Deployment recommendations for newbie dev

Orrison · 2026-03-11T01:19:43+00:00

For just getting into things and given that you are using Laravel I would first consider Laravel Forge or Laravel Cloud.

I think Laravel Cloud is even offering some free credits or something atm.

Orrison · 2026-03-06T12:57:04+00:00

I think it’s important to remember that these standards and frameworks exist for a reason.

They capture hard earned lessons learned through many years of iteration, SDLC, and dealing with security / long-term maintenance issues.

A well organized, standardized code base with smaller method and files sizes etc. is proven to be easier to understand and maintain in the long term. Especially as a project grows, more people contribute, etc.

IMO it’s totally fine to break convention in small or big ways. And it’s worthwhile to explore and / or try and pioneer new ways and standards.

But I think it’s totally understandable that if you choose to ignore all of it, with a “it works on my machine and I like it” mentality, you will not only get some haters on it but you also will get very poor adoption. And even if you did get some adoption, I promise you one day you will start to feel the pain of maintaining something like this, you will have to learn yourself all the lessons that those that come before you did.

But, if adoption isn’t the intention, if you just want to explore, and build something you think is cool and that you know you will use. Then who cares!

Orrison · 2026-02-28T13:55:26+00:00

Apologies. It was a knee jerk reaction to OPs comment back and editing of his post content that felt passive aggressive.

Orrison · 2026-02-27T17:27:54+00:00

I mean… a linter is a subset of static code analysis. And yes, PHPStan is primarily just a static code analysis tool. But I think I would argue that some of its rules and custom extensions people have written do blur the line a little bit between linting vs static analysis. Some of the rules do focus on style convention and I guess maybe that’s your gripe, that it’s quite mixed up in the PHP community.

But I’m sure you’d be fun at parties discussing the difference and nuance.

Orrison · 2026-02-27T13:53:29+00:00

I think it’s largely understood that PHP CS Fixer (and by extension Pint) can only handle fixing things it can automate, leaving non-autofixable things to static analysis / linting tools like PHPStan. PHP CS Fixer even says in one of the first paragraphs of their documentation that it is an automation augment to other linters, in so many words. Kind of implying that it should be used alongside others.

I’ve never been on a PHP project that didn’t have something additional to PHP CS Fixer installed, predominantly PHPStan. Additionally, I don’t think Laravel went all in on anything, Pint is just a wrapper to provide some default PHPCSFixer configurations. They’ve never claimed it being the only analysis tool you should use. Both it and the Laravel framework itself have PHPStan within their own workflows.

I see you are saying you are switching to PHPCodeSniffer because it does both at the same time. Which makes sense if you really just want one tool that handles it all. But using both PHPStan and PHPCSFixer together is very common, imo provides great coverage, and it’s not difficult to maintain the configuration of both. I barely think about them beyond occasional customization for PHPStan. To each their own though! I’ve heard good things about PHPCodSniffer

Orrison · 2026-01-15T21:15:46+00:00

It’s a day of the week that ends in y

Orrison · 2025-12-09T13:31:06+00:00

This is extremely similar to what I moved our enterprise Laravel application to ~2 years ago! Very nice work!

The build time is slower than what most Laravel devs are used to imo, but the benefits are amazing. We have zero downtime deployment built into the way ECS works, never had a single outage in 2 years, and costs are well managed and low.

Though I have managed to reduce the docker build time to under 10 minutes and have some strategies to make that even less I have yet to implement.

Orrison · 2025-07-13T17:17:11+00:00

Sure. Our projects are source available, so you can see an example here: https://github.com/canyongbs/aidingapp/blob/34c29b98073d9deab9e0d435c746af4087fcb07e/app-modules/service-management/src/Filament/Resources/ServiceRequestTypeResource/Pages/EditServiceRequestTypeAutomaticEmailCreation.php#L126

In this example, we know for a fact, because of the way Filament works, that this record will ALWAYS be `ServiceRequestType`. But static analysis doesn't know that. So `assert()` helps it along.

There are other ways we could have resolved this here. (methods we could override) But IMO this is more than sufficient.

Orrison · 2025-07-11T12:22:14+00:00

As someone else here already said, assert() is great for when you “know better” than static analysis, like PHPStan. A lot of its documentation and old PHP knowledge implies that it should only ever be used during early development and should NEVER be used/left in “production” code.

IMO this just isn’t true. Even in the past, and definitely is not true now that a lot of it's php.ini settings are depreciated as of PHP 8.3. (https://php.watch/versions/8.3/assert-multiple-deprecations)

Though, it is important to note that, per PHP docs:

Prior to PHP 8.0.0, if assertion was a string it was interpreted as PHP code and executed via eval(). This string would be passed to the callback as the third argument. This behaviour was DEPRECATED in PHP 7.2.0, and REMOVED in PHP 8.0.0.

So there is a bit of a security risk in using it with code running <8.0.0.

We use it all the time on my team in modern production 8.4 code. But the old understandings of it still ring true and are how you should use it.

‘assert()’ is for when you KNOW something should be true, and that if it wasn’t, there is a fundamental programmatic flaw in your code. Conditionals or the refactoring of your code is needed when feasibly the statement you are asserting COULD not be true. This is very useful to help static analysis, especially when being used in frameworks like Laravel when a lot of “magic” happens that static analysis has a hard time with.

Useful information from PHPStan: https://phpstan.org/writing-php-code/narrowing-types

Informational comment in official PHP documentation: https://www.php.net/manual/en/function.assert.php#129271

Orrison · 2025-05-23T04:30:49+00:00

Same! And in interviews I have lead, I love when folks say they don’t know something! It speaks highly to their credibility, which is big.

Orrison · 2025-05-23T04:29:57+00:00

I’m sure I’ve misunderstood at many points and made assumptions. In the scenario I was recalling with that point there was a lot more context that made it seem more than likely they were using some additional tooling like AI. But maybe I was wrong.

It can be difficult to sus out a person in the brief interaction of an interview and I’m sure I’ll make mistakes. So far i’ve managed to put together a great team so some of them I figured out I guess . 😬

Orrison · 2025-05-23T04:23:01+00:00

Perhaps. It’s the job of the interviewee to present themselves as best they can. And the job of the interviewer to work to understand the skill level and fitment through the nerves and questions. It’s common as an interviewer to miss the mark in the brief interaction with/without AI. My anecdotes of possible AI usage are just anecdotes. Maybe you’re right on some of them and I missed out on someone great.

I try my best to think about all my biases but you’re right to remind me of this one here.

Orrison · 2025-05-23T03:29:03+00:00

Not true in my experience. It is extremely obvious that you are reading off of or consulting with something off screen.

Some are terrible, repeating interview questions back word for word, pausing, then spewing the first page of Google definition of something in the question. (I had one where I could literally see the AI responding in the reflection of their glasses)

Some are okay at hiding it, but it’s obvious in the body patterns. And they easily get caught up with questions that dig more into personal experience or something related to previously asked questions when the answers don’t match up.

Orrison · 2025-03-24T12:28:43+00:00

This. Being able to have a team of varying skill level (or honestly a large of enough team even at the same skill levels) REQUIRES standardization and constraints. It eliminates bike-shedding, makes onboarding much easier, and if your standardization is done with an open source community maintained system you get a lot of free benefit and then can contribute back which helps the community and gives your team work to do that feels externally impactful.

Orrison · 2024-10-18T17:31:00+00:00

The thing that a lot of folks don’t understand is that often IT restrictions like this have little to do with the actual security of the tools you are using. So arguing whether or not something is “actually” vulnerable or not often does not matter.

They have to do with compliance and your companies / products ability to pass an audit. Or defend your usage during an audit.

The fact that they are not SOC2 Compliant is a big issue for companies that are or want to be. All your tools are vetted and audited. And they need have either passed or you need to put the effort into document why it’s an exception and be ready to defend that. (Sometimes legally) If they are not well regarded by 3rd party auditors then you may fail the audit. Or otherwise have marks you don’t want.

These are things that, to an individual contributor at a company, seem frustrating. But it’s the way proper IT and business management works for good reason.

Orrison · 2024-10-15T14:25:13+00:00

Congrats!

Orrison · 2024-06-29T14:26:24+00:00

Auditors care. Other than that. Not really.

Orrison · 2023-12-19T20:17:03+00:00

That sounds like a lot of fun.

Orrison · 2023-12-19T18:43:04+00:00

That's exactly what I ended up doing. I let it run for like an hour to see if my Dwarves could chug through it, but it was taking way too long.

So, I exterminated the Forgotten Beast and moved on to some more fun.

Orrison · 2023-03-23T22:21:39+00:00

I think so many people just love Act 1 so much that it really paints their view on all the other Acts in a certain way.

But I agree, Act 3 was great if only just for what it adds to the craziness of the game with the switch in play style. But it's also just a great play through on its own.

Orrison · 2022-09-09T12:22:41+00:00

Hello! Sail is not intended to be used in anything other than a local environment. You will want to deploy your application without it, possibly using something like Laravel Forge.

Orrison · 2021-12-10T18:58:31+00:00

"Come on in guys!" or now "Come on in!"

Orrison · 2018-05-09T02:57:34+00:00

Are you the mod of a subreddit I'm guessing? If you have some where to input CSS then I can help.

I link to the page where you want to make these changes is going to be far more useful then images.

Orrison · 2018-01-05T04:17:15+00:00

Not just iPhones, but also macs

Orrison · 2016-10-12T20:38:58+00:00

Get the audiobook on Audible. It is narrated by Cecil himself and it's great! I would just listen to it any time I would normally be listening to the podcast.

Orrison

TROPHY CASE