Hi all, Across the MediaWiki development community, we've increasingly been using phan <https://www.mediawiki.org/wiki/Continuous_integration/Phan> for static analysis and vulnerability checking. It's become very valuable in spotting issues during development, especially thanks to the security checking plugin maintained and extended by Daimona <https://www.mediawiki.org/wiki/Continuous_integration/Phan/Phan-taint-check-plugin>, but as phan has been run as a separate CI job, getting it configured for your repo was a bit of a chore, even assuming you knew it was available.
However, no more! Legoktm proposed <https://phabricator.wikimedia.org/T283097> that we make the phan CI job pass when unconfigured, and as of a few minutes ago, I've deployed this change to CI to do this for (almost) all MediaWiki skins and extensions. As a quick example, the Cargo extension previously did not have a phan CI job; it now does, as can be seen on this patch <https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/693398>. When the maintainers of that extension want actually use phan on their extension, configuring it in the normal way <https://www.mediawiki.org/wiki/Continuous_integration/Tutorials/Add_phan_to_a_MediaWiki_extension> should Just Work⢠in a self-service manner, without needing to ask for CI to be configured. If there are any issues, please file a Phabricator task. If you need any help getting phan working for your extension, please drop into Libera IRC; the #wikimedia-releng channel might be a good one. There are a handful of situations where we cannot run phan usefully right now, unfortunately; I hope we can fix that in the next few weeks. J. -- *James D. Forrester* (he/him <http://pronoun.is/he> or they/themself <http://pronoun.is/they/.../themself>) Wikimedia Foundation <https://wikimediafoundation.org/>
_______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
