News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

NetTuts.com:
Protecting Your Keys From GitHub
March 05, 2015 @ 12:03:05

On the NetTuts.com site there's a new post talking about protecting your keys when using a public site like GitHub. This relates to an easy thing to forget - removing hard-coded credentials from code before pushing it public.

In December 2014, Slashdot ran an alarming story Bots Scanning GitHub To Steal Amazon EC2 Keys, based on developer and blogger Andrew Hoffman's experience trying out Ruby on Rails on Amazon with AWS S3. He inadvertently committed an application.yml file with his AWS keys. [...] It's an easy mistake and most of us have probably done a similar thing at one point or another. And it's not just AWS keys that are at risk. As our use of cloud-based services increases, the expanding use of a broad variety of service API keys can be leveraged by hackers and spammers alike.

He goes through a solution he's found to help protect those credentials, in this case working with the configuration of a Yii framework-based application. He starts with a mention of .gitignore but points out that it could have unexpected results from "quirks" in its handling. He suggests a different option - using a configuration file that lives someplace outside of the main git directory and can be referenced directly from inside the application. He provides two kinds of examples: one using a PHP-based configuration and another based on an INI file. He finishes the post with a mention about WordPress plugins and the fact that they're (usually) stored in a database and open to exposure if a SQL injection vulnerability is found.

0 comments voice your opinion now!
github protect keys commit public exposure configuration file gitignore

Link: http://code.tutsplus.com/tutorials/protecting-your-keys-from-github--cms-23002

Phil Sturgeon:
Composer It's ALMOST Always About the Lock File
November 05, 2014 @ 11:44:49

In his latest post Phil Sturgeon talks about a point that's been argued on both sides of the Composer users out there - whether or not to commit the "composer.lock" file. Phil talks some about it in his article and suggests that you should commit it for applications but not for components.

If you and your employees are a little vague with your composer.json specifications and you don't have a composer.lock then you can end up on different versions between you. Theoretically, if component developers are using SemVer and you're being careful then you should be fine, but keeping your lock in version control will make sure that the same version is on your dev teams computers. This will happen every time you run $ composer install. If you are on Heroku or EngineYard then this will be used for the deployment of your production components as a built in hook, which is awesome.

He mentions an article from Davey Shafik, this being his reaction to it. He suggests, though, that an absolute of "always commit for components" may be too much and could potentially cause other problems. He points out that since the "composer.lock" handling is local to the directory, you can hit up against version requirement issues between them in your application as a whole. He wonders "how strict is too strict" when defining dependencies and some things to think about (like your users) when making the choice to upgrade the libraries you use.

0 comments voice your opinion now!
composer composerlock file commit version semanticversioning semver component application

Link: https://philsturgeon.uk/blog/2014/11/composer-its-almost-always-about-the-lock-file

HHVM Blog:
Faster GitHub Commits
July 09, 2014 @ 09:23:19

On the Facebook HHVM blog they talk about an improvement they've made to the project allowing for faster GitHub commits on the project. They've reworked things to move away from a manual process on the popular project and automate as much as possible.

Initially, the entire process was manual. We would curl the pull request and pipe it to git am, then manually prepare the diff for review internally. After it was accepted, we would manually prepare the internal commit to be usable externally by GitHub, then manually build and test the new code, and finally git push. Great scripts by ptarjan and sgolemon to help get and prepare pull requests for review and then prepare the commits for GitHub have alleviated some of this manual process. However, in the end, someone still had to manually build, test and then push the code to the world.

Another feature of this effort is a new cron job (facebook-github-bot) that pushes any internal (approved) HHVM code automatically without having to wait for the manual intervention. It syncs all code since the last push, runs all tests and, assuming all went well, pushes it out to GitHub.

we believe that getting your code into the master branch quickly will hopefully help show how much we appreciate your contributions. Now, if there was only a way we could get your pull requests reviewed faster and more openly…. Hmmm…
0 comments voice your opinion now!
github commit release bot continuous integration

Link: http://hhvm.com/blog/5399/faster-github-commits

SitePoint Web Blog:
Understanding Version Control with Diffs
May 23, 2014 @ 10:53:30

If you're relatively new to using version control, there may be one technique you've yet to get a grip on. In this new post on SitePoint.com's Web blog they introduce you to using the "diff" functionality to discover differences between versions of code.

Every project is made up of countless little changes. With a little luck, they will finally form a website, an app, or some other product. Your version control system keeps track of these changes. But only once you understand how to read them will you be able to track your project's progress. Using the example of Git, the popular version control system, this article will help you understand these changes.

They include several screenshots and line-by-line descriptions of what each part of the output of the "git diff" command is. There's also a brief description of what each of the sections contains and how to inspect both committed and non-committed changes. There's even a link to a list of other applications that may help provide a clearer picture of the changes rather than just the command line output.

0 comments voice your opinion now!
versioncontrol diff git introduction commit branch

Link: http://www.sitepoint.com/understanding-version-control-diffs

Freek Lijten's Blog:
Git commit hooks using PHP
July 06, 2011 @ 09:48:51

In this new post from Freek Lijten he looks at a set of git commit hooks written in PHP for making things happen before, during and post commit.

Git hooks are usually found inside the .git/hooks folder of your git repository. Git tends to provide sample hook files there which are postfixed with a .sample extension. These examples are written as shell scripts. Take a look at them if you want, but today we're talking PHP!

He briefly touches on the types of hooks you can set up and includes two example scripts showing a pre-commit lint test for the changed files and a check during the commit on the message given for a certain standard (in their case, it must start with a three letter code).

0 comments voice your opinion now!
git commit hook tutorial precommit postcommit commitmsg example


Christian Weiske's Blog:
How to integrate PHP_CodeSniffer with Git repositories?
May 27, 2011 @ 11:16:48

Christian Weiske has a problem he hopes you can help with - he's trying to get the PHP_Codesniffer tool integrated into his git workflow (well, the workflow of his team) as an automatic process that runs on commit. Unfortunately he's having some issues.

At work, we used a SVN server and enforced our project coding standard with a pre-commit hook on the server that ran PHP_CodeSniffer. Whenever a developer tried to commit some code that does not match the standard, he got it rejected. [...] The only way to enforce the standard is a pre-receive hook on our central Git repository server that all devs push to. Just installing the SVN hook on it isn't the solution, though.

Because of how git handles commits (possibly multiple in one push) the usual methods won't work. Other tricky things like file renaming and allowing for legacy code check-ins are also needed. He's posted the question on StackOverflow too, but no one's come up with a good answer yet (at the time of this post).

0 comments voice your opinion now!
git phpcodesniffer codesniffer commit hook stackoverflow


Johannes Schluter's Blog:
Now in trunk Improved interactive shell
May 31, 2010 @ 08:38:21

Johannes Schluter has a new post to his blog today about a recent addition to the latest trunk branch for PHP - a more interactive shell that will be installed right along with the language.

A few years ago I used another blog to write about "More PHP power on the command line" almost 5 years later the PHP interactive shell got a major update which went in PHP's trunk.

You can check out the commit message for more details on this new addition including paging ability and the ability to run PHP directly in the shell.

0 comments voice your opinion now!
trunk ineractive shell improvement commit


Blue Parabola Blog:
How do you measure 'contribution'?
March 02, 2009 @ 08:45:19

On the Blue Parabola blog Keith Casey asks the question "how do you measure an individual's contribution?"

In the past few weeks, I've been working fast and furious at getting web2project to our v1.0 milestone. As part of that effort, I track open issues, problematic modules, community feedback via the forums, death threats via all methods, and other related aspects.

He suggests a few different ideas for measuring how much a user has contributed: lines of code, commit count, issues they've reported, number of issues closed or community involvement. Of course, none of these can truly measure how much an individual has participated in a project, especially since it could be a mix of several of them combined into a whole as the "involvement persona" of any given person.

0 comments voice your opinion now!
contribution project involvement linesofcode issues commit


SaniSoft Blog:
Code sniffs for CakePHP and then some more
July 04, 2008 @ 09:32:00

On the SaniSoft blog Tarique Sani has posted about (and made available for download) some code sniffs for the CakePHP framework. Some problems arose with some of the naming that the framework uses, but with some "tinkering around"...

[It became] apparent that I had to have my own set of Cake sniffs to manage this but a separate standard just for this seemed an over kill and the simplicity of code made it kind of fun to add more standards which I liked but were in different set of sniffs.

You can grab the whole list of sniffs from their downloads. They implemented them as a pre-commit hook on their SVN server even so that developers could not violate the coding standards when they submit their code.

0 comments voice your opinion now!
sanisoft sniff pear package phpcodesniffer svn commit hook cakephp


PHP.net Wiki:
Mentor Listing Added for TestFest 2008
April 09, 2008 @ 12:12:02

The mentor list for this year's TestFest 2008 has been started (as mentioned by Ligaya Turmelle on her blog). The list so far includes people from the community like:

  • Elizabeth Smith (near Chicago)
  • Pierre Joye (Munich)
  • Sebastian Bergmann (Cologne)
  • David Coallier (Ireland & various others)

Local organizers are still being assigned. Those considered must already committers at PHP.net and will be available to answer questions for their given areas. Ultimately, they will do the final commits of the resulting tests.

0 comments voice your opinion now!
testfest2008 mentor list area commit test



Community Events

Don't see your event here?
Let us know!


podcast laravel project language symfony framework api application introduction community yii2 interview opinion series composer example part2 list php7 programming

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework