With my team, we've recently taken over a large Laravel ecosystem from an incumbent partner. Our client came to us to rescue their project because the business team had lost trust in their developers. The developers struggled to upgrade the framework, the QA team were rushing deployment without any confidence, and the velocity of the new feature releases was just grounding to a halt. Everyone on the project was very frustrated and had lost trust in the entire process.
That's not the first time we're seeing this. There seems to be a pattern of how large Laravel complex ecosystems got managed and how they scaled over time.
Today I will share the story of how we came into the process and how we discovered a series of critical failings and more importantly, the five main lessons that you can start applying today on your Laravel project to rebuild trust between your teams, deliver an efficient process and keep your Laravel platform secure and scalable.
Make sure you watch until the end because the fifth and last recommendation will apply to more than your software development project... It's relevant to your life in general!
Let's get to it.
5 reasons why most Laravel projects fail to deliver value
As I was saying, when we took over the source code of this large Laravel application six months ago, we started with a technical code audit and reviewed how the infrastructure was set up on the hosting side. Like any pair of fresh eyes looking at a source code and code base, we identified many areas for improvements, but this was not the real problem... it's not the real issue on why the project was failing.
After reviewing the whole process end to end, we identified that it's not always an issue with the developers themselves. It's usually a team failing, with lots of inefficiencies across the whole process end to end.
The first point we identify was starting from the very top where you need to align the business vision with the technical delivery. Every web application starts with a good idea, but it needs a clear vision, both for the product roadmap, but also for the team building the products. There can be lots of external influences disrupting the product roadmap and that's normal. Over time, the complexity just increases, that's fine. However, without a clear vision, you will struggle to prioritise new features. You will rush things without thinking about the longer term. It will lead to misalignment between the business vision and the technical delivery.
To solve the challenge, you need to put a strong product owner in charge. This person needs to lead with a user experience mindset, always putting the end users first.
That person should also be able to enforce governance for managing the technical requirements. If the development team gets involved earlier in the process, they can raise technical risks and make recommendations before key commitments are made. This will help the collaboration and align the business with what is a technically sound solution.
Once you have a clear vision and understanding of your user needs, you can start looking at how these requirements trickle down from the top to the delivery team of designers and developers. As we've seen earlier, it's very hard for business and tech teams to speak the same language, and this can often lead to conflicting priorities. For example, the sales team might promise a new feature to win an important new customer. But what if the tech team was planning on a major backend upgrade, or what if they need to refactor before this new feature can be built? This is where agile delivery can bring stronger collaboration. It's not a silver bullet, trust me... It doesn't work for all businesses, but we can take a pragmatic approach by making sure you define the process to prioritise the features, by managing the backlog collaboratively with the entire team, by taking the time to plan things properly, by spending enough time narrowing down the requirements... all of that will bring more transparency and efficiency to everyone in the team.
Yes, it might slow you down in the few initial releases, but it will increase the overall quality and the satisfaction of all the stakeholders.
Once you have a clear vision and a smooth delivery process, you can start digging deeper into the technology and plan the upgrade strategy of your Laravel framework.
As we know, open source is great. We promote it all the time and feel it's the best solution in many use cases. By going open source, you save on license fees, however, you need to invest some time and budget in refactoring, patching & doing all those upgrades... it is becoming your responsibility.
One of the best things about Laravel is that the core is very stable with predictable, yearly releases. However, external packages might be a challenge and they might not be maintained or upgraded in time.
When a new feature comes in, don't just estimate the time it takes to just make that new feature work in a few lines of code. You need to think about all the dependencies and estimate whether there might be opportunities to refactor the underlying features and existing code to make this new feature work better, more scalable, and better tested... You need to think about all of that.
Once this is part of your process, you just need to enforce software delivery principle best practices: from managing pull requests and enforcing code reviews, to embracing automation and DevOps... All of that will save you time and remove human errors.
Once you have all of this in place, it's time to secure your Laravel ecosystem. As we all know, it's a growing concern for everyone from the general public, and the regulations are finally catching up. No one is immune to it. The tech is evolving so fast, and hackers always seem to be one step ahead. Look, even if Twitter and Facebook can get hacked with their developers who are paid in the millions, how can it not be a risk for us with just "normal" teams, we're like minions compared to them. You can have the best IT team or have a PhD in cloud security, how can you ensure that there is no weak link? It could just be a moment of distraction from a developer to open a vulnerability, or a junior marketing intern putting the password into the wrong place, it opens a backdoor to the entire system.
To secure your Laravel application, you need to spend time training all your team members and building a culture of security, where concerns and questions are raised in the open during every spring planning, every retrospective, and every code review.
Another tip: forget about ad hoc penetration tests. If you run those once a quarter on every major release, they will get out of date by the moment they're published as we've seen.
What we started doing with our partners is continuous security testing, where we try to break into our clients' systems before the bad actors can get in. This is the only way to outpace genuine cyber threat actors. Reach out if you want to learn more.
Finally, like everything in life, you need to embrace continual improvements. Unfortunately, even with unlimited budgets, the best product owners and amazing developers, there will always be room for improvements... No one is perfect, team motivation might fluctuate and it's IT right, something will always go wrong!
You need to embrace changes and learn from sprint retrospectives. You need to listen to each other and communicate all the time. You need to document the process and the key decisions that are being made at all stages. This will also help onboarding new team members who are joining your team
You need to stay open-minded at all times. At the end of the day, you will learn from mistakes, invest time to do things properly and find ways to deliver value to all your stakeholders.
If you focus on end users/customers, your stakeholders who are paying the bills and finally your coworkers in UX, Marketing, Dev and QA, if you manage to keep everyone happy and working better together, you will be able to solve most of your challenges. This is how you'll achieve great efficiencies with your Laravel ecosystem.
Those are the five main lessons that we discovered and are applying to all the new projects that we're taking over on the Laravel framework.
But the secret is that it does not only apply to Laravel! The same challenges are faced by most teams working on digital transformation projects, no matter the framework.
That's it for today. If you have any questions about anything Laravel-related or digital transformation in general, just get in touch. Don't forget to subscribe to my YouTube channel and follow me on Twitter to keep learning with me and grow your career in digital.
As a next step, you can read this article where I share some of the practical tips and an approach to refactoring your Laravel application, so you can make it more efficient.
Until next time, stay safe and see you soon.