Wikimedia Release Engineering Team/Code review platform guideline

From MediaWiki.org
Jump to navigation Jump to search

Code review platform choice guideline[edit]

This document aims to address the question of:

"For my software project at the Wikimedia Foundation: Where should I host my code? Where should I host my code-review?"

The guideline[edit]

The default location for code hosting and code-review is on the WMF-hosted platform (currently Gerrit, soon to be Phabricator).

There are two exceptions:

  • There is an exception to this default for code hosting (but not code-review) when you (the project maintainers) and WMF Release Engineering agree that the Continuous Integration services provided by WMF Release Engineering are not sufficient for the project (example: iOS application building and testing requiring the maintenance of Mac OS X machines).
  • There is an exception to this default for code hosting and code-review when the project is maintained by community members or staff in their volunteer capacity or if it was started before the staff member joined the Foundation (example: gdnsd).

Background[edit]

Free Software[edit]

The first of Wikimedia's "guiding principles" addresses the fact the the Wikimedia community and Wikimedia Foundation are deeply rooted in the values of the free culture and free software movements. As such, as "an organization, we strive to use open source tools over proprietary ones, although we use proprietary or closed tools (such as software, operating systems, etc.) where there is currently no open-source tool that will effectively meet our needs."

Because of this guiding principle the WMF has always hosted it's own source code and code-review platform internally. In the beginning code review happened on a mailing list, then via a MediaWiki extension, and most recently in Gerrit (and soon in Phabricator).

Deployments[edit]

For security reasons, the WMF Operations team has a policy of only allowing the deployment of code pulled from trusted repositories (at this time, Gerrit) to production servers (the set of machines that serve traffic to WMF-hosted projects). This policy does not impact WMF Labs projects.

Unified development platform[edit]

The WMF is consolidating it's development-related platforms from at least 3 (Gerrit, Bugzilla, and Gitblit) to one, Phabricator. The reasons for this are explained more fully in the reasoning for migrating code-review to Phabricator.

Relatedly, we gain more benefits from a single development platform when everyone (possible) uses it. This benefit can really not be understated. The mere fact of having everyone working in the same system allows us to benefit from:

  1. increased communication efficiency across all (involved) teams and individuals
  2. (corollary) decreased overhead of maintaining communication across multiple venues/mediums

Privacy[edit]

By only requiring our development community (which is made up of WMF Staff, volunteers from the broader Wikimedia community, and third-party users of our software) to use our own platform which is bound by our very stringent WMF Privacy Policy we give our users a vastly higher standard of privacy than any other known third-party code-review platform. If we instead use a third-party platform such as Github we subject our community to their Terms of Service and Privacy Policy, which do not meet our community's standards (as per conversations during our own Privacy Policy update process).