Page MenuHomePhabricator
Create Task
Maniphest T226420

Run phan secheck on PHP 7.2, not PHP 7.0
Closed, ResolvedPublic
Actions

Description

Split from main.

Details

SubjectRepoBranchLines +/-
jjb: Drop php70-phan-seccheck jobs, unusedintegration/configmaster+0 -78
jjb: Point seccheck jobs at mediawiki-phan-seccheck:0.4.0integration/configmaster+2 -2
dockerfiles: [mediawiki-phan-seccheck] Upgrade to PHP 7.2integration/configmaster+10 -16
Customize query in gerrit

Related Objects
Search...

Event Timeline

Jdforrester-WMF created this task.Jun 24 2019, 3:50 PM
Jdforrester-WMF added a subtask: T207344: Phan-taint-check-plugin not available for PHP > 7.0.
gerritbot added a comment.Jun 24 2019, 3:51 PM

Change 517749 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[integration/config@master] layout: Drop php70-phan-seccheck entirely

https://gerrit.wikimedia.org/r/517749

gerritbot added a project: Patch-For-Review.Jun 24 2019, 3:51 PM

Change 517750 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[integration/config@master] jjb: Drop php70-phan-seccheck jobs, unused

https://gerrit.wikimedia.org/r/517750

Jdforrester-WMF changed the task status from Open to Stalled.Jun 25 2019, 11:08 PM

Stalled on blockers.

Daimona mentioned this in T218719: Upgrade php-ast to 1.0.1 in CI composer-package containers.Jun 26 2019, 7:40 PM
Daimona mentioned this in T225325: LibraryUpgrader CI normalisation tasks, June/July 2019.
Daimona added a subtask: T218719: Upgrade php-ast to 1.0.1 in CI composer-package containers.Jul 3 2019, 7:42 AM
Daimona added a subtask: T227171: Release taint-check 2.0.0.Jul 3 2019, 7:46 AM
Daimona added a subtask: T227172: Upgrade taint-check to 2.0.1 in all repos.Jul 3 2019, 8:02 AM
Daimona removed a subtask: T227171: Release taint-check 2.0.0.
Daimona changed the task status from Stalled to Open.Jul 3 2019, 8:10 AM
Daimona subscribed.

Copying what I said in T227172: the current version (1.5.1) requires PHP70 jobs, while the new version (2.0.0) can run on PHP70+. I believe the easier way to proceed is to first upgrade seccheck in every repo, keeping the PHP70 job alone. When all repos are upgraded (or also gradually, whatever you prefer), we'll be able to switch to PHP72 jobs and get rid of the PHP72.

Note that something that can already be done is upgrade php-ast for both seccheck jobs, in the following way:

  • PHP71+ jobs: These should only have php-ast 1.0.1, and T218719 should provide anything needed for the upgrade
  • PHP70 job: This one is more complicated. It should behave the same as the phan job: if there's seccheck <=1.5.1 in composer.json, it should use php-ast 0.1.2. If there's seccheck 2.0.0 it should use php-ast 1.0.0.

Given the above, and the fact that upgrading ast may be a little harder than expected (as it happened in T218719), I'm un-stalling this task in case someone is interested in giving it a try.

Daimona changed the status of subtask T227172: Upgrade taint-check to 2.0.1 in all repos from Open to Stalled.Jul 3 2019, 9:08 AM
Jdforrester-WMF added a comment.Jul 3 2019, 6:14 PM

This is directly blocked by T227172 which is itself Stalled, so surely this is also Stalled?

Daimona added a comment.Jul 3 2019, 6:24 PM

@Jdforrester-WMF Well, T227172 is definitely a blocker and for that part yes, this one is stalled. However, as I said above, the seccheck containers have to be updated with the new php-ast, and that's something that can be done regardless of T227172. And actually, that task needs the PHP70 part described above, so they're blocking each other more or less.

Jdforrester-WMF added a comment.Jul 3 2019, 6:24 PM

Anyway, I marked this as Stalled on T218719 in the first place. :-)

Daimona added a comment.Jul 3 2019, 6:46 PM

Yeah that makes sense :) TBH I thought that upgrading ast would have been easier, but if there's no clear solution then yes, I guess this can go back stalled.

Jdforrester-WMF changed the task status from Open to Stalled.Jul 3 2019, 9:29 PM

Yeah, I thought it'd be easy too. :-(

Daimona removed a subtask: T218719: Upgrade php-ast to 1.0.1 in CI composer-package containers.Jul 4 2019, 4:48 PM
Daimona removed a subtask: T207344: Phan-taint-check-plugin not available for PHP > 7.0.
Daimona mentioned this in T227385: Upgrade php-ast in Seccheck CI containers.Jul 6 2019, 6:07 PM
Daimona changed the status of subtask T227172: Upgrade taint-check to 2.0.1 in all repos from Stalled to Open.
Jdforrester-WMF added a project: Release-Engineering-Team-TODO (201907).Jul 8 2019, 3:36 PM
Jdforrester-WMF added a subtask: T227385: Upgrade php-ast in Seccheck CI containers.Jul 9 2019, 5:33 PM
Jdforrester-WMF changed the status of subtask T227385: Upgrade php-ast in Seccheck CI containers from Open to Stalled.Jul 9 2019, 5:48 PM
Jdforrester-WMF moved this task from INBOX to Blocked externally on the Release-Engineering-Team-TODO (201907) board.
Daimona closed subtask T227385: Upgrade php-ast in Seccheck CI containers as Resolved.Jul 11 2019, 5:33 PM
gerritbot added a comment.Jul 11 2019, 11:16 PM

Change 521863 had a related patch set uploaded (by Jforrester; owner: Daimona Eaytoy):
[integration/config@master] dockerfiles: [mediawiki-phan-seccheck] Upgrade to PHP 7.2

https://gerrit.wikimedia.org/r/521863

gerritbot added a comment.Jul 11 2019, 11:16 PM

Change 522209 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[integration/config@master] jjb: Point seccheck jobs at mediawiki-phan-seccheck:0.4.0

https://gerrit.wikimedia.org/r/522209

gerritbot added a comment.Jul 11 2019, 11:29 PM

Change 521863 merged by jenkins-bot:
[integration/config@master] dockerfiles: [mediawiki-phan-seccheck] Upgrade to PHP 7.2

https://gerrit.wikimedia.org/r/521863

gerritbot added a comment.Jul 12 2019, 12:31 AM

Change 522209 merged by jenkins-bot:
[integration/config@master] jjb: Point seccheck jobs at mediawiki-phan-seccheck:0.4.0

https://gerrit.wikimedia.org/r/522209

Stashbot added a comment.Jul 12 2019, 12:32 AM

Mentioned in SAL (#wikimedia-releng) [2019-07-12T00:32:50Z] <James_F> Zuul: Migrate from php70-phan-seccheck to php72-phan-seccheck T226420

Jdforrester-WMF closed this task as Resolved.Jul 12 2019, 12:41 AM
Jdforrester-WMF moved this task from Blocked externally to Completed on the Release-Engineering-Team-TODO (201907) board.
Jdforrester-WMF closed subtask T227172: Upgrade taint-check to 2.0.1 in all repos as Resolved.Jul 12 2019, 12:45 AM
gerritbot added a comment.Jul 12 2019, 12:54 AM

Change 517750 merged by jenkins-bot:
[integration/config@master] jjb: Drop php70-phan-seccheck jobs, unused

https://gerrit.wikimedia.org/r/517750

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL