Page MenuHomePhabricator
Create Task
Maniphest T253079

Document how to get new packages published under the 'wikimedia' and 'mediawiki' namespaces on Packagist
Open, Needs TriagePublic
Actions

Description

In T252987#6146612, @bd808 wrote:

Packagist does not have an "org account" concept to make multi-user access easy (https://github.com/composer/packagist/issues/461). Instead we have a shared username and password for both https://packagist.org/users/mediawiki and https://packagist.org/users/wikimedia. These were created to "own" the 'mediawiki' and 'wikimedia' namespaces at Packagist following Packagist making it possible at all to control what is admitted to a namespace.

There are two paths forward for T218639: Make language-data installable as a proper library which seems to be the inspiration for this request:

  1. Share the passwords with @Nikerabbit and @abi_ so that they can take care of their own needs and also become folks who can help others publish new packages under the 'mediawiki' and 'wikimedia' namespaces at Packagist
  2. Someone who has those passwords already (@bd808, @Reedy, @Krinkle, ??) can setup the initial Packagist registration for https://github.com/wikimedia/language-data/blob/master/package.json and then add @Nikerabbit and @abi_ as co-maintainers on the Packagist side so that they can maintain the package entry going forward.

@Nikerabbit which of these is more appealing to you? Do you want a new hat or just to fix the problem you have today?

Regardless of which path @Nikerabbit chooses, this task is a great reminder that we have documentation gaps. This minor essay should really be on Wikitech or mediawiki.org somewhere that folks can find along with clear docs on how to either ask for a new package registration or access to the shared password (and ideally what responsibilities come along with the password access).

There are some really sketchy docs at https://www.mediawiki.org/wiki/Manual:Developing_libraries#Packagist_guidelines. There is currently no documented guidelines for what can or can't be added to either namespace as far as @bd808 knows.

An ideal outcome would be:

  • clear documentation on mediawiki.org for developers of libraries and extensions of how to request Packagist publication in the "official" namespaces
  • clear documentation on mediawiki.org for reviewers of publication requests on how to determine if publication should be allowed or changes requested
  • clear documentation on wikitech for SREs to help them evaluate requests for passwords related to the "official" namespaces
  • (stretch goal) tooling to help automate package publication (submitting to Packagist, setting up GitHub or other SCM hooks to notify Packagist of publication changes)

Related Objects

Event Timeline

bd808 created this task.May 18 2020, 11:10 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 18 2020, 11:10 PM
bd808 added a comment.May 18 2020, 11:13 PM

The original work for these things was done under the long defunct MediaWiki-Core-Team. It is not currently clear if Release-Engineering-Team, Platform Engineering, some other Wikimedia team, or a new community and Foundation inclusive group should "own" this topic and its implementation.

Reedy moved this task from Backlog to Documentation on the Composer board.Feb 2 2021, 2:26 AM
DannyS712 mentioned this in T274089: Publish GlobalWatchlist on packagist / with composer.Feb 8 2021, 12:47 AM
Reedy added a project: Documentation.Feb 25 2022, 12:43 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL