Several years ago, when the PHP-FIG (PHP Framework Interop Group) created its first PSRs (PHP Standard Recommendations) they started some big changes in the PHP ecosystem. The standard for class auto-loading was created to go hand-in-hand with the then new package manager Composer. PSRs for coding standards were defined, which I’m sure helped a lot of teams to leave coding standard discussions behind. The old tabs versus spaces debate was forever settled and the jokes about it now feel quite outdated.

Next up were the PSRs that aimed for the big goal: framework interoperability. It started with an easy one: PSR-3 for logging, but it took quite some time before the bigger ones were tackled, e.g. request/response interfaces, HTTP client and server middleware interfaces, service container interfaces, and several others. The idea, if I remember correctly, was that frameworks could provide implementation packages for the proposed interfaces. So you could eventually use the Symfony router, the Zend container, a Laravel security component, and so on.

I remember there were some troubles though. Some PSRs were abandoned, some may not have been developed to their full potential, and some may have been over-developed. I think it’s really hard to find common ground between framework implementations for all these abstractions, and to define abstractions in such a way that users and implementers can both be happy (see for example an interesting discussion by Anthony Ferrara about the HTTP middleware proposal and an older discussion about caching).

One of the concerns I personally had about PSR abstractions is that once you have a good abstraction, you don’t need multiple implementation packages. So why even bother creating a separate abstraction for others to use? Why not just create a single package that has both the implementation and the abstraction? It turns out, that doesn’t work. Why? Because package maintainers sometimes just abandon a package. And if that happens, the abstraction becomes useless too because it is inside that abandoned package. So developers do like to have a separate abstraction package that isn’t even tied to their favorite vendor.

(By the way, I think it’s strange for frameworks to have their own Interfaces or Contracts package for their abstractions. I bet there are 0 cases where someone using Laravel or Symfony keeps using its abstractions, but not its implementations. Anyway… If you have a different experience, or want to share your story about these packages, please submit a comment below!)

Is it safe to depend on PSR abstraction packages?

Back in 2013, Igor Wiedler made a lasting impression with their article about dependency responsibility. By now we all know that by installing a vendor package you can import bugs and security issues into your project. Another common concern is the stability of the package: is it going to be maintained for a long time? Are the maintainers going to change it often?

Yes, these concerns should be addressed, and I think in general they are not considered well enough. But we need to distinguish between different kinds of packages. Packages have a certain level of stability which is in part related to its abstractness and the number of dependencies it has (if you’re interested in this topic, check out my book “Principles of Package Design”).

The abstractness of a package is based on the number of interfaces versus the number of classes. Since abstract things are supposed to change less often than concrete things, and in fewer ways, an abstract package will be a stable package and it will be more reliable than less abstract, i.e. concrete packages (I think this is why frameworks provide those Interface or Contract packages: as an indication of their intended stability).

Truncated by Planet PHP, read more at the original (another 23697 bytes)

The PHP team is pleased to announce the release of PHP 8.1.0, Beta 3. This is the third beta release, continuing the PHP 8.1 release cycle, the rough outline of which is specified in the PHP Wiki. For source downloads of PHP 8.1.0, Beta 3 please visit the download page. Please carefully test this version and report any issues found in the bug reporting system. Please DO NOT use this version in production, it is an early test version. For more information on the new features and other changes, you can read the NEWS file or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive. The next release will be the first release candidate (RC 1), planned for 2 September 2021. The signatures for the release can be found in the manifest or on the QA site. Thank you for helping us make PHP better.

For many years now, I’ve been using Matthew Weier O’Phinney’s changelog_generator script to generate an easy-to-read list of changes for a given milestone. Time has moved on; the Laminas project now uses Laminas Automatic Releases and Matthew hasn’t updated his script since 2013. Since PHP 8, warnings have started appear, so it’s clear updates were required. While I fully intend to see if I can use Automatic Releases on some projects, I have others where this is unlikely to happen and will continue to use changelog-generator.

Looking into it, I worked out that the warnings were from dependent packages. PHP has changed a bit since 2013. My first idea was to simply update to the latest Laminas versions of the dependencies, but I discovered that the Console and Http components are no longer actively maintained, so new components would be needed. I don’t particuarly want to have to do this all again in a few years time when the replacements that I pick don’t support PHP 8.4 or whatever, so I decided to remove the dependencies completely.

Looking at Console, I quickly realised that only one class was used by changelog-generator: Getopt, which worked fine under PHP 8. So, I copied that one class to src, changed the namespace and called it done. For Http, I wrote a new HttpClient class that only makes GET requests using PHP’s curl functions. I’m reasonably confident that the API to those functions won’t be changing signicantly.

While I was messing around, I also fixed a few bugs so that searching by title will look for closed milestones and it now lists the last 20 milestones if you don’t provide an argument. Just a couple of quality of life features to make make it easier for me to use.

My version is now up on Packagist if you need something like this. However, I strongly recommend looking at Laminas Automatic Releases as that automates all the work required for doing a release. If you just need a formatted list of closed issues though, grab this and see if it works for you.

Thoughts on dependencies

My general view is that if it’s not core to your application, then using a dependent package is the way forward. There’s rarely any benefit from spending time working on something that others have already built and to which you are not adding value. This is particularly true for applications where you are adding new features and have better things to do.

However, sometimes this isn’t the right choice. In this case, I need a very small subset of what a dependent package provides. I took the view that maintaining the dependencies would be more long-term work than writing the small components that I actually needed. Particularly, as this tool is stable.

Sometimes this is the right choice for a component in my big projects too.

Truncated by Planet PHP, read more at the original (another 1866 bytes)

The PHP team is pleased to announce the first beta release of PHP 8.1.0, Beta 2. This continues the PHP 8.1 release cycle, the rough outline of which is specified in the PHP Wiki. For source downloads of PHP 8.1.0, Beta 2 please visit the download page.Please carefully test this version and report any issues found in the bug reporting system.Please DO NOT use this version in production, it is an early test version. For more information on the new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive. The next release will be Beta 3, planned for Aug 19 2021.The signatures for the release can be found in the manifest or on the QA site.Thank you for helping us make PHP better.

In this blog, we take a deep dive into container orchestration with Docker and related technologies, as well as provide resources to get you started orchestrating your applications using ZendPHP.

Truncated by Planet PHP, read more at the original (another 13299 bytes)

The PHP team is pleased to announce the first beta release of PHP 8.1.0, Beta 1. This continues the PHP 8.1 release cycle, the rough outline of which is specified in the PHP Wiki. For source downloads of PHP 8.1.0 Beta 1 please visit the download page.Please carefully test this version and report any issues found in the bug reporting system.Please DO NOT use this version in production, it is an early test version. For more information on the new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive. The next release will be Beta 2, planned for Aug 5 2021.The signatures for the release can be found in the manifest or on the QA site.Thank you for helping us make PHP better.

In March, news broke that two malicious commits were introduced onto the in-development PHP 8.1 branch by perpetrators pretending to be Rasmus Lerdorf and Nikita Popov. The response by the PHP community to this attack was a shining example of the openness and transparency of the open-source world.
We’re going to take a closer look at the PHP 8.1 story to uncover what lessons there are to be learned on the value of visibility in coding.