Podcast audio transcript

DrupalEasy Podcast S15E3 - Matt Glaman - PhpStan

Audio transcript

[0:00] Music.

[0:07] Welcome back to the drupal Easy Podcast. My name is Mike Anello. 
This is season 15 episode number three. 
In today's episode, I'll be talking with Matt Gloin from AA about PHP Stan, a drupal seven compatibility layer and his current writing projects.

[0:26] Before we get to mat, let me tell you a little bit about drupal S long form training courses. 
First of all, our beginner focused drupal career online is now in its 12th year and we have graduated literally hundreds of students during that time frame. 
We think of the DC O as holistic drupal training. 
Not only do we teach you drupal but also many of the best practice tools and skills related to being a successful professional drupal developer. 
The DC O has classes twice a week for 12 weeks, starting August 28th, you can learn more at drupal easy dot com slash DC O. 
Our newest long form drupal training course is professional module development and we offer this course in two different versions, a full version and a light version. 
The full version is twice a week for 15 weeks and the light version is twice a week for nine weeks. 
We go deep into services and dependency injection as well as lots of automated tests plugins and several of drupal core's API S. 
The full version of the course includes in depth training on drupal developer tools like P HPC SPHP, Stan X to bug setting up visual studio code and PHP storm with all the recommended extensions and plugins. 
In addition, the full version also includes a multi week section on drupal cache.

[1:48] We've received some great feedback on this course one student has written. 
Drupal provides excellent training courses for learning drupal development. 
Mike is a patient teacher who is very concerned that his students master the subject. 
He goes the extra mile to answer questions, spend extra time with students and help them work through problems and provides quality reference materials. 
Wow. Thank you very much to the student who wrote that. 
The full version of the course begins on August 8th. The light version begins August 22nd. 
You can learn more at drupal easy dot com slash P MD.

[2:29] Welcome back to the drupal Easy Podcast, Matt Gloin. 
How are you doing? Great. Thanks for having me back. Sure. Sure. 
Sure. So, uh you are still, well, I don't know if it's safe to say still you are a principal engineer at a. 
That is correct. Yep. Sure. We haven't had you on since you became uh an a employee, right? It's been a while. 
Yeah, I think, I don't think since before that. 
Yeah, I don't think so either. So, anyway, no, we're, we don't do a whole lot of podcasts these days anyway. 
So, anyway, uh welcome back. 
We wanted to have you on this season specifically to talk about PHP. 
Stan as this season is all about uh other open source projects that are related to drupal in the drupal Universe, but not actually drupal and PHP stand is definitely one of my favorites. 
So I do want to help spread the word about that, but you've been busy just a little bit. 
So it's going to be impossible for me to talk to you without mentioning this drupal seven compatibility layer craziness that you're working on and I'm using craziness in the best sense.

[3:40] Exactly. And I do want to actually maybe where we, where we're gonna start. 
It's something that you announced, I don't know, two or three months ago that I'm super excited about and that you're writing a book on drupal Ca Yes, I'm writing a, a book. 
It's called Understanding drupal and its cash ability layers because I fear that's one of the biggest development trip ups is Drupal's drupal has this amazing robust cashing api but not everybody understands it. 
And it also just works 80% of the time, but then you hit those quirks and instead of folks saying, well, just stop cashing, I hope it's a resource for people to fix those cashing problems so they can make their drupal sites even more performant.

[4:22] Cashing. Drupal cashing is one of those areas where I've, I don't know if I'll ever attain like confidence, right? 
Like I feel like I, you know, I teach it, I, I've worked on cashing issues for clients and stuff, but I always feel like I'm, I'm missing like 10% of the knowledge that I think I'm missing and even when I learn more, I'm like, I'm still like, I'm, I'm asymptotically reaching full knowledge. But I, I will never reach it. 
And it, it's, it's for me, I, it manifests itself in like lack of confidence with it to be fair. 
That's how I felt while writing this. Um But it was all inspired. 
I wrote a blog post that explained how we can use hashtags with the database back end and not like red or some other like cashing store. 
And then I was like, we should write a book about this and try to make it less mystical and show that it, there, there's some magic to it, but it's not that magical if you just know where to look.

[5:19] Right. I'll say with hope and optimism in my voice. 
Uh What's the timeline on this book? I was hoping to do it this summer, but I overestimated my capabilities and scheduling, but I'm hoping for end of the year. Like, I want this to land this year. 
Plus you have kids, right? And they're off, they're probably off this summer. 
You don't have time for writing. Come on. Yeah. 
Between summer and baseball and summer band. I, I can find, I got some time. I got a little. 
All right. Very good. All right. So we're gonna put that one aside and, you know, we'll definitely have you back on the podcast when, when that is available because I'm sure I'll have 13,000 questions. 
I don't, I'd rather just ask you in a podcast context than anything else. 
Let's talk about the drupal Seven compatibility layer for drupal 10. 
This Mad Scientists project, which I mean, this seems like it could be somewhat of a holy grail for drupal seven sites. 
Yeah. Uh, at mid camp this year I gave a lightning talk after some discussions during a boff. 
I was like, ok, I'm gonna present the best and worst idea that I've had over the past four years, like I've thought about this, but I was really afraid of there being coming Franken drupal where you have drupal 10 sites running drupal seven code. 
But as we keep talking about the drupal seven end of life. You know, my history at commerce guys, centro and drupal Commerce sites is that people build so much business logic into their code.

[6:43] That, that's the hard part. You don't want to touch that business logic. 
It makes you money, you know, it works and then if you touch it.

[6:49] It might all break and you don't know why or where it could be legacy code. 
And I think that's honestly the biggest adoption blocker. 
Maybe there's some of those contribute that didn't make it to D eight, maybe there's some data migration, but we focused eight years on data migration, but not necessarily anything to help those users pick up their business logic code and place it into drupal and focus on, they have to still deliver new features to their drupal seven sites and fix bugs. 
And now we're asking them to rewrite all that code. 
So that's the idea behind it is to, it can't replace, it can't fix everything. 
But what if picking up importing that code instead of touching 100% of it, you touch 60% just something to give them that velocity back. 
So they can fight on three fronts. You know, they can actually take on those three fronts sustainably, right? 
So give me an example of how this works. 
I know that, you know, if you go to the github project page, basically, you know, change the, the I I forget what it's called drupal seven, but we have to create info dot yaml file. 
Yeah. So you just edit the dot info file and convert it to a YAML file, right? 
And which is pretty easy. It just change the format a little bit. 
But right now it reads hook menu and converts those to routes, links, actions and tasks. 
So you don't have to rewrite your hook menu and create five different YAML files and controller files because it provides a controller that calls your old hook.

[8:13] It does the same for forms. So if you have a form, it will call that form. 
Now instead of having to rewrite your hook menu, maybe you have to fix some of the code inside your form because form state used to be an array. 
And now it's a class that doesn't implement array access, small things like that or one instance I hit in drupal seven, we had a lot of global variables that were replaced with services like the current user. 
So it provides a compatibility layer that creates a global user object and bridges the drupal 10 user object to the regular plane object that drupal seven had. 
So it it is, are you, do you have to write this? Um Let's talk about global functions because there's there is a ton fun, right? Drupal seven? Yeah. 
So are do you have to write something into the compatibility compatibility layer for each global function in drupal seven and basically translate it to? OK. 
Yeah. So every global function that got removed has to be replaced and some of them have to be names space. 
So one example is module load install was finally removed in drupal 10 or deprecated.

[9:20] So that is behind retrofit or drupal retrofit. 
Drupal namespace and you call that function. So it had to be namespace. 
Does that still exist in drupal core? 
But all the database functions basically, and this targets drupal 10 plus because it just made it easier. 
But any of the global functions removed in drupal +89 have replacements that you can just call. 
So it is pretty much drop in and they work mostly the same. 
They try to just map to their new replacements.

[9:47] All right. One more question because I, I could go on for a while with this one more question. 
Are there any holes like big holes that you're aware of? Like what, what doesn't work? Yeah. 
So I just added support for theme functions. So there's a twig file that will call your, your theme function. So that works. 
Oh Wow. Preproce and post process functions may actually post process was removed in drupal eight plus. 
So those hooks don't get called PHP template files, I think can land if I got theme functions down. 
But the biggest thing will be around the entity system in drupal 10 or drupal seven. 
We had field git items or the wild array access. 
And we don't, we still have some of those magical getters in drupal 10, but they're based off objects, not arrays. 
So there are ways we could support that. 
But I think in the end when somebody, if somebody uses this. 
They're just gonna be changing how you access field values from an array to object properties. 
And hopefully that's the biggest change. And that's really succinct. 
Like when you look at that dif file, that should be really simple to say, we didn't really modify the business logic. 
We just modified how we access values in our business logic. 
Wow, that's, that's my, my hope.

[11:03] Have you heard any, any stories of folks like having success with this? 
With? No, I haven't heard of anybody using it. 
Just a lot of hype for it. Um But I did announce it only on the first day at drupal Con. 
So it's maybe been two weeks of an announcement. 
Yeah, I'm super curious because it is, as you said, it's, it's a bit of a mad scientist play for sure. 
All right, let's uh let's put that aside. I will, I will check out that box as my curiosity is scratched at least for a few, a few minutes. 
Let's talk about PHP Stan, static code analysis. 
Uh This is a tool that has been out and about in the PHP community for a while. 
You're, you're behind the drupal PHP Stan extension which basically makes it more drupal and, and it, it had it si know sniffs is the right word for P HPC S. What's the right? They're just called a rule.

[11:54] So it plays 22 roles. Drupal doesn't use standard like code auto loading. 
Like most PHP packages like look at Lavell or Symphony. 
All of your classes get dumped to the auto loader by composer, but drupal has modules that can be installed or uninstalled. 
So it has a dynamic auto loading component that PHP Stand. Drupal tries to bridge. 
So that way a PHP stand can discover classes appropriately, right? 
So let's talk about uh so PHP stand, what what do we define? 
What's what's static code analysis? Let's start there for folks brand new to PHP stand. What does that mean? 
So when folks think about C Gola or Rust, those are compiled languages in order to run the code, you compile it and during compilation, it says, oh, you use the wrong type or you have this bug before you, you can't even run the code because it's gonna air right PHP and Python, maybe all those are scripted languages. 
So you write your script and they're compiled at run time such as when the web server executes php, it kind of is runs it. 
So you're not gonna know about errors until that web request executes your code.

[13:03] So PHP stand and there are other ones like som that try to do this is it tries to run your code and do that analysis before you ship it out and it gets run by end users to help catch those bugs or any quirky things that might be there that as humans were prone to error, we don't read or recognize. 
So is PHP stand? Did it get its start with another particular like symphony crowd or Lavell crowd or was it just kind of developed independently for generic php? 
Any idea as far as I know it was developed on its own side? 
And it's not out of the symphony project because the developers out of the Czech Republic, which I noticed a lot of that region uses the net framework and E TT E and it uses a lot of those components. 
OK. So like it's not like leveraging symphony or anything like that. 
So I'm not entirely sure the origins but it came out in 2016 and I think it was to just scratch an itch by the maintainer. 
Uh OK. Well, that's usually what happens though, right? So, all right, so you wrote and are there other contributors to PHP stand drupal to the extension? 
Yes. OK. I wouldn't say that there. 
I don't wanna like, yes, there are contributors. I've had help from. Names are escaping me. 
But one of the members from the French drupal community supported a lot of things with around entity query support. 
So when you do entity load or any of that item, it knows that it's a node, it's a taxonomy term.

[14:31] The folks at open social and previous next have like nightly snapshots. 
So if I commit something and it makes it bug or great for feedback loops, and I've had contributors that jump in and help fix, you know, one thing php stand provides that they're called stubs and stubs. 
Let you enhance php doc annotations. 
So if drupal core says, Like let's say that PHP stand has some advanced documentation types where we can extend drupal core types to say these things and people can come in and enhance those along the way. 
OK. So you are also you periodically actually do PHP stand development on Twitch. Right? 
Yes. So I not doing it as often but every Wednesday at 2 p.m. 
Central, I try to hop on Twitch and make that be when I work on PHP stand. Drupal. 
Previously, I did try to do a lot of contributions to PHP stand, but that has honestly become so complex that that if you're not in a daily, like some of the contributors there, it's harder to drop in and for the better part of the past year and a half, I haven't really hit any walls that I've had to work on PHP stand for. 
There is one where so when we use PHP 10 for deprecation checks, that's its own separate library that creates rules that say, hey, you're using deprecated code, Drupal's adopted Symphony's PHP unit bridge, which as this like at group legacy tag and that's meant to identify that test as testing deprecated code. 
So don't throw deprecation warnings.

[15:57] Well, that's very unique nonstandard. So I worked on an enhancement to the deprecation library for PHP stand to allow defining custom scopes is what they call it. 
So we can say not only is a deprecated, created a deprecated scope, but if the method or the class is tagged at group legacy, the entire scope is deprecated and this is actually resolving a blocker from drupal core using PHB stand deprecation rules to do deprecation testing.

[16:27] So, like, I, I worked on that in my live stream because I figure one, like, contributing to open source work can be toiling. Yeah. 
So sometimes you sit like, oh, I don't really want to do this. 
So I like doing the live stream because even if nobody's hanging out, I think somebody might watch it, learn a few tricks and it's a little bit more fun and I'm willing to bet that you get, something out of it as well because you actually are probably, like, talking through the issue. Yeah.

[16:54] And I know that when I'm working with, with our, you know, drupal easy learning community, they love it when I hit bugs or something goes sideways because then I kind of have to talk my way through it and almost, you know, pretty consistently, I, I can get through things faster when I'm talking to myself. 
Yeah, it, it feels goofy sometimes because I do it for two hours. 
So I basically take two hours talking to myself, you know, people might chat here and there, but it's basically two hours of talking to myself walking through XD bug to solve something quirky. 
But yeah, I think that's what makes it a little bit faster too. 
So we're gonna have a, a link in the show notes basically the best way to get started with PHP stand. 
So I don't want to get into those details, you know, during this conversation, I do want to mention it is part of Drupal's core development uh dependencies. 
So when did that happen? Drupal 10. OK. 
So with drupal 10, if you, if you, you know, do the composer require drupal slash core dev, uh you actually have PHP stand ready along with uh the, the drupal extension. 
Yeah, it'll have HP San drupal. And then like I said, maybe for drupal 11 is when you'll get the deprecation rules automatically as well. That'd be fantastic.

[18:08] So I know that for me, I mainly use PHP stand kind of interactively through phptrm and visual studio code. 
I know it's also often used kind of on your c A continuous integration system as, as a build step to make sure that you're not hitting any level, any errors above PHP stand level two or three, which we need to talk about the level still? 
Are there any other ways that folks are, are using um PHP stand other than kind of interactively while they're actually developing or as part of their, their deployment process. 
Not that I'm aware of. I know when I have it in PHP storm and it's part of my inspections because it can run it. 
Although caveat sometimes I turn it off because I'm working on some really wild code that I have my level too high. 
So it kind of slows things down, distract you. 
Yeah, like it just, it slows down the ID a little bit because it's not like it's built into it, it's calling the command line and then I have it as part of my continuous integration just as a gate check. 
And then, but the one way that the maintainer and they recommend using it is if let's say you set your error level to like four and you have some errors that you don't have time to fix.

[19:16] It allows you to generate a baseline. So you can essentially say here's all my existing errors. 
So C I stop failing. I know I have to fix these and then you can find time to go address that technical debt, like maybe have a fun day on a sprint to go reduce the baseline open. 
Social uses this approach. They have a giant baseline and I think sort of slender C MS and then they just say we're willing to accept this warning because maybe we have to do something a little different and then they can go back and have like a little hackathon to fix those. 
I was unaware. So how does that work? Like when you like, how do you generate that baseline?

[19:50] Yeah. So there's a specific page in the docks but you call, you know. 
Vendor bin PHP, stand dash dash generate dash baseline. So it's just a a flag you pass to it. 
And then in your PHP stand configuration, you just say include PHP stand baseline and that. 
So it's just some type of file like a neon file just like their neon is the net framework version like enhanced the AM. 
And it's basically something that you can stash your ignore errors.

[20:21] If you fix one of those errors, it's going to report an error. 
So instead of ignoring it and just kind of silencing, but once you fix the bug, it'll say the baseline is out of date essentially. OK? 
So then you know, yeah, I fix something. All right, cool. That's, oh, there we go. I've learned something today. 
Uh Let's talk about the levels because this is I think the one of the best parts of PHP stand and I'll just give you an example of the way I use it is I use it in conjunction with uh P HPC S. 
So I get all the problems reported in uh PH PR M or VS code, but P HPC S it's, you either get the errors or you don't get the errors. 
There's no like level of those and with PHP stand, you can set the level at 0 to 90. What's the highest level? 
10? Nine, right? Nine. Yeah, 0 to 9. 
And there are errors that will get thrown. If you're at level zero, then there's more errors if you get thrown at level one and level two and so on. 
So, so you can set how stringent PHP stand is gonna be with your code. 
And what I think that enables and this is something that I this is how I fell into using it on a daily basis. 
And now I I trick our, our, our module development students into U using it is it's kind of like gamifying it. It's like, well start out at level two.

[21:36] Once you get clean reports at level two all the time, bump it up to level three and then learn what you need to do to pass all of level three and then bump it up again. 
So there's always like a, a carrot in front of you. 
So I don't know. Again, you have more experience talking to folks using it than I do. Is, is this a common approach?

[21:54] So the folks that I know using it, I believe open social has it at six or 90 my and previous next I think is it at six because they go for the, the baseline approach and that's what I honestly do. 
I do level nine and I include bleeding edge because bleeding edge has some. 
More controversial rules but also sometimes has performance improvements. 
So I just always like to have it to test it out. 
But that, that's when it gets really big and not everybody likes it because PHP San likes for you to start annotating array shapes at line. 
I, I don't remember when it actually kicks in but eventually it's like that, that array of variables. 
Well, what's inside of it? And it's like, oh, goodness, I can't document this. 
Yeah, I think it's six or so. I think it might be six.

[22:41] Yeah, I think it, that sounds about right. I don't think it's seven quite there yet. 
I think it's level six because that is where we are in our course right now as we.

[22:50] We do level five and then when we're going to bump it up to level six, we're, we're going back and fixing all of that all of those array, uh, imitations which can be with drupal can be extremely hairy unless you start cheating. 
You ignore those. Yeah. Yeah. Yeah. 
Well, but it's a really good exercise though if you're learning. Yes. 
It's a really good exercise to really know, like what's in those arrays, it may not be useful, you know, all the time. 
But for learning it, it's, it's a really good exercise. 
And the one thing it does too is it forces you to go double check, right? Even if you can't make it be perfect. 
It does force you to go double check or add safety checks to your array. Access. 
A lot of folks are at level two because I actually changed drupal check, the pre configured PHP stand runner to be at level two. 
And that is because level one starts checking for undefined variables like magical methods or unknown properties and it checks all actually. 
And then in level two, it, it enhances that check further and this came around from the whole drupal A to drupal nine bump. 
Where PHP Stan was running at level zero and only returning deprecation checks basically. Oh, you're using deprecated code. 
Well, what if PHP Stan didn't know that you're calling this method that was deprecated because it was silently airing, saying entity interface doesn't have this method.

[24:15] So it's it added some noise for folks where they start typing their code a little bit better, you know, not strictly but say this hook uses node interface, not entity interface because of those problems. 
So that's why I highly encourage folks to use level two because it's gonna fix a big baseline of errors. 
That's gonna make your static code analysis that much better. 
If you're only using it for deprecation checks, I recommend if you're doing it like you want to use PHP stand and really rock your code at least get to level four to have, you're gonna have a lot more confidence you're gonna be able to sleep at night, you know, not passive, your junior developers as much to fix their code. 
It, it actually, I think it forces you to think about your code a little bit more as well. Yes. 
Right. Rather than I mean, a lot of us when we're in a rush or, you know, copy paste and code we find on, on drupal Org or Stock overflow or Stock Exchange and um.

[25:10] Hope that it's that it's, it's proper and you know that. 
So it does, it does increase the, the, the confidence level with the code that you're using. 
Let's talk about its usage on drupal core, which I think is interesting. 
So I haven't been following that as much, but I believe drupal core is not level one analysis with a pretty decent baseline. 
And I think that's half of my, my Wednesdays now is all right. 
How can I fix PP stand drupal to reduce that baseline? 
Because a lot of that baseline is just needing to make PHP stand a little bit more intelligent about how drupal code works. 
Whereas some fixes actually just need to be fixed.

[25:54] Well, there's only I I, you know, I'll link to the issue, the drupal uh core issue about PHP stem levels because that's actually running with each, you know, patch and issue fork for drupal core just like P HPC S and all the automated tests are. 
So it's kind of part of our community build process at this point. 
It's great because it can be one of those when we have early control distributors instead of waiting four days to get a patch review to say, oh fix this nitpick or this, this or that they get that immediate feedback. 
OK. I'm gonna use immediate with air quotes because it does take a while for drupal course test runs to go. 
But let's say within an hour they get a comment that says, oh, your build failed. It's PHP stand fix these coding things. 
I think that's gonna nurture new contributors better than waiting three or four days for a more senior person to review it and say go fix these nitpicks three or four days. Sounds like a really good case too. 
Yeah. So. 
This just kind of popped in my head. So with the new G lab C I stuff, for drupal contributor projects, I know we just on, on a, on a module I helped maintain, we just switched over to it using the default configuration that the drupal Association provides are P is PHP stand checks included in that default configuration. Do you know? 
I don't know because I haven't looked into it yet. Drupal C I had base configuration in there that I don't know if contribute tapped into or could.

[27:22] And I think if you could with drupal C I can trip you were stuck to using cores like PHP stan config I haven't dove into the git lab C I stuff. 
I haven't had time to look at the templates. 
I would be hesitant to say it works. I know we have one you could say quote unquote regression where if you run P HPC S, it doesn't respect the P HPC S.

[27:43] That XML in your module, it uses drupal cores. 
And before drupal C I would let modules override the coding standards that was lost. 
I saw that in like the, the Git labs, Slack Channel so I even dove into it. 
I'd be a little hesitant but now that git lab C I is generally available. 
I'm kind of expecting full steam ahead for these things to get fixed in those templates. 
Yeah, that'd be great. That would be great. 
All right. Well, I think that covers about everything I wanted to cover. 
I just kind of wanted to give folks a, a nice overview of what it is and how to use it and how other folks are using it. 
We'll have a link to get started with it. I mean, honestly, if you, if you're used to adding drupal core dependencies to your projects, you have it, you just have to. 
Learn how to take advantage of it. And it's, you know, in my opinion, it's, it's a fantastic tool. 
It's PHP is and then, you know, the, the extension that, that you and other contributors have made is is, you know, fantastic. 
And if folks want to dive in, there's more extensions like strict rules. 
So you can really go down the rabbit hole of having rules that really tighten up your code to other different ways. 
So do you, when you're doing your stuff, do you add additional rule sets?

[28:57] Yes, I use the PHP stand Strict Rules package which prevents using empty. 
Like if you use, if empty it yells at you and says you should be checking proper things. 
And in drupal, that's a really, that's a thing we kind of fall back on from previous days. 
So I like having that as kind of the little slap on the wrist of nudge back into the lane. Yeah.

[29:19] All right, cool. Actually. Um Yeah, give me uh I will let you know, I'll add a link to uh to that rule set. 
If I can't find it, I'll ping it, but I'm pretty sure I will be able to find it. Well, Matt, thank you very much for your time today. I appreciate it. 
God speed on the drupal seven compatibility layer stuff. 
You know, that is just crazy, fun, interesting stuff you got going on there and, and thanks for taking the time to join us today. 
Thanks for inviting me back. All right, cool. 
Thank you very much for listening to the drupal Easy Podcast. 
Don't forget to check out all of our long form drupal training courses at drupal easy dot com and stay tuned for the next episode of the drupal Easy podcast where I will be talking with Jordan Powell from the Cypress Open Source project.

[30:05] Music. 

July 13, 2023