Mailing List Archive

CI now runs a phan job for most MediaWiki extensions and skins
Hi all,

Across the MediaWiki development community, we've increasingly been using
phan <> for
static analysis and vulnerability checking. It's become very valuable in
spotting issues during development, especially thanks to the security
checking plugin maintained and extended by Daimona
but as phan has been run as a separate CI job, getting it configured for
your repo was a bit of a chore, even assuming you knew it was available.

However, no more! Legoktm proposed
<> that we make the phan CI job
pass when unconfigured, and as of a few minutes ago, I've deployed this
change to CI to do this for (almost) all MediaWiki skins and extensions.

As a quick example, the Cargo extension previously did not have a phan CI
job; it now does, as can be seen on this patch
When the maintainers of that extension want actually use phan on their
extension, configuring it in the normal way
should Just Work™ in a self-service manner, without needing to ask for CI
to be configured.

If there are any issues, please file a Phabricator task. If you need any
help getting phan working for your extension, please drop into Libera IRC;
the #wikimedia-releng channel might be a good one.

There are a handful of situations where we cannot run phan usefully right
now, unfortunately; I hope we can fix that in the next few weeks.

*James D. Forrester* (he/him <> or they/themself
Wikimedia Foundation <>