Page MenuHomePhabricator
Create Task
Maniphest T283389

MediaWiki installer does not check composer dependencies are at the correct versions (like update.php does)
Open, LowPublic
Actions

Description

update.php will check that composer dependencies are at the correct versions (using CheckComposerLockUpToDate).

The Installer apparently doesn't, as we noticed during @Addshore's live hackathon demo.

update.php:

		// Check external dependencies are up to date
		if ( !$this->hasOption( 'skip-external-dependencies' ) ) {
			$composerLockUpToDate = $this->runChild( CheckComposerLockUpToDate::class );
			$composerLockUpToDate->execute();
		} else {
			$this->output(
				"Skipping checking whether external dependencies are up to date, proceed at your own risk\n"
			);
		}

Details

Other Assignee
Krinkle
SubjectRepoBranchLines +/-
Reapply "Installer: Add env check for composer.lock file"mediawiki/coremaster+52 -0
Installer: Add env check for composer.lock filemediawiki/coremaster+34 -0
Refactor checkComposerLockUpToDate.php logic out to reuseable classmediawiki/coremaster+242 -52
Installer: Add check of the Composer lock file to env checkmediawiki/coremaster+25 -2
Customize query in gerrit

Event Timeline

Legoktm created this task.May 21 2021, 7:32 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 21 2021, 7:32 PM
Reedy added projects: MW-1.35-release, MW-1.36-release.May 22 2021, 10:42 AM
Reedy updated the task description. (Show Details)
Reedy updated the task description. (Show Details)
Reedy moved this task from Blocker to Not a blocker on the MW-1.36-release board.
Reedy moved this task from Blocker to Not a blocker on the MW-1.35-release board.
Reedy subscribed.May 22 2021, 10:44 AM

I think a lot of the code in checkComposerLockUpToDate.php wants refactoring out and putting in somewhere in includes/composer/

Reedy added a project: MW-1.37-release.Nov 5 2021, 6:53 PM
Reedy moved this task from Blocker to Not a blocker on the MW-1.37-release board.
RazeSoldier claimed this task.Nov 6 2021, 5:04 PM
RazeSoldier subscribed.

I am very interested in this task.

gerritbot added a comment.Nov 7 2021, 1:03 PM

Change 737198 had a related patch set uploaded (by 星耀晨曦; author: 星耀晨曦):

[mediawiki/core@master] Refactor checkComposerLockUpToDate.php logic about check composer dependencies

https://gerrit.wikimedia.org/r/737198

gerritbot added a project: Patch-For-Review.Nov 7 2021, 1:03 PM
Reedy added a comment.Nov 9 2021, 5:09 PM

Going back to the task description.. Was it install.php or the Web Installer?

Reedy updated the task description. (Show Details)Nov 9 2021, 5:14 PM
Addshore added a comment.Nov 9 2021, 6:49 PM
In T283389#7493114, @Reedy wrote:

Going back to the task description.. Was it install.php or the Web Installer?

I can confirm that this is an issue with install.php (or it was on step 23rd)
I had to modify mwcli to check the composer dependencies by itself before running install.php
https://gitlab.wikimedia.org/releng/cli/-/commit/33e1d1dc0bf7fa39bfae2740b8ecc203fb75a957

Reedy added a comment.Nov 9 2021, 6:52 PM

Thanks.

The first patch is just prepatory refactoring, but we should definitely test/confirm this behaves nicely on install.php and the Web Installer

Reedy moved this task from Backlog to Bugs on the Composer board.Feb 25 2022, 12:32 AM
Reedy removed a project: MW-1.36-release.May 18 2022, 7:06 PM
Jdforrester-WMF removed a project: MW-1.37-release.Nov 30 2022, 8:59 PM
Jdforrester-WMF subscribed.

1.37.x is now EOL.

Pppery edited projects, added Patch-Needs-Improvement; removed Patch-For-Review.Nov 30 2023, 5:15 AM
RazeSoldier edited projects, added Patch-For-Review; removed Patch-Needs-Improvement.Dec 1 2023, 5:49 AM

I rebase to master

Umherirrender removed a project: MW-1.35-release.Dec 21 2023, 8:42 PM
Umherirrender subscribed.

Release 1.35 is EOL - https://lists.wikimedia.org/hyperkitty/list/mediawiki-l@lists.wikimedia.org/thread/72B3GNSDFUJEM23W54735OW34IHCZL6F/

gerritbot added a comment.Jan 13 2024, 7:34 PM

Change 737198 merged by jenkins-bot:

[mediawiki/core@master] Refactor checkComposerLockUpToDate.php logic out to reuseable class

https://gerrit.wikimedia.org/r/737198

ReleaseTaggerBot added a project: MW-1.42-notes (1.42.0-wmf.14; 2024-01-16).Jan 13 2024, 8:00 PM
gerritbot added a comment.Jan 19 2024, 2:22 PM

Change 991782 had a related patch set uploaded (by 星耀晨曦; author: 星耀晨曦):

[mediawiki/core@master] Installer: Add check of the Composer lock file to env check

https://gerrit.wikimedia.org/r/991782

gerritbot added a comment.Jan 26 2024, 4:38 PM

Change 993160 had a related patch set uploaded (by 星耀晨曦; author: 星耀晨曦):

[mediawiki/core@master] Installer: Add check of the Composer lock file to env check

https://gerrit.wikimedia.org/r/993160

gerritbot added a comment.Jan 26 2024, 4:40 PM

Change 991782 abandoned by 星耀晨曦:

[mediawiki/core@master] Installer: Add check of the Composer lock file to env check

Reason:

https://gerrit.wikimedia.org/r/c/mediawiki/core/+/993160

https://gerrit.wikimedia.org/r/991782

Umherirrender unsubscribed.Feb 11 2024, 12:12 AM
gerritbot added a comment.Sat, Jun 8, 3:37 PM

Change #993160 merged by jenkins-bot:

[mediawiki/core@master] Installer: Add env check for composer.lock file

https://gerrit.wikimedia.org/r/993160

ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.9; 2024-06-11).Sat, Jun 8, 4:00 PM
Jdforrester-WMF closed this task as Resolved.Mon, Jun 10, 3:33 PM
Krinkle added a project: MediaWiki-Platform-Team.Tue, Jun 11, 9:15 PM
Krinkle removed projects: MW-1.42-notes (1.42.0-wmf.14; 2024-01-16), Patch-For-Review.
gerritbot added a comment.Wed, Jun 12, 4:49 PM

Change #1042315 had a related patch set uploaded (by Catrope; author: Catrope):

[mediawiki/core@master] Reapply "Installer: Add env check for composer.lock file"

https://gerrit.wikimedia.org/r/1042315

gerritbot added a project: Patch-For-Review.Wed, Jun 12, 4:49 PM
Krinkle reopened this task as Open.Wed, Jun 12, 4:50 PM
Krinkle updated Other Assignee, added: Krinkle.EditedMon, Jun 17, 2:43 PM
Krinkle moved this task from Inbox, needs triage to Current Sprint on the MediaWiki-Platform-Team board.
Krinkle subscribed.

The installer has historically been deprioritised by WMF due to being associated with "for third-party support". In recent history we've reframed the Installer as (also) an essential part of Quickstart, dev environment, contributing (e.g. Hackathon events., and onboarding (incl for WMF staff). While this doesn't mean that the installer now has an owner, it does mean it's now more normalized for individual teams to improve/fix things as they see fit when it also benefits these other use cases.

Assigning to self for re-review, since I helped with this change before, and it got reverted due to an issue that I missed.

Krinkle moved this task from Current Sprint to Blocked/waiting on the MediaWiki-Platform-Team board.Tue, Jun 25, 2:40 PM

(Moving per Roan's comment on Gerrit. Awaiting updated patch before I can re-review/test.)

Krinkle triaged this task as Low priority.Tue, Jun 25, 2:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits