Install GitHub Issues extension

RESOLVED WONTFIX

Status

Websites
wiki.mozilla.org
--
enhancement
RESOLVED WONTFIX
4 years ago
4 years ago

People

(Reporter: davida, Unassigned)

Tracking

unspecified
Bug Flags:
sec-review ?

Details

(Whiteboard: [featurerequest] [extension], URL)

(Reporter)

Description

4 years ago
I'd like to be able to embed lists of github issues found-by-search, which I believe this extension to mediawiki could provide:

https://github.com/aaronpk/MediaWiki-Github-Issues
Severity: normal → enhancement
Whiteboard: [featurerequest] [extension]
This doesn't seem to have a MediaWiki article associated with it, so I'm apprehensive.
OS: Mac OS X → All
Hardware: x86 → All
Summary: Please evaluate & hopefully add githubissues → Install GitHub Issues extension
Depends on: 1032351
Flags: sec-review?(amuntner)
Flags: sec-review?(amuntner) → sec-review?
(Reporter)

Comment 2

4 years ago
We need this badly in MoFo land, and can probably find dev time to help w/ secreview.
It's not just about sec-review, we are limited in webops and MozillaWiki team resources as well. Plus impending holidays and Mozilla All Hands means there's just not a lot of time left before the end of the year. 

I'll see what we can do.
(Reporter)

Comment 4

4 years ago
Appreciate the resource constraints, and that's why I'm offering help.  We have devops as well, etc.  If you can break down whatever's needed so that more hands can help, let us know.
* Spoke with Simon Wex today about this as well -- he confirmed we have engineers able to pitch in with this. So let us know if there's anything we can do to help?
* Now that you guys are installing awesome new widgets (like the Google Docs and Google Calendar widgets), is it possible this one might become possible soon?
(In reply to Matt Thompson (@OpenMatt :OpenMatt) from comment #6)
> * Now that you guys are installing awesome new widgets (like the Google Docs
> and Google Calendar widgets), is it possible this one might become possible
> soon?

We can evaluate this extension in q1, yes. 

I have it installed and working locally. It requires that php be compiled with curl, which it probably is on the generic web cluster, but we'll need to verify. 

I have a few concerns with this extension:

1) Will it be maintained and/or will we have resources committed to maintaining it? 
2) It has a very limited feature set now, will we have resources to add features that folks will invariably request?

Concern #1 relates to the fact that the extension seems to exist outside of the mediawiki extension ecosystem and looks more like a proof-of-concept than a robust extension. 

Concern #2 relates to the fact that currently the extension only supports a heading/paragraph style of output. Folks are very used to seeing lists of bugs as lists or tables and I think they are going to ask for that straight away.
If mofo can provide resources to complete a security review, that would be very helpful.
(Reporter)

Comment 9

4 years ago
AFAIK MoFo doesn't have PHP experts.  It is only 88 lines of PHP though, so I'll just a quick drive-by:

* It needs some tweaks in order to not hit the Github rate-limiting on anonymous requests (which we would on day 1).  Not hard, just needs to store a secret token in the environment and pass it with the API request on https://github.com/aaronpk/MediaWiki-Github-Issues/blob/master/issues.php#L44.  Someone who knows how the wiki is configured and how folks are managing keys and whatnot would need to be involved.  In particular that token can't be stored in a public source repo.  See https://developer.github.com/v3/auth/#via-oauth-tokens for details.

* Is the MarkdownExtra module already sec-reviewed? Parsing markdown is where I would put the security risk in this plugin.

re: Concern 1): currently the maintenance burden is likely limited by the rate of change of the github API.  It hasn't evolved that much over the last few years, so I'm not super worried given how little of that API is being used.

re: Concern 2): Making tweaks to the output to render tables or lists or whatnot is fairly trivial, for someone who is plugged in to the develop/stage/deploy flow for wikimo updates.
I agree. This looks like only a proof of concept, and I'm not comfortable with the extension within an extension. We're not likely to get ongoing support for MediaWiki upgrades, and installing this would mean committing to maintaining it.

I think it would be better to implement GitHub support in the same extension as Bugzilla support, so that we have a centralized place for code that displays lists of issues.
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → WONTFIX
(Reporter)

Comment 11

4 years ago
:GPHemsley: what bug can we track that work on?
(In reply to David Ascher (:davida) from comment #11)
> :GPHemsley: what bug can we track that work on?

bug 1051207
You need to log in before you can comment on or make changes to this bug.