Page MenuHomePhabricator

[Not ready for review] initial code dump of Packages app
AbandonedPublic

Authored by epriestley on Sep 24 2015, 5:18 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Mar 4, 6:15 PM
Unknown Object (File)
Mon, Mar 4, 6:15 PM
Unknown Object (File)
Mon, Mar 4, 6:15 PM
Unknown Object (File)
Mon, Mar 4, 6:15 PM
Unknown Object (File)
Feb 3 2024, 6:39 AM
Unknown Object (File)
Jan 30 2024, 7:57 PM
Unknown Object (File)
Jan 30 2024, 7:55 PM
Unknown Object (File)
Jan 17 2024, 10:10 PM
Tokens
"Pirate Logo" token, awarded by chad."Pterodactyl" token, awarded by joshuaspence.

Details

Reviewers
avivey
Group Reviewers
Blessed Reviewers
Summary

For now, just putting it here so I don't lose it.

This will be just the mechanical stuff related to the server-side Packages app.

Still missing to be review-able:

  • custom uri for packages (This might be more v0.2)
  • field validations / fix some types
  • migrations
  • another pass on copy, icons
  • transactions are not visible, and probably some are not recorded.
  • conduit methods to make usable
Test Plan

create a bunch of entities, browse them

Diff Detail

Repository
rP Phabricator
Branch
packs
Lint
Lint Errors
SeverityLocationCodeMessage
Errorsrc/applications/packages/controller/PackagesVersionEditController.php:125XHP5Use of Undeclared Variable
Errorsrc/applications/packages/controller/PackagesVersionEditController.php:126XHP5Use of Undeclared Variable
Errorsrc/applications/packages/controller/PackagesVersionEditController.php:127XHP5Use of Undeclared Variable
Advicesrc/applications/packages/conduit/PackagesSignVersionConduitAPIMethod.php:34XHP16TODO Comment
Advicesrc/applications/packages/editor/PackagesVersionEditor.php:46XHP16TODO Comment
Advicesrc/applications/packages/editor/PackagesVersionEditor.php:130XHP16TODO Comment
Advicesrc/applications/packages/editor/PackagesVersionEditor.php:144XHP16TODO Comment
Advicesrc/applications/packages/query/PackagesSignatureSearchEngine.php:35XHP16TODO Comment
Advicesrc/applications/packages/storage/PackagesPackage.php:156XHP16TODO Comment
Advicesrc/applications/packages/storage/PackagesPackageTransaction.php:46XHP16TODO Comment
Advicesrc/applications/packages/storage/PackagesPackageTransaction.php:62XHP16TODO Comment
Advicesrc/applications/packages/storage/PackagesPackageTransaction.php:81XHP16TODO Comment
Advicesrc/applications/packages/storage/PackagesSignature.php:17XHP16TODO Comment
Advicesrc/applications/packages/storage/PackagesVersion.php:150XHP16TODO Comment
Advicesrc/applications/packages/storage/PackagesVersionTransaction.php:49XHP16TODO Comment
Advicesrc/applications/packages/storage/PackagesVersionTransaction.php:65XHP16TODO Comment
Advicesrc/applications/packages/storage/PackagesVersionTransaction.php:84XHP16TODO Comment
Advicesrc/applications/packages/typeahead/PackagesPackageDatasource.php:24XHP16TODO Comment
Unit
No Test Coverage
Build Status
Buildable 8252
Build 16763: Run Core Tests
Build 9444: arc lint + arc unit

Event Timeline

avivey retitled this revision from to [Not ready for review] initial code dump of Packages app.
avivey updated this object.
avivey edited the test plan for this revision. (Show Details)

Some vague high-level thoughts from skimming this, broadly looks good so far.

src/applications/packages/conduit/PackagesSignVersionConduitAPIMethod.php
22–23

We might want to leave a little more wiggle room here for different signature methods in the future -- maybe a string type + a dictionary signature? Not too important.

src/applications/packages/controller/PackagesEditController.php
68–72

In the long run, everything we can make sign-able probably should be sign-able -- e.g., "description" should be on Version instead of Package as an authority, so the description gets signed? And URI and projects, at least as a primary source, ideally.

src/applications/packages/storage/PackagesSignature.php
17–18

The view policy for a signature should probably always be the version view policy?

The edit policy should probably always be only the signer PHID? I don't think it makes sense to disavow other users' signatures, or at least can't come up with a reason to do this.

The only case I can think of is that someone might be signing stuff as "CONFIRMED: THIS SOFTWARE SUCKS LOL" far in the future, but that seems like a whole lot of effort.

src/applications/packages/storage/PackagesVersion.php
16

I think we should leave a lot more wiggle room than this: basically, have a $properties sort of property instead, and put the type ("git repository") + clone URI + hash in it.

It should be possible to publish a package version which changes the repository origin.

In the future, it should be possible to publish a package version which uses a tarball + checksum or similar.

19–20

View/Edit policy here may make sense to lock to the Package policies?

src/applications/packages/storage/PackagesSignature.php
17–18

that was my plan (Also for Version so inherit it from Package), but I couldn't figure out how to do it, so I left it for later.

avivey edited edge metadata.

a little more progress

Largely, move some fields to $properties maps, and remove policies from Signatures.

epriestley added a reviewer: avivey.

This took more than two days to upstream so all the infrastructure has completely changed.

bwahaha

I'm going to drive this forward a bit since I'd like to get a clearer sense of viability / timeline on T5055. Despite my extreme slick sales tactics no one appears particularly interested in paying us to build a package management system, but there's interest in other adjacent work in arc and I'd ideally like to have a rough sketch of this in place before doing a major overhaul.

I'm breaking this apart as I work through it, follow T8116 for particulars.

My plan has always been "let @epriestley fix it" :P