Maniphest T190891

Develop canonical/single record of origin, machine readable list of all repos deployed to WMF sites
Open, MediumPublic
Actions

Assigned To

None

Authored By

	Jrbranaa
	Mar 27 2018, 10:57 PM

Description

From a discussion between Andre and I.

Would like to have a realtime list of repos/code that is deployed to production WMF sites.

In order to be of benefit, this list would likely need to be a "live" list that is reflective of what is currently deployed.

Existing [partial] "lists" of deployed repositories:

Related Objects
Search...

Status	Assigned	Task
Open	None	T203703 Create production code deployment management process
Duplicate	Jrbranaa	T199253 TEC13:O1.1:Q1 Goal - Investigate and propose record of origin (ROO) for deployed code (currently Developers/Maintainers page)
Stalled	None	T271700 Easier way to understand volunteers impact/interaction with WMF teams
Open	None	T190891 Develop canonical/single record of origin, machine readable list of all repos deployed to WMF sites

Event Timeline

Jrbranaa created this task.Mar 27 2018, 10:57 PM

Restricted Application edited projects, added Release-Engineering-Team (Kanban); removed Release-Engineering-Team. · View Herald TranscriptMar 27 2018, 10:57 PM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

@Aklapper, please add any use cases that might be of interest to you. I'll do the same.

This is definitely not all, but one part of the puzzle is searching operations/puppet repo for "git::clone" to get this kind of list:

P6909 git::clones in puppet repo

2modules/labs_vagrant/manifests/init.pp: 3modules/wikimetrics/manifests/base.pp: 4modules/wikimetrics/manifests/base.pp: 5modules/releases/manifests/init.pp: 6modules/releases/manifests/init.pp: 7modules/scap/manifests/l10nupdate.pp: 8modules/scap/manifests/l10nupdate.pp: 9modules/scap/manifests/l10nupdate.pp: 10modules/scap/manifests/master.pp: 11modules/beta/manifests/autoupdater.pp: 12modules/beta/manifests/autoupdater.pp: 13modules/beta/manifests/autoupdater.pp: 14modules/beta/manifests/autoupdater.pp: 15modules/beta/manifests/autoupdater.pp: 16modules/puppet_compiler/manifests/init.pp: 17modules/puppet_compiler/manifests/init.pp: 18modules/git/spec/defines/clone_spec.rb:describe 19modules/git/manifests/install.pp: 20modules/git/manifests/clone.pp:# 21modules/git/manifests/clone.pp:# 22modules/git/manifests/clone.pp:# 23modules/git/manifests/clone.pp:define 24modules/vagrant/manifests/mediawiki.pp: 25modules/eventschemas/manifests/init.pp:# 26modules/eventschemas/manifests/init.pp: 27modules/snapshot/manifests/cron/wikidatadu 28modules/statistics/manifests/discovery.pp: 29modules/statistics/manifests/wmde/wdcm.pp: 30modules/statistics/manifests/wmde/graphite.pp: 31modules/statistics/manifests/wmde/graphite.pp: 32modules/statistics/manifests/aggregator/projectview.pp: 33modules/statistics/manifests/compute.pp: 34modules/statistics/manifests/sites/analytics.pp: 35modules/statistics/manifests/sites/stats.pp: 36modules/statistics/manifests/aggregator.pp: 37modules/service/manifests/deploy/gitclone.pp: 38modules/jupyterhub/manifests/init.pp: 39modules/extdist/manifests/init.pp: 40modules/extdist/manifests/init.pp: 41modules/visualdiff/manifests/init.pp: 42modules/contint/manifests/phpunit.pp: 43modules/contint/manifests/slave_scripts.pp: 44modules/contint/manifests/composer.pp: 45modules/authdns/spec/classes/authdns_spec.rb: 46modules/authdns/manifests/init.pp: 47modules/reportupdater/manifests/init.pp: 48modules/reportupdater/manifests/job.pp: 49modules/noc/manifests/init.pp: 50modules/tendril/manifests/init.pp: 51modules/quarry/manifests/base.pp: 52modules/sentry/manifests/init.pp: 53Binary file modules/role/manifests/grafana/.base.pp.swp 54modules/role/manifests/labs/ores/staging.pp: 55modules/role/manifests/labs/db/common.pp: 56modules/role/manifests/xhgui/app.pp: 57modules/role/manifests/xhgui/app.pp: 58modules/mediawiki_singlenode/manifests/init.pp: 59modules/mediawiki_singlenode/manifests/init.pp: 60modules/mediawiki_singlenode/manifests/mwextension.pp: 61modules/profile/manifests/ci/gitcache.pp: 62modules/profile/manifests/ci/gitcache.pp: 63modules/profile/manifests/ci/gitcache.pp: 64modules/profile/manifests/zuul/server.pp: 65modules/profile/manifests/analytics/refinery/source.pp: 66modules/profile/manifests/switchdc.pp: 67modules/profile/manifests/discovery_dashbo 68modules/profile/manifests/discovery_dashbo 69modules/profile/manifests/discovery_dashbo 70modules/profile/manifests/discovery_dashbo 71modules/profile/manifests/discovery_dashbo 72modules/profile/manifests/discovery_dashbo 73modules/profile/manifests/discovery_dashbo 74modules/profile/manifests/discovery_dashbo 75modules/profile/manifests/discovery_dashbo 76modules/profile/manifests/discovery_dashbo 77modules/profile/manifests/microsites/annualreport.pp: 78modules/profile/manifests/microsites/design.pp: 79modules/profile/manifests/microsites/design.pp: 80modules/profile/manifests/microsites/wikibase.pp: 81modules/profile/manifests/microsites/transparency.pp: 82modules/profile/manifests/microsites/transparency.pp: 83modules/profile/manifests/microsites/research.pp: 84modules/profile/manifests/calico/builder.pp: 85modules/profile/manifests/calico/builder.pp: 86modules/profile/manifests/calico/builder.pp: 87modules/profile/manifests/openstack/base/n 88modules/profile/manifests/wmcs/tenants/lib 89modules/profile/manifests/performance/site.pp: 90modules/profile/manifests/kubernetes/deplo 91modules/profile/manifests/docker/builder.pp: 92modules/profile/manifests/grafana.pp: 93modules/toollabs/manifests/images.pp: 94modules/toollabs/manifests/composer.pp: 95modules/puppetmaster/manifests/gitprivate.pp: 96modules/puppetmaster/manifests/gitclone.pp: 97modules/puppetmaster/manifests/gitclone.pp: 98modules/puppetmaster/manifests/base_repo.pp: 99modules/testreduce/manifests/init.pp: 100modules/wikilabels/manifests/web.pp: 101modules/geowiki/manifests/init.pp: 102modules/geowiki/manifests/private_data.pp: 103modules/phragile/manifests/init.pp: 104modules/phragile/manifests/init.pp: 105modules/wikistats/manifests/init.pp:

style="max-height: 27.6em;">

modules/jupyterhub_old/manifests/init.pp: git::clone { $wheels_repo: git::clone { 'vagrant': git::clone { 'wikimetrics-deploy': git::clone { 'wikimetrics': git::clone { 'mediawiki/core': git::clone { 'mediawiki/tools/release': git::clone { 'mediawiki/core': git::clone { 'mediawiki/extensions': git::clone { 'mediawiki/skins': git::clone { 'operations/mediawiki-config': git::clone { 'beta-mediawiki-core': git::clone { 'beta-portal': git::clone { 'beta-mediawiki-extensions': git::clone { 'beta-mediawiki-skins': git::clone { 'mediawiki/vendor': git::clone { 'operations/puppet': git::clone { 'labs/private': 'git::clone' do git::clone{$title: Definition: git::clone git::clone { 'my_clone_name': git::clone { 'analytics/wikimetrics': git::clone( git::clone { 'mediawiki/vagrant': [*ensure*] Passed directly to git::clone. Default: latest. git::clone { 'mediawiki/event-schemas': mps/common.pp: git::clone { 'DCAT-AP': git::clone { 'wikimedia/discovery/golden': git::clone { 'analytics/wmde/WDCM': git::clone { 'wmde/scripts': git::clone { 'wmde/toolkit-analyzer-build': git::clone { 'aggregator_projectview_data': git::clone { 'statistics_mediawiki': git::clone { 'analytics.wikimedia.org': git::clone { 'wikistats-v2': git::clone { 'aggregator_code': git::clone { $repository: git::clone { $deploy_repository: git::clone {'labs/tools/extdist': git::clone { 'integration/composer': git::clone { 'integration/visualdiff': git::clone { 'jenkins CI phpunit': git::clone { 'jenkins CI slave scripts': git::clone { 'jenkins CI Composer': 'define git::clone($directory, $origin, $branch,$owner,$group) {}', git::clone { $workingdir: git::clone { 'analytics/reportupdater': git::clone { $repository_name: git::clone { 'operations/software/dbtree': git::clone { 'operations/software/tendril': git::clone { 'analytics/quarry/web': git::clone { 'operations/software/sentry': matches git::clone { 'ores-wm-config': git::clone { 'operations/mediawiki-config': git::clone { 'operations/software/xhprof': git::clone { 'operations/software/xhgui': git::clone { 'vendor': git::clone { 'mediawiki': git::clone { $name: git::clone { 'operations/puppet': git::clone { 'mediawiki/core': git::clone { 'mediawiki/vendor': git::clone { 'integration/config': git::clone { 'refinery_source': git::clone { 'operations-switchdc': ards/production.pp: git::clone { 'wikimedia/discovery/rainbow': ards/production.pp: git::clone { 'wikimedia/discovery/twilightsparql': ards/production.pp: git::clone { 'wikimedia/discovery/prince': ards/production.pp: git::clone { 'wikimedia/discovery/wetzel': ards/production.pp: git::clone { 'wikimedia/discovery/wonderbolt': ards/development.pp: git::clone { 'wikimedia/discovery/rainbow': ards/development.pp: git::clone { 'wikimedia/discovery/twilightsparql': ards/development.pp: git::clone { 'wikimedia/discovery/prince': ards/development.pp: git::clone { 'wikimedia/discovery/wetzel': ards/development.pp: git::clone { 'wikimedia/discovery/wonderbolt': git::clone { 'wikimedia/annualreport': git::clone { 'design/landing-page': git::clone { 'design/style-guide': git::clone { 'wikibase/wikiba.se-deploy': git::clone { 'wikimedia/TransparencyReport': git::clone { 'wikimedia/TransparencyReport-private': git::clone { 'research/landing-page': git::clone{ 'operations/calico-containers': git::clone { 'operations/calico-cni': git::clone { 'operations/calico-k8s-policy-controller': odepool/service.pp: git::clone { 'integration/config': raryupgrader.pp: git::clone {'labs/libraryupgrader': git::clone { 'performance/docroot': yment_server.pp: git::clone { 'operations/deployment-charts': git::clone { 'operations/docker-images/production-images': git::clone { 'operations/software/grafana/simple-json-datasource': git::clone { 'operations/docker-images/toollabs-images': git::clone { 'composer': git::clone { 'operations/private': git::clone { 'labs/private': git::clone { git::clone { 'operations/puppet': git::clone { 'mediawiki/services/parsoid/testreduce': git::clone { 'wikilabels-wikimedia-config': git::clone { 'geowiki-scripts': git::clone { 'geowiki-data-private': git::clone { 'phragile': git::clone { 'composer': git::clone { 'operations/debs/wikistats':

And then you'll have to add all the things that are deployed via scap.

Jrbranaa added a project: Code-Health.Mar 27 2018, 11:05 PM

Aklapper added a project: wikimedia.biterg.io.Mar 28 2018, 9:08 AM

Aklapper updated the task description. (Show Details)Apr 18 2018, 2:41 PM

https://phabricator.wikimedia.org/source/tool-ci/browse/master/build_table.py;3ed885277a38ddb5c7c8a6c3c9b666fb7b13ae10$49 is how my tools currently get a list of Wikimedia deployed extensions.

Some of the repositories listed in P6909 are only deployed in Cloud Services (e.g. extdist), not production.

• mmodell subscribed.Apr 23 2018, 4:40 PM

greg triaged this task as Medium priority.Apr 23 2018, 4:41 PM

Aklapper updated the task description. (Show Details)Jun 20 2018, 7:01 PM

Jrbranaa added a parent task: T199253: TEC13:O1.1:Q1 Goal - Investigate and propose record of origin (ROO) for deployed code (currently Developers/Maintainers page).Jul 10 2018, 5:25 PM

zeljkofilipin awarded a token.Aug 8 2018, 2:49 PM

zeljkofilipin subscribed.

Jdforrester-WMF subscribed.Aug 24 2018, 12:42 AM

Aklapper updated the task description. (Show Details)Aug 24 2018, 2:48 PM

I made a bunch of updates today on https://www.mediawiki.org/w/index.php?title=Developers/Maintainers&action=history and corresponding extension wiki home pages, however help with sorting out these items is welcome:

Deployed on WMF servers according to https://phabricator.wikimedia.org/diffusion/MREL/browse/master/make-wmf-branch/config.json and https://phabricator.wikimedia.org/source/mediawiki-config/browse/master/wmf-config/extension-list but the extension wiki page does not use {{TNT|OnWikimedia}} and it is not listed on https://www.mediawiki.org/wiki/Developers/Maintainers :

extensions/CongressLookup
extensions/FileExporter
extensions/intersection
extensions/JADE
extensions/LdapAuthentication
extensions/PropertySuggester
extensions/WikimediaBadges

Extension wiki page uses {{TNT|OnWikimedia}} and it is listed as deployed on https://www.mediawiki.org/wiki/Developers/Maintainers but not in https://phabricator.wikimedia.org/diffusion/MREL/browse/master/make-wmf-branch/config.json and https://phabricator.wikimedia.org/source/mediawiki-config/browse/master/wmf-config/extension-list :

https://www.mediawiki.org/wiki/Extension:DynamicPageList_(Wikimedia)

Extension wiki page uses {{TNT|OnWikimedia}} but not listed as deployed on https://www.mediawiki.org/wiki/Developers/Maintainers but not in https://phabricator.wikimedia.org/diffusion/MREL/browse/master/make-wmf-branch/config.json and https://phabricator.wikimedia.org/source/mediawiki-config/browse/master/wmf-config/extension-list :

Extension:DataModel
Extension:DataTypes
Extension:DataValues
Extension:DataValuesCommon
Extension:DataValuesInterfaces
Extension:Diff
Extension:FundraisingEmailUnsubscribe
Extension:ValueView

In T190891#4530610, @Aklapper wrote:

Extension wiki page uses {{TNT|OnWikimedia}} and it is listed as deployed on https://www.mediawiki.org/wiki/Developers/Maintainers but not in https://phabricator.wikimedia.org/diffusion/MREL/browse/master/make-wmf-branch/config.json and https://phabricator.wikimedia.org/source/mediawiki-config/browse/master/wmf-config/extension-list :

https://www.mediawiki.org/wiki/Extension:DynamicPageList_(Wikimedia)

It's mediawiki/extensions/intersection.

Extension wiki page uses {{TNT|OnWikimedia}} but not listed as deployed on https://www.mediawiki.org/wiki/Developers/Maintainers but not in https://phabricator.wikimedia.org/diffusion/MREL/browse/master/make-wmf-branch/config.json and https://phabricator.wikimedia.org/source/mediawiki-config/browse/master/wmf-config/extension-list :

Extension:DataModel

Extension:DataTypes

Extension:DataValues

Extension:DataValuesCommon

Extension:DataValuesInterfaces

Extension:Diff

Extension:ValueView

These are all PHP libraries that should be in [[Category:PHP libraries]], not listed as MediaWiki extensions afaik. Someone more familiar with Wikidata should confirm.

Jrbranaa moved this task from Backlog to In-progress on the Release-Engineering-Team (Kanban) board.Aug 30 2018, 5:57 PM

@Aklapper, I've been spending a bit of time on this and one of the directions I'm leaning is to have the ROO be an output of the deployment review process (Review Queue today). My thought being that the ROO could be used by deployers as an authoritative source to determine whether or not a new extensions, services, etc... should be deployed. I spoke a to Tyler a bit about this and it seems like it would be of value.

What are some other use cases for the ROO? One thing that's mentioned is it's need to be machine readable. What systems would you see consuming this list? FWIW, I too think it should be machine readable. I only ask to tease out some of the use cases that I may not be aware of.

On a related topic, I'm planning to spin up work around augmenting/revamping the review process.

What systems would you see consuming this list?

Supersede manual {{OnWikimedia}} creating https://www.mediawiki.org/wiki/Category:Extensions_used_on_Wikimedia
Supersede manual editing of https://www.mediawiki.org/wiki/Developers/Maintainers#MediaWiki_extensions_deployed_by_WMF
Vague: Be able to differentiate on wikimedia.biterg.io between repos that are deployed vs repos that are not deployed to get more accurate and relevant statistics.
Super vague: In the long run, somehow (maybe via T187661) have a code review performance dashboard for each team on wikimedia.biterg.io (see T179240)

All this still won't fix outdated information per se but I'd say it's less likely to have outdated information when there is one place to update instead of several places. My latest example was two days ago trying to find out who to fix https://phabricator.wikimedia.org/T203427 : I went to mw:Developers/Maintainers which listed "Discovery" for "Kartographer". On the Discovery IRC channel I was told that's not correct anymore (was corrected here).

hashar subscribed.Sep 7 2018, 12:01 PM

zeljkofilipin mentioned this in T199133: Find top 15 target projects that could use Selenium tests to prevent incidents.Sep 20 2018, 3:39 PM

Jrbranaa merged a task: T199253: TEC13:O1.1:Q1 Goal - Investigate and propose record of origin (ROO) for deployed code (currently Developers/Maintainers page).Oct 22 2018, 4:42 PM

Quiddity subscribed.Oct 25 2018, 7:00 AM

Quiddity mentioned this in Unknown Object (Task).Oct 25 2018, 7:04 AM

Quiddity updated the task description. (Show Details)Oct 25 2018, 7:08 AM

greg edited projects, added Release-Engineering-Team-TODO (201907); removed Release-Engineering-Team (Kanban).Jul 1 2019, 9:20 PM

greg moved this task from INBOX to Doing on the Release-Engineering-Team-TODO (201907) board.Jul 1 2019, 9:21 PM

greg added a project: Release-Engineering-Team (Code Health).Jul 6 2019, 5:59 AM

Jrbranaa edited projects, added Release-Engineering-Team-TODO (201908); removed Release-Engineering-Team-TODO (201907).Jul 29 2019, 4:30 PM

Jrbranaa edited projects, added Release-Engineering-Team-TODO; removed Release-Engineering-Team-TODO (201908).Jul 29 2019, 4:33 PM

Jrbranaa moved this task from Should be empty (use Release-Engineering-Team) to Epics on the Release-Engineering-Team-TODO board.

hashar unsubscribed.Oct 7 2019, 12:33 PM

brennen subscribed.Dec 2 2019, 5:18 AM

Recently had a discussion with @mark and @faidon about some work that SRE is planning to do. Specifically the creation of a Service Catalog. On the surface this seems like it would potentially become the ROO mentioned in this task.

Jrbranaa removed Jrbranaa as the assignee of this task.Dec 3 2020, 1:26 AM

Jrbranaa edited projects, added Quality-and-Test-Engineering-Team; removed Release-Engineering-Team-TODO, Release-Engineering-Team (Code Health).Dec 3 2020, 1:29 AM

Dzahn unsubscribed.Dec 3 2020, 2:42 AM

• Elitre mentioned this in T271700: Easier way to understand volunteers impact/interaction with WMF teams.Jan 11 2021, 10:42 AM

Aklapper added a parent task: T271700: Easier way to understand volunteers impact/interaction with WMF teams.Feb 23 2021, 11:51 AM

Jayprakash12345 mentioned this in T281977: Reconsidering of eligibility criteria for technical contributions in elections.May 5 2021, 12:48 PM

Jrbranaa mentioned this in T285058: Canonical Service Catalog.Aug 10 2021, 6:44 PM

Addshore subscribed.Sep 21 2021, 2:44 PM

Jrbranaa moved this task from Inbox to Quality Engineering on the Quality-and-Test-Engineering-Team board.Apr 29 2022, 4:36 PM

Aklapper removed a project: wikimedia.biterg.io.Jul 21 2022, 2:04 PM

zeljkofilipin mentioned this in T318599: Developers/Maintainers graph automation.Sep 26 2022, 6:14 PM

Ladsgroup subscribed.Feb 27 2023, 10:35 PM

TAdeleye_WMF edited projects, added Quality-and-Test-Engineering-Team (Quality Engineering); removed Quality-and-Test-Engineering-Team.Mar 29 2023, 2:10 PM

Ladsgroup renamed this task from Develop canonical/single record of origin, machine readable list of all repos deployed to WMF sites. to Develop canonical/single record of origin, machine readable list of all repos deployed to WMF sites.Apr 3 2023, 7:29 PM

brennen mentioned this in T330347: A tool for displaying the canonical location of all Wikimedia repositories and any known mirrors.Apr 4 2023, 6:46 PM

Ladsgroup mentioned this in T334956: Consolidate various in-repo docs about getting started into a single standard for all repos.May 11 2023, 1:26 PM

• kchapman subscribed.May 12 2023, 6:15 PM

Frostly subscribed.May 28 2023, 3:16 AM

Addshore unsubscribed.Jun 27 2023, 12:40 PM

Aklapper mentioned this in T345448: Improve task backlog checks.Sep 2 2023, 8:44 AM

Aklapper updated the task description. (Show Details)Sep 6 2023, 11:25 PM

Aklapper removed a subscriber: • kchapman.

Posting this draft comment that I wrote at some point:

For MediaWiki extensions:

For the next deployment, the reference of the repositories we deploy is the tool we use to cut the wmf branches . That was in Gerrit as mediawiki/tools/release.git in the file make-wmf-branch/config.json.
For the currently deployed version, the tool above registers the extensions as submodule of the mediawiki/core wmf branch for the week. Hence we can get the list by looking at .gitmodule for each wmf branch.

The problem is that we can branch an extension weekly but not deploy it. Jade got branched constantly until it got archived and never saw production. There is a extension-list file in mw config which can be used instead I think.

I did create some hacky code that may help, it queries the API for each wiki to determine deployment status of skins/extensions. https://gitlab.wikimedia.org/acooper/extusage. There is a dump from the historical data in october here: https://docs.google.com/spreadsheets/d/1SBU6sPHSrkWmxLbMaUu1WoEVEPVQTmSHUgo_DVT7c4c/edit?usp=sharing

The main gap I am currently aware of is fundraising tech and any other wiki that does not allow non-authenticated users to access this data (which is rare I think).

The Security Team is also thinking about and prioritizing a public dashboard containing this information together with missing security controls per repo.

Beyond extensions/skins, we don't currently have a solution to tracking all deployed code like microservices/k8s. I am not sure if that is part of the requirement for this ticket.

Beyond extensions/skins, we don't currently have a solution to tracking all deployed code like microservices/k8s. I am not sure if that is part of the requirement for this ticket.

Thanks for sharing. There is some discussion spinning up in DX regarding developing a "Service Catalog". It's in very early discussions, but it might make sense to collaborate a bit on this.

Thank you both! Let me know if I can help on anything, eventually we would love to have a catalogue of python services to audit for security issues and do updates semi-automatically.

Something to consider, there is a lot of overlap between this ticket and SBOMs that are already better standardized and even there are tools to build them.
https://www.cisa.gov/sbom

http://federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity

We probably could repurpose this to build some SBOMs and then see what's missing.

MSantos subscribed.Feb 28 2024, 12:55 PM

Ladsgroup mentioned this in T359634: Adopt Software Bill of Materials (SBOM) for MediaWiki.Mar 8 2024, 3:08 PM

Develop canonical/single record of origin, machine readable list of all repos deployed to WMF sitesOpen, MediumPublicActions

Description

Related ObjectsSearch...

Event Timeline

Develop canonical/single record of origin, machine readable list of all repos deployed to WMF sites
Open, MediumPublic
Actions

Related Objects
Search...