[12:18:04] [12:18:10] (Hi) [13:15:17] hashar: you around? i know why ci for the api tests is failing, but I need your help with figuring out how to fix it. [13:15:51] duesen: :) [13:16:04] what kind of craziness is happening? :-\ [13:18:06] James_F: T232869 through T232873 are a bit of a potentially weird situation. The hooks are deprecated because the things they serve are deprecated, but the things they serve are still in use by clients . So removing the hook usages might break those clients, while hard-deprecating the hooks would give spurious deprecation warnings. [13:18:07] T232873: The "ApiTokensGetTokenTypes" hook is listed in documentation as deprecated but doesn't emit deprecation warnings yet - https://phabricator.wikimedia.org/T232873 [13:18:07] T232869: The "APIQueryInfoTokens" hook is listed in documentation as deprecated but doesn't emit deprecation warnings yet - https://phabricator.wikimedia.org/T232869 [13:22:07] hashar: oh hey, sorry, got side tracked right after i wrote here [13:22:08] James_F: Re T232868, CentralAuth doesn't use AddNewAccount. I don't see anything in WMF production that does. [13:22:09] T232868: The "AddNewAccount" hook is listed in documentation as deprecated but doesn't emit deprecation warnings yet - https://phabricator.wikimedia.org/T232868 [13:22:37] hashar: the Js client needs to know the value of $wgSecretKey. [13:23:20] hashar: I was hoping that would just be a static value for the containerized mediawiki, then we could just hardcode it in the client's conifgs/quibble.json file. But that does not seem to be the cfase [13:23:33] hashar: what's the best way to share a secret between the testing client and MediaWiki? [13:23:49] (see also the email I sent abotu this last week) [13:24:48] duesen: I guess $wgSecretKey is generated at install time [13:25:01] why would the client needs it anyway? :-\ [13:25:27] I mean, it is supposedly secret / server side only [13:25:36] hashar: the only reason it exists if for clients to be able to perform privileged actions via http [13:25:40] such as forcing jobs to run [13:26:01] Special:RunJobs uses it [13:26:05] hmm [13:26:18] I think the wdio tests do have a trick to run jobs [13:26:22] but I have no idea how they do it [13:26:33] so, we could force the value, or export it as an environment variable, ur use docker's secret management, or... [13:27:30] how hard would it be to force the value in LocalSettings.php? [13:28:16] if that is to force running jobs, there is a long discussion on one of the mediawiki/core change on that topic [13:28:18] I am looking it up [13:29:55] ah [13:30:03] so the abandoned patch based on Special:RunJobs https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/446543/ [13:31:07] I cant tell though hy it got abandoned [13:31:12] hashar: https://gerrit.wikimedia.org/r/c/mediawiki/core/+/446543/12/tests/selenium/wdio.conf.js#21 [13:31:30] but I imagine that if one runs the tests against prod (eg de.wikipedia.org ) surely we do not want to pass the production secret key [13:31:44] which would be why that change got abandoned [13:31:45] so the proposal there was to use an environment variable [13:32:07] the api tests will never run against production [13:32:14] they are destructibve, they modify the wiki [13:32:25] they also rely on knowing the credentials of a bureaucrat user [13:32:40] eventually to run the jobs we had https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/459800/ [13:32:55] ah [13:33:13] yea, that does not work [13:33:18] site stats are agressively cached [13:33:27] the number of jobs reported is stale by one minute or so [13:33:32] I tried that too :) [13:33:45] for the credentials, the admin user/pass are hardcoded, so it should be possible to create a bureaucrat user with appropriate groups [13:33:49] else well [13:33:54] anyway [13:33:58] Also, runThroughFrontPageRequests is one job per request. that is SLLLOOOWWWWW [13:34:07] we would need the installer to recognized an extra parameter that sets the secret key [13:34:24] so we can hardcoded/generate one in quibble when installing [13:34:30] and eventually set it in an env variable [13:34:34] hashar: yes, the bureacrat user exists, and we are sharing the secret. that works [13:34:40] we just need to share another secret [13:35:06] hashar: can't you just append to LocalSettings.php? [13:35:16] no need to mess with the installer, cust change the config [13:35:21] stick the new value at the bottom, done [13:35:44] alternatively: extract it from the config. [13:36:00] hm maybe. There is quibble/mediawiki/local_settings.php [13:36:16] I can't tell how broken it would be to have the secret there hehe [13:39:25] hashar: so, which way is easier, forcing the secret somehow, or extracting the secret generated by the installer? [13:42:42] duesen: neither? more seriously I don't know and I can't look into it today for sure [13:43:03] but I guess we can loop in Pablo from wmde and Timo they would have smarter ideas than me for sure [13:43:28] hashar: where should i start lookin to find out? and who else could help me understand this? [13:43:44] I'm actually in a room with Pablo. I'll grab him. [13:43:49] ah cool [13:44:13] cause I get he went hitting the exact same wall when trying to run jobs via the api (which was https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/446543/ ) [13:44:58] where can I look at quibble/mediawiki/local_settings.php? [13:54:13] duesen: repo is integration/quibble.git https://phabricator.wikimedia.org/source/quibble/browse/master/quibble/mediawiki/local_settings.php [13:55:12] which is prepended at the top of the generated LocalSettings.php [13:55:50] hashar: oh, prepend. too bad. I need append. [13:55:52] so that they get applied before wfLoadExtension() / wfLoadSkin() [13:56:23] what code would i have to change to add an option to append? [14:00:37] found it. will make a POC test. rough and ready [14:32:22] hashar: https://gerrit.wikimedia.org/r/c/integration/quibble/+/537118 [14:34:10] duesen: I am looking at the Move.js changes you made. Even after setting the secret in the JSON file to what's in LocalSettings.php, I still get "Invalid or stale signature provided". Any idea? [14:35:36] anomie: Sorry, yeah, was misled by CentralAuth's "asAddNewAccountHook" method, but it's not hooked up. [14:36:00] hknust: you get that locally, or in CI? [14:36:05] James_F: It's hooked up, but to the replacement for AddNewAccount. [14:36:09] * James_F nods. [14:36:10] locally [14:36:46] hknust: that's surprising. Are you sure the correct config file is bing used? [14:36:52] anomie: For the ApiTokens* ones, no rush, we can leave that around for another few years, I just wanted to get a task in. [14:36:54] If the secret is the same, it should work... [14:37:23] hknust: oh - my patch is not based on your patch, so it doesn't read local.json! [14:37:36] ...you'll have to put the secret into the old config,.json for it to work [14:37:41] right but I also updated config.json [14:38:18] let me see what's going on there [14:38:19] and you have the latest version of me core? [14:38:36] that may be it [14:39:45] i just confirmed that it works for me [14:49:22] Reedy: Re. napwikisource count issues, doesn't the "comma" count method load the content from ES? [14:49:49] Not in SiteStatsInit [14:50:47] Huh. [14:51:00] But then... [14:51:16] For comma, we don't run this script? [14:51:17] or something iirc [14:51:22] Oh. [14:51:33] But if ES was completely borked [14:51:43] They'd have noticed their articles were all screwed up [14:52:14] Hmm [14:52:15] https://github.com/wikimedia/puppet/blob/b347052863d4d2e87b37d6c2d9f44f833cfd9dc2/modules/mediawiki/manifests/maintenance/initsitestats.pp#L8 [14:52:42] ALSO [14:52:42] * (T188472) The 'comma' value for $wgArticleCountMethod is no longer supported [14:52:42] for performance reasons, and installations with this setting will now work as [14:52:42] if it was configured with 'any'. [14:52:44] T188472: Give up on 'comma' article-count method - https://phabricator.wikimedia.org/T188472 [14:52:50] (at some point HISTORY) [14:53:06] looks like that changed in 1.31 [14:54:33] hknust: does it work now? [14:55:34] I am rebuilding the docker images [14:55:41] will let you know [14:56:02] hknust: rebuilding the images? why? [14:56:25] if you hare using mediawiki-docker-dev, mediawiki is monted into the docker image, from your local disk [14:56:29] all you need is git pull [14:56:43] then it didn't work [14:56:53] that's strange. [14:57:12] where exactly did you get the value of wgSecretKey from? [14:57:20] with mwdd, there are two LocalSettings.php files [14:57:54] I looked inside the container to be sure in .docker/LocalSettings.php [14:58:42] I'm actually not sure that's the right one, would have to check :) [14:58:56] it should be the one in configs/mediawiki/ of the mwdd directory [14:59:03] oh, I have to run to a meeting now... [14:59:16] will do [16:01:49] hknust: did you get it to work?... [16:07:07] Reedy: Oh, yes, now I remember. I wrote or merged that patch, indeed, IIRC. [16:07:37] Too many patches. [18:09:20] lol [18:21:57] duesen: ja [23:56:38] Krinkle: Why is https://phabricator.wikimedia.org/T231303 tagged as Wikimedia production on PHP 7.4? [23:56:40] We don't use it :) [23:57:04] at least, not for MW/MW extensions we have deployed