Page MenuHomePhabricator
Create Task
Maniphest T425943

Add PIE build tests for PHP extensions
Open, Needs TriagePublic
Actions

Description

(this is a result of being nerdsniped a couple of evenings ago, so very well might not be valid at all)

To help with things like T423562: Migrate PHP extensions from PECL to PIE, it might make sense to add some CI jobs which test that our PHP extensions which [will] use PIE actually build correctly.

I noodled on an idea at https://gerrit.wikimedia.org/r/c/integration/config/+/1284791 (I am not familiar with how our jobs work though, so it could well be wrong too..) which has docker images for PHP 8.2 - 8.5, installs PIE per

# Install PIE
# SHA256 from release attestation: https://github.com/php/pie/attestations/25462151/download
RUN curl -fsSL https://github.com/php/pie/releases/download/1.4.2/pie.phar \
    -o /usr/local/bin/pie \
    && echo "2333b79a39c31b66b832e938b4a73a5682dace5d98d3745053debbe05d39439f  /usr/local/bin/pie" | sha256sum -c - \
    && chmod +x /usr/local/bin/pie

(checking its hash as I have no idea how acceptable getting something from github via curl is) and then has an entrypoint script with

#!/usr/bin/env bash

set -euxo pipefail

umask 002

cd src/
pie --version
PACKAGE=$(php -r "echo json_decode(file_get_contents('composer.json'))->name;")
if [[ -z "$PACKAGE" ]]; then
    echo "Error: could not read package name from composer.json" >&2
    exit 1
fi
pie --no-interaction repository:add path .
pie build --no-interaction "${PACKAGE}:*@dev" \
    --with-php-config /usr/bin/php-config8.4 \
    --with-phpize-path /usr/bin/phpize8.4

The PHP extensions which will use PIE are likely:

  • wikidiff2
  • excimer
  • luasandbox

and these tests could be useful as soon as patches like https://gerrit.wikimedia.org/r/c/mediawiki/php/wikidiff2/+/1281926 are merged

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Zuul: Add experimental php-pie-build* jobs to other PHP extensionsintegration/configmaster+19 -0
Zuul: [mediawiki/php/wikidiff2] Add experimental php-pie-build* jobsintegration/configmaster+18 -0
WIP: Add PHP PIE build tests to php-compile-jobsintegration/configmaster+48 -4
jjb: Add PIE jobs to test PIE readinessintegration/configmaster+32 -0
jjb: Upgrade php-compile jobs to latest images with PIEintegration/configmaster+5 -5
dockerfiles: Add changes to php-compile images for PIEintegration/configmaster+140 -0
Customize query in gerrit

Related Objects

Event Timeline

TheresNoTime created this task.May 11 2026, 12:54 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 11 2026, 12:54 PM
gerritbot added a comment.May 11 2026, 12:55 PM

Change #1284791 had a related patch set uploaded (by Samtar; author: Samtar):

[integration/config@master] WIP: Add PHP PIE build tests

https://gerrit.wikimedia.org/r/1284791

gerritbot added a project: Patch-For-Review.May 11 2026, 12:55 PM
Jdforrester-WMF subscribed.May 11 2026, 1:30 PM

Copying what I said in a DM:

My only thought is whether to roll these extra dependencies into the php\d\d-compile images which are used by the same repos, and just run the run.sh command inline in the jjb instead?

TheresNoTime added a comment.May 11 2026, 3:33 PM
In T425943#11907624, @Jdforrester-WMF wrote:

Copying what I said in a DM:

My only thought is whether to roll these extra dependencies into the php\d\d-compile images which are used by the same repos, and just run the run.sh command inline in the jjb instead?

Good suggestion thank you - I've made that change (I think correctly!)

gerritbot added a comment.May 11 2026, 6:22 PM

Change #1285881 had a related patch set uploaded (by Samtar; author: Samtar):

[integration/config@master] dockerfiles: Add changes to php-compile images for PIE

https://gerrit.wikimedia.org/r/1285881

gerritbot added a comment.May 11 2026, 6:27 PM

Change #1285881 merged by jenkins-bot:

[integration/config@master] dockerfiles: Add changes to php-compile images for PIE

https://gerrit.wikimedia.org/r/1285881

Stashbot added a comment.May 11 2026, 6:28 PM

Mentioned in SAL (#wikimedia-releng) [2026-05-11T18:28:42Z] <James_F> Docker: Add changes to php-compile images for PIE, for T425943

gerritbot added a comment.May 11 2026, 6:31 PM

Change #1285884 had a related patch set uploaded (by Samtar; author: Samtar):

[integration/config@master] jjb/php-extensions: Add PIE build job

https://gerrit.wikimedia.org/r/1285884

gerritbot added a comment.May 11 2026, 6:39 PM

Change #1285885 had a related patch set uploaded (by Samtar; author: Samtar):

[integration/config@master] zuul/layout: Add php-pie-build-php82-to-php85 template

https://gerrit.wikimedia.org/r/1285885

gerritbot added a comment.May 12 2026, 11:28 AM

Change #1286316 had a related patch set uploaded (by Jforrester; author: Jforrester):

[integration/config@master] jjb: Upgrade php-compile jobs to latest images with PIE

https://gerrit.wikimedia.org/r/1286316

gerritbot added a comment.May 12 2026, 11:30 AM

Change #1286316 merged by jenkins-bot:

[integration/config@master] jjb: Upgrade php-compile jobs to latest images with PIE

https://gerrit.wikimedia.org/r/1286316

gerritbot added a comment.May 12 2026, 11:31 AM

Change #1285884 merged by jenkins-bot:

[integration/config@master] jjb: Add PIE jobs to test PIE readiness

https://gerrit.wikimedia.org/r/1285884

gerritbot added a comment.May 12 2026, 11:34 AM

Change #1284791 abandoned by Jforrester:

[integration/config@master] WIP: Add PHP PIE build tests to php-compile-jobs

https://gerrit.wikimedia.org/r/1284791

gerritbot added a comment.May 12 2026, 11:37 AM

Change #1285885 merged by jenkins-bot:

[integration/config@master] Zuul: [mediawiki/php/wikidiff2] Add experimental php-pie-build* jobs

https://gerrit.wikimedia.org/r/1285885

Stashbot added a comment.May 12 2026, 11:37 AM

Mentioned in SAL (#wikimedia-releng) [2026-05-12T11:37:43Z] <James_F> Zuul: [mediawiki/php/wikidiff2] Add experimental php-pie-build* jobs, for T425943

gerritbot added a comment.May 12 2026, 11:42 AM

Change #1286319 had a related patch set uploaded (by Jforrester; author: Jforrester):

[integration/config@master] Zuul: Add experimental php-pie-build* jobs to other PHP extensions

https://gerrit.wikimedia.org/r/1286319

Jdforrester-WMF added a comment.May 12 2026, 11:42 AM

OK, this is now "ready" if/once we land PIE in each repo. Compare https://gerrit.wikimedia.org/r/c/mediawiki/php/wikidiff2/+/1281926 (passing) and https://gerrit.wikimedia.org/r/c/mediawiki/php/wikidiff2/+/1278694 (failing).

Still an experimental job in the one repo so far; I will add everywhere.

gerritbot added a comment.May 12 2026, 11:46 AM

Change #1286319 merged by jenkins-bot:

[integration/config@master] Zuul: Add experimental php-pie-build* jobs to other PHP extensions

https://gerrit.wikimedia.org/r/1286319

TheresNoTime added a comment.EditedMay 12 2026, 11:46 AM

nice, thank you! This was an interesting way of learning how our CI jobs work :)

Stashbot added a comment.May 12 2026, 11:46 AM

Mentioned in SAL (#wikimedia-releng) [2026-05-12T11:46:29Z] <James_F> Zuul: Add experimental php-pie-build* jobs to other PHP extensions, for T425943

Maintenance_bot removed a project: Patch-For-Review.May 12 2026, 12:32 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits