Hi all,
Across the MediaWiki development community, we've increasingly been using
phan <https://www.mediawiki.org/wiki/Continuous_integration/Phan> for
static analysis and vulnerability checking. It's become very valuable in
spotting issues during development, especially thanks to the security
checking plugin maintained and extended by Daimona
<https://www.mediawiki.org/wiki/Continuous_integration/Phan/Phan-taint-check-plugin>,
but as phan has been run as a separate CI job, getting it configured for
your repo was a bit of a chore, even assuming you knew it was available.
However, no more! Legoktm proposed
<https://phabricator.wikimedia.org/T283097> that we make the phan CI job
pass when unconfigured, and as of a few minutes ago, I've deployed this
change to CI to do this for (almost) all MediaWiki skins and extensions.
As a quick example, the Cargo extension previously did not have a phan CI
job; it now does, as can be seen on this patch
<https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/693398>.
When the maintainers of that extension want actually use phan on their
extension, configuring it in the normal way
<https://www.mediawiki.org/wiki/Continuous_integration/Tutorials/Add_phan_to_a_MediaWiki_extension>
should Just Work⢠in a self-service manner, without needing to ask for CI
to be configured.
If there are any issues, please file a Phabricator task. If you need any
help getting phan working for your extension, please drop into Libera IRC;
the #wikimedia-releng channel might be a good one.
There are a handful of situations where we cannot run phan usefully right
now, unfortunately; I hope we can fix that in the next few weeks.
J.
--
*James D. Forrester* (he/him <http://pronoun.is/he> or they/themself
<http://pronoun.is/they/.../themself>)
Wikimedia Foundation <https://wikimediafoundation.org/>
Across the MediaWiki development community, we've increasingly been using
phan <https://www.mediawiki.org/wiki/Continuous_integration/Phan> for
static analysis and vulnerability checking. It's become very valuable in
spotting issues during development, especially thanks to the security
checking plugin maintained and extended by Daimona
<https://www.mediawiki.org/wiki/Continuous_integration/Phan/Phan-taint-check-plugin>,
but as phan has been run as a separate CI job, getting it configured for
your repo was a bit of a chore, even assuming you knew it was available.
However, no more! Legoktm proposed
<https://phabricator.wikimedia.org/T283097> that we make the phan CI job
pass when unconfigured, and as of a few minutes ago, I've deployed this
change to CI to do this for (almost) all MediaWiki skins and extensions.
As a quick example, the Cargo extension previously did not have a phan CI
job; it now does, as can be seen on this patch
<https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/693398>.
When the maintainers of that extension want actually use phan on their
extension, configuring it in the normal way
<https://www.mediawiki.org/wiki/Continuous_integration/Tutorials/Add_phan_to_a_MediaWiki_extension>
should Just Work⢠in a self-service manner, without needing to ask for CI
to be configured.
If there are any issues, please file a Phabricator task. If you need any
help getting phan working for your extension, please drop into Libera IRC;
the #wikimedia-releng channel might be a good one.
There are a handful of situations where we cannot run phan usefully right
now, unfortunately; I hope we can fix that in the next few weeks.
J.
--
*James D. Forrester* (he/him <http://pronoun.is/he> or they/themself
<http://pronoun.is/they/.../themself>)
Wikimedia Foundation <https://wikimediafoundation.org/>