| tstarling | |
| May 8 2026, 4:21 AM |
| F84533217: Produnto repo viewer.png | |
| Wed, May 27, 4:25 AM |
A shadow namespace viewer for Produnto package files.
In T417524 it's proposed to track article dependencies on Produnto packages using pagelinks to nonexistent but valid (can-exist) titles. So it would make sense to put a viewer for package contents at those same titles.
I propose "Package" as the namespace name.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | None | T411834 Scribunto external dependencies - roadmap and requirements | |||
| Open | tstarling | T425752 Produnto repository viewer: Package namespace |
Change #1293827 had a related patch set uploaded (by Tim Starling; author: Tim Starling):
[mediawiki/core@master] ShadowPage: Allow ShadowPage providers to be registered by extensions
Change #1294112 had a related patch set uploaded (by Tim Starling; author: Tim Starling):
[mediawiki/extensions/Produnto@master] Add repo viewer
We should also think about what happens when someone spams or posts libel on a gitlab repo. An onwiki admin should be able to make it go away, ideally with no knowledge of using gitlab. See also: https://en.wikipedia.org/wiki/User:Risker/Risker%27s_checklist_for_content-creation_extensions
Change #1294439 had a related patch set uploaded (by Tim Starling; author: Tim Starling):
[mediawiki/extensions/SyntaxHighlight_GeSHi@master] Add SyntaxHighlight::hasLanguage()
The repo viewer only shows deployed versions, and deploying is a privileged action, done by editing [[MediaWiki:Packages.json]]. Just merging vandalism is not enough to make it be shown here. A malicious package can be undeployed the same way.
Change #1294439 merged by jenkins-bot:
[mediawiki/extensions/SyntaxHighlight_GeSHi@master] Add SyntaxHighlight::isSupportedLanguage()
Change #1293827 merged by jenkins-bot:
[mediawiki/core@master] ShadowPage: Allow ShadowPage providers to be registered by extensions
Okay. Maybe off-topic for this task but is that a temporary stopgap? I think making lua package publishing available only to sysops would reduce adoption. We should consider having a separate right that could be given to autoconfirmed users by default, or at least to template editors (enwiki), engineers (ruwiki), etc. It should also depend on the package type - as deploying gadget packages needs to be restricted to interface admins.
Instead of editing a JSON page, we can consider having a special page - that should make the permission handling, validations and submit actions easier to implement without relying on hooks, and probably also avoid creating a new deployment of every package on each save (the existing code appears to do that - correct me if I'm wrong).
A special page is planned and is tracked by T412317. I imagine the special page will be a Vue app with its own API backend, and the API backend will handle validating and saving to [[MediaWiki:Packages.json]]. But that page will still exist.
and probably also avoid creating a new deployment of every package on each save (the existing code appears to do that - correct me if I'm wrong).
Each deployment has a set of packages. Saving [[MediaWiki:Packages.json]] creates one new deployment. Creating a deployment requires the creation of one produnto_package_deployment row per deployed package. That's just the way the 1:N relationship is stored. I don't think it's a problem that needs to be solved. It's only 8 bytes per row. The package metadata table is produnto_package_version and these rows are not duplicated by deployments, they are created when a new version is fetched from GitLab.
