Page MenuHomePhabricator

[mwcli mwdd] `mediawiki install` allowed to run despite out of date composer dependencies
Closed, ResolvedPublic

Description

mediawiki install allowed to run despite out of date composer dependencies
Doing a composer install shows that things did need updating.

Version info:

GitCommit: 379ffa1
GitBranch: dev
GitState: dirty
GitSummary: v0.1.0-dev-addshore.20210523.2-3-g379ffa1-dirty
BuildDate: 2021-05-24T17:03:02Z
Version: v0.1.0

Example:

adam@adsh+wsl:~/dev/git/gerrit/mediawiki/core (master)$ $ ~/go/src/gerrit.wikimedia.org/r/mediawiki/tools/cli/dev.sh mwdd mediawiki install
rm -f internal/mwdd/files/files.go || true
./bin/staticfiles -o internal/mwdd/files/files.go static/mwdd/
PHP 7.2.31-1+0~20200514.41+debian9~1.gbpe2a56b+wmf1 is installed.
Found ImageMagick: /usr/bin/convert. Image thumbnailing will be enabled if you enable uploads.
Found the Git version control software: /usr/bin/git.
Using server name "http://localhost".
Warning: No --scriptpath specified, using default: /wiki.
Using server URL "http://default.mediawiki.mwdd.localhost:8080/wiki".
Warning: Your default directory for uploads (/var/www/html/w/images/) is not checked for vulnerability to arbitrary script execution during the CLI install.
Using the PHP intl extension for Unicode normalization.
The environment has been checked. You can install MediaWiki.
Setting up database
done
Creating tables, step one
done
Creating tables, step two
done
Populating default interwiki table
done
Initializing statistics
done
Generating secret keys
done
Prevent running unneeded updates
done
Restoring mediawiki services
done
Creating administrator user account
done
Creating main page with default content
done
Database was successfully set up
MediaWiki has been successfully installed. You can now visit <http://default.mediawiki.mwdd.localhost:8080/wiki> to view your wiki. If you have questions, check out our frequently asked questions list: <https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:FAQ> or use one of the support forums linked on that page.
MediaWiki 1.37.0-alpha Updater

wikimedia/minify: 2.2.1 installed, 2.2.2 required.
Error: your composer.lock file is not up to date. Run "composer update --no-dev" to install newer dependencies
2021/05/24 18:01:34 exit status 1
exit status 1
adam@adsh+wsl:~/dev/git/gerrit/mediawiki/core (master)$ $ ~/go/src/gerrit.wikimedia.org/r/mediawiki/tools/cli/dev.sh mwdd mediawiki composer update
rm -f internal/mwdd/files/files.go || true
./bin/staticfiles -o internal/mwdd/files/files.go static/mwdd/
> ComposerHookHandler::onPreUpdate
Loading composer repositories with package information
Warning from https://repo.packagist.org: You are using an outdated version of Composer. Composer 2 is now available and you should upgrade. See https://getcomposer.org/2
Updating dependencies (including require-dev)
Package operations: 0 installs, 11 updates, 1 removal
  - Removing composer/package-versions-deprecated (1.11.99.1)
  - Updating wikimedia/minify (2.2.1 => 2.2.2): Loading from cache
  - Updating doctrine/cache (1.11.0 => 1.11.2): Loading from cache
  - Downgrading doctrine/dbal (3.0.0 => 2.10.4): Loading from cache
  - Updating wikimedia/parsoid (v0.14.0-a1 => v0.14.0-a3): Loading from cache
  - Downgrading data-values/geo (4.3.0 => 4.2.3): Downloading (100%)
  - Downgrading onoi/message-reporter (1.4.2 => 1.4.1): Downloading (100%)
  - Updating symfony/yaml (v5.2.5 => v5.2.9): Loading from cache
  - Downgrading phpunit/php-token-stream (4.0.4 => 3.1.2): Loading from cache
  - Updating symfony/string (v5.2.6 => v5.2.8): Loading from cache
  - Updating symfony/console (v5.2.6 => v5.2.8): Loading from cache
  - Updating symfony/var-dumper (v5.2.6 => v5.2.8): Loading from cache
Package phpunit/php-token-stream is abandoned, you should avoid using it. No replacement was suggested.
Writing lock file
Generating optimized autoload files
42 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
> ComposerVendorHtaccessCreator::onEvent

Event Timeline

Addshore moved this task from Inbox to Backlog on the mwcli board.

I notice that the check performed by mwdd currently is:

"require_once __DIR__ . '/includes/PHPVersionCheck.php'; $phpVersionCheck = new PHPVersionCheck(); $phpVersionCheck->checkVendorExistence();",

However the error we see here comes from some other code!

https://gerrit.wikimedia.org/g/mediawiki/core/+/44f091e9c02682b2958dbcb3636724598255fe30/maintenance/checkComposerLockUpToDate.php#56

Change 693939 had a related patch set uploaded (by Addshore; author: Addshore):

[mediawiki/tools/cli@master] mwdd: Use maintenance/checkComposerLockUpToDate.php

https://gerrit.wikimedia.org/r/693939

Change 693939 merged by jenkins-bot:

[mediawiki/tools/cli@master] mwdd: Use maintenance/checkComposerLockUpToDate.php

https://gerrit.wikimedia.org/r/693939