Upgrade php-ast in Seccheck CI containers
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Daimona
	Jul 6 2019, 6:07 PM

Description

In order to run the new 2.0.0 seccheck, we need the following (from T226420#5302787):

seccheck72 job: These should only have php-ast 1.0.1, and T218719 should provide anything needed for the upgrade. Note that this job can only be used for repos using seccheck 2.0.0.
seccheck70 job: This one is more complicated. It should behave the same as the phan job: if there's seccheck <=1.5.1 in composer.json, it should use php-ast 0.1.2. If there's seccheck 2.0.0 it should use php-ast 1.0.0.

Details

	Subject	Repo	Branch	Lines +/-
	dockerfiles: [php-ast] Add ast 0.1.2; [phan-seccheck] Inherit from php-ast	integration/config	master	+28 -20
	docker: Install php-ast 1.0.0 for seccheck, back to PHP7.0	integration/config	master	+25 -4

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Resolved	Reedy	T196206 Bump symfony libraries when we no longer need hhvm support
Resolved	Reedy	T234766 Consider what PHP 7.2 point release to use
Resolved	Jdforrester-WMF	T234767 Bump PHP support version in composer.json
Resolved	Jdforrester-WMF	T216166 Drop PHP 7.1 support from MediaWiki
Resolved	Jdforrester-WMF	T216165 Drop PHP 7.0 support from MediaWiki
Resolved	Jdforrester-WMF	T225457 Move all CI generic tasks from PHP70 to PHP72
Resolved	Jdforrester-WMF	T226420 Run phan secheck on PHP 7.2, not PHP 7.0
Resolved	Jdforrester-WMF	T227385 Upgrade php-ast in Seccheck CI containers
Resolved	Daimona	T227172 Upgrade taint-check to 2.0.1 in all repos
Resolved	sbassett	T227171 Release taint-check 2.0.0
Resolved	Daimona	T216974 Update phan-taint-check-plugin to a newer phan (1.3.2)
Resolved	Daimona	T218721 Have CI run seccheck tests
Resolved	Krinkle	T228342 Define criteria for setting explicit PHP support target for MediaWiki

Event Timeline

Daimona created this task.Jul 6 2019, 6:07 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 6 2019, 6:07 PM

Daimona added a subtask: T218719: Upgrade php-ast to 1.0.1 in CI composer-package containers.Jul 6 2019, 6:07 PM

Daimona added a parent task: T227172: Upgrade taint-check to 2.0.1 in all repos.

Change 521309 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[integration/config@master] docker: Install php-ast 1.0.0 for seccheck, back to PHP7.0

https://gerrit.wikimedia.org/r/521309

gerritbot added a project: Patch-For-Review.Jul 8 2019, 3:58 PM

Jdforrester-WMF added a project: Release-Engineering-Team-TODO (201907).Jul 8 2019, 4:34 PM

Daimona mentioned this in T218719: Upgrade php-ast to 1.0.1 in CI composer-package containers.Jul 9 2019, 7:19 AM

Jdforrester-WMF closed subtask T218719: Upgrade php-ast to 1.0.1 in CI composer-package containers as Resolved.Jul 9 2019, 1:54 PM

Change 521309 merged by jenkins-bot:
[integration/config@master] docker: Install php-ast 1.0.0 for seccheck, back to PHP7.0

https://gerrit.wikimedia.org/r/521309

Maintenance_bot removed a project: Patch-For-Review.Jul 9 2019, 2:10 PM

Change 521524 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[integration/config@master] dockerfiles: [php-ast] Add ast 0.1.2; [phan-seccheck] Inherit from php-ast

https://gerrit.wikimedia.org/r/521524

Change 521524 merged by jenkins-bot:
[integration/config@master] dockerfiles: [php-ast] Add ast 0.1.2; [phan-seccheck] Inherit from php-ast

https://gerrit.wikimedia.org/r/521524

Maintenance_bot removed a project: Patch-For-Review.Jul 9 2019, 4:10 PM

Status update: CI production is now ready to take phan-seccheck 2.x, and this no longer blocks T227172; instead, this is now blocked by T227172, as we can't move to PHP72 until that's done everywhere.