Suggestions for extensions to be integrated/Checklist

From mediawiki.org
Jump to navigation Jump to search

The following is a checklist that extensions and skins need to complete before they can be bundled alongside MediaWiki in the tarball. Each requirement is explained in detail below. While not explicitly stated, it is expected that these extensions/skins are stable and don't have severe unfixed bugs.

Copy/paste format for Phabricator:

[ ] Passed discussion or already Wikimedia deployed
[ ] Passed security review or already Wikimedia deployed
[ ] Voting CI structure tests
[ ] Runs MediaWiki-CodeSniffer
[ ] Runs phan
[ ] Supports MySQL, SQLite, and Postgres (if there are schema changes)
[ ] GPL v2 or later compatible license
[ ] Extension's default configuration provides optimal experience
[ ] Tested with web installer
[ ] Any relevant dependencies also bundled

Create task (please tag it with MW-1.XX release and add it to the relevant parent task)

Discussion[edit]

Adding a new extension or skin to the default bundle means it must be functional, free of major bugs (including conflicts with any other bundled component) and passing CI any time release branches are cut; if no one else is around to ensure that, the burden falls on the maintainers of MediaWiki core and its release process. The end-user benefit of being bundled needs to be weighed against the cost of that commitment.

For extensions/skins which are already under a comparable or higher level of scrutiny, such as ones deployed in Wikimedia production, this means no extra burden. For all others, please propose bundling publicly so the trade-offs can be weighed. Use the parent page or (preferably) a Phabricator task with an announcement on wikitech-l.

Security review[edit]

Everything in the MediaWiki tarball must pass a security review, as it will be supported for security issues/bugs for the lifetime of releases it is bundled with. See Security/SOP/Security Readiness Reviews for how to get your code reviewed. It is not necessary that the security review happened recently, but if large code changes have happened since then, it may make sense to have it re-reviewed before bundling.

Voting CI structure tests[edit]

The Git repository with the extension/skin's code must run the MediaWiki "structure" tests, which validates that extension features are registered and working correctly (E.g. API modules, content models, ResourceLoader modules).

If the repository has a CI job that runs core PHPUnit tests, then the structure tests are likely being run as well.

"Voting" means that the CI job is part of the required "V+2" check before commits can merge (e.g. not an advisory "non-voting" job).

Runs MediaWiki-CodeSniffer[edit]

MediaWiki-CodeSniffer is a linting tool for PHP code that can identify basic syntax/formatting/style errors in code. See Continuous integration/PHP CodeSniffer for more information.

Runs phan[edit]

phan is a static analysis tool for PHP that can identify an even larger set of errors, including classes/functions/methods that are missing or misspelled, missing use statements, etc. MediaWiki also has a custom plugin that identifies potential security issues including XSS and SQL injection. See Continuous integration/Phan for more information.

Supports MySQL, SQLite, Postgres[edit]

All extensions/skins which have schema changes must support the three most popular and free database systems that MediaWiki supports: MySQL/MariaDB, SQLite and Postgres. (Ideally, the extension would use abstract schemas.) It is highly recommended to have CI test your patches against all three systems (TODO: document how to set that up).

GPL v2 or later compatible license[edit]

MediaWiki is released under the GNU General Public License version 2 or any later version. All bundled code must be compatible with that license. Most popular licenses such as GPL v3 or later, Apache 2.0, and MIT/Expat are compatible. The FSF maintains a list of compatible licenses as well.

Configuration provides optimal experience[edit]

Bundled extensions/skins are expected to work for nearly all MediaWiki installations, regardless of resources or sysadmin skill level. It is important that these extensions provide a default configuration that is optimized, requiring minimal changes on a sysadmin's part.

Tested with web installer[edit]

CI ensures that the extension/skin can be installed with the command-line installer, but sometimes extensions/skins do things that unintentionally break the web installer. It's important to do an extra test with the web installer to make sure that everything works as expected.

To test, just download the MediaWiki tarball, download the extension into the extensions subdirectory (or if it's a skin download it into the skinssubdirectory), go through the installation steps, on the last configuration page of the installer select the extension/skin, and see if it installs properly and works as expected.

Any relevant dependencies also bundled[edit]

If the extension depends on other extensions, those too must be bundled or in the process of being bundled.