HTTP requests.</p><p>Sometimes it&#x27;s easy to end up having some small piece of internal state on a service, where we save something as a side effect of a method call, to end up using it when another one of the public methods is invoked.</p><p>While this could seem harmless when the whole app is bootstrapped on every request, it can have very dangerous side effects when the app is served with swoole, because the instance will persist until another request is dispatched by the same web worker.</p><p>Just imagine you saved some user data on a service, and it ends up being served to another user on the next request. That won&#x27;t look good.</p><p>Because of this, make sure your services are truly stateless, and if for any reason that&#x27;s not possible, at least remember to have some mechanism in place that flushes the data just before finishing the request.</p><h4>Hot reloading for dev envs is not that good</h4><p>One thing we usually take for granted is that we can modify a PHP file and just by making a new request, the new code will be executed. However, when the code is kept in memory, it&#x27;s not that straightforward.</p><p>When you are developing a project which is served with swoole, you will have to restart the server every time to get your changes applied.</p><p>Swoole has a mechanism to do a light server reload, which is faster. You can find the docs in <a target="_blank" rel="noopener noreferrer" href="https://www.swoole.co.uk/docs/modules/swoole-server-reload">it&#x27;s website</a>.</p><p>The problem with this is that you need to implement the mechanism to invoke that when a file is changed, or use some library that does it for you.</p><p>Also, I have noticed that even calling that and seeing that the server is reloaded, does not always have the expected effect, and you have to still end up doing a hard reload. It&#x27;s something I don&#x27;t fully understand and I still need to investigate a bit further.</p><h3>Conclusion</h3><p>As it always happens when new technologies appear, it takes some time to get used to them, but I strongly suggest you to give a try to swoole or any other non-blocking runtime, because it makes your apps super fast.</p><p>Just remember to have all of the above in mind ;-)</p><p>That said, here you can find some libraries that will make your life easier when trying to serve existing projects with swoole, without having to couple with it and being able to continue using your favourite framework:</p><ul><li>IDE helper: <a target="_blank" rel="noopener noreferrer" href="https://github.com/swoft-cloud/swoole-ide-helper">https://github.com/swoft-cloud/swoole-ide-helper</a></li><li>Mezzio (formerly Zend Expressive): <a target="_blank" rel="noopener noreferrer" href="https://github.com/mezzio/mezzio-swoole">https://github.com/mezzio/mezzio-swoole</a></li><li>Symfony: <a target="_blank" rel="noopener noreferrer" href="https://github.com/k911/swoole-bundle">https://github.com/k911/swoole-bundle</a></li><li>Laravel: <a target="_blank" rel="noopener noreferrer" href="https://github.com/swooletw/laravel-swoole">https://github.com/swooletw/laravel-swoole</a></li></ul><p>Also, here you can find some more articles talking about this topic:</p><ul><li><a target="_blank" rel="noopener noreferrer" href="https://www.zend.com/blog/why-you-should-use-asynchronous-php">https://www.zend.com/blog/why-you-should-use-asynchronous-php</a></li><li><a target="_blank" rel="noopener noreferrer" href="https://samsonasik.wordpress.com/2020/04/05/using-swoole-in-mezzio-application-with-sdebug/">https://samsonasik.wordpress.com/2020/04/05/using-swoole-in-mezzio-application-with-sdebug/</a></li></ul>

Considerations when working with async PHP runtimes like swoole

<p>I have written a lot of posts about Zend Framework in general and Zend Expressive in particular, but I have noticed that I have never talked about one of the things that, from my point of view, makes Expressive so game-changing, <strong>Interoperability</strong>.</p><h3>Some context</h3><p>In the past, PHP frameworks used to be very big libraries, which tried to provide solutions to any possible problem in order to retain users.</p><p>At that time, you had to decide which framework you wanted to use, by weighing pros and cons. People ended up saying &quot;I prefer framework <em>foo</em>, because it has a better templating system&quot;, &quot;ok, but framework <em>bar</em> has a better performance and its dependency injection approach is delightful&quot;.</p><p>It wasn&#x27;t easy to pick the best part of each framework (or the parts you liked the most) and be able to use them in the same project. You couldn&#x27;t just take the templating system from <em>foo</em> and make it work with the dependency injection approach from <em>bar</em>.</p><p>Because of this, the <a target="_blank" rel="noopener noreferrer" href="https://www.php-fig.org/">PHP Framework Interop Group</a> was born (PHP-FIG from now on). Its goal was to define standard recommendations that frameworks and libraries could adhere to.</p><p>At some point this would mean that frameworks would use compatible APIs in their different components and people would be able to easily change one specific component by another.</p><h3>Expressive&#x27;s interoperability</h3><p>Mostly all frameworks which are part of the PHP-FIG have more or less adopted these standard recommendations. If you have been working with PHP in the last 3-4 years, you know it is now much easier to &quot;mix&quot; libraries and frameworks in the same project.</p><p>However, the one which has been capable of making interoperability part of its essence is <a target="_blank" rel="noopener noreferrer" href="https://docs.zendframework.com/zend-expressive/">Zend Expressive</a> (probably because it was born in that period and interoperability was one of its main design goals).</p><p>Expressive itself does not provide solutions to almost anything. Instead, it relies in a series of interfaces and abstractions in order to get everything working.</p><p>Some of those abstractions are PHP Standard Recommendations (PSRs) from the PHP-FIG.</p><ul><li>It is a middleware-based framework, so it expects your middlewares and actions (request handlers) to implement <a target="_blank" rel="noopener noreferrer" href="https://www.php-fig.org/psr/psr-15/">PSR-15</a> interfaces. This way, your own code is not coupled with Expressive at all.</li><li>In order to dispatch this middlewares they use a middleware dispatcher, <a target="_blank" rel="noopener noreferrer" href="https://docs.zendframework.com/zend-stratigility/">Zend Stratigility</a> in this case, which also implements PSR-15&#x27;s request handler interface.</li><li>It is also a web framework, so it needs to dispatch HTTP requests. For this, it expects you to include a library implementing <a target="_blank" rel="noopener noreferrer" href="https://www.php-fig.org/psr/psr-7/">PSR-7</a>. They provide one implementation, <a target="_blank" rel="noopener noreferrer" href="https://docs.zendframework.com/zend-diactoros/">Zend Diactoros</a>, but you can use whatever you want.</li><li>Expressive promotes Dependency Injection, so it expects a dependency injection container to be used. Once again, they expect any container implementing <a target="_blank" rel="noopener noreferrer" href="https://www.php-fig.org/psr/psr-11/">PSR-11</a>, so you can use the container of your choice and everything will work.</li></ul><p>The PHP-FIG still has some work to do in different areas. For those cases in which there&#x27;s no standard recommendation, Zend&#x27;s team has defined a few own interfaces and abstractions Expressive relies on in order to ease decoupling and extendability.</p><ul><li>Routing: You can pick one of provided implementations or define your own (<a target="_blank" rel="noopener noreferrer" href="https://github.com/acelaya/expressive-slim-router">I&#x27;ve done it</a> and it wasn&#x27;t that hard)</li><li>Templating: If you need to render templates, expressive has official support for three templating systems, but as in previous case, you can use other engines with a minimal effort.<br/>
However, you are not forced to use a templating system if you don&#x27;t need it, which is great.</li><li>Error handling: You shouldn&#x27;t handle errors the same way in production and development environments. Expressive&#x27;s abstractions let you use different approaches, with great integration to use <a target="_blank" rel="noopener noreferrer" href="http://filp.github.io/whoops/">Whoops</a> in development, but you could use something like <a target="_blank" rel="noopener noreferrer" href="https://tracy.nette.org/en/">Tracy</a> too.</li></ul><p>All of these abstractions are defined in separated packages, so in the future, if the PHP-FIG accepts a PSR for any of these things, Zend Expressive will probably start supporting them and drop these packages&#x27; interfaces as far as possible.</p><h3>Expressive&#x27;s extendability</h3><p>There are a lot of things a real project needs which have been left out of expressive&#x27;s scope, which is in fact good.</p><p>You will probably need some way to handle configuration. Expressive doesn&#x27;t tell you what to use, because usually config is consumed before the request is even dispatched, so there&#x27;s no need for any kind of integration.</p><p>You will also need something to connect to a database, or consume external services. Once again, use whatever you want.</p><p>If you need to be able to run your app from the command line, expressive and the HTTP layer won&#x27;t even come in place. For that purpose, Zend&#x27;s team recommends using <a target="_blank" rel="noopener noreferrer" href="http://symfony.com/doc/current/components/console.html">symfony/console</a> these days. In fact, there are a few CLI utilities for expressive which have been built with that component, like <a target="_blank" rel="noopener noreferrer" href="https://github.com/zendframework/zend-expressive-tooling">zend-expressive-tooling</a>.</p><p>Of course, all of this flexibility is great for experienced developers, but newcomers need a little bit of help to begin with. That&#x27;s why a <a target="_blank" rel="noopener noreferrer" href="https://github.com/zendframework/zend-expressive-skeleton">skeleton project</a> was created.</p><p>The skeleton is installed using an interactive process which let&#x27;s you choose the different components to be used, and the project approach you want to take.</p><p>This wide range focus makes expressive fit any project. Also, despite the fact that it can be considered a microframework, I can tell you it <a href="/2016/07/21/project-scalability-with-zend-expressive/">scales quite well</a>.</p><h3>Proof of concept</h3><p>Ok, perfect, interoperability runs in expressive veins, but I don&#x27;t want you to just take my word. That&#x27;s why I have built an example project where I use a variety of libraries and components for every task.</p><p>In order to build the project, I have used the skeleton mentioned before, and then tweaked it a little bit. You can find it here: <a target="_blank" rel="noopener noreferrer" href="https://github.com/acelaya-blog/expressive-interoperability-proof-of-concept">https://github.com/acelaya-blog/expressive-interoperability-proof-of-concept</a> </p><p>These are the components I have used:</p><ul><li>DI Container: <a target="_blank" rel="noopener noreferrer" href="http://php-di.org/">PHP-DI</a></li><li>Router: <a target="_blank" rel="noopener noreferrer" href="https://github.com/acelaya/expressive-slim-router">Slim framework v2</a></li><li>Template renderer: <a target="_blank" rel="noopener noreferrer" href="https://twig.symfony.com/">Twig</a></li><li>HTTP abstraction: <a target="_blank" rel="noopener noreferrer" href="https://github.com/guzzle/psr7">Guzzle PSR-7 HTTP message library</a></li><li>Error handling: <a target="_blank" rel="noopener noreferrer" href="http://filp.github.io/whoops/">Whoops</a></li></ul><p>The result is that very few of the code is actually from <code>Zend</code>&#x27;s namespace.</p><p>The project includes the instructions to run it and see how everything is in fact working. It also includes one option in the menu to see an error page.</p><h3>Conclusion</h3><p>From my point of view, full-stack and coupled frameworks are something from the past. I like to be free to choose the tools I want to use in a project for every task, and to be able to use the best ones or the ones I like the most.</p><p>For me, it makes no sense these days to ask &quot;What PHP framework do you use?&quot;, because thanks to the PHP-FIG and initiatives like Expressive it&#x27;s more and more hard to answer.</p><p>Of course, if the full-stack approach is the one that fits you and makes you be more productive, I&#x27;m nobody to say otherwise :-)</p>

Demonstrating the interoperability and decoupling of Zend Expressive

<p>There&#x27;s no doubt that having tests in a project allows you to find potential bugs earlier and more easily.</p><p>Lots of OSS projects require a minimum code coverage in order to accept new pull requests from contributors, and proprietary projects also tend to have some sort of continuous integration workflow which requires certain metrics to be fulfilled in order to get builds passing.</p><p>However, the code coverage can lead to a false sense of security, which makes you think that if certain class has a 100% code coverage, it is also 100% bug-free.</p><p>This is not always true, since you could be calling a method and yet not being properly testing its output or its real behavior. The code coverage will mark it as covered, but you might introduce a bug and still have a green test.</p><p>This is where mutation testing comes in.</p><h3>Mutation testing</h3><p>According to <a target="_blank" rel="noopener noreferrer" href="https://en.wikipedia.org/wiki/Mutation_testing">wikipedia</a>, mutation testing involves applying small modifications to a software. These modifications are called mutations.</p><p>Then, if you pass your tests and any of them fails because of this &quot;mutation&quot;, then you have &quot;killed the mutant&quot;. This is what should happen in code which is covered by tests. If tests keep passing after applying this modification, then your tests covering that part of the project are not so good, and you should improve them to <strong>really</strong> test what they are covering.</p><p>So in other words, mutation testing is a quality assurance practice for your tests.</p><p>In PHP projects, there used to be one library which purpose was working with the mutation testing approach, <a target="_blank" rel="noopener noreferrer" href="https://github.com/humbug/humbug">humbug/humbug</a>. However, it is mostly abandoned now, and it has motivated the appearance of another project, <a target="_blank" rel="noopener noreferrer" href="https://infection.github.io/">infection/infection</a>.</p><h3>Infection</h3><p>Infection is a mutation testing framework for PHP.</p><p>It is easy to start using it in your project, since you just need to install it (<code>composer require infection/infection --dev</code>), and create a configuration file. Then, it uses your existing test suite in order to apply mutations to your code and check your tests.</p><p>It currently integrates with <a target="_blank" rel="noopener noreferrer" href="https://github.com/sebastianbergmann/phpunit/">phpunit</a> and <a target="_blank" rel="noopener noreferrer" href="https://github.com/phpspec/phpspec">phpspec</a>, but I suppose there will be compatibility with other testing frameworks in the future.</p><h4>Configuring infection</h4><p>It consumes an <code>infection.json</code> configuration file which could have a structure like this:</p><pre><pre><code class="language-json">{
    &quot;source&quot;: {
        &quot;directories&quot;: [
            &quot;module/*/src&quot;
        ]
    },
    &quot;timeout&quot;: 10,
    &quot;logs&quot;: {
        &quot;text&quot;: &quot;build/infection/infection-log.txt&quot;,
        &quot;summary&quot;: &quot;build/infection/summary-log.txt&quot;,
        &quot;debug&quot;: &quot;build/infection/debug-log.txt&quot;
    },
    &quot;tmpDir&quot;: &quot;build/infection/temp&quot;,
    &quot;phpUnit&quot;: {
        &quot;configDir&quot;: &quot;.&quot;
    }
}
</code></pre></pre><p>This is the configuration of one of my company&#x27;s projects. A modular application where every module is located inside the <code>module</code> directory and has its own <code>src</code> folder with source files.</p><p>This config file basically defines where the sources are located, where infection&#x27;s logs should be placed, a temporary folder which will be used instead of using system&#x27;s default tmp folder, and where is the <code>phpunit.xml[.dist]</code> file.</p><p>That&#x27;s all you need to get infection working.</p><blockquote><p>You can find detailed information of all the configuration options <a target="_blank" rel="noopener noreferrer" href="https://infection.github.io/guide/usage.html#Configuration">here</a></p></blockquote><h4>Running infection</h4><p>Now that we have the configuration file, we just need to run <code>vendor/bin/infection</code>, and it will execute our test suite and then apply mutations to our source files.</p><p>Then it will display the result, telling how many mutants have been killed.</p><p>Infection supports lots of mutators, like replacing <code>++</code> by <code>--</code>, <code>true</code> by <code>false</code>, changing method visibilities, return values, etc. You can find the whole list <a target="_blank" rel="noopener noreferrer" href="https://infection.github.io/guide/mutators.html">here</a>.</p><p>The command line tool supports a list of modifiers, some of which are very interesting. This is how I would recommend you to run it if you want to address the whole project.</p><p><code>vendor/bin/infection --threads=4 --min-msi=70 --only-covered --log-verbosity=2</code>.</p><ul><li><code>--threads</code>: It runs tests and mutators in parallel processes, so you can take advantage of all the cores in your machine. Set a value that makes sense your you. If you have 8 cores, maybe you want to set it with value 8.</li><li><code>--min-msi</code>: This flag makes the process fail if the number of killed mutants is below certain percentage. In this case we require 70% of mutants to be killed. Adapt the value to your needs, and try to gradually improve your tests and increase this value (MSI stands for <em>Mutation Score Indicator</em>).<br/>This flag is really useful in continuous integration environments.