PHP at Scale #2
To upgrade, or not to upgrade, that is the question
Welcome to the second edition of PHP at Scale, I am diving deep into the principles, best practices, and practical lessons learned from the field of scaling PHP projects - not only performance-wise but also code quality and maintainability.
Last month I focused on PHP evolution, discussing whether it is dead, and what new features we can expect. This time I’d like to continue on a related topic, of keeping our codebase up to date — be it the PHP or the Framework version.
I believe every actively developed project should take the time and invest in framework upgrades. As we are heavily focused on Symfony, I will focus on it here. With Symfony following the semantic versioning, we in general have two updates to focus on in the majority of projects:
Patch updates (e.g. 6.4.1 → 6.4.2) — this should be done ASAP and will cause no side effects to your code. We keep checking for available updates in our CI.
Minor upgrades (e.g. 6.2 → 6.3) — for most of our projects, we do not follow minor upgrades and focus on major upgrades. The main exception would be if a minor change introduces a feature we need in our development. The only exception is an upgrade to x.4 version, as it has some added benefits: it is an LTS and also throws deprecated logs for stuff that will be removed in the next Major upgrade.
Major upgrades (e.g. 5.4 → 6.4) — in this case, the upgrade takes a bit more time, but we do that regularly. It takes 2-4 weeks for one developer to finish it. I highly encourage you to do that, as such an upgrade always introduces new possibilities and keeps your system safe.
As you can notice, the approach we have focused on keeps our projects on the LTS versions of Symfony (x.4). I know skipping minor updates might seem controversial, but it just works for us. You can run them, as the cost of such upgrades is rather small.
Understanding Symfony Versions and Roadmap
If you are interested in the above-mentioned versioning approach, we just released a related article explaining it in more detail. Knowing the process inside-out makes update decisions way easier and allows planning an efficient approach to the upgrade.
Upgrade your project to the latest PHP version with rector
Keeping your PHP version up-to-date is also crucial for security reasons and developer experience. All the recent PHP minor and major releases introduced some improvements to the development flow, like enums, typed and read-only properties etc.
In case of major PHP upgrades, it is always great to consider tools like Rector to make the upgrade flow easier. We also use it for minor upgrades, especially in older PHP versions like 5.x (yes, sometimes we onboard projects with such old versions). That approach also works with less ancient versions, like 7.x, 8.1, etc.
Side note: I noticed, that in many projects where the DevOps culture is missing, PHP upgrades become the elephant in the room. It is way better if the PHP upgrade process is handled by the development team (very easy to achieve when using containers).
PHP Application Modernization - 10 key lessons learned
What to do when you are on some very old versions of a framework or PHP? Well, you need to assess if upgrading makes sense and is feasible within a reasonable timeframe. Sometimes writing it from scratch or using an approach like Strangler Pattern might be the best solution in such projects.
Consider adding a composer audit or a similar command to your CI, to monitor outdated libraries for known security issues actively. This is a bare minimum, as you should also scan your system periodically for generic updates, not only security-related ones.
How to Automate Dependency Updates with Renovate
Composer audit only shows security issues, but what to do with some more generic updates? New versions often improve performance and stability, add new features etc.
You can give Renovate a try. It will also handle non-PHP dependencies, and create pull/merge requests with the required updates.
Why is this newsletter for me?
If you are passionate about well-crafted software products and despise poor software design, this newsletter is for you! With a focus on mature PHP usage, best practices, and effective tools, you'll gain valuable insights and techniques to enhance your PHP projects and keep your skills up to date.
I hope this edition of PHP at Scale is informative and inspiring. I aim to provide the tools and knowledge you need to excel in your PHP development journey. As always, I welcome your feedback and suggestions for future topics. Stay tuned for more insights, tips, and best practices in our upcoming issues.
May thy software be mature!