caverainc's avatar

Laravel app maintenance checklist

Hi everyone. I am shifting more of my team's development workflow to Laravel and I am hoping for some input from the community on maintenance procedures. We have a mix of internal apps as well as client apps hosted on Forge. Do any of you have a standard recurring procedure that you follow weekly/monthly to ensure apps are staying up to date?

  1. composer update
  2. Laravel releases
  3. Server updates/OS upgrades

Our dev stack:

  • TALL stack
  • Filament
  • Laravel Forge
  • Digital Ocean
  • VS Code
0 likes
9 replies
LaryAI's avatar
LaryAI
AI
2 years ago
Level 58

Maintaining Laravel applications is crucial to ensure they remain secure, efficient, and up-to-date. Here's a checklist that you can follow on a regular basis:

Weekly Maintenance Tasks

  1. Composer Dependencies:

    • Run composer outdated to check for outdated PHP packages.
    • Update dependencies cautiously with composer update if necessary, ensuring that you test thoroughly before deploying to production.

  2. NPM/Yarn Packages (if you use them):

    • Check for outdated Node.js packages with npm outdated or yarn outdated.
    • Update packages with npm update or yarn upgrade.

  3. Database Backups:

    • Ensure that your database backups are running successfully.
    • Test restoring from a backup occasionally to ensure the integrity of your backups.

  4. Error Logs:

    • Review application logs for any recurring errors or issues.
    • Use tools like Laravel's built-in logging or external services like Bugsnag or Sentry for better insight.

Monthly Maintenance Tasks

  1. Laravel Releases:

    • Check the Laravel release notes for any new minor or patch versions.
    • Update to the latest Laravel version if it's a minor or patch release, after thorough testing.

  2. Server Updates/OS Upgrades:

    • If you're using Laravel Forge, you can set up automatic security updates.
    • For manual updates, SSH into your server and run sudo apt-get update && sudo apt-get upgrade for Ubuntu/Debian systems, or the equivalent for your server's OS.

  3. Review Configuration Files:

    • Check .env files and other configuration files for any settings that need to be updated or optimized.

  4. Security Audits:

    • Perform security audits to check for any vulnerabilities.
    • Use tools like Laravel Security Checker to automate some of this process.

Quarterly Maintenance Tasks

  1. Codebase Review:

    • Review your codebase for any deprecated code or opportunities to refactor and improve.

  2. Performance Audits:

    • Check your application's performance and optimize queries, caching, and other areas as needed.

  3. Dependency Audit:

    • Review all project dependencies, both PHP and JavaScript, to ensure they are still maintained and necessary.

  4. Documentation Update:

    • Update README files, wikis, and other documentation to reflect any changes in the codebase or environment.

Yearly Maintenance Tasks

  1. Major Laravel Releases:

    • Plan for any major Laravel version upgrades, which typically happen every 6-12 months.
    • Major upgrades may require more extensive testing and refactoring.

  2. Server and PHP Version:

    • Check the PHP version you are using and upgrade if necessary, following the supported PHP versions.
    • Consider upgrading your server if it's running an outdated OS version.

  3. Review Access and Permissions:

    • Audit user roles and permissions within your applications and on your servers.
    • Rotate any necessary credentials and API keys for security.

  4. Check for Deprecated Features:

    • Look for any features or packages that have been deprecated and plan for their replacement or removal.

Remember, before performing any updates, especially in production environments, always make sure to have a recent backup and test all changes in a staging environment to avoid any disruptions to your service.

2 likes
jlrdw's avatar

This can be summed up like this, You need to manually update laravel, The framework is updated via composer.

Check your packages. Each composer.json.

Sometimes it is easier to do a clean new install, copy your custom code over to the new install, that has saved me a lot of time.

1 like
caverainc's avatar

Thanks for your reply. LaryAI provided a great response in terms of what we need to be looking at weekly/monthly/annually to ensure good app health.

Knowing the cadence we can experiment with ways to automate it. @jlrdw is there anything else you do outside of what the AI bot suggested?

1 like
jlrdw's avatar

@caverainc I used to actually update laravel then use composer update for the framework.

But the latest couple of versions I just started up a fresh app and copied over my m-v-c and any custom classes.

I find it easier that way.

The trick is stay updated, it's harder skip several versions then update.

But a compare tool makes it easier also.

Also I don't use many outside packages. I generally write my own code for example I write my own inline table edit code. I would never even consider using something like data tables package.

With the exception I will use a pdf package.

1 like
JussiMannisto's avatar

@jlrdw IMO it's not good practice to roll out your own package if there's a popular 3rd party equivalent. It comes down to maintenance load, which accumulates over the years.

Vulnerabilities are discovered, features get deprecated and removed. Keeping custom code up to date costs more than just running composer or npm update. Even though we always perfectly document our own packages (obviously).

[Edit] It depends on the package of course. I can't comment on the data tables one, never used it.

jlrdw's avatar

@JussiMannisto I have no problems with your opinion. But it seems these new popular packages are the worse to use for backwards compatibility.

Look for yourself changes in:

  • vue first version verses current version
  • livewire first version verses current version
  • etc

However things like java, php, javascript has much better backwards compatibility.

I have a custom php framework I wrote around 2015 that I have kept up to date with the latest php, now 8.3. Only minor tweaks, taking just a small amount of time between versions.

But I keep up with change logs.

But I was really referring to Datatables.

Recently another poster thought they could just slap millions of records into it without server side pagination, then they wondered why it took a long time to load.

Too many people on this forum do not know how to code correctly.

When learning code, you should code some things yourself for correct understanding.

My inline edit code worked 10 years ago, and will continue to work without a package. Granted I did change from jquery to Fetch JS.

But yes some outside libraries like jquery or fetch js is fine. I like fetch js with regular javascript, regular css (no package).

Another is importing and exporting csv. I do not need a package, I was doing this in java ee many years ago with no package.

So yes some outside packages are fine, but not for everything.

Edit:

I agree 100 percent on keeping up with security. I shutter when I think of all the copy and paste laravel apps done quick with people who refuse to learn correctly. And the ones with laravel setup incorrectly.

I still think business programming should require a 4 year apprenticeship, with written and practical testing, or at least two years of business experience, or some business classes in college, and at least a basic bookkeeping course.

Above is just my opinion.

Found the post: https://laracasts.com/discuss/channels/laravel/take-too-long-to-load-millions-of-records-in-datatable

JussiMannisto's avatar

I recommend you also keep up to date with security news. I've subscribed to a mailing list about newly discovered vulnerabilities and exploits. It's the first thing I read every morning. If there's a critical vulnerability, you need to mitigate it immediately. You shouldn't just rely on passive scheduled updates.

2 likes

Please or to participate in this conversation.