== Current situation ==
- Currently versions like `wmde11` are a suffix to the mw version they are built on
- users don't get any "meta info" based on the current numbering
- the current versioning scheme does NOT
- communicate breaking changes
- allow updating on a stable channel to get security fixes but prevent breaking changes
- provide an obvious way to communicate security fixes in dependencies while the MW version stays the same
- allow naming of cutting edge builds off of the upstream main branches (T343692)
== Ideal situation ==
- We want to focus on how users see the versioning scheme
- they need to be able to distinguish major versions from minor versions
- they need to see whether a version includes breaking changes or not
- Building using a certain version of the pipeline should create the same build artifacts (T340226) which get a unique versions assigned to them
== Research ==
The built artifacts consist of components from loads of different sources with different versioning strategies:
|Component|Explicit versioning|Communication of breaking changes|Link|Notes|
|---|---|---|---|---|
|MediaWiki|yes (e.g. 1.39.4), but not semver, going from 1.39 to 1.40 contains breaking changes (for the user?), so a minor MW version update would probably lead to a mayor wikibase suite version bump|yes, in changelog|[Changelog](https://gerrit.wikimedia.org/g/mediawiki/core/%2B/HEAD/HISTORY)|We might want to add unreleased security patches to our builds T341450|
|MediaWiki Docker image|no, version only represents the MW version built in, not the underlaying tools such as apache (from debian base image) or php (from php base image)|no|https://hub.docker.com/_/mediawiki/|Released by a volunteer https://github.com/wikimedia/mediawiki-docker https://phabricator.wikimedia.org/project/view/6633/, apparently looking for support T330367|
|PHP Docker image (base for official MediaWiki Docker image)|yes, but only PHP version, apparently does not get updated when the underlaying debian gets updates, as older php version images are only pushed a long time ago|yes, through PHP version|https://hub.docker.com/_/php| |
|Debian Docker image (base for official PHP Docker image)|yes, Debian versioning, but not semver, a datetime string getting updated on security patches|yes, with major release|https://hub.docker.com/_/debian| |
|Wikibase|no, ensures MW compatibility on REL branches|**TODO** RESEARCH| [Release notes](https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/Wikibase/+/refs/heads/master/RELEASE-NOTES-1.40) | should receive security patches as long as the related MW version is supported!? We might want to add unreleased security patches to our builds T341450 |
|other WMF hosted extensions, e.g. CirrusSearch|no, ensure MW compatibility on REL branches|**TODO** RESEARCH| [Extension Page](https://www.mediawiki.org/wiki/Extension:CirrusSearch) | should receive security patches as long as the related MW version is supported!? We might want to add unreleased security patches to our builds T341450 |
|other extensions from e.g. GitHub|arbitrary versioning strategies, sometimes just a main branch| | | |
|MariaDB Docker image|yes, following mariadb version|probably through mariadb version, **TODO** RESEARCH|https://hub.docker.com/_/mariadb|might need updates as soon as base libs get updates|
|WQS release|yes, 0.y.z|**TODO** RESEARCH| |we build it into an openjdk docker image which is needs updates as well, NB, the one we are using is deprecated and the tag we are using received the last update 4 years ago, so probably in 2019|
|WQS frontend|no, master branch|||built into an docker hub official nginx image, needs nginx and base system patches|
|QuickStatements|no, master branch||| based on php image, see above|
|MagnusTools|no, master branch|||used in the QuickStatements container|
|anything missing?| | | | |
== Suggestion - Request For Comments ==
=== Versioning scheme ===
- We use SemVer (Semantic Versioning) https://semver.org/
- Breaking changes increment major version e.g. 3.0.0
- Feature releases increment minor version, e.g. 2.1.0
- Fixes, e.g. security increment patch version, e.g. 2.0.1
- Start with a major version of 2.0.0 (so this is bigger than current 1.39 mw version based releases)
=== What to version ===
- We version the built artifacts, not the pipeline code
- The pipeline code has a rolling release `main` branch
- We use tags on the pipeline `main` branch to note which version of pipeline main builds which release version
- A version f82a7cff of the `main` branch has the following tags
- v2.1.0 the latest release of the old/LTS version
- v3.0.0 the latest release of the current version
- v4.0.0-pre20230528 the latest build of the upcoming unreleased version (TODO: we cannot use the date, can we build without updating the build code?the pipeline builds which suite releases (see below)
- All built artifacts of one version are together considered one wikibase suite release, that is:
- Container images for MediaWiki+WikiBase+Extensions aka Bundle, QueryService, etc.
- docker-compose files defining the whole stack ready to run
- env files configuring the whole stack ready to run (sane defaults, but what about passwords?)
- see T340234 for more information
=== Versions offered ===maintained in channels ===
- There are three version channels maintained at every time: "stable", "oldstable" and "next".
- We might want to provide
- - "stable releases not including any breaking changes for the user", contains the current stable version, also latest mediawiki stable
- support them "for a while" (as long as the respective MW version is supported?- "oldstable", contains the last stable version (was in stable channel before)
- there might be several supported stable releases in parallel, e.g. 2.x.x for mediawiki 1.39- "next", and 3.x.x for mediawiki 1.40contains the unstable version created off of the main branches of upstream components
- Example at a certain point in time:
- cutting edge builds in order to be ready to release the next stable as soon as upstream (mediawiki) becomes stable (T343692)- "oldstable" has v2.1.0 the old/LTS version
- The pipeline code at a certain commit only builds the latest of all supported versions of the artifacts, e.g. the pipeline main at commit fe234ac builds
- Wikibase Suite 2.3.1 (MW 1.39.3)- "stable" has v3.0.0 the current version
- Wikibase Suite 3- "next" has v4.0.4 (MW 1.40.1)0-pre20230528 the upcoming unreleased version
- Stable releases do not include any breaking changes for the user
- Support them "for a while" (TODO: define how long)
- Breaking changes can happen at any time to the version currently in the "next" channel.
=== Bumping stable version ===
When we decide to bump the stable major version, that is that we are convinced that the version in the next channel is stable enough to become the stable channel (TODO: what does that mean?), we do the following:
Taking the example from above again, before the version bump we have:
- "oldstable" has v2.1.0 the old/LTS version
- and Wikibase Suite 4- "stable" has v3.0.0 the current version
- "next" has v4.0.0-pre.X (20230528 the upcoming unreleased MW 1.41)version
Bumping the version means:
- We could use docker image tags to deliver individual - the version from "oldstable" does not receive any updates anymore, that is 2.1.0 is the last 2.X version in the example
- the version from "stable" becomes "oldstable", so the "oldstable" channel will from now on point to 3.X
- the version from "next" becomes "stable", so stable will point to the first version of 4.X, 4.0.0
- "next" will follow "stable"
- when the next breaking change comes in, "next" branches off of stable and gets a new version number 5.X
- Cutting edge builds in order to be ready to release the next stable as soon as upstream (mediawiki) becomes stable (T343692)
=== Tagging the pipeline main branch ===
- A version f82a7cff of the `main` branch has the following tags
- v2.1.0 the latest release of the old/LTS version (oldstable channel, see below)
- v3.0.0 the latest release of the current version (stable channel, see below)
- v4.0.0-pre20230528 the latest build of the upcoming unreleased version (next channel, see below)(TODO: we cannot use the date, can we build without updating the build code?)
=== Which pipeline version builds which suite version ===
- The pipeline code at a certain commit only builds the latest of all supported versions of the artifacts (see above), this is three different versions, "old stable", "stable", "next"
=== Distribution ===
The distribution happens in "channels".
There is a "stable" channel, an "old stable" channel and a "next" channel.
At a certain point of time
- We use docker image tags to identify versions as well as stable branches
- Pushing the latest build of our artifacts as 3.0.4, 3.0 and 3 allows the users to pull a specific version as well as a stable "channel"
- Our distribution, the docker-compose file, might just reference the stable channel of images, e.g. "wikibase-bundle:3"
- How do we distribute different versions of our distribution? (T340234)
- Is this a git repo as well?
- Do we create a zip of it with docker compose referencing the correct image versions?
- All of the above can trigger a version bump
- Need to decide whether it is patch, minor or major
- **What is a breaking change? What is the interface our users rely on?**
Work in progress...