</li><li><code>--only-covered</code>: This makes infection address only covered code. We know mutants won&#x27;t be killed in uncovered code, so I think it makes no sense to apply mutators there.<br/>I prefer to separate the <em>required code coverage</em> metric from the <em>required mutation score indicator</em> metric.</li><li><code>--log-verbosity</code>: By default, infection logs all the mutations it has applied to your code. This could lead to a log with thousands of lines if the project is big, so I prefer to set the log verbosity to <strong>2</strong>, which makes it log only non-killed mutants.</li></ul><p>And that&#x27;s mainly it. You can now automate this task in your continuous integration pipeline, or just run it locally, but at least you will discover some parts both in your source files and your tests that can be improved.</p><h3>Troubleshooting</h3><p>While this could be enough for an introduction to infection, the title of this article says something about <strong>big projects</strong>, so I&#x27;m going to explain how we integrated infection in one of my company&#x27;s biggest projects and how we addressed some inherent problems.</p><h4>Already unstable</h4><p>The first problem while working with infection is that, at the moment of writing this article, it&#x27;s not in a stable version yet. That means you could find bugs.</p><p>We found one in which infection wasn&#x27;t properly parsing our phpunit config file and it was excluding almost the whole project from the code coverage report. This caused all mutations to be skipped.</p><p>We reported it and they fixed it very fast, but they haven&#x27;t tagged a version including the fix yet, so we require one specific commit from master while we wait for v0.8 to be released.</p><h4>Time consuming</h4><p>Another problem is that infection consumes a lot of memory and CPU, and takes a lot of time to be run when you have a lot of classes and tests.</p><p>For example, our project has around 1500 unit tests, which take about 1&#x27;5min-2min to be run. Our build process also passes some coding style checks and functional repository tests. It usually takes about 3 minutes.</p><p>The first time we run infection for the whole project, it took more than 16 minutes. That would make a build which is taking 3 minutes to take almost 20 minutes from now on, which is not an option because our build is run a lot of times every day.</p><p>Our solution was making the build run infection only on changed sources, taking advantage of infection&#x27;s <code>--filter</code> flag, which lets you pass a comma-separated list of files and it gets applied only to them.</p><p>The way in which we find which files have changed from previous build is by making a <code>git diff</code> between a commit from previous successful build and the new commit after updating the branch in which the build is being run (the commit identifiers are defined by jenkins&#x27; GIT plugin as environment variables).</p><p>If it is the first time the build is run for this branch, we make the diff with <code>origin/develop</code> instead.</p><p>The result is a bash script like this:</p><pre><pre><code class="language-bash"># Get files which have changed from latest processed commit, including only those inside sources
# If there&#x27;s no previous commit, diff with develop
INFECTION_FILTER=$(git diff ${GIT_PREVIOUS_SUCCESSFUL_COMMIT:-origin/develop} $GIT_COMMIT --name-only | grep /src/ | paste -sd &quot;,&quot; -)

# Check mutations over those files, if any, and require a 70% MSI
if [ -n &quot;$INFECTION_FILTER&quot; ]; then
    vendor/bin/infection --threads=4 --min-msi=70 --only-covered --log-verbosity=2 --filter=&quot;${INFECTION_FILTER}&quot;
else
    echo &quot;No source files affected. Infection skipped.&quot;
fi
</code></pre></pre><p>As you can see, we perform a diff by including only file names, then we exclude those which do not contain &quot;/src/&quot; as part of the name, and then we convert them into a comma-separated list.</p><p>With this approach, the build usually takes 1 extra minute in the worst case scenario, which can be assumed.</p><p>However, I&#x27;m sure the performance of this project will be improved as it grows and gets more stable.</p><h4>Test run duplication</h4><p>While previous approach filters the files where mutations are applied, it is still running all tests beforehand, which makes all tests to be run twice on every build.</p><ul><li>First, our own execution, which generates a code coverage report to be published later, and makes the build fail if tests do not pass.</li><li>Then, infection runs tests again, on its own &quot;conditions&quot; (they take your phpunit config file and generate a new one, which has some custom configuration entries).</li></ul><strike>If it were possible to pass infection an already generated code coverage, we could prevent this duplication, but, as far as I know, it does not support that.</strike> **It does now**.<p>Another solution would be being able to run only tests which affect changed sources, instead of running all tests suites, but phpunit does not allow to filter by a list of files, only a specific file or folder.</p><strike>This is the only problem for which we have not yet found a solution, so If you know any workaround, a comment will be very welcome :-)</strike><p><strong>Update 2018-02-22</strong></p><p>Following what Maks suggested in this <a href="/#comment-3762900802">comment</a>, we have changed the process a little bit, and using a more recent commit from <code>dev-master</code>, we can take advantage of a feature which allows an existing code coverage to be passed to infection.</p><p>Now, our phpunit execution includes these two flags: <code>--coverage-xml=build/coverage-xml --log-junit=build/phpunit.junit.xml</code></p><p>And then, infection is executed with <code>--coverage=build</code>.</p><p>That&#x27;s it, no need to run tests twice anymore :-)</p><h4>Xdebug vs phpdbg</h4><p>Since infection needs access to a code coverage report, you need some tool which is capable of generating it.</p><p>People usually use xdebug, since it is the most extended and feature-rich debugging tool.</p><p>However, there&#x27;s a simpler tool, which is designed to debug php console executions only, and comes bundled with php. It is <a target="_blank" rel="noopener noreferrer" href="https://github.com/krakjoe/phpdbg">phpdbg</a>.</p><p>In our project, it usually takes 30%-50% less time to generate a code coverage report than xdebug. The result is not 100% the same, but it is very similar, and it&#x27;s worth it.</p><p>So, instead of running infection like this:</p><pre><pre><code>vendor/bin/infection --threads=4 --min-msi=70 --only-covered --log-verbosity=2 --filter=&quot;${INFECTION_FILTER}&quot;
</code></pre></pre><p>We have to do it like this</p><pre><pre><code>phpdbg -qrr vendor/bin/infection --threads=4 --min-msi=70 --only-covered --log-verbosity=2 --filter=&quot;${INFECTION_FILTER}&quot;
</code></pre></pre><p>It is explained in <a target="_blank" rel="noopener noreferrer" href="https://infection.github.io/guide/usage.html#Running-with-phpdbg">infection&#x27;s docs</a>.</p><p>We have even started to use it to run our own phpunit execution.</p><h3>Conclusion</h3><p>We have seen how to use infection, and how to integrate it in a continuous integration pipeline, even for <strong>big projects</strong>.</p><p>I think it is a very useful tool, and the team behind it is doing a great job. It is also not hard to start using it, since you don&#x27;t really need to write new code, just add a config file and run the CLI tool.</p><p>Finally, I recommend you to read this article, from infection&#x27;s author. It explains how it internally works, and how to use it in a development workflow <a target="_blank" rel="noopener noreferrer" href="https://medium.com/@maks_rafalko/infection-mutation-testing-framework-c9ccf02eefd1">https://medium.com/@maks_rafalko/infection-mutation-testing-framework-c9ccf02eefd1</a>.</p>

Mutation testing with infection in big PHP projects

<p>A couple hours ago I have released the seventh major version of a module I created more than 4 years ago.</p><div></div><p>It was born as an abstraction to send emails in Zend Framework 2 applications, but trying to make the process simpler than directly working with the lower-level zend/mail component.</p><p>I initially created it to use it in my own project, but at some point decided to publish it as a packagist package to ease others to use it.</p><p>The module used to receive more updates in the beginning, but the number of changes decreased with time.</p><p>The thing is that there were a lot of things I wanted to do, but never had the time. It goes without saying that 4 years ago I didn&#x27;t have the knowledge I have today (I hope 4 years from now I see my current self the same way), and the package had some design problems that needed to be fixed.</p><p>In this post I&#x27;m going to explain the changes that come with this new version, and the reason they were made.</p><h3>Stateless services</h3><p>Business services have to be, by definition, stateless. In AcMailer, that wasn&#x27;t the case.</p><p>I made a mistake when designing the <code>AcMailer\Service\MailService</code> class, and wrapped the <code>Message</code> object to be sent inside of it.</p><p>That made the service to depend on the email data. That was a problem, when you wanted to send different emails on the same request, or even send the same email more than once.</p><p>It needed a few internal ugly tricks to ensure headers were not duplicated and things like that.</p><p>In this version the <code>AcMailer\Service\MailService</code> is stateless. It is just responsible of sending emails, and emails are passed or built at runtime. You can send any number of emails or send them as many times as you want. No side effects.</p><h3>Real compatibility with expressive</h3><p>The module was already including a <code>ConfigProvider</code> for Zend Expressive, but it was not very functional.</p><p>Yes, it was exposing the configuration to expressive apps, but the user was responsible of orchestrating and creating everything.</p><p>Also, the module was tightly coupled with zendframework components that are not usually used in expressive, making it harder to integrate.</p><p>This release reduces the number of dependencies to the bare minimum, and provides real compatibility with expressive, allowing any of their renderers to be used to render emails, while keeping backward compatibility as much as possible with the way things used to be.</p><h3>Emails can be preconfigured</h3><p>As I&#x27;ve mentioned above, emails are no longer part of the service.</p><p>Now, emails can be preconfigured with a name, the same way services are. Then, you can use any of the service instances to send them by just referencing to them by their name.</p><p>A new service, the <code>EmailBuilder</code>, will create those emails and let the mail service send them.</p><p>It is also possible to extend emails to reuse parts that are equal, the same way it is possible with mail services.</p><h3>Code quality improved</h3><p>As I&#x27;ve said, I want to think my programming skills have been improved in the last four years.</p><p>I was seeing a lot of parts of the code with the knowledge that they weren&#x27;t fulfilling best coding practices, like clean code or object calisthenics, and that the cyclomatic complexity was high.</p><p>I have refactored a lot of parts of the code, and the result is much better now. The code is cleaner and easier to maintain. No more <code>if/else</code> all over the place.</p><p>I have also forced a stricter coding standard that extends PSR-2.</p><h3>Tests rewritten</h3><p>As part of this code quality improvement, I have rewritten almost all unit tests.</p><p>They are simpler now, and make use of data providers, which has reduced code duplication, and phpspec/prophecy, which allowed me to drop all custom mocks (I used to build my own mocks and stubs).</p><p>The number of tests has been reduced, and they are now faster to run.</p><h3>Goodbye PHP 5</h3><p>I have added support for PHP 7.2, and dropped support for PHP 5. The code now has stricter type hints and is more predictable.</p><h3>Meaningful exceptions</h3><p>I have included more package exceptions. They are now better used, and the semantics are clearer.</p><p>Also, exception messages include more information now, and explain how to fix the problem when possible.</p><h3>Dropped controller plugin</h3><p>I used to include a controller plugin to use with Zend MVC controllers. I have completely removed it in this version.</p><p>I want to promote constructor dependency injection, and controller plugins allow to pseudo-magically access external services, so I have decided to remove it.</p><p>Also, controllers are not probably the best place to send emails.</p><p>And finally, it made no sense in a zend expressive context, so ultimately I could create a separate package to bring back the controller plugin, but not include it in the main module.</p><h3>Upgrading</h3><p>Sadly, most of these changes require the introduction of BC breaks. That&#x27;s why this version increases the major version number.</p><p>I have tried to properly document how to upgrade to this version, by including an <a target="_blank" rel="noopener noreferrer" href="https://github.com/acelaya/ZF-AcMailer/blob/master/UPGRADE.md#upgrade-from-5x6x-to-7x">UPGRADE.md</a> document.</p><p>I have also created a small console tool that currently allows to migrate from the old configuration to the new structure, but will probably include more features in the future. <a target="_blank" rel="noopener noreferrer" href="https://github.com/acelaya/zf-acmailer-tooling">https://github.com/acelaya/zf-acmailer-tooling</a></p><h3>Conclusion</h3><p>And that&#x27;s probably it.</p><p>I have updated the module, improved the code, and made it worthy of modern Expressive and MVC applications. </p>