Jump to content

Recommended Posts

Part 1 of a 2 part Module & Service Reveal.

I'm currently working on a new module: ModuleReleaseNotes that was inspired by the work I originally did on making Ryan's ProcessWireUpgrades module "release" aware. In the end, I decided to ditch the approach I was originally taking and instead work on a module that hooked in to the UpgradeConfirmation dialog and the module edit page.

Aims

My aims for this module are as follows...

  1. Make discovery of a module's changes prior to an upgrade a trivial task.
  2. Make breaking changes very obvious.
  3. Make reading of a module's support documentation post-install a trivial task.
  4. Make module authors start to think about how they can improve the change discovery process for their modules.
  5. Make sure the display of information from the module support files/commit messages doesn't introduce a vulnerability.

Looking at these in turn...

Making discovery of a module's changes prior to upgrade a trivial task.

This is done by adding a "What's changed section" to the upgrade confirmation dialog.  This section takes a best-effort approach to showing what's changed between the installed version and the updated version that's available via the module repository.

At present, it is only able to talk to github-hosted repositories in order to ask them for the release notes, the changelog file (if present) and a list of commits between the git tag that matches the installed version and the tag matching the latest version.

It will display the Release Notes (if the author is using the feature), else it will display the commits between the tags (if tagging is used by the module author) else it will show the changelog file (if present) else it will show the latest N commits on the master branch (N, of course, being configurable to your liking.)

An example of the Github Release Notes pulled in for you, taken from Mike Rockett's TextformatterTypographer Module...

typographer-003.png.38fd13d185ec06585bb1e8064a7b07ec.png

An example of a tag-to-tag commit list from the same module...

typographer-004.png.7392c1cbddca205e517922112a64f08b.png

An example of a changelog - formatted to show just the changes (formatting styles will change)...

file-editor_004.png.fb2bedfb4e846be178ffe4bc803c51f0.png

Finally, an example of a fallback list of commits - sorry Adrian :)...

recent-commits_001.png.01e9a3e67853406fe7363c0e3639a464.png

 

Making breaking changes obvious.

This is currently done by searching for a set of configurable search strings. Later versions may be able to support breaking change detection via use of Semantic Versioning - but this may require some way of signalling the use of this versioning standard on a module-by-module basis.

For now, then, you can customise the default set of change markers. Here I have added my own alias to the list of breaking change markers and the changes section of the changelog is styled accordingly (these will be improved)...

file-editor_005.png.478eb6591d8ac5df120702676b9ffa65.png

 

Make reading of a module's support documentation, post-install, a trivial task.

This is done by making some of the support files (like the README, CHANGELOG and LICENSE files) readable from the module's information/settings screen. There is an option to control the initial open/closed state of this section...

smush_001.png.c6fe574ddf846b606e9d385ad362c9c8.png

Here is Tracy's README file from within the module settings page... 

tracy-003.thumb.png.febe8b6032626ac8f1338998c15fe673.png

 

Make module authors start to think about how they can improve the change discovery process for their modules.

There are notes in each of the sections displayed on the upgrade confirmation page that help authors use each of the features...

notes_001.png.a098fb1296fae2d1a811a335d01d2c09.png

 

Make sure display of external information doesn't introduce a vulnerability.

This is an ongoing concern, and is the thing that is most likely to delay or prevent this module's release lead to this module's withdrawl should a vulnerability be found. Currently, output is formatted either via Markdown + HTML Purifier (if it was originally a Markdown file) or via htmlspecialchars() if it has come from a plaintext file.

If you discover a vulnerability, please get in contact with me via the forum PM system.

 

Ongoing...

For now, I've concentrated on integration with GitHub, as most people use that platform to host their code. I know a few people are hosting their repositories with BitBucket (PWFoo comes to mind) and some with GitLab (Mike Rockett?) and I would eventually like to have adaptor implementations for these providers (and perhaps GitKraken) - but for now, GitHub rules and the other hosts are unsupported.

 

Links

Github: ModuleReleaseNotes

PW Module Repository: Here

  • Like 21
  • Thanks 4

Share this post


Link to post
Share on other sites

Sounds amazing!

3 hours ago, netcarver said:

It will display the Release Notes (if the author is using the feature), else it will display the commits between the tags (if tagging is used by the module author) else it will show the changelog file (if present) else it will show the latest N commits on the master branch (N, of course, being configurable to your liking.)

3 hours ago, netcarver said:

There are notes in each of the sections displayed on the upgrade confirmation page that help authors use each of the features...

It would be good to get some guidance/opinions on what is the optimal way to prepare release notes. I'd rather not have to duplicate the same information in release notes, tags, changelog and detailed commit notes, but don't really want to be "told off" by the module for not doing it either. :-)

  • Like 2

Share this post


Link to post
Share on other sites

Thanks for the encouraging feedback folks!

@Robin S There's an option to turn off the timed author-auto-shock-via-email(tm) feature which should stop it telling you off too much :)

Actually, the module gives you some options here - including doing nothing more than using git to commit your code - which we all do already. But I think I take your point; I guess the module could induce some of our users to nag us about keeping the upgrade process free of yellow notes.

Regarding guidance, I think it partially comes down to your own style working and issuing releases. For example, I commit lots of small changes - which makes my commit log pretty long and difficult to review. In my case, forcing myself to either keep a concise changelog file or to git tag my releases and then use the github release-notes feature, can be better for my module users. Even if I didn't want to start using Github's Release Notes or keeping a changelog, simply learning to add a git tag on each version increment is an improvement, as it allows the length of the commit list to be automatically limited to what is relevant.

For someone like Ryan, who tends to commit larger changes at lower frequencies, just using the git-tags feature to limit the list of commits to those between your installed version and the newest version is probably all that is needed.

 

  • Like 4

Share this post


Link to post
Share on other sites

I forgot to mention that the support file list is not limit to a single readme file. If your module has more than one, they can all be listed and read. This might prove useful for people looking for a self-hosted documenting solution. As an example, here is a screenshot of the readme files from the module itself...

mrn_001.jpeg.7a9c0fbad9e39fff4e4495d212668a95.jpeg

Which allows the documentation to be split.

mrn_002.thumb.jpeg.f5af0ba6b497ca0dd33d910038d645f7.jpeg

  • Like 1

Share this post


Link to post
Share on other sites
12 hours ago, netcarver said:

Make reading of a module's support documentation post-install a trivial task

There is the case of paid modules which tend to come with manual install option only. I'm wondering how this module could somehow support those modules as well. Easy access to the "Release Notes" would be also nice to have (post-install, in the admin). 

  • Like 1

Share this post


Link to post
Share on other sites

Changelog styles now improved. Here's a changelog from the update screen - no breaking changes detected...

file-editor_010.png.e8949032c93f15a7f82c75dfea4ba8fa.png

... and here it is with breaking changes ...

file-editor_012.png.9af26bea5ede59d49978f90604b36d75.png

Raw markdown also get's labelled...

file-editor_011.png.4c3edd26e2402f13ef86ec707faf9642.png

 

  • Like 7

Share this post


Link to post
Share on other sites

Version 0.7.6 is now available with the first round of reported problems fixed. Please note, the changelog for the version of the module includes the term "Breaking Changes" so if you go through the module upgrade path for this module, you'll see breaking change highlighting in action. In this case, it's OK to proceed.

mrn_003.png.44c5ae0b9f44ff892e2c68577bbe3752.png

 

Update: version 0.8.0 is available. Adds support for code highlighting in support files thanks to Abdus' TextformatterPrism module (if it happens to be installed.)

mrn_004.png.dd560735ab102e6f49349ddb717f3632.png

  • Like 4

Share this post


Link to post
Share on other sites

This is now up to version 0.9.1 and I've moved the module's status from Alpha to Beta.

New features include showing git tag points in the commit logs...

tracy-004.png.5734987340661834b064b0a5c53cad5c.png

...better detection+handling of out-of-order versions in changelogs (plus some improved styles thanks to @matjazp) and the display of the remote repository-host's API read depletion condition.

tracy-005.png.c5e4fb1d1ad4954f00bc2a24e62b7650.png

  • Like 3

Share this post


Link to post
Share on other sites
On 11/16/2017 at 7:20 AM, szabesz said:

There is the case of paid modules which tend to come with manual install option only. I'm wondering how this module could somehow support those modules as well. Easy access to the "Release Notes" would be also nice to have (post-install, in the admin). 

Although the "What's Changed" section can't be currently displayed unless there is a remote git host to query, the module's support files are readable in the module's config page post-installation as they are all pulled form the local installation, not the remote host. 

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, netcarver said:

better detection+handling of out-of-order versions in changelogs

I don't remember how it was before, but is this what you are expecting in this scenario? I actually think it probably is the right way to go, but just wanting to make sure you had seen this issue with AOS.

5a1444862be2e_ScreenShot2017-11-21at7_16_39AM.png.c4fb00823933449eedbfe74b07f4cb14.png

  • Like 1

Share this post


Link to post
Share on other sites

@adrian,

Thanks for posting this. It's an interesting case. Here's the markdown content of the changelog for that module...

# Changelog

### 1.6.71 (2017-11-14)
- prevNextLinks: keep page sort order


### 1.6.7.2 (2017-11-19)
- ctrl+s save fix by Robin S


### 1.6.7 (2017-11-13)
- new tweak 'prevNextLinks' to Misc, based on Macrura's 'PrevNextTabs' module (thanks!)


### 1.6.6 (2017-11-07)
- UikitTweaks: login page sticky...

You can see that I'm just honouring the changelog as it has been published. ModuleReleaseNotes simply marks up the installed version and the latest available version (which is 1.6.7.2) according to what the PW module repo reports as the latest available for the module being looked at, and what the modules code in PW reports as the installed version. I'm OK with marking up the changelog - but not with re-ordering.

BTW, if anyone has a more advanced version of a module installed locally than has been publicly published via the module's repo, you'll also see a situation like the above.

I guess I could change the label shown in this case from "Latest" to "Latest Published" or something like that.

Opinions welcome.

Share this post


Link to post
Share on other sites
7 minutes ago, netcarver said:

 

I guess I could change the label shown in this case from "Latest" to "Latest Published" or something like that.

Maybe the "Latest" tag isn't needed? Perhaps all that is relevant is the "Installed" tag. The issue with AOS is a mistaken version number 1.6.71 (I think @tpr intended 1.6.7.1). The more likely scenario is what you described where you might have a version that is newer, but not published yet - that can happen relatively often.

  • Like 1

Share this post


Link to post
Share on other sites

If possible, I would like to make it visually clear which version of the module the user will be getting once they "push the button". If I leave the label off, that won't happen.

  • Like 1

Share this post


Link to post
Share on other sites
1 minute ago, netcarver said:

If possible, I would like to make it visually clear which version of the module the user will be getting once they "push the button". If I leave the label off, that won't happen.

Not sure it's quite right, but what about "Upgrade to:" as the label? Or some other way to highlight it as what you'll be upgrading to, rather than it being the latest available?

  • Like 1

Share this post


Link to post
Share on other sites

Hmm, thing is, that is the latest available. In this case, it is an accurate description. The changelog could remove the ambiguity with an edit to list things in date order.  I suppose it would be possible to detect the dates for each entry and re-order chronologically - but that would mean enforcing a date standard + edge case code for dates as well, it's not a place I want to go.

Share this post


Link to post
Share on other sites
1 minute ago, netcarver said:

Hmm, thing is, that is the latest available.

Latest available on Github (and what you'll get if you upgrade), but not actually the latest, necessarily.

I am actually confused by the changelog in AOS - the dates for 1.6.71 a 1.6.7.2 are out of order - but again, this really is an unusual situation.

Anyway, I really wouldn't worry too much about any of this - it was really just meant as an example of things to look out for - I don't really think anything needs changing.

  • Like 1

Share this post


Link to post
Share on other sites

https://semver.org/

Quotes:

"...
Given a version number MAJOR.MINOR.PATCH, increment the:

  • MAJOR version when you make incompatible API changes,
  • MINOR version when you add functionality in a backwards-compatible manner, and
  • PATCH version when you make backwards-compatible bug fixes.

Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
...
How should I deal with revisions in the 0.y.z initial development phase?
The simplest thing to do is start your initial development release at 0.1.0 and then increment the minor version for each subsequent release.

How do I know when to release 1.0.0?
If your software is being used in production, it should probably already be 1.0.0. If you have a stable API on which users have come to depend, you should be 1.0.0. If you’re worrying a lot about backwards compatibility, you should probably already be 1.0.0.
..."

  • Like 2

Share this post


Link to post
Share on other sites

Version 0.10.0 is in the module repository.

This has a major behind-the-scenes refactoring to allow for remote repository adaptors (with result caching).

mrn_005.png.0ae0235c8a978c5be021f2789fc4060a.png

Github is supported fully, and I've made a start on the BitBucket adaptor...

formhelper_001.png.bf17dc97bd9ee8d9788e5f81589397c0.png

This version also fixes a couple of issues that have been reported by @adrian and @matjazp.

  • Like 5

Share this post


Link to post
Share on other sites

Just saw this when upgrading AOS. Doesn't seem right. I see that @tpr is using integer versions again, but 168 was also an integer, so not sure why it would be reporting like this.

image.thumb.png.72a0241fcb69a6ca84ab36e1f19cbd49.png

Share this post


Link to post
Share on other sites

Not sure if you can do anything about this. wireMailSMTP's changelog is not being parsed properly is it?

Also, you have a Tracy bd() call on line 702.

OT, but any reason you prefer: \TD::barDump() to bd() ?

 

image.thumb.png.200f04c061b06c06bb43bda466730e4a.png

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Robin S
      A community member raised a question and I thought a new sanitizer method for the purpose would be useful, hence...
      Sanitizer Transliterate
      Adds a transliterate method to $sanitizer that performs character replacements as defined in the module config. The default character replacements are based on the defaults from InputfieldPageName, but with uppercase characters included too.
      Usage
      Install the Sanitizer Transliterate module.
      Customise the character replacements in the module config as needed.
      Use the sanitizer on strings like so:
      $transliterated_string = $sanitizer->transliterate($string);
       
      https://github.com/Toutouwai/SanitizerTransliterate
      https://modules.processwire.com/modules/sanitizer-transliterate/
       
    • By dimitrios
      Hello,
      this module can publish content of a Processwire page on a Facebook page, triggered by saving the Processwire page.
      To set it up, configure the module with a Facebook app ID, secret and a Page ID. Following is additional configuration on Facebook for developers:
      Minimum Required Facebook App configuration:
      on Settings -> Basics, provide the App Domains, provide the Site URL, on Settings -> Advanced, set the API version to 2.10, add Product: Facebook Login, on Facebook Login -> Settings, set Client OAuth Login: Yes, set Web OAuth Login: Yes, set Enforce HTTPS: Yes, add "http://www.example.com/processwire/page/" to field Valid OAuth Redirect URIs. This module is configurable as follows:
      Templates: posts can take place only for pages with the defined templates. On/Off switch: specify a checkbox field that will not allow the post if checked. Specify a message and/or an image for the post.
      Usage
      edit the desired PW page and save; it will post right after the initial Facebook log in and permission granting. After that, an access token is kept.
       
      Download
      PW module directory: http://modules.processwire.com/modules/auto-fb-post/ Github: https://github.com/kastrind/AutoFbPost   Note: Facebook SDK for PHP is utilized.


    • By thomasaull
      I created a little helper module to trigger a CI pipeline when your website has been changed. It's quite simple and works like this: As soon as you save a page the module sets a Boolean via a pages save after hook. Once a day via LazyCron the module checks if the Boolean is set and sends a POST Request to a configurable Webhook URL.
      Some ideas to extend this:
      make request type configurable (GET, POST) make the module trigger at a specified time (probably only possible with a server cronjob) trigger manually Anything else? If there's interest, I might put in some more functionality. Let me know what you're interested in. Until then, maybe it is useful for a couple of people 🙂
      Github Repo: https://github.com/thomasaull/CiTrigger
    • By Robin S
      I created this module a while ago and never got around to publicising it, but it has been outed in the latest PW Weekly so here goes the support thread...
      Unique Image Variations
      Ensures that all ImageSizer options and focus settings affect image variation filenames.

      Background
      When using methods that produce image variations such as Pageimage::size(), ProcessWire includes some of the ImageSizer settings (height, width, cropping location, etc) in the variation filename. This is useful so that if you change these settings in your size() call a new variation is generated and you see this variation on the front-end.
      However, ProcessWire does not include several of the other ImageSizer settings in the variation filename:
      upscaling cropping, when set to false or a blank string interlace sharpening quality hidpi quality focus (whether any saved focus area for an image should affect cropping) focus data (the top/left/zoom data for the focus area) This means that if you change any of these settings, either in $config->imageSizerOptions or in an $options array passed to a method like size(), and you already have variations at the requested size/crop, then ProcessWire will not create new variations and will continue to serve the old variations. In other words you won't see the effect of your changed ImageSizer options on the front-end until you delete the old variations.
      Features
      The Unique Image Variations module ensures that any changes to ImageSizer options and any changes to the focus area made in Page Edit are reflected in the variation filename, so new variations will always be generated and displayed on the front-end.
      Installation
      Install the Unique Image Variations module.
      In the module config, set the ImageSizer options that you want to include in image variation filenames.
      Warnings
      Installing the module (and keeping one or more of the options selected in the module config) will cause all existing image variations to be regenerated the next time they are requested. If you have an existing website with a large number of images you may not want the performance impact of that. The module is perhaps best suited to new sites where image variations have not yet been generated.
      Similarly, if you change the module config settings on an existing site then all image variations will be regenerated the next time they are requested.
      If you think you might want to change an ImageSizer option in the future (I'm thinking here primarily of options such as interlace that are typically set in $config->imageSizerOptions) and would not want that change to cause existing image variations to be regenerated then best to not include that option in the module config after you first install the module.
       
      https://github.com/Toutouwai/UniqueImageVariations
      https://modules.processwire.com/modules/unique-image-variations/
    • By Sebi
      I've created a small module which lets you define a timestamp after which a page should be accessible. In addition you can define a timestamp when the release should end and the page should not be accessable any more.
      ProcessWire-Module: http://modules.processwire.com/modules/page-access-releasetime/
      Github: https://github.com/Sebiworld/PageAccessReleasetime
      Usage
      PageAccessReleasetime can be installed like every other module in ProcessWire. Check the following guide for detailed information: How-To Install or Uninstall Modules
      After that, you will find checkboxes for activating the releasetime-fields at the settings-tab of each page. You don't need to add the fields to your templates manually.
      Check e.g. the checkbox "Activate Releasetime from?" and fill in a date in the future. The page will not be accessable for your users until the given date is reached.
      If you have $config->pagefileSecure = true, the module will protect files of unreleased pages as well.
      How it works
      This module hooks into Page::viewable to prevent users to access unreleased pages:
      public function hookPageViewable($event) { $page = $event->object; $viewable = $event->return; if($viewable){ // If the page would be viewable, additionally check Releasetime and User-Permission $viewable = $this->canUserSee($page); } $event->return = $viewable; } To prevent access to the files of unreleased pages, we hook into Page::isPublic and ProcessPageView::sendFile.
      public function hookPageIsPublic($e) { $page = $e->object; if($e->return && $this->isReleaseTimeSet($page)) { $e->return = false; } } The site/assets/files/ directory of pages, which isPublic() returns false, will get a '-' as prefix. This indicates ProcessWire (with activated $config->pagefileSecure) to check the file's permissions via PHP before delivering it to the client.
      The check wether a not-public file should be accessable happens in ProcessPageView::sendFile. We throw an 404 Exception if the current user must not see the file.
      public function hookProcessPageViewSendFile($e) { $page = $e->arguments[0]; if(!$this->canUserSee($page)) { throw new Wire404Exception('File not found'); } } Additionally we hook into ProcessPageEdit::buildForm to add the PageAccessReleasetime fields to each page and move them to the settings tab.
      Limitations
      In the current version, releasetime-protected pages will appear in wire('pages')->find() queries. If you want to display a list of pages, where pages could be releasetime-protected, you should double-check with $page->viewable() wether the page can be accessed. $page->viewable() returns false, if the page is not released yet.
      If you have an idea how unreleased pages can be filtered out of ProcessWire selector queries, feel free to write an issue, comment or make a pull request!
×
×
  • Create New...