Would be nice to add phan-taint-check-plugin to FundraisingEmailUnsubscribe extensions
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Legoktm | T201219 Enable phan-taint-check-plugin on all Wikimedia-deployed repositories after getting it to pass | |||
Resolved | Legoktm | T202386 Add phan-taint-check-plugin to FundraisingEmailUnsubscribe extension |
Event Timeline
Change 458979 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[mediawiki/extensions/FundraisingEmailUnsubscribe@master] Configure phan-taint-check 1.5.0
Change 458980 had a related patch set uploaded (by Brian Wolff; owner: Brian Wolff):
[integration/config@master] Enable phan-taint-check on FundraisingEmailUnsubscribe
Huh. Currently failing due to:
Package mediawiki/phan-taint-check-plugin at version 1.5.0 has a PHP requirement incompatible with your PHP version (5.6.33)
I suppose that is due to the config line in composer.json that this extension has.
Change 458980 abandoned by Brian Wolff:
Enable phan-taint-check on FundraisingEmailUnsubscribe
Reason:
Nevermind
Run taint-check-plugin with --ignore-platform-reqs because it is not used in production?
Change 459265 had a related patch set uploaded (by Legoktm; owner: Legoktm):
[integration/config@master] seccheck: Install plugin into /opt/phan
Change 459265 merged by jenkins-bot:
[integration/config@master] seccheck: Install plugin into /opt/phan
Change 458980 restored by Legoktm:
Enable phan-taint-check on FundraisingEmailUnsubscribe
Change 458980 merged by jenkins-bot:
[integration/config@master] Enable phan-taint-check on FundraisingEmailUnsubscribe
That was my initial thought, but I'm worried about that causing problems later on. I played around a bit and with some advice from bawolff I got CI to install the plugin in a separate directory so it won't be affected by the extensions' own config. This will also fix the problem of BlueSpice* depending upon ext-tidy, which wasn't installed in the docker container.
Change 458979 merged by jenkins-bot:
[mediawiki/extensions/FundraisingEmailUnsubscribe@master] Configure phan-taint-check 1.5.0
That sounds like a good solution. It needs to install some extra packages, but that is okay.
The normal phan job install in /src/phan/ to bypass the same problems (I guess).