Making sure tests don't reach the outside world

Keep things fast and stable

Joel Clermont
Joel Clermont

Yesterday, I shared why we use phpunit.xml to configure our test environment.

Today, I want to continue with that topic, but talk about one specific type of configuration we always have in our test environment.

For every environment setting that allows us to interact with a third-party external system (think an API key or secret), we add that key to our phpunit.xml with a clearly fake value like do-not-use-this.

We already use Laravel's built-in method Http::preventStrayRequests, but not every external service call is made with Laravel's Http facade. This additional safeguard makes absolutely sure that nothing in our normal test suite can make a successful request to an external service.

We do write tests for external services, but those go in a separate test suite with its own version of phpunit.xml that has appropriate API keys in place for testing.

Here to help,


P.S. Testing is a topic that comes up a lot in the Mastering Laravel community. Join in the discussion!

Toss a coin in the jar if you found this helpful.
Want a tip like this in your inbox every weekday? Sign up below 👇🏼

Level up your Laravel skills!

Each 2-minute email has real-world advice you can use.