[00:04:10] ArcanistComposerLinter doesn't actually run composer. it just checks that composer.lock matches composer.json [00:05:49] lol [00:06:04] hmm it shouldn't be too hard to fix that [00:06:26] is there a "run this shell script" linter? [00:06:48] and upstream it (we've already upstreamed fixes to the nosetest engine for unit testing, they didn't hesitate to accept the patch) [00:07:13] script-and-regex linter [00:09:22] bd808: it would probably be better to extend the composer linter to actually run composer [00:09:40] the arcanist workflows are stupid-easy to write / enhance [00:09:44] It feels like running unit tests is an abuse of "lint" [00:09:59] but I guess if there is a nose linter [00:09:59] well there are also unit test engines [00:10:08] it's a nosetestengine [00:10:42] linters and unit test engines are almost the identical api the only difference is one tests (and suppots coverage) while the other just parses [00:11:30] I think our use of Composer would be a unit.engine [00:11:55] * bd808 looks at the phpunit engine [00:13:00] it only runs phpunit test files that have changed in the diff? [00:13:02] wonky [00:13:34] well you can always do --everything [00:13:34] ah ha -- ArcanistConfigurationDrivenUnitTestEngine [00:14:09] bd808: yeah that works the way the lint engine works, it lets you link multiple unit test engines with a .arcunit config [00:14:37] are the tests run on the client or server? [00:14:44] s/client/user's laptop/ [00:14:53] legoktm: both? [00:15:14] so phab runs it for any arbitrary user? [00:15:28] it runs on the developer's machine when submitting a diff but we _can_ configure harbormaster to also run the tests [00:15:36] (not currently fully configured) [00:15:42] so..no. [00:16:18] legoktm: right, phab doesn't run them... harbormaster docs address the problem of running them for untrusted users [00:16:43] ok [00:16:43] but the main solution is run everything client side, which also eliminates waiting for ci build queues [00:18:33] it also creates its own set of new problems, mainly that every developer has a different environment [00:18:34] but totally untrustable unless the reviewer verifies the results themselves [00:19:07] I doubt any developer still has php5.3.3 installed to php -l with [00:19:08] its a good "we are all professionals here" solution [00:19:22] * bd808 raises hand and grins [00:19:39] oh look, `arc land` got some recent <3 from upstream: https://secure.phabricator.com/T9657 [00:21:16] legoktm: I think what I want to try to figure out for composer-merge-plugin is a way to do what OCG does and push the patch to a github branch for travis to run against [00:21:31] The solution that phabricator proposes is to re-run the same tests in an isolated instance running harbormaster ...then throw it away so that any potential nefarious activity has minimal impact [00:22:22] bd808: it already supports that - it's called "staging area" and you can configure it per-repo in phabricator, then arcanist will push each change (as a tag, currently) [00:22:26] yeah. that's the "right" thing to do [00:22:33] can travis-ci test tags or does it have to be a branch? [00:23:05] it tests based on a commit or push to a watched github repo [00:23:27] so a tag should work just like a branch [00:23:52] ok then that should work (I think it was created for that specific use-case actually) [00:27:46] is it possible to have phab put the review information into git notes instead of the commit message? [00:28:10] bd808: just set the staging url in the diffusion repo config, point it to the github remote you want to test against, and everything should just work [00:28:21] legoktm: no [00:28:26] at least not currently [00:28:53] differential and arcanist come from a world where svn is still a thing and so they don't fully embrace git [00:29:12] apparently facebook still uses svn (or at least they did somewhat recently) [00:29:21] I thought fb was using hg? [00:29:21] twentyafterfour: "diffusion repo config"? [00:29:45] I don't think I have the phab powers to do much to https://phabricator.wikimedia.org/diffusion/GCMP/ [00:29:51] bd808: https://phabricator.wikimedia.org/diffusion/GCMP/edit/ [00:29:57] I never liked Gerrit's Change-Id: thing in the commit message, and this looks like it's going in the wrong direction :( [00:30:04] bd808: I gave you the powers, I think [00:30:36] yeah: editable by repo admins or db808 [00:30:56] I can apparently "edit basic information" and "deactivate repository" [00:31:20] do I have to deactivate before I can change stuff? [00:31:45] duh. /me scrolls down [00:32:30] bd808: you don't have to deactivate. Does it not let you edit https://phabricator.wikimedia.org/diffusion/GCMP/edit/staging/ ? [00:32:43] yeah I was just being UI blind [00:33:13] it is an odd UI [00:34:45] * bd808 reads the code behind the feature [00:43:33] twentyafterfour, legoktm: the upstream ticket for exactly what we are looking for (travis integration) is https://secure.phabricator.com/T8090 [00:48:56] bd808: right, and #2 on that list is the 'staging area' feature, #3 is still vaporware afaik [00:53:06] twentyafterfour: *nod* I'll look into this more next week. [00:53:45] that task has a lot of good context, epriestley's analysis of the issues is spot on [00:54:09] https://secure.phabricator.com/T8090#130715 will probably please a lot of the die-hard gerrit fans [01:37:49] Project browsertests-Wikidata-SmokeTests-linux-firefox-sauce build #433: 04FAILURE in 20 min: https://integration.wikimedia.org/ci/job/browsertests-Wikidata-SmokeTests-linux-firefox-sauce/433/ [02:14:52] Hi everyone, I'm with the Jenkins project. We learned of a zero-day vulnerability today and posted about it here: https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli [02:15:21] We found https://integration.wikimedia.org/ci/ and thought we'd give you a heads up. Unfortunately I have no idea who to contact about this. [02:16:12] danielbeck: hi, thank you! I will email our operations and security teams about it [02:16:47] danielbeck: security@wikimedia.org for future reference :) [02:17:13] legoktm Thanks! If they're not subscribed, point them to https://groups.google.com/forum/#!forum/jenkinsci-advisories please. [02:17:18] will do [02:19:04] email sent [02:26:30] danielbeck, did you guys make a list of vulnerable installs? or is ours just particularly well known? [02:27:15] I'm kind of impressed you found -releng, although please contact security directly in future [02:28:05] Krenair All installs are vulnerable. I googled for 'Dashboard [Jenkins]" and went from there. [02:28:35] ok [02:28:45] With the assumption that the higher it shows, the "more public" and therefore more likely target something is. [02:30:32] we should be patched now [02:32:29] danielbeck: Thank you. [02:33:13] Maybe we should put something in the /topic for security disclosures here? [02:33:22] (Saying idly as someone without +t rights. ;-)) [02:33:48] If so, should probably happen in a lot of channels :/ [02:34:42] Krenair: -operations, -tech and -releng are the most obvious ones. [02:34:50] Krenair: /Possibly/ -dev, but eh. [02:34:51] I dunno about -releng [02:35:06] If we're directing people hereā€¦ [03:14:42] Project beta-scap-eqiad build #77598: 04FAILURE in 9 min 51 sec: https://integration.wikimedia.org/ci/job/beta-scap-eqiad/77598/ [04:00:13] 10Beta-Cluster-Infrastructure: Global importer group for TTO on beta cluster - https://phabricator.wikimedia.org/T118069#1790648 (10TTO) 3NEW [04:02:08] 10Beta-Cluster-Infrastructure: Global importer group for TTO on beta cluster - https://phabricator.wikimedia.org/T118069#1790656 (10Hydriz) a:3Hydriz Is [[http://deployment.wikimedia.beta.wmflabs.org/wiki/Special:CentralAuth/TTO|TTO]] your account on the Beta cluster? [04:03:01] 10Beta-Cluster-Infrastructure: Global importer group for TTO on beta cluster - https://phabricator.wikimedia.org/T118069#1790659 (10Krenair) 5Open>3Resolved > (change visibility) 04:02, 7 November 2015 Krenair (Talk | contribs | block) changed global group membership for User:TTO from (none) to import (per r... [04:03:26] 10Beta-Cluster-Infrastructure: Global importer group for TTO on beta cluster - https://phabricator.wikimedia.org/T118069#1790661 (10Hydriz) Sigh, nevermind. [04:04:53] 10Beta-Cluster-Infrastructure: Global importer group for TTO on beta cluster - https://phabricator.wikimedia.org/T118069#1790662 (10Krenair) Sorry Hydriz. That account seems to legitimately be @TTO, yes, certainly to the extent that I'd be concerned about for the beta cluter. [04:05:23] 10Beta-Cluster-Infrastructure: Global importer group for TTO on beta cluster - https://phabricator.wikimedia.org/T118069#1790663 (10TTO) Yes, it's me :) Thanks [05:29:50] Yippee, build fixed! [05:29:51] Project browsertests-MultimediaViewer-en.wikipedia.beta.wmflabs.org-windows_7-internet_explorer-11-sauce build #595: 09FIXED in 27 min: https://integration.wikimedia.org/ci/job/browsertests-MultimediaViewer-en.wikipedia.beta.wmflabs.org-windows_7-internet_explorer-11-sauce/595/ [05:42:24] Yippee, build fixed! [05:42:24] Project browsertests-MultimediaViewer-en.wikipedia.beta.wmflabs.org-os_x_10.9-chrome-sauce build #246: 09FIXED in 26 min: https://integration.wikimedia.org/ci/job/browsertests-MultimediaViewer-en.wikipedia.beta.wmflabs.org-os_x_10.9-chrome-sauce/246/ [08:31:53] Project browsertests-MultimediaViewer-en.wikipedia.beta.wmflabs.org-os_x_10.9-safari-sauce build #775: 04FAILURE in 21 min: https://integration.wikimedia.org/ci/job/browsertests-MultimediaViewer-en.wikipedia.beta.wmflabs.org-os_x_10.9-safari-sauce/775/ [09:12:40] RECOVERY - Host deployment-parsoidcache02 is UP: PING OK - Packet loss = 0%, RTA = 3.67 ms [09:38:28] Project browsertests-Echo-en.wikipedia.beta.wmflabs.org-linux-chrome-sauce build #665: 04FAILURE in 1 min 27 sec: https://integration.wikimedia.org/ci/job/browsertests-Echo-en.wikipedia.beta.wmflabs.org-linux-chrome-sauce/665/ [09:57:26] PROBLEM - Host deployment-cache-parsoid04 is DOWN: CRITICAL - Host Unreachable (10.68.19.197) [15:36:10] (03CR) 10Paladox: "This can be merged now." [integration/config] - 10https://gerrit.wikimedia.org/r/251638 (owner: 10Paladox) [15:36:24] jzerebecki: Could you merge https://gerrit.wikimedia.org/r/#/c/251638/ please. [15:37:50] 10Continuous-Integration-Config, 10MediaWiki-Codesniffer, 7Easy, 5Patch-For-Review: Convert existing legacy phpcs jobs to use composer entry point + versioning - https://phabricator.wikimedia.org/T90943#1791156 (10Paladox) [15:38:06] 10Continuous-Integration-Config, 10MediaWiki-Codesniffer, 7Easy, 5Patch-For-Review: Convert existing legacy phpcs jobs to use composer entry point + versioning - https://phabricator.wikimedia.org/T90943#1156398 (10Paladox) [15:38:38] 10Continuous-Integration-Config, 10MediaWiki-Codesniffer, 7Easy, 5Patch-For-Review: Convert existing legacy phpcs jobs to use composer entry point + versioning - https://phabricator.wikimedia.org/T90943#1190884 (10Paladox) [15:39:27] 10Continuous-Integration-Config, 10MediaWiki-Codesniffer, 7Easy, 5Patch-For-Review: Convert existing legacy phpcs jobs to use composer entry point + versioning - https://phabricator.wikimedia.org/T90943#1190884 (10Paladox) Two more repos to do cldr and TranslationNotifications. Translate just needs patch... [15:41:53] (03PS3) 10JanZerebecki: [Translate] Add composer-test test [integration/config] - 10https://gerrit.wikimedia.org/r/251638 (owner: 10Paladox) [15:42:19] (03CR) 10JanZerebecki: [C: 032] [Translate] Add composer-test test [integration/config] - 10https://gerrit.wikimedia.org/r/251638 (owner: 10Paladox) [15:42:34] (03CR) 10Paladox: "Thanks." [integration/config] - 10https://gerrit.wikimedia.org/r/251638 (owner: 10Paladox) [15:42:41] PROBLEM - Host deployment-parsoidcache02 is DOWN: CRITICAL - Host Unreachable (10.68.16.145) [15:57:00] jzerebecki: Could you review and merge https://gerrit.wikimedia.org/r/#/c/249459/ please. [15:57:20] (03Merged) 10jenkins-bot: [Translate] Add composer-test test [integration/config] - 10https://gerrit.wikimedia.org/r/251638 (owner: 10Paladox) [16:05:50] (03PS1) 10Paladox: Update extension-gate template [integration/config] - 10https://gerrit.wikimedia.org/r/251715 [16:06:29] (03PS2) 10Paladox: Update extension-gate template [integration/config] - 10https://gerrit.wikimedia.org/r/251715 [16:06:56] jzerebecki: Could you review https://gerrit.wikimedia.org/r/#/c/251715/ please. [16:08:42] (03PS3) 10Paladox: Update extension-gate template [integration/config] - 10https://gerrit.wikimedia.org/r/251715 [16:26:18] (03PS1) 10Paladox: [Timeless] Add composer-test test [integration/config] - 10https://gerrit.wikimedia.org/r/251718 [16:26:47] (03PS2) 10Paladox: [Timeless] Add composer-test test [integration/config] - 10https://gerrit.wikimedia.org/r/251718 [16:27:16] (03CR) 10Paladox: [C: 04-1] "Needs source file to be merged first." [integration/config] - 10https://gerrit.wikimedia.org/r/251718 (owner: 10Paladox) [16:28:30] (03PS3) 10Paladox: [examples] Update jenkins tests [integration/config] - 10https://gerrit.wikimedia.org/r/244747 [16:32:16] RECOVERY - Host deployment-parsoidcache02 is UP: PING OK - Packet loss = 0%, RTA = 1.03 ms [16:37:35] (03CR) 10Paladox: "recheck" [integration/config] - 10https://gerrit.wikimedia.org/r/243209 (https://phabricator.wikimedia.org/T90943) (owner: 10Paladox) [16:37:52] (03CR) 10jenkins-bot: [V: 04-1] [TranslationNotifications] Update tests [integration/config] - 10https://gerrit.wikimedia.org/r/243209 (https://phabricator.wikimedia.org/T90943) (owner: 10Paladox) [16:39:27] (03PS5) 10Paladox: [TranslationNotifications] Update tests [integration/config] - 10https://gerrit.wikimedia.org/r/243209 (https://phabricator.wikimedia.org/T90943) [16:40:48] (03CR) 10Paladox: [C: 04-1] "Source change needs merging first." [integration/config] - 10https://gerrit.wikimedia.org/r/243209 (https://phabricator.wikimedia.org/T90943) (owner: 10Paladox) [16:42:40] When you run check experimental in repos it shows in the grey box as 1 but dosen't show any tests as running. [16:42:45] at https://integration.wikimedia.org/zuul/ [16:57:18] 10Continuous-Integration-Config, 10Continuous-Integration-Infrastructure: check experimental is not showing jobs running - https://phabricator.wikimedia.org/T118082#1791231 (10Paladox) 3NEW [16:57:27] 10Continuous-Integration-Config, 10Continuous-Integration-Infrastructure: check experimental is not showing jobs running - https://phabricator.wikimedia.org/T118082#1791238 (10Paladox) @Hashar can I add you please. [16:57:35] 10Continuous-Integration-Config, 10Continuous-Integration-Infrastructure: check experimental is not showing jobs running - https://phabricator.wikimedia.org/T118082#1791240 (10Paladox) [17:00:02] 10Continuous-Integration-Config, 10Continuous-Integration-Infrastructure: Jenkins seems to be running slower - https://phabricator.wikimedia.org/T118083#1791243 (10Paladox) 3NEW [17:00:21] 10Continuous-Integration-Config, 10Continuous-Integration-Infrastructure: Jenkins seems to be running slower - https://phabricator.wikimedia.org/T118083#1791250 (10Paladox) @Hashar can I add you please. [17:00:26] 10Continuous-Integration-Config, 10Continuous-Integration-Infrastructure: Jenkins seems to be running slower - https://phabricator.wikimedia.org/T118083#1791252 (10Paladox) [18:16:00] (03CR) 10Paladox: "recheck" [integration/config] - 10https://gerrit.wikimedia.org/r/225222 (owner: 10Paladox) [18:21:11] (03PS11) 10Paladox: [Maintenance] Update Jenkins tests [integration/config] - 10https://gerrit.wikimedia.org/r/225222 [18:27:38] PROBLEM - Host deployment-parsoidcache02 is DOWN: CRITICAL - Host Unreachable (10.68.16.145) [18:29:16] (03PS12) 10Paladox: [Maintenance] Update Jenkins tests [integration/config] - 10https://gerrit.wikimedia.org/r/225222 [18:30:30] (03CR) 10Paladox: [C: 04-1] "Source patch needs merging first." [integration/config] - 10https://gerrit.wikimedia.org/r/225222 (owner: 10Paladox) [19:11:54] (03CR) 10JanZerebecki: [C: 04-2] "Extension gate has a specific purpose and it should only be used for that. All the changes that this would create may be created by changi" [integration/config] - 10https://gerrit.wikimedia.org/r/251715 (owner: 10Paladox) [19:13:07] (03CR) 10Paladox: "If I was to remove the phplint and php-composer-validate and leave experimental: Would that work." [integration/config] - 10https://gerrit.wikimedia.org/r/251715 (owner: 10Paladox) [19:13:45] jzerebecki: Translate hasent been updated in jenkins. [19:15:15] paladox: yes I have not deployed it yet. maybe there is another patch in integration i'll merge today. [19:15:32] jzerebecki: Oh ok. [19:18:17] jzerebecki: Could you review https://gerrit.wikimedia.org/r/#/c/245495/ and https://gerrit.wikimedia.org/r/#/c/247920/ please. [19:21:32] (03CR) 10JanZerebecki: "No." [integration/config] - 10https://gerrit.wikimedia.org/r/251715 (owner: 10Paladox) [19:26:06] (03CR) 10Paladox: "recheck" [integration/config] - 10https://gerrit.wikimedia.org/r/245495 (owner: 10Paladox) [19:47:23] 10Deployment-Systems, 6operations: install/deploy mira as codfw deployment server - https://phabricator.wikimedia.org/T95436#1791376 (10Krenair) ```krenair@mira:/srv/mediawiki-staging/php-1.27.0-wmf.5 (wmf/1.27.0-wmf.5)$ git fetch origin error: cannot open .git/FETCH_HEAD: Permission denied krenair@mira:/srv/... [20:37:03] 10Continuous-Integration-Config, 5Patch-For-Review: WebPlatformAuth: replace Jenkins job mwext-testextension-zend by mwext-testextension-zend-composer - https://phabricator.wikimedia.org/T115061#1791418 (10JanZerebecki) [20:37:11] 10Continuous-Integration-Config, 5Patch-For-Review: ext:WebPlatformAuth: replace Jenkins job mwext-testextension-zend by mwext-testextension-zend-composer - https://phabricator.wikimedia.org/T115061#1713863 (10JanZerebecki) [20:38:07] (03PS7) 10JanZerebecki: Add new extension-unittests-composer template [integration/config] - 10https://gerrit.wikimedia.org/r/247920 (https://phabricator.wikimedia.org/T90303) (owner: 10Paladox) [20:38:14] (03CR) 10JanZerebecki: [C: 032] Add new extension-unittests-composer template [integration/config] - 10https://gerrit.wikimedia.org/r/247920 (https://phabricator.wikimedia.org/T90303) (owner: 10Paladox) [20:39:36] (03Merged) 10jenkins-bot: Add new extension-unittests-composer template [integration/config] - 10https://gerrit.wikimedia.org/r/247920 (https://phabricator.wikimedia.org/T90303) (owner: 10Paladox) [20:52:52] !log reloading zuul for a2951c3..ccea029 [20:52:58] Logged the message at https://wikitech.wikimedia.org/wiki/Release_Engineering/SAL, Master [21:03:52] 10Continuous-Integration-Infrastructure: Jenkins seems to be running slower - https://phabricator.wikimedia.org/T118083#1791427 (10hashar) p:5Triage>3Normal [21:05:22] 10Continuous-Integration-Infrastructure: Jenkins seems to be running slower - https://phabricator.wikimedia.org/T118083#1791243 (10hashar) @paladox I am watching the CI Phabricator projects so I get email notifications whenever a new task is filled. As a watcher, I receive all notifications even if not subscribe... [21:37:31] 10Continuous-Integration-Infrastructure: Jenkins seems to be running slower - https://phabricator.wikimedia.org/T118083#1791454 (10Paladox) Ok thanks. [21:39:01] 10Continuous-Integration-Infrastructure: Jenkins seems to be running slower - https://phabricator.wikimedia.org/T118083#1791455 (10Paladox) The slowness did start some time last week after zuul was upgraded and also some repos are being hiden when looking at zuul page. [21:40:04] (03CR) 10Paladox: "Thanks." [integration/config] - 10https://gerrit.wikimedia.org/r/247920 (https://phabricator.wikimedia.org/T90303) (owner: 10Paladox) [21:40:54] (03PS3) 10Paladox: [OOUIPlayground] Update Jenkins tests [integration/config] - 10https://gerrit.wikimedia.org/r/248899 [21:41:08] (03CR) 10Paladox: "Test should pass now." [integration/config] - 10https://gerrit.wikimedia.org/r/248899 (owner: 10Paladox) [21:46:36] (03CR) 10JanZerebecki: "Can you explain why this is correct? (So I don't need to search for all the pieces of that explanation.)" [integration/config] - 10https://gerrit.wikimedia.org/r/245495 (owner: 10Paladox) [21:47:53] (03CR) 10Paladox: "Well I think there is a bug about switching to generic qunit tests since the non generic one is deprecated." [integration/config] - 10https://gerrit.wikimedia.org/r/245495 (owner: 10Paladox) [21:55:21] (03CR) 10JanZerebecki: "That is not what I meant. Yes all of them should be switched to the -generic variant. But will all involved repos still pass the involved " [integration/config] - 10https://gerrit.wikimedia.org/r/245495 (owner: 10Paladox) [22:53:59] (03CR) 10Paladox: "I would think that they will pass when they are converted but not 100% sure." [integration/config] - 10https://gerrit.wikimedia.org/r/245495 (owner: 10Paladox) [22:54:24] (03CR) 10Paladox: "This can be merged now." [integration/config] - 10https://gerrit.wikimedia.org/r/248899 (owner: 10Paladox) [22:58:40] (03PS5) 10Paladox: [WebPlatformAuth] Update Jenkins tests [integration/config] - 10https://gerrit.wikimedia.org/r/246712 (https://phabricator.wikimedia.org/T115061) [22:59:48] (03PS6) 10Paladox: [WebPlatformAuth] Update Jenkins tests [integration/config] - 10https://gerrit.wikimedia.org/r/246712 (https://phabricator.wikimedia.org/T115061) [23:54:54] PROBLEM - Puppet failure on pmcache is CRITICAL: CRITICAL: 100.00% of data above the critical threshold [0.0]