Phabricator/Migration/status

Last update on: 2014-08-28

2014-05-19
The Phabricator RfC was finished with support for moving to Phabricator. Hence also the review of Wikimedia's Project management tools is finished. At the Zürich Hackathon 2014 three Phabricator related sessions took place (general introduction to Phabricator by Shahyar, Phabricator's code review concept and tool by Shahyar, discussion planning Day 1 of Phabricator in production). Another public IRC office hour about Phabricator took place on May 14th (log). Andre summarized the process of moving to Phabricator so far in a blogpost. Regarding overviews and keeping track, the project has a central general information page, a planning board for Wikimedia Phabricator Day 1 in Production, a team defined for the required work, and an upstream task board for planning.

2014-05-monthly
Mukunda Modell is currently addressing authentication and access restrictions for security tickets with upstream. Chase Pettet and Daniel Zahn of Wikimedia Operations are spearheading the Phabricator installation. Andre Klapper has upstreamed some issues, commented on numerous tickets, and identified further tasks related to migration. An overview board of tasks to solve for the first dayof Phabricator in production is available. Furthermore, once Wikimedia SUL authentication is sorted out, it is investigated to launch the Phabricator production instance first with very limited functionality to provide a Trusted User Tool.

2014-06-10
Apart from commenting on / discussing / upstreaming Phabricator tickets, Andre gave a short Phabricator presentation at WMF's Monthly Metrics meeting and started thinking about on organizing sprints, releases, iterations in Phab and data migration from Bugzilla.

2014-06-monthly
Apart from discussions on how to implement certain functionality and settings in Phabricator among team members and stakeholders, Mukunda implemented a MediaWiki OAuth provider in Phabricator (Gerrit changes: 1, 2; related ticket) and Chase created a Puppet module for Phabricator.

2014-07-09
Mukunda Modell implemented WMF SUL Authentication for Phabricator. Chase Pettet deployed Legalpad, a tool to manage trusted users, on a separate server (workflow to be further defined with the Legal team). Sean Pringle and Chase put a data backup system for Phabricator in place. Mukunda wrote code to restrict access to tasks in a certain project, which can already be tested on fab.wmflabs.org. Chase upgraded the dedicated Phabricator server to Ubuntu Trusty. Andre Klapper listed the Bugzilla bug report elements to tackle in a script to import from Bugzilla and dropped his thoughts about Priority and Keyword migration. In upstream development, umbrella projects and subprojects are being worked on, which will influence our plans on handling release planning in Phabricator.

2014-07-22
Mukunda finished packaging using pkg-php-tools/dh_php5, worked on refactoring project access restrictions into a custom herald action (ticket and patch), showing the wiki account URL on Legalpad's signature list view, and file access restrictions (ticket and patch). Chase has been working on configuring exim for mail and discussing accessibility of file attachments with upstream. Andre commented on tickets about handling keywords, severity etc. and sent a summary email to wikitech-l communicating which 'regressions' we might see.

2014-07-monthly
Phabricator's "Legalpad" application (a tool to manage trusted users) was set up on a separate server. This instance provides WMF Single-User Login authentication. Mukunda implemented restricting access to tasks in a certain project which can be tested on fab.wmflabs.org. As a followup, he investigated enforcing security policy also on files and attachments and replacing the IRC bots by Phab's chatbot. Chase worked on initial migration code to import data from Bugzilla reports into Phabricator tasks (and ran into missing API code in Phabricator), investigated configuring Exim for mail, set up a data backup system for Phabricator, and upgraded the dedicated Phabricator server to Ubuntu Trusty. Quim started documenting Phabricator. Andre helped making decisions on defining field values and how to handle certain Bugzilla fields in the import script and sent a summary email to wikitech-l about the Phabricator migration status.

2014-08-11
Upstream Phabricator developers implemented granular file permissions and upload defaults, with making file data to be inaccessible (not undiscoverable) still to resolve (see related task, Mukunda investigates). Chase throughly tested the current state of file access security (prior to having a canCDN flag implementation which will require more testing), plus worked on supporting Bugzilla keyword conversion into separate Phabricator tags plus general improvements in the import script. In upstream, Mukunda added API to create projects. Chase added support for mailing lists as watching users in upstream and case sensitivity in project URLs is now handled by normalizing to lower case (see related task).

2014-08-20
<section begin="2014-08-20"/>Chase worked on and tested the data migration logic (attachments and security access) and ran into a Bugzilla WebService API issue. Mukunda worked on getting MediaWiki OAuth merged into upstream and merged a CustomField extension that adds a "MediaWiki Userpage". Chase and Mukunda also worked on the Project Policy Enforcer action for Herald, providing a user-friendly dropdown menu to restrict ticket access when creating the ticket. We also identified that we want to purchase an alternative domain first for content hosted on the Phabricator production instance.<section end="2014-08-20"/>

2014-08-28
<section begin="2014-08-28"/>For a better overview, the Wikimedia Phabricator Day 1 project was split into three projects: Day 1 of a Phabricator Production instance in use, Bugzilla migration, and RT migration. A separate domain for user content was purchased (which still needs a certificate). Mukunda worked on getting the MediaWiki OAuth provider merged into upstream. More testing of the security implementation took place (with regard to making restricted data not only undiscoverable but also inaccessible). Chase also worked on the scripts to export and import data between the systems.<section end="2014-08-28"/>