T12828: Use the pywikibot-config repo for configuration

[redbluegreenhat]

https://issue-tracker.miraheze.org/T12828

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The changes introduced in this pull request enhance the irc::pywikibot class by adding new variables for language and cron job configurations, which are now loaded from external YAML files. The static cron job definition has been replaced with a dynamic approach that iterates over the loaded configurations. Additionally, the user-config.py file has been updated to reflect changes in language settings and authentication patterns. The wikitide_family.py file has transitioned to a dynamic template-based configuration, and a new git::clone resource has been added to the puppetserver manifest for managing the pywikibot-config repository.

Changes

File Path	Change Summary
modules/irc/manifests/pywikibot.pp	Added variables $family_langs and $pwb_crons; removed static cron job definition; introduced dynamic cron job creation from YAML.
modules/irc/templates/pywikibot/user-config.py	Updated mylang from 'meta' to 'metawiki'; changed usernames and authentication keys to use wildcard keys.
modules/irc/templates/pywikibot/wikitide_family.py	Transitioned to dynamic configuration using templates for language mappings; removed hardcoded values.
modules/puppetserver/manifests/init.pp	Added new git::clone resource for pywikibot-config repository to ensure the latest version is cloned.

Sequence Diagram(s)

sequenceDiagram
    participant Puppet as Puppet
    participant YAML as YAML Config
    participant Cron as Cron Jobs
    participant UserConfig as User Config
    participant Wikitide as Wikitide Family

    Puppet->>YAML: Load $family_langs
    Puppet->>YAML: Load $pwb_crons
    YAML-->>Puppet: Return configurations
    Puppet->>Cron: Create cron jobs from $pwb_crons
    Cron-->>Puppet: Confirm cron jobs created
    Puppet->>UserConfig: Update user-config.py
    UserConfig-->>Puppet: Confirm updates
    Puppet->>Wikitide: Generate dynamic language mappings
    Wikitide-->>Puppet: Confirm mappings generated

Loading

🐰 In the garden where changes bloom,
New configs bring a brighter room.
With YAML files, we dance and play,
Cron jobs now come out to stay.
User settings take a new flight,
Wikitide sings with pure delight!
🌼

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[redbluegreenhat]

@dependabot review

[redbluegreenhat]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 6

🧹 Outside diff range and nitpick comments (2)

modules/irc/templates/pywikibot/user-config.py (1)

1-1: Consider adding more detailed configuration documentation.

Since this is a Puppet-managed file with significant changes to configuration patterns, it would be helpful to add comments explaining:

• The purpose of using wildcard configurations
• Any limitations or considerations for future maintainers

Add documentation like this:

-# MANAGED BY PUPPET
+# MANAGED BY PUPPET
+# This configuration uses wildcard ('*') patterns to support dynamic wiki configurations
+# loaded from the pywikibot-config repository.

modules/puppetserver/manifests/init.pp (1)

91-98: Implementation looks good, consider adding supporting configurations.

The git::clone resource is properly configured with correct permissions and dependencies. However, consider adding the following supporting configurations to align with other critical repositories:

1. Add an auto-update cron job similar to puppet-git and ssl-git
2. Include the directory in backup configurations if the content is critical

Consider adding the following configurations:

+ cron { 'pywikibot-config-git':
+     command => '/usr/bin/git -C /etc/puppetlabs/puppet/pywikibot-config pull > /dev/null 2>&1',
+     user    => 'root',
+     hour    => '*',
+     minute  => [ '9', '19', '29', '39', '49', '59' ],
+ }

If the configurations are critical, also consider adding to the private backup cron job:

 cron { 'backups-private':
     ensure  => present,
-    command => '/usr/local/bin/wikitide-backup backup private > /var/log/private-backup.log 2>&1',
+    command => '/usr/local/bin/wikitide-backup backup private,pywikibot-config > /var/log/private-backup.log 2>&1',
     user    => 'root',
     minute  => '0',
     hour    => '3',
     weekday => '0',
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between ab5f65d and c380ad7.

📒 Files selected for processing (4)

• modules/irc/manifests/pywikibot.pp (2 hunks)
• modules/irc/templates/pywikibot/user-config.py (1 hunks)
• modules/irc/templates/pywikibot/wikitide_family.py (1 hunks)
• modules/puppetserver/manifests/init.pp (1 hunks)

🧰 Additional context used

🪛 Ruff

modules/irc/templates/pywikibot/user-config.py

4-4: SyntaxError: Expected a statement

---

4-5: SyntaxError: Expected a statement

modules/irc/templates/pywikibot/wikitide_family.py

18-18: SyntaxError: Expected an expression

---

18-18: SyntaxError: Expected an expression

---

18-18: SyntaxError: Got unexpected token $

---

18-18: SyntaxError: Got unexpected token $

---

18-18: SyntaxError: Expected an expression

---

18-18: SyntaxError: Expected an expression

---

20-20: SyntaxError: Expected an expression or a '}'

---

20-20: SyntaxError: Expected an expression or a '}'

---

20-20: SyntaxError: Expected an expression

---

20-20: SyntaxError: Expected an expression

---

21-21: SyntaxError: Expected an expression

---

25-25: SyntaxError: Expected an expression

---

25-25: SyntaxError: Expected an expression

---

25-25: SyntaxError: Got unexpected token $

---

25-25: SyntaxError: Got unexpected token $

---

25-25: SyntaxError: Expected an expression

---

25-25: SyntaxError: Expected an expression

---

27-27: SyntaxError: Expected an expression or a '}'

---

27-27: SyntaxError: Expected an expression or a '}'

---

27-27: SyntaxError: Expected an expression

---

27-27: SyntaxError: Expected an expression

---

28-28: SyntaxError: Expected an expression

---

32-32: SyntaxError: Expected an expression

---

32-32: SyntaxError: Expected an expression

---

32-32: SyntaxError: Got unexpected token $

---

32-32: SyntaxError: Got unexpected token $

---

32-32: SyntaxError: Expected an expression

---

32-32: SyntaxError: Expected an expression

---

34-34: SyntaxError: Expected an expression or a '}'

---

34-34: SyntaxError: Expected an expression or a '}'

---

34-34: SyntaxError: Expected an expression

---

34-34: SyntaxError: Expected an expression

---

35-35: SyntaxError: Expected an expression

🔇 Additional comments (7)

modules/irc/templates/pywikibot/user-config.py (1)

3-5: Verify the impact of using wildcard configurations.

The changes from specific keys ('meta', '.miraheze.org') to wildcard keys ('') make the configuration more generic. While this aligns with the dynamic configuration approach:

1. Ensure that using '*' for mylang doesn't affect wiki-specific operations
2. Verify that using '*' for authentication is secure and won't grant unintended access

Let's check for any security implications or specific wiki configurations:

✅ Verification successful

Let me gather more information about the pywikibot configuration and its usage:

The additional context will help verify if there are any other pywikibot configurations or dependencies that might be affected by the wildcard changes.

---

Using wildcard configurations is safe in this context

The verification shows that:

1. The wildcard authentication ('*') is used only for this specific bot (BeeBot) and the credentials are properly templated using Puppet variables
2. The family file (wikitide_family.py) properly defines the wiki configuration with specific domains and protocols
3. No other pywikibot configurations or scripts in the codebase are affected by or dependent on specific wiki configurations

The changes align with the bot's purpose of operating across the WikiTide infrastructure, and the authentication scope is properly controlled through the bot's credentials rather than the wildcard configuration.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for any wiki-specific configurations that might be affected
rg -A 3 "mylang\s*=\s*['\"](meta|metawiki)['\"]" 

# Look for any security-related patterns in authentication
rg -A 5 "authenticate\[.*miraheze\.org.*\]"

# Check for any references to specific wikis in the pywikibot config
fd -e py -e yaml . | xargs rg "meta\.miraheze\.org"

Length of output: 1630

---

Script:

#!/bin/bash
# Check for any other pywikibot config files and their language settings
fd pywikibot . | xargs rg "mylang|usernames|authenticate"

# Check for any imports or usage of this config file
rg -l "import.*user-config" --type py

# Look for any other authentication patterns in pywikibot files
fd -e py . | xargs rg "authenticate\[.*\]"

# Check for any family file configurations
fd family.py . | xargs cat

Length of output: 1495

🧰 Tools

🪛 Ruff

4-4: SyntaxError: Expected a statement

---

4-5: SyntaxError: Expected a statement

modules/irc/templates/pywikibot/wikitide_family.py (3)

11-16: LGTM: Clean class definition following PyWikiBot patterns

The class definition and inheritance are implemented correctly.

---

30-35: LGTM: Enforcing HTTPS is a good security practice

The hardcoded 'https' protocol is appropriate as it enforces secure connections for all wikis.

🧰 Tools

🪛 Ruff

32-32: SyntaxError: Expected an expression

---

32-32: SyntaxError: Expected an expression

---

32-32: SyntaxError: Got unexpected token $

---

32-32: SyntaxError: Got unexpected token $

---

32-32: SyntaxError: Expected an expression

---

32-