Page MenuHomePhabricator
Create Task
Maniphest T301201

Git repos with direct pushes bypassing gerrit/CI could be a maintenance burden for libup patches
Closed, ResolvedPublic
Actions

Description

The libup patches

were fail on phpcs errors in the current CI jobs.
This should normally not happen, because CI is testing with phpcs and avoid merging.

But this git repos receive direct pushed, which bypass gerrit and CI

For DynamicPageListEngine it is https://gerrit.wikimedia.org/g/mediawiki/extensions/DynamicPageListEngine/+/913bd0c07ad0513008f449eb1192b1c9554f951f
For DataTable2 it is https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/DataTable2/+/c152d0cf42d12e4f62e22377c3be343a940153f5

Bypass the tests of the CI pipeline brings in some problems for the auto-merge mode of libup. Libup auto-merge trival patch sets to reduce human interaction with the patch set.
A failing CI brings in some maintenance burden for it.

How to process with this situation?

Possible solution:

  • Disable direct git pushes
  • Exclude the repos from libup
  • Keep status quo and hope someone fix the repo for the libup patch set
  • Simplify CI jobs to merge without tests
  • ...

It seems the setup with direct pushes is official support for extensions on gerrit. I have no idea how much extensions are affected.

This is only the aspect about direct pushes. There are other situation which can break CI and make it harder for libup to merge (force merges of patch set through gerrit with broken tests, hard deprecation in core/extensions of still used functions, remove of functions/table columns still used, version updates of unpinned dependency, changes in CI infratstructure, ...)

Details

SubjectRepoBranchLines +/-
Modify repository access settingsmediawiki/extensions/DataTable2refs/meta/config+0 -1
Remove direct push access from the repositorymediawiki/extensions/DynamicPageListEnginerefs/meta/config+0 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

Umherirrender created this task.Feb 7 2022, 9:34 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 7 2022, 9:34 PM
Legoktm added a subscriber: QChris.Feb 8 2022, 2:12 AM

My understanding was that we did not allow direct "open push" for master of extensions because of problems like this and that there's no way to review/comment on direct pushes, which IIRC was also a problem for TWN. Is that correct @QChris?

I would recommend just disabling direct push on these.

MarcoAurelio subscribed.Feb 8 2022, 11:59 AM

It looks like this is wanted by the maintainer (@RV1971)?

Peachey88 subscribed.Feb 8 2022, 8:12 PM
RV1971 added a comment.Feb 8 2022, 10:31 PM

I did not intentionally configure anything different from the way it is supposed to work. The commits cited by MarcoAurelio have been done almost four years ago, I do not remember what was behind them.

Feel free to modify the git repo settings the way they should be.

gerritbot added a comment.Feb 8 2022, 10:34 PM

Change 760983 had a related patch set uploaded (by MarcoAurelio; author: MarcoAurelio):

[mediawiki/extensions/DynamicPageListEngine@refs/meta/config] Remove direct push access from the repository

https://gerrit.wikimedia.org/r/760983

gerritbot added a project: Patch-For-Review.Feb 8 2022, 10:34 PM

Change 760984 had a related patch set uploaded (by MarcoAurelio; author: MarcoAurelio):

[mediawiki/extensions/DataTable2@refs/meta/config] Modify repository access settings

https://gerrit.wikimedia.org/r/760984

gerritbot added a comment.Feb 8 2022, 10:40 PM

Change 760983 merged by Zabe:

[mediawiki/extensions/DynamicPageListEngine@refs/meta/config] Remove direct push access from the repository

https://gerrit.wikimedia.org/r/760983

gerritbot added a comment.Feb 8 2022, 10:42 PM

Change 760984 merged by Zabe:

[mediawiki/extensions/DataTable2@refs/meta/config] Modify repository access settings

https://gerrit.wikimedia.org/r/760984

Zabe subscribed.Feb 8 2022, 10:45 PM
Maintenance_bot removed a project: Patch-For-Review.Feb 8 2022, 11:10 PM
Umherirrender added a comment.Feb 9 2022, 8:10 PM

Does that mean all extensions with push and/or pushMerge in the access rules should be cleaned up?

For example
https://gerrit.wikimedia.org/r/admin/repos/mediawiki/extensions/AutoCreateCategoryPages,access
https://gerrit.wikimedia.org/r/admin/repos/mediawiki/extensions/AccessControl,access
Around 150 repos

Also mediawiki has push - https://gerrit.wikimedia.org/r/admin/repos/mediawiki,access - but not for the global refs/*
Some specials are also in DonationInterface, GuidedTour, VisualEditor

After clean up: It is possible to change the ACL for the project owners and/or mediawiki group to apply no new push/pushMerge to a repo? Just limit the right to platform-engineering?

Umherirrender unsubscribed.Aug 31 2022, 7:58 PM
Umherirrender closed this task as Resolved.Feb 9 2024, 9:40 PM
Umherirrender claimed this task.

ACL for skins and extensions looking clean now

hashar added a comment.Feb 13 2024, 6:37 AM

Thank you @Umherirrender !

hashar added a parent task: Restricted Task.Feb 13 2024, 6:38 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL