Page MenuHomePhabricator
Create Task
Maniphest T226945

Decide on future of running Phan tests on release branches
Open, Needs TriagePublic
Actions

Description

Following on from T226766: Avoid explicit commit references in composer.json in code meant for public consumption, T226156: Phan job fails on CI for mediawiki/core REL1_3[12], https://gerrit.wikimedia.org/r/#/c/integration/config/+/519793/ and the mediawiki-core-php72-phan-docker jobs

Phan in 1.31 and 1.32 won't run on mediawiki-core-php72-phan-docker because it has PHP 7.2, not 7.0.

As such, the phan jobs have been completely disabled in the branch, pending a longer term solution.

I don't believe we want to continue running jobs on PHP 7.0... So the options are to leave things disabled, or backporting whatever is necessary to run phan compatible with PHP 7.2 to 1.31 and 1.32

Details

SubjectRepoBranchLines +/-
Zuul: [mediawiki/extensions/Wikibase] Disable Phan on release branchesintegration/configmaster+12 -6
layout: Restrict Phan jobs to only run on master, wmf/, & fundraising/ branchesintegration/configmaster+3 -5
zuul: disable phan on extensions release branchesintegration/configmaster+61 -44
Customize query in gerrit

Related Objects
Search...

Event Timeline

Reedy created this task.Jun 30 2019, 9:35 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 30 2019, 9:35 PM
Jdforrester-WMF subscribed.Jul 2 2019, 10:33 PM

Yeah, I'd propose just running them on master.

Jdforrester-WMF added a project: Continuous-Integration-Config.Jul 2 2019, 10:33 PM
Reedy added a comment.Jul 3 2019, 12:23 PM
In T226945#5302166, @Jdforrester-WMF wrote:

Yeah, I'd propose just running them on master.

Doesn't seem unreasonable. Are we going to blanket disable on branches? Or just disable when it stops working due to external factors?

I think we don't really need it on WMF branches (though, in most cases if master works, they should too) as they're fairly short lived too, and we're generally picking from master anyway

Do we need to document it anywhere?

hashar subscribed.Jul 24 2019, 5:14 PM

A real life example https://gerrit.wikimedia.org/r/#/c/mediawiki/extensions/UserMerge/+/525286/ for REL1_33

Package mediawiki/phan-taint-check-plugin at version 1.5.1 has a PHP requirement incompatible with your PHP version (7.2.16)

So I guess for now we should apply a branch filter to the job mwext-php72-phan-seccheck-docker so that it only runs against master. For the old branches, we would need to keep providing some php7.0 based container.

Krinkle subscribed.Jul 24 2019, 5:15 PM

I'd like to make sure they keep running on wmf branches at least. Especially our practice of cherry picking things quite frequently, it becomes quite likely that an implicit dependency gets forgotten in a way that isn't detected by Git (e.g. not in the same diff context).

Phan is pretty much our only line of defence there to detect things like missing variables and (renamed) classes etc.

gerritbot added a comment.Jul 27 2019, 12:40 AM

Change 525878 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[integration/config@master] layout: Restrict Phan jobs to only run on master, wmf/, & fundraising/ branches

https://gerrit.wikimedia.org/r/525878

gerritbot added a project: Patch-For-Review.Jul 27 2019, 12:40 AM
Legoktm subscribed.Jul 27 2019, 12:42 AM

We absolutely need phan for release branches. Many of the regressions in previous releases could've been caught if phan were running.

Jdforrester-WMF added a comment.Jul 27 2019, 12:51 AM
In T226945#5370566, @Legoktm wrote:

We absolutely need phan for release branches. Many of the regressions in previous releases could've been caught if phan were running.

People pushing commits directly into legacy release branches, rather than back-ports of merged and tested code in master, are already risking quite a bit, but this is a fair concern.

Legoktm added a comment.Jul 27 2019, 1:09 AM

Given that we're able to backport fixes to make other CI infra upgrades work, I think we should be able to do the same for phan. The easy way is to keep the php70 containers around until we drop support for those branches.

Alternatively we could consider looking into using phan's pure-PHP fallback/polyfill parser so we don't need to mess with php-ast versions as much. But that comes with its own problems (though I'm skeptical about what the performance will be like).

hashar mentioned this in T231966: Phan job should use composer instead of vendor for release branches ( undeclared class \Wikimedia\Equivset\Equivset ).Sep 4 2019, 7:51 AM

Related: T231966: Phan job should use composer instead of vendor for release branches ( undeclared class \Wikimedia\Equivset\Equivset ) . The Phan job uses mediawiki/vendor.git which does not have all dependencies on release branches.

gerritbot added a comment.Sep 4 2019, 12:03 PM

Change 534426 had a related patch set uploaded (by Hashar; owner: Hashar):
[integration/config@master] zuul: disable phan on extensions release branches

https://gerrit.wikimedia.org/r/534426

hashar added a comment.Sep 4 2019, 12:03 PM

https://gerrit.wikimedia.org/r/#/c/integration/config/+/534426 disables the phan job for extensions/skins on release branches due to T231966

gerritbot added a comment.Sep 4 2019, 12:19 PM

Change 534426 merged by jenkins-bot:
[integration/config@master] zuul: disable phan on extensions release branches

https://gerrit.wikimedia.org/r/534426

Stashbot added a comment.Sep 4 2019, 12:20 PM

Mentioned in SAL (#wikimedia-releng) [2019-09-04T12:20:37Z] <hashar> Dropped Phan jobs for extensions from release branches T226945

Daimona subscribed.Sep 4 2019, 2:55 PM
Krinkle moved this task from Inbox to Checkers on the MediaWiki-Core-Tests board.Sep 4 2019, 5:48 PM
Daimona added a comment.Oct 29 2019, 9:48 AM
In T226945#5370566, @Legoktm wrote:

We absolutely need phan for release branches. Many of the regressions in previous releases could've been caught if phan were running.

This. It's just too easy to introduce regressions when backporting changes, especially big changes like security changes. Example: https://gerrit.wikimedia.org/r/#/q/Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a this would've broken 1.3[123], but no tests failed.

Daimona added a comment.Oct 29 2019, 4:49 PM

A quick note: in order to keep phan working on release branches, we cannot remove the docker script part where it checks for "extra" in composer.json to install phan/phan (which isn't needed anymore for repos using phan-config 0.8.0).

Daimona mentioned this in T104807: Older hidden versions of a currently-public AbuseFilter are exposed via diffs (CVE-2019-18612).Oct 29 2019, 4:58 PM
sbassett subscribed.Oct 29 2019, 5:22 PM
In T226945#5614208, @Daimona wrote:
In T226945#5370566, @Legoktm wrote:

We absolutely need phan for release branches. Many of the regressions in previous releases could've been caught if phan were running.

This. It's just too easy to introduce regressions when backporting changes, especially big changes like security changes. Example: https://gerrit.wikimedia.org/r/#/q/Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a this would've broken 1.3[123], but no tests failed.

I obviously concur :)

hashar added a comment.Nov 8 2019, 2:11 PM

I am not active on the Phan front, but could we imagine upgrading Phan in our release branches toward 0.8 to get rid of that extra in composer.json? It might be possible simply by adding some ignore/exclude for newly introduced rules we probably do not want to fix in release branches.

Same for phan versions that still require 7.0. We might be able to upgrade Phan in release branches to whatever Phan version supporting 7.2.

Jdforrester-WMF added a comment.Nov 8 2019, 2:18 PM
In T226945#5647667, @hashar wrote:

I am not active on the Phan front, but could we imagine upgrading Phan in our release branches toward 0.8 to get rid of that extra in composer.json? It might be possible simply by adding some ignore/exclude for newly introduced rules we probably do not want to fix in release branches.

That's currently happening, yes. See T235049: Upgrade mediawiki-phan-config to 0.8.0 for all repos.

Same for phan versions that still require 7.0. We might be able to upgrade Phan in release branches to whatever Phan version supporting 7.2.

Yes, after this point we may move phan into the main quibble run and so run the appropriate version for repos automatically. That doesn't fix old release branches, however.

Daimona added a comment.Nov 8 2019, 2:19 PM
In T226945#5647667, @hashar wrote:

I am not active on the Phan front, but could we imagine upgrading Phan in our release branches toward 0.8 to get rid of that extra in composer.json? It might be possible simply by adding some ignore/exclude for newly introduced rules we probably do not want to fix in release branches.

It's probably doable. I don't think we have a script to do that (like LibUp does for PHPCS), but I think it shouldn't be terribly hard to write.

Same for phan versions that still require 7.0. We might be able to upgrade Phan in release branches to whatever Phan version supporting 7.2.

I believe that we don't have any phan version requiring PHP 7.0, it's either 5.6.99+, or 7.2.0+.

hashar added a subtask: T235049: Upgrade mediawiki-phan-config to 0.8.0 for all repos.Nov 8 2019, 2:19 PM

You guys are amazing. As soon as the extras field is not needed anymore, lets definitely clear it up from the CI phan shell scripts :]

Daimona added a comment.EditedNov 8 2019, 2:21 PM

{{edit conflict}} Belatedly, T235049 is only for master, nothing is being done on rel branches.

Also, I'm unsure whether phan should be merged into another existing job. Phan can already take a decent amount of time (and memory) to execute, and it will get even worse with T235390.

Jdforrester-WMF added a comment.Nov 8 2019, 3:24 PM
In T226945#5647679, @Daimona wrote:

{{edit conflict}} Belatedly, T235049 is only for master, nothing is being done on rel branches.

Well, yeah, it'll affect REL1_35 onwards though. ;-)

Also, I'm unsure whether phan should be merged into another existing job. Phan can already take a decent amount of time (and memory) to execute, and it will get even worse with T235390.

The tension between speed and simplicity is hard to work out, yeah.

Jdforrester-WMF closed subtask T235049: Upgrade mediawiki-phan-config to 0.8.0 for all repos as Resolved.Nov 26 2019, 5:28 PM
Daimona mentioned this in T256088: REL1_33 and REL1_34 mediawiki-core-php72-phan-docker broken.Jun 23 2020, 10:07 AM
Aklapper removed a project: MW-1.32-release.Jul 21 2020, 1:20 PM
gerritbot added a comment.Aug 13 2020, 9:41 AM

Change 525878 abandoned by Jforrester:
[integration/config@master] layout: Restrict Phan jobs to only run on master, wmf/, & fundraising/ branches

Reason:
This was done by default when we split the branches into their own pipelines.

https://gerrit.wikimedia.org/r/525878

Krinkle unsubscribed.Aug 14 2020, 9:39 PM
Reedy moved this task from Backlog to Done on the MW-1.31-release board.Dec 2 2020, 2:06 AM
Reedy removed a project: Patch-For-Review.Dec 2 2020, 2:17 AM
Lens0021 subscribed.Dec 17 2020, 2:20 AM
Daimona mentioned this in T271428: Bump php-ast to 1.0.10 for all phan jobs.Jan 14 2021, 9:52 PM
WMDE-leszek subscribed.Mar 19 2021, 2:46 PM
gerritbot added a comment.Mar 19 2021, 2:50 PM

Change 673503 had a related patch set uploaded (by WMDE-leszek; owner: WMDE-leszek):
[integration/config@master] Run phan on changes onto Wikibase REL1_35 branch

https://gerrit.wikimedia.org/r/673503

gerritbot added a project: Patch-For-Review.Mar 19 2021, 2:50 PM
Reedy mentioned this in T270452: Add more preflight checks to makerelease2.Apr 11 2021, 3:27 PM
Jdforrester-WMF mentioned this in T279898: Wikibase CI, phan & mediawiki-vendor issues..Apr 22 2021, 5:06 PM
Reedy mentioned this in T281193: Security release of AbuseFilter 1.35 throws TypeError.Apr 26 2021, 10:30 PM
gerritbot added a comment.Apr 27 2021, 6:04 PM

Change 683033 had a related patch set uploaded (by Jforrester; author: Jforrester):

[integration/config@master] Zuul: Update T226945 comment now we've dropped PHP70/71 support

https://gerrit.wikimedia.org/r/683033

gerritbot added a comment.May 28 2021, 1:55 AM

Change 683033 abandoned by Jforrester:

[integration/config@master] Zuul: Update T226945 comment now we've dropped PHP70/71 support

Reason:

I did this when I in-lined the phan jobs into the general quibble jobs

https://gerrit.wikimedia.org/r/683033

Legoktm mentioned this in T293323: Transitioning Responsibility for MediaWiki Releases.Nov 23 2021, 5:50 PM
Reedy mentioned this in T326374: Make Phan on PHP 8.1 voting on REL1_39.Jan 12 2023, 7:36 PM
gerritbot added a comment.Dec 19 2023, 3:46 PM

Change 984222 had a related patch set uploaded (by Lucas Werkmeister (WMDE); author: Lucas Werkmeister (WMDE)):

[integration/config@master] Zuul: [mediawiki/extensions/Wikibase] Disable Phan on release branches

https://gerrit.wikimedia.org/r/984222

gerritbot added a comment.Jan 9 2024, 8:52 AM

Change 984222 merged by jenkins-bot:

[integration/config@master] Zuul: [mediawiki/extensions/Wikibase] Disable Phan on release branches

https://gerrit.wikimedia.org/r/984222

Stashbot added a comment.Jan 9 2024, 8:53 AM

Mentioned in SAL (#wikimedia-releng) [2024-01-09T08:53:17Z] <hashar> Reloaded Zuul for https://gerrit.wikimedia.org/r/984222 | [mediawiki/extensions/Wikibase] Disable Phan on release branches | T226945 T231966

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL