ideally the code for building a MediaWiki image with security patches would live in Jenkins Job Builder so git history and code review can happen through the standard process™©.
Description
Description
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | None | T198901 Migrate production services to kubernetes using the pipeline | |||
| Open | None | T238770 Deploy MediaWiki to Wikimedia production in containers | |||
| Open | None | T238771 Get production MW-land images built and published | |||
| Resolved | dancy | T271274 Security patch workflow for MediaWiki on k8s | |||
| Resolved | • dduvall | T273676 Jenkins job exists for building patched MediaWiki image | |||
| Resolved | • dduvall | T274182 Multi-version MediaWiki image is built and published |
Event Timeline
Comment Actions
The existing .pipeline/config.yaml was extended to patch the production image before publishing to the restricted repo. See T271274: Security patch workflow for MediaWiki on k8s and associated patchsets for implementation details.