Process: Laravel / Keep an application up-to-date

Objective

• To provide guidance for developers on processes and steps they can take to keep Laravel applications up to date and ensure they pass the pipeline correctly

Scope

• Laravel applications running on hosted servers or containers

User

• Solution Delivery Developers

Environment

• Local development environment
  • Locally run containers
• Deployment pipeline
• Docker Desktop

Process

Use the pipeline to check your application's current state

Many of the pipeline checks fail because applications are left untouched and require updates to dependencies in the application. If an application has had no work performed on it recently, you can get a good sense of the current state of the application by running the GitLab pipeline for it against your Main/Master branch in the Gitlab UI:

1. Navigate to gitlab.com/miamioh and sign in using your Miami credentials, then navigate to the desired project
2. In the left column, click CI/CD
3. In the upper-right, click the Run Pipeline button
4. In the top drop-down, select the desired branch against which to run the pipeline
   • if no working branches exist, use Main/Master
5. Click the Run Pipeline button, and then review the results

The results of these tests will illustrate what you need to do to get the application up to date. Review the results for any failures and make note of why the test failed. The results will show specific dependencies that need to be updated. Of particular importance are these jobs:

• check-advisories
• check-laravel
• check-outdated
• check-security

 

Use the Build Images Repository Docker images to run pipeline checks locally

The images in the Build Images Pipeline Repository, used in the pipeline, can also be leveraged locally to run the Pipeline tests. You can use the same images used in the CI pipeline to run jobs locally without the need to commit and push changes, allowing for quicker testing/iteration cycles.

For reference on how to run these the tests locally, see the PHP Images section of the Build Images Project README.

 

Use Composer to update dependencies

Effective use of the composer update command is key to keeping an application up to date and passing pipeline checks. Through usage of containers (specifically the Miami DevTools container), we can replicate an application's PHP environment and update dependencies. Composer commands to update dependencies should always be run in a container as described here.

1. The first step is to navigate to your local project repository folder, and then open it in a container: docker run -it --rm -v $(pwd):/opt/project -v ~/.ssh:/root/.ssh -v ~/.gitconfig:/root/.gitconfig -v ~/.composer:/root/.composer -v ~/.phive:/root/.phive registry.gitlab.com/miamioh/uit/operations/build-images-pipeline/php:7.3-devtools bash
   • This command is doing the following things:
     • -it: instructs Docker to allocate a pseudo-TTY connected to the container’s stdin; creating an interactive bash shell in the container
     • --rm: Automatically remove the container when it exits
     • -v: each call mounts a different local directory in the running container so these local directories can be accessed in the running container; in this example above the present working directory is mounted to /opt/project in the container, and so on
     • registry.gitlab.com/miamioh/uit/operations/build-images-pipeline/php:7.3-devtools: This is the container image that replicated the correct PHP environment; in the future this might be ...build-images-pipeline/php:7.1-devtools or something else
     • The bash command at the end presents a working bash shell to run commands from in the container; this can be replaced with any command you want to run in the container (e.g. composer require xxx) but by using bash you can run multiple commands in the same container instance
2. Once the bash shell is up, you can run composer update to a dependency. For example, composer update symfony/http-kernel. You can also upgrade multiple components at once, e.g. composer update symfony/http-kernel fruitcake/laravel-cors
   1. It is generally best practice to run Composer with the --with-all-dependencies / -W flag. This allows Composer to allow upgrades, downgrades and removals for packages currently locked to specific versions
3. When you are done updating the needed components, type exit to stop the running DevTools container

 

Address conflicting dependencies

You may receive errors regarding conflicting dependencies when running composer update. This this scenario, you can make use of the composer why and composer require commands to require specific versions of dependencies that do not conflict. The composer update command updates to the latest version of packages (all or those listed) within the current version constraints. The composer require command adds a new dependency or a new version constraint for an existing dependency.

 

Laravel Shift

Though not currently checked in a pipeline job, running a supported version of Laravel is important. Please refer to Procedure: Laravel / Use Laravel Shift to upgrade an application's framework version for details on this process.

Related Documentation

Miami

• Build Images Pipeline Repository
  • This project contains the Docker images for Solution Delivery pipeline
  • Includes documentation on running some of the pipeline jobs locally
• Procedure: GitLab / Authenticate to the container registry
• GitLab CI includes Repository
  • Base GitLab CI configurations used in the Solution Delivery Pipeline
  • Includes documentation on configuring an application to use the pipeline and running some of the pipeline jobs locally

 

External

• Composer Documentation
  • Composer Commands
• GitLab CI/CD pipelines documentation
• Docker Run command documentation