Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Multi-Variance: API Versioning For Software Lib...

Stuart Herbert
August 28, 2018
Programming
1
63

Multi-Variance: API Versioning For Software Libraries

One of the key features of Composer - the PHP community's package manager - is that you can't have two different versions of a Composer package in your project at the same time. Your project - and all the packages you depend upon - must agree on which versions to install, otherwise Composer cannot continue. Anyone who has used popular packages like Guzzle or PHPUnit over the last few years will have seen first-hand the problems this can cause.

In this talk, Stuart will introduce you to 'multivariant packages', a technique he uses with his own Composer packages to make sure his packages aren't contributing to the problem. He'll show you how to organise code inside your packages, and how to version your packages to work best with Composer. And finally, he'll look at how to handle devtools that install new Terminal commands inside your project.

Stuart Herbert

August 28, 2018
Tweet

More Decks by Stuart Herbert

See All by Stuart Herbert
Type Integrity: The Software Engineering Behind Stricter Typing
stuartherbert
0
63
Coding Standards That Improve Quality
stuartherbert
0
140
ES-CQRS and GDPR: When Immutability Meets Reality
stuartherbert
1
760
The Container End-Game: An Introduction To Kubernetes And Minikube
stuartherbert
0
120
Zend Expressive - An Introduction For API Building
stuartherbert
0
630
Automate, Automate, AUTOMATE!
stuartherbert
0
130
JSON Schema For Validating API Requests
stuartherbert
1
150
Designing For Disaster - Preparing Your Code For Emergencies
stuartherbert
1
230
DeCYPHERing Graph Databases
stuartherbert
1
200

Other Decks in Programming

See All in Programming
CSC509 Lecture 13
javiergs
PRO
0
110
ペアーズにおけるAmazon Bedrockを⽤いた障害対応⽀援 ⽣成AIツールの導⼊事例 @ 20241115配信AWSウェビナー登壇
fukubaka0825
6
2k
聞き手から登壇者へ: RubyKaigi2024 LTでの初挑戦が 教えてくれた、可能性の星
mikik0
1
130
色々なIaCツールを実際に触って比較してみる
iriikeita
0
330
役立つログに取り組もう
irof
28
9.6k
Snowflake x dbtで作るセキュアでアジャイルなデータ基盤
tsoshiro
2
520
Contemporary Test Cases
maaretp
0
140
Jakarta EE meets AI
ivargrimstad
0
220
どうして僕の作ったクラスが手続き型と言われなきゃいけないんですか
akikogoto
1
120
.NET のための通信フレームワーク MagicOnion 入門 / Introduction to MagicOnion
mayuki
1
1.7k
Jakarta EE meets AI
ivargrimstad
0
600
Ethereum_.pdf
nekomatu
0
470

Featured

See All Featured
Optimising Largest Contentful Paint
csswizardry
33
2.9k
We Have a Design System, Now What?
morganepeng
50
7.2k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Embracing the Ebb and Flow
colly
84
4.5k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
How to Ace a Technical Interview
jacobian
276
23k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
What's in a price? How to price your products and services
michaelherold
243
12k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Being A Developer After 40
akosma
87
590k

Transcript

  1. A presentation by @stuherbert
 for @GanbaroDigital Multi-Variance API Versioning For

    Software Libraries

  2. Industry veteran: architect, engineer, leader, manager, mentor F/OSS contributor since

    1994 Talking and writing about PHP since 2004 Chief Software Archaeologist Building Quality @GanbaroDigital About Stuart

  3. Follow me I do tweet a lot about non-tech stuff

    though :) @stuherbert

  4. @GanbaroDigital ?? ?? Do you create and publish Composer packages?

  5. @GanbaroDigital ?? ?? What versioning scheme do you use?

  6. @GanbaroDigital ?? ?? Have you ever put out a new

    version of your package with substantial b/c breaks?

  7. @GanbaroDigital I'm here to talk about the consequences of b/c

    breaks in packages.

  8. @GanbaroDigital And to share a different approach from my own

    packages.

  9. @GanbaroDigital This is just my own approach. Other approaches exist.

    I'm here to learn from you too!

  10. @GanbaroDigital In This Talk ... 1. Semantic Versioning 2. Modularity

    3. Consequences 4. Library Packages 5. Dev Tools

  11. @GanbaroDigital Current Practice

  12. @GanbaroDigital Semantic Versioning

  13. @GanbaroDigital semver.org

  14. @GanbaroDigital X.Y.Z versioning scheme

  15. @GanbaroDigital X.Y.Z major.minor.patchlevel

  16. @GanbaroDigital X.Y.Z major.minor.patchlevel

  17. @GanbaroDigital Fix a bug? Increment Z. e.g. 1.1.0 -> 1.1.1

  18. @GanbaroDigital X.Y.Z major.minor.patchlevel

  19. @GanbaroDigital Add a new feature? Increment Y, reset Z. e.g.

    1.1.1 -> 1.2.0

  20. @GanbaroDigital X.Y.Z major.minor.patchlevel

  21. @GanbaroDigital Add a major feature? Or break backwards-compability? Increment X,

    reset Y & Z. e.g. 1.2.0 -> 2.0.0

  22. @GanbaroDigital semver is a modern take on old-skool versioning.

  23. @GanbaroDigital ?? ?? Why semver?

  24. @GanbaroDigital The semver rules are a contract between package maintainers

    and library users.

  25. @GanbaroDigital “Library users should be able to upgrade to the

    latest X.*.* release without changing their code.

  26. @GanbaroDigital e.g. 1.0.0 -> 1.59.46 should be a hands-off upgrade.

  27. @GanbaroDigital That is a very high bar for package maintainers

    to meet.

  28. @GanbaroDigital Why? Because of backwards-compatibility breaks.

  29. @GanbaroDigital ?? ?? What is a backwards-compatibility break?

  30. @GanbaroDigital Changing any existing API.

  31. @GanbaroDigital Changing the behaviour of any existing API.

  32. @GanbaroDigital Fixing a bug.

  33. @GanbaroDigital Adding deprecated warnings to any existing API.

  34. @GanbaroDigital Changing the package's dependencies.

  35. @GanbaroDigital Changing the supported PHP version(s).

  36. @GanbaroDigital Breaking b/c has major consequences for library-users.

  37. @GanbaroDigital That's why the semver rules require package maintainers to

    bump the 'X' version number.

  38. @GanbaroDigital ?? ?? What's the knock-on effect if you change

    your package's major version number?

  39. @GanbaroDigital Hold that thought. We'll answer that a little later

    on.

  40. @GanbaroDigital Modularity

  41. @GanbaroDigital Most mainstream programming languages are not modular.

  42. @GanbaroDigital Libraries are loaded into a shared symbol table.

  43. @GanbaroDigital Schemes like namespacing still use the shared symbol table.

  44. @GanbaroDigital Schemes like 'friends' simply add access controls. They don't

    partition the shared symbol table.

  45. @GanbaroDigital ?? ?? Which mainstream programming language is modular?

  46. @GanbaroDigital JavaScript*

  47. @GanbaroDigital ?? ?? The reason your node_modules folders are gigabytes

    in size?

  48. @GanbaroDigital npm* supports installing different versions of the same package

    into the same app.

  49. @GanbaroDigital Composer cannot. Because the language isn't modular.

  50. @GanbaroDigital This is not a PHP problem. Nearly all mainstream

    programming languages share this limitation.

  51. @GanbaroDigital I'm not here to debate modular vs non-modular.

  52. @GanbaroDigital PHP is a non-modular language. It's going to stay

    that way for the foreseeable future.

  53. @GanbaroDigital I want to look at how we work with

    the cards we've been dealt.

  54. @GanbaroDigital Consequences

  55. @GanbaroDigital ?? ?? What's the knock-on effect if you change

    your package's major version number?

  56. @GanbaroDigital If you've used popular Composer packages such as Guzzle,

    or PHPUnit ...

  57. @GanbaroDigital ... you'll have seen errors like this: "Can only

    install one of: guzzlehttp/guzzle[6.1.0, 5.3.0]"

  58. @GanbaroDigital “Two different major versions of the same package cannot

    co-exist inside the same app.

  59. @GanbaroDigital The more popular your package, the more likely it

    is to be pulled into the same app multiple times.

  60. @GanbaroDigital ?? ?? As a library-user, how do you solve

    this?

  61. @GanbaroDigital You can't.

  62. @GanbaroDigital ?? ?? As a package maintainer, how can you

    avoid this?

  63. @GanbaroDigital Multi-variance

  64. @GanbaroDigital Library Packages

  65. @GanbaroDigital In any non-modular language, only one version of your

    package can exist inside any one app.

  66. @GanbaroDigital That's our design constraint. We cannot change it. We

    have to work with it.

  67. @GanbaroDigital ?? ?? Do you build web APIs?

  68. @GanbaroDigital If you're building a web API, you support multiple

    versions of your API at the same time.

  69. @GanbaroDigital So why not do the same with library APIs?

  70. @GanbaroDigital There's nothing stopping you from having multiple versions of

    your API inside one package.

  71. @GanbaroDigital my-package

  72. @GanbaroDigital my-package src

  73. @GanbaroDigital my-package src/V1

  74. @GanbaroDigital my-package src/V1 src/V2

  75. @GanbaroDigital "autoload": { "psr-4": { "GanbaroDigital\\TextParser\\V1\\": "src/V1", "GanbaroDigital\\TextParser\\V2\\": "src/V2" }

    }

  76. @GanbaroDigital We can't use semver for our package version numbers.

    But package managers expect semver-like version numbers.

  77. @GanbaroDigital Version numbers change from X.Y.Z to X.datereleaseno

  78. @GanbaroDigital e.g. from 1.2.0 to 1.2018082601

  79. @GanbaroDigital e.g. from 1.2.0 to 1.2018082601

  80. @GanbaroDigital X is the minimum supported API version

  81. @GanbaroDigital Bump X when you drop support for an API

    version.

  82. @GanbaroDigital (but be prepared for all the consequences I've already

    discussed!)

  83. @GanbaroDigital the datereleaseno is the year, month, day + how

    many releases you've made that day

  84. @GanbaroDigital e.g. 1.2018082601 1.2018082602 1.2018082801

  85. @GanbaroDigital e.g. 1.2018082601 1.2018082602 1.2018082801

  86. @GanbaroDigital e.g. 1.2018082601 1.2018082602 1.2018082801

  87. @GanbaroDigital ?? ?? Why not X.date.releaseno? e.g. 1.20180826.01?

  88. @GanbaroDigital You want the dependency rules to always pull in

    new releases of X.*.

  89. @GanbaroDigital e.g. 1.2018082601 -> 1.2018082602 1.2018082602 -> 1.2018082801

  90. @GanbaroDigital With X.date.release, there's a risk of users adding dependency

    rules that lock them into X.date.* releases!

  91. @GanbaroDigital e.g. 1.20180826.01 would they get 1.20180828.01?

  92. @GanbaroDigital This approach is what I call multi-variant packages: multiple

    API versions inside the same package.

  93. @GanbaroDigital ?? ?? Does anyone remember how Guzzle solved this?

  94. @GanbaroDigital Dev Tools

  95. @GanbaroDigital Here, we're talking about tools like PHPUnit. Something you

    install that provides new CLI commands.

  96. @GanbaroDigital ?? ?? What problems do these CLI tools cause

    w.r.t. package version clashes?

  97. @GanbaroDigital They pull in dependencies of their own, which can

    clash with your app's dependencies. (Or with the dependencies' dependencies!)

  98. @GanbaroDigital ?? ?? How would you solve that?

  99. @GanbaroDigital Package maintainers: Ship these tools as PHAR files.

  100. @GanbaroDigital End-users: download and use the PHAR files.

  101. @GanbaroDigital

  102. Thank You How Can We Help You? A presentation by

    @stuherbert
 for @GanbaroDigital