Page MenuHomePhabricator
Create Task
Maniphest T283333

Add dependabot change mirroring to Wikidata / Wikibase gerrit repositories
Closed, ResolvedPublic5 Estimated Story Points
Actions

Description

In T244001 we (Wikidata/Wikibase) evaluated the state of automatic and manual checking of npm audit for Wikibase projects.
A working patch was trailed with WikibaseManifest showing that this works in practice https://gerrit.wikimedia.org/r/691265
You can see the patches that have been created at https://gerrit.wikimedia.org/r/q/owner:addshorewiki%252Baddbot-dependabot%2540gmail.com

We should enable such patch mirroring by introducing an action like this to all of our Gerrit repos.
We should look at how to share the workflow between multiple repositories to avoid copy paste stuff, errors, and update pain. (Could be turning it into an action, OR sharing the workflow?)

Acceptance Criteria 🏕️🌟 (September 2021)

Details

Show related patches Customize query in gerrit

Related Objects

Event Timeline

Addshore created this task.May 21 2021, 9:51 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 21 2021, 9:51 AM
Addshore updated the task description. (Show Details)Jun 10 2021, 9:02 AM
Addshore moved this task from Inbox to Investigate & Discuss on the [DEPRECATED] wdwb-tech board.
Maintenance_bot added a project: Wikidata.Jun 10 2021, 9:45 AM
Addshore moved this task from Investigate & Discuss to To Prioritize on the [DEPRECATED] wdwb-tech board.Sep 9 2021, 9:04 AM
Lucas_Werkmeister_WMDE updated the task description. (Show Details)Sep 14 2021, 10:11 AM
Addshore renamed this task from Consider adding dependabot & change mirroring to Wikidata / Wikibase gerrit repositories to Add dependabot change mirroring to Wikidata / Wikibase gerrit repositories.Sep 14 2021, 10:11 AM
Michael subscribed.Sep 14 2021, 10:14 AM
Addshore moved this task from To Prioritize to Triaged High (100+) on the [DEPRECATED] wdwb-tech board.Sep 14 2021, 10:31 AM
Addshore added a project: Wikidata-Campsite.
Addshore moved this task from Incoming to Prioritized Wikidata Tech Backlog (prioritised from top to bottom) on the Wikidata-Campsite board.
Addshore triaged this task as Medium priority.Sep 15 2021, 8:31 AM
Addshore updated the task description. (Show Details)
Addshore updated the task description. (Show Details)Sep 15 2021, 10:41 AM
Addshore set the point value for this task to 5.
Addshore moved this task from Prioritized Wikidata Tech Backlog (prioritised from top to bottom) to Wikidata-Campsite-Iteration-∞ (On Hold) on the Wikidata-Campsite board.Sep 15 2021, 10:58 AM
Addshore edited projects, added Wikidata-Campsite (Wikidata-Campsite-Iteration-∞ (On Hold)); removed Wikidata-Campsite.
Addshore moved this task from Triaged High (100+) to Active on the [DEPRECATED] wdwb-tech board.Sep 15 2021, 11:00 AM
Addshore added a comment.Sep 15 2021, 11:15 AM

The required secret is now available to all of these repos (taken from the list of our repos on gerrit)

image.png (799×626 px, 91 KB)

Let me (or another admin of the wikimedia github org) know if more need to be added.

toan claimed this task.Sep 16 2021, 10:34 AM
toan moved this task from To Do (prioritised from top to bottom) to Doing on the Wikidata-Campsite (Wikidata-Campsite-Iteration-∞ (On Hold)) board.
gerritbot added a comment.Sep 17 2021, 8:48 AM

Change 721768 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[mediawiki/extensions/WikibaseManifest@master] Switch to wmde/dependabot-gerrit-action@main

https://gerrit.wikimedia.org/r/721768

gerritbot added a project: Patch-For-Review.Sep 17 2021, 8:48 AM
toan added a comment.Sep 17 2021, 9:06 AM

So this seems to maybe possibly work now, https://github.com/wmde/dependabot-gerrit-action/ lets switch it on for WikibaseManifest and see if it works before enabling it on any other repo.

toan moved this task from Doing to Peer Review on the Wikidata-Campsite (Wikidata-Campsite-Iteration-∞ (On Hold)) board.Sep 17 2021, 9:06 AM
gerritbot added a comment.Sep 20 2021, 12:25 PM

Change 721768 merged by jenkins-bot:

[mediawiki/extensions/WikibaseManifest@master] Switch to wmde/dependabot-gerrit-action@main

https://gerrit.wikimedia.org/r/721768

toan mentioned this in rEWBN07572069c886: Switch to wmde/dependabot-gerrit-action@main.Sep 20 2021, 12:25 PM
Lucas_Werkmeister_WMDE moved this task from Peer Review to Test (Verification) on the Wikidata-Campsite (Wikidata-Campsite-Iteration-∞ (On Hold)) board.EditedSep 20 2021, 12:50 PM
Lucas_Werkmeister_WMDE subscribed.

Moving to Verification until we’re seeing some changes arriving at WikibaseManifest (Gerrit search link), at which point we can move this back to Doing for further work (tag a stable version of the action and use it in more repositories).

Maintenance_bot removed a project: Patch-For-Review.Sep 20 2021, 1:11 PM
toan moved this task from Test (Verification) to To Do (prioritised from top to bottom) on the Wikidata-Campsite (Wikidata-Campsite-Iteration-∞ (On Hold)) board.Sep 20 2021, 1:22 PM
toan moved this task from To Do (prioritised from top to bottom) to Test (Verification) on the Wikidata-Campsite (Wikidata-Campsite-Iteration-∞ (On Hold)) board.Sep 20 2021, 1:36 PM
Addshore moved this task from Test (Verification) to To Do (prioritised from top to bottom) on the Wikidata-Campsite (Wikidata-Campsite-Iteration-∞ (On Hold)) board.Sep 21 2021, 2:20 PM

I added @dependabot rebase to the 2 open PRs on the WikibaseManifest repo.
This triggered 2 runs

https://github.com/wikimedia/mediawiki-extensions-WikibaseManifest/actions/runs/1257962268
https://github.com/wikimedia/mediawiki-extensions-WikibaseManifest/actions/runs/1257962882

Looking at the output though they appear to have both pushed to the same change on Gerrit? https://gerrit.wikimedia.org/r/c/mediawiki/extensions/WikibaseManifest/+/722625
This is due to them both having the same change-id Change-Id: I572d983330ef815dd78282463dec0df97900b789

They both start their change id generation with the same hash?
random=$(echo d629eaac3fd3fc12012f1c54bb082c39f6f32545 | git hash-object --stdin)
Which should come from
random=$(echo ${{github.sha}} | git hash-object --stdin)

So something odd is going on there or needs to change!

toan moved this task from To Do (prioritised from top to bottom) to Doing on the Wikidata-Campsite (Wikidata-Campsite-Iteration-∞ (On Hold)) board.Sep 22 2021, 2:58 PM
toan added a comment.Sep 23 2021, 8:06 AM

When trying out the sharing of the workflows i've read through this https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization#creating-a-workflow-template

Which made me create https://github.com/wmde/.github and add the template which then becomes available in the organization as a template.

image.png (303×821 px, 36 KB)

However, these are only templates and require an actual commit to the repo, so using this on the wikimedia foundation on our mirrored repos wouldn't work 😿

Will leave the wmde/.github repo around as it still might serve a purpose for some of our non mirrored repos.

gerritbot added a comment.Sep 23 2021, 8:14 AM

Change 723054 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[mediawiki/extensions/Wikibase@master] Add Github actions dependabot workflow

https://gerrit.wikimedia.org/r/723054

gerritbot added a project: Patch-For-Review.Sep 23 2021, 8:14 AM

Change 723055 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[mediawiki/extensions/WikibaseLexeme@master] Add Github Actions dependebot workflow

https://gerrit.wikimedia.org/r/723055

gerritbot added a comment.Sep 23 2021, 8:18 AM

Change 723056 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[mediawiki/extensions/WikibaseQualityConstraints@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723056

gerritbot added a comment.Sep 23 2021, 8:19 AM

Change 723057 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[mediawiki/extensions/WikimediaBadges@master] Add Github Actions dependabot workflow

https://gerrit.wikimedia.org/r/723057

gerritbot added a comment.Sep 23 2021, 8:27 AM

Change 723059 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[mediawiki/extensions/Wikidata.org@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723059

gerritbot added a comment.Sep 23 2021, 8:32 AM

Change 723061 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[mediawiki/extensions/ArticlePlaceholder@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723061

gerritbot added a comment.Sep 23 2021, 8:36 AM

Change 723063 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[mediawiki/extensions/Cognate@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723063

gerritbot added a comment.Sep 23 2021, 11:00 AM

Change 723144 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[mediawiki/extensions/PropertySuggester@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723144

gerritbot added a comment.Sep 23 2021, 11:01 AM

Change 723145 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[mediawiki/extensions/InterwikiSorting@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723145

gerritbot added a comment.Sep 23 2021, 11:04 AM

Change 723147 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[wikibase/javascript-api@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723147

gerritbot added a comment.Sep 23 2021, 11:05 AM

Change 723148 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[wikibase/termbox@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723148

gerritbot added a comment.Sep 23 2021, 11:07 AM

Change 723149 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[wikidata/query/gui@master] Add Github Actions dependabot workflow

https://gerrit.wikimedia.org/r/723149

gerritbot added a comment.Sep 23 2021, 11:15 AM

Change 723157 had a related patch set uploaded (by Tobias Andersson; author: Tobias Andersson):

[data-values/value-view@master] Add Github Actions dependabot workflow

https://gerrit.wikimedia.org/r/723157

gerritbot added a comment.Sep 23 2021, 11:52 AM

Change 723149 merged by jenkins-bot:

[wikidata/query/gui@master] Add Github Actions dependabot workflow

https://gerrit.wikimedia.org/r/723149

toan mentioned this in rWDQGf559e6a506a4: Add Github Actions dependabot workflow.Sep 23 2021, 11:54 AM
toan moved this task from Doing to Peer Review on the Wikidata-Campsite (Wikidata-Campsite-Iteration-∞ (On Hold)) board.Sep 23 2021, 12:32 PM
gerritbot added a comment.Sep 23 2021, 1:05 PM

Change 723145 merged by jenkins-bot:

[mediawiki/extensions/InterwikiSorting@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723145

gerritbot added a comment.Sep 23 2021, 1:05 PM

Change 723063 merged by jenkins-bot:

[mediawiki/extensions/Cognate@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723063

toan mentioned this in rEIWS93ed96981cea: Add Github Actions Dependabot workflow.Sep 23 2021, 1:06 PM
toan mentioned this in rECOG2e6e38e14361: Add Github Actions Dependabot workflow.
ReleaseTaggerBot added a project: MW-1.38-notes (1.38.0-wmf.2; 2021-09-28).Sep 23 2021, 2:00 PM
gerritbot added a comment.Sep 23 2021, 4:07 PM

Change 723148 merged by jenkins-bot:

[wikibase/termbox@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723148

toan mentioned this in rWBTBd25158be99de: Add Github Actions Dependabot workflow.Sep 23 2021, 4:08 PM
gerritbot added a comment.Sep 23 2021, 4:23 PM

Change 723057 merged by jenkins-bot:

[mediawiki/extensions/WikimediaBadges@master] Add Github Actions dependabot workflow

https://gerrit.wikimedia.org/r/723057

gerritbot added a comment.Sep 23 2021, 4:23 PM

Change 723059 merged by jenkins-bot:

[mediawiki/extensions/Wikidata.org@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723059

gerritbot added a comment.Sep 23 2021, 4:51 PM

Change 723056 merged by jenkins-bot:

[mediawiki/extensions/WikibaseQualityConstraints@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723056

gerritbot added a comment.Sep 23 2021, 4:51 PM

Change 723061 merged by jenkins-bot:

[mediawiki/extensions/ArticlePlaceholder@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723061

gerritbot added a comment.Sep 23 2021, 5:12 PM

Change 723055 merged by jenkins-bot:

[mediawiki/extensions/WikibaseLexeme@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723055

gerritbot added a comment.Sep 23 2021, 5:19 PM

Change 723144 merged by jenkins-bot:

[mediawiki/extensions/PropertySuggester@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723144

toan mentioned this in rEPS8ac7ceaee841: Add Github Actions Dependabot workflow.Sep 23 2021, 5:35 PM
gerritbot added a comment.Sep 23 2021, 6:02 PM

Change 723147 merged by jenkins-bot:

[wikibase/javascript-api@master] Add Github Actions Dependabot workflow

https://gerrit.wikimedia.org/r/723147

gerritbot added a comment.Sep 23 2021, 6:03 PM

Change 723157 merged by jenkins-bot:

[data-values/value-view@master] Add Github Actions dependabot workflow

https://gerrit.wikimedia.org/r/723157

gerritbot added a comment.Sep 24 2021, 11:33 AM

Change 723054 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] Add Github actions dependabot workflow

https://gerrit.wikimedia.org/r/723054

toan moved this task from Peer Review to Test (Verification) on the Wikidata-Campsite (Wikidata-Campsite-Iteration-∞ (On Hold)) board.Sep 24 2021, 3:52 PM

everything was merged

Addshore closed this task as Resolved.Oct 18 2021, 8:51 AM
DannyS712 subscribed.Mar 11 2022, 11:39 PM

I couldn't find a specific phab project for addbot, so linking here: https://github.com/wmde/dependabot-gerrit-action/pull/1 will *hopefully* automatically abandon closed patches

Maintenance_bot moved this task from incoming to in progress on the Wikidata board.Mar 12 2022, 12:15 AM
Maintenance_bot moved this task from Test (Verification) to Done on the Wikidata-Campsite (Wikidata-Campsite-Iteration-∞ (On Hold)) board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL