Wikimedia Release Engineering Team/Code review platform guideline

Code review platform choice guideline

edit

This document aims to address the question of:

"For my software project at the Wikimedia Foundation: Where should I host my code? Where should I host my code-review?"

The guideline

edit

The default location for code hosting and code-review is on the WMF-hosted platform (currently Gerrit, soon to be GitLab).

There are two exceptions:

  • There is an exception to this default for code hosting (but not code-review) when you (the project maintainers) and WMF Release Engineering agree that the Continuous Integration services provided by WMF Release Engineering are not sufficient for the project (example: iOS application building and testing requiring the maintenance of Mac OS X machines).
  • There is an exception to this default for code hosting and code-review when the project is maintained by community members or staff in their volunteer capacity or if it was started before the staff member joined the Foundation (example: gdnsd).

Background

edit

Free Software

edit

The first of Wikimedia's "guiding principles" addresses the fact the the Wikimedia community and Wikimedia Foundation are deeply rooted in the values of the free culture and free software movements. As such, as "an organization, we strive to use open source tools over proprietary ones, although we use proprietary or closed tools (such as software, operating systems, etc.) where there is currently no open-source tool that will effectively meet our needs."

Because of this guiding principle the WMF has always hosted it's own source code and code-review platform internally. In the beginning code review happened on a mailing list, then via a MediaWiki extension, and most recently in Gerrit (and soon in GitLab).

Deployments

edit

For security reasons, the WMF SRE team has a policy of only allowing the deployment of code pulled from trusted repositories (at this time, Gerrit) to production servers (the set of machines that serve traffic to WMF-hosted projects). This policy does not impact WMF Cloud Services and Toolforge projects.

Unified development platform

edit

In 2014, WMF consolidated it's development-related platforms for issue tracking from Bugzilla, RT, Trello and Mingle into one, Phabricator. The reasons for this are explained more fully in the reasoning for migrating code-review to Phabricator. The original plan to move from Gerrit to Phabricator Differential was later dropped. Since 2021, there is a plan for consolidation to move code review and code repository hosting from Gerrit, Phabricator Differential and potentially Github to GitLab.

Relatedly, we gain more benefits from a single development platform when everyone (possible) uses it. This benefit can really not be understated. The mere fact of having everyone working in the same system allows us to benefit from:

  1. increased communication efficiency across all (involved) teams and individuals
  2. (corollary) decreased overhead of maintaining communication across multiple venues/mediums

Privacy

edit

By only requiring our development community (which is made up of WMF Staff, volunteers from the broader Wikimedia community, and third-party users of our software) to use our own platform which is bound by our very stringent WMF Privacy Policy we give our users a vastly higher standard of privacy than any other known third-party code-review platform. If we instead use a third-party platform such as Github we subject our community to their Terms of Service and Privacy Policy, which do not meet our community's standards (as per conversations during our own Privacy Policy update process in 2013).