We need to get the latest greatest version of wikidiff2 to production.
|Resolved||tstarling||T236963 Deploy version 1.10.0 of wikidiff2 to production|
|Resolved||tstarling||T238846 Prod compare endpoint missing offset object (with from & to keys) on diff items|
Just as a random note here for the case it's relevant: There's a patch still waiting for review and an already merged patch, that are both not part of the latest ( released ) version 1.9.0.
I've uploaded the version bump to Gerrit. I've reviewed both the changes that were merged while I was out, and the more recent ones. I think it's ready to go now. I would appreciate it if @jijiki or someone else from SRE could merge the version update and build and deploy new packages.
There are different releasers group for different software. The people who can upload releases of wikidiff2 are:
members: [demon, legoktm, wmde-fisch, thiemowmde]
This group was created in T202473 to split it away from MediaWiki releasers group.
If you would like to update the group members please let us know via an access-request ticket and it will be handled quickly by the clinic duty person.
I haven't made a tarball for wikidiff2 before and I can't find any documentation of how that is meant to be done. It looks like wikidiff2 is the only PHP extension that is released in this way. I assume I just do a git archive and sign it with gpg, then upload it to releases1001:/srv/org/wikimedia/releases/wikidiff2 ? There's no other procedure to follow or script to run? I don't need to be in that wikidiff2 group because I have root.
I see the section diff output here: https://en.wikipedia.beta.wmflabs.org/w/rest.php/v1/revision/373415/compare/374150
I think that means it's working correctly, so progressing to production makes sense.
@tstarling is the gpg key that you used to sign that release available anywhere? https://www.mediawiki.org/keys/keys.txt still has your old ones. I'm currently not able to verify the release to update it in Debian.
user@DD:~/debian/wikidiff2$ gbp import-orig --uscan gbp:info: Launching uscan... gpgv: Signature made Tue 19 Nov 2019 04:16:54 PM PST gpgv: using RSA key F64EBF5F20996AB514F198A873F146FECF9D333C gpgv: Can't check signature: No public key uscan die: OpenPGP signature did not verify. at /usr/share/perl5/Devscripts/Uscan/Output.pm line 58. gbp:error: Uscan failed: OpenPGP signature did not verify.
It's in the keyservers with five signatures, including yourself twice. It's available here, along with the old keys: https://tstarling.com/stuff/pgp.txt
Do you think https://www.mediawiki.org/keys/keys.txt needs to have every key I've ever used? I've got keys from 2008, 2009, 2012 and 2014, and at that point I stopped rotating them and started adjusting the expiry, so the 2014 one should remain valid going forward.