A day at the PHP UK Conference 2025

March 6th, 2025
6 min read
By Alan Saunders
.

On the 19th February 2025, I attended my first PHP UK Conference in London. I’ve attended tech conferences in the past, but those tended to be more Drupal-focused conferences.

The PHP UK Conference has been going for 20 years, which is testament to the amount of effort that the team behind the scenes puts in to put these events together. This year’s event saw around 300 people getting together to talk about PHP.

To start the day, there was a keynote from Daniel Terhorst-North, who is the creator of Behaviour Driven Development (BDD) and is this year celebrating 20 years since he created the methodology.

The reason BDD was born, was out of frustration that Daniel had around getting people to use TDD (Test Driven Development) which is a methodology where you write your tests before you write code.

The purpose of BDD is to build on what TDD tries to instil in its’ users by making the concepts more accessible and intuitive to everybody on the project. Which in turn should promote collaboration between developers, tested and business stakeholders. BDD utilises plain, human readable language in the format of Given-When-Then. To run these tests, you can use a tool like cucumber or Reqnroll (née SpecFlow) or even Behat.

After the keynote was finished, it was onto the different talks that had been planned out. There were two simultaneous tracks to choose from, allowing you to mix and match which talks that you went to. 

Deploying at scale

The first talk given by Wim Godden, who talked about deploying at scale with a single click. His client, deploying electronic lockers in varied locations with slow 3G connections, relied on manual USB installations and remote desktop updates — a process unsuitable for large-scale rollouts.

Wim proposed automating the process using Ansible and Infrastructure as Code (IaC). This approach stores installation code in a central repository, enabling version control and rollbacks. Ansible then distributes configuration updates globally and sets up new machines quickly, ensuring consistent performance across all deployed lockers.

Supercharging API monitoring

Next up was a talk by Liam Hammett which was entitled “Beyond Requests: Supercharging API Monitoring with Guzzle Middleware”.

Liam talked about how within his day job, he works for a publishing company that have systems that need to cope with millions of API calls, whilst also needing to make sure that there are useful logs kept by the application Liam and his team builds. Because there are millions of API calls happening, this logging process needs to be as efficient as possible.

This talk delved not only into logging, but also covered visualising the information in one place using Grafana.

Liam showed us examples of using Guzzle’s middleware for logging. Guzzles middleware allows us as developers to modify requests and responses. This middleware can be linked to the Guzzle client to perform tasks like; logging, authentication or response processing.

With Grafana, Liam talked about how he uses 3 different systems that are all viewable within the one Grafana dashboard. He used:

  • Loki for managing the logs that he sends to Grafana from his application.

  • Tempo for logging the traces which is additional information around the execution of a task, enabling you to see what methods are being called from what classes, so you can trace where a problem has come from.

  • Prometheus for metrics, which can help you identify, for example, bottle necks in the application, so that they can be investigated and hopefully sped up.
    Prometheus can also monitor the infrastructure hosting the application, enabling Liam to identify any issues with the hosting setup. 

Supply chain security 

Next up, Nils Adermann, creator of Composer and founder of Private Packagist, gave a talk on "Composer Guide to Supply Chain Security." Private Packagist allows developers to upload and download packages via Composer.

“A software supply chain is composed of the components, libraries, tools, and

processes used to develop, build, and publish a software artifact.”

“In other words: The “full stack” and all processes & tools involved in making and assembling it”.

Composer manages dependencies from the composer.json file, and Drupal is an example of a CMS that has become increasingly reliant on third-party dependencies since Drupal 8.

This reliance introduces security risks – vulnerabilities can be introduced further up the chain and unknowingly deployed to production. Fixes also take time to propagate, as all dependent packages must update accordingly.

Nils shared real-world examples of supply chain attacks, including the recent CrowdStrike issue, emphasizing the need for risk analysis. Assessing dependencies helps predict failures and mitigate their impact on business continuity.

 

The key things for risk mitigation are:

  • Keeping packages up to date where possible.

  • Audit the vendors used to ensure that they are not likely to disappear.

  • Have a process that reduces risk of introducing supply chain issues.

  • Not committing the vendor folder into the code repository. This ensures that downloads of packages come from known sources that should be safe (unless there is an issue with the version that you need). It also reduces their risk of lingering files with security issues present in the git repository of the application that you are building.

  • Documenting the dependencies of a project and adding information about the supply chain where possible. Documentations help by making sure that everyone associated with a particular project/system can find information about its dependencies/tools/external services used, without having to dig into the code.

Modernising PHP

Next up, there was a talk from Gina Banyard entitled “Modernizing PHP one edge case at a time”. Gina is one of the developers on the PHP core team.

PHP is a language that was not designed from scratch, and it is also an example of a language that has evolved over time. This has its advantages as well as disadvantages. The main advantage being that PHP is always changing and trying to be better. The main disadvantage being some of the quirky behaviours that were introduced in earlier versions still exist, just waiting to be discovered.

Gina talked about a number of quirky behaviours that she has found and has improved in newer versions of PHP. It was a very insightful talk, and it is good to see that PHP is going through a period of improving on the quirky behaviours and making the language better.

OpenAPI  

The final talk of the day was by Lorna Mitchell who talked about OpenAPI for Web Developers.

APIs are at the heart of modern application development, and OpenAPI is a powerful tool to streamline your API development lifecycle.

You can learn more about Open API from Zack’s blog post that takes a deeper dive into the subject.

Finally, there was a panel discussion involving several of the speakers that have been giving talks throughout the conference, giving the audience of around 300 people the chance to get their burning questions answered.

Following this, the organisers wrapped up the conference and gave out the prizes to the lucky winners of the competitions that were going on at the various supplier stands present.

So, all in all, it was good day of learning with like-minded individuals and gave me some food for thought of the future, as well as thinking about what we do well currently and a reminder of what we have done in the past. The conference is something that I would likely consider attending again in the future.

 

Back to Updates