Suggestions for extensions to be integrated/Checklist

From mediawiki.org
Jump to navigation Jump to search

The following is a checklist that extensions and skins need to complete before they can be bundled alongside MediaWiki in the tarball. Each requirement is explained in detail below. While not explicitly stated, it is expected that these extensions/skins are stable and don't have severe unfixed bugs.

Copy/paste format for Phabricator:

[ ] Passed security review or already Wikimedia deployed
[ ] Voting CI structure tests
[ ] Runs MediaWiki-CodeSniffer
[ ] Runs phan
[ ] Supports MySQL, SQLite, and Postgres (if there are schema changes)
[ ] GPL v2 or later compatible license
[ ] Extension's default configuration provides optimal experience
[ ] Tested with web installer

Security review[edit]

Everything in the MediaWiki tarball must pass a security review, as it will be supported for security issues/bugs for the lifetime of releases it is bundled with. See Security/SOP/Security Readiness Reviews for how to get your code reviewed. It is not necessary that the security review happened recently, but if large code changes have happened since then, it may make sense to have it re-reviewed before bundling.

Voting CI structure tests[edit]

The Git repository with the extension/skin's code should run the MediaWiki structure tests that verify different parts of the things' setup is done properly. In most cases if the PHPUnit tests are run against the repository, then the structure tests should be included.

Runs MediaWiki-CodeSniffer[edit]

MediaWiki-CodeSniffer is a linting tool for PHP code that can identify basic syntax/formatting/style errors in code. See Continuous integration/PHP CodeSniffer for more information.

Runs phan[edit]

phan is a static analysis tool for PHP that can identify an even larger set of errors, including classes/functions/methods that are missing or misspelled, missing use statements, etc. MediaWiki also has a custom plugin that identifies potential security issues including XSS and SQL injection. See Continuous integration/Phan for more information.

Supports MySQL, SQLite, Postgres[edit]

All extensions/skins which have schema changes must support the three most popular and free database systems that MediaWiki supports: MySQL/MariaDB, SQLite and Postgres. It is highly recommended to have CI test your patches against all three systems (TODO: document how to set that up).

GPL v2 or later compatible license[edit]

MediaWiki is released under the GNU General Public License version 2 or any later version. All bundled code must be compatible with that license. Most popular licenses such as GPL v3 or later, Apache 2.0, and MIT/Expat are compatible. The FSF maintains a list of compatible licenses as well.

Configuration provides optimal experience[edit]

Bundled extensions/skins are expected to work for nearly all MediaWiki installations, regardless of resources or sysadmin skill level. It is important that these extensions provide a default configuration that is optimized, requiring minimal changes on a sysadmin's part.

Tested with web installer[edit]

CI ensures that the extension/skin can be installed with the command-line installer, but sometimes extensions/skins do things that unintentionally break the web installer. It's important to do an extra test with the web installer to make sure that everything works as expected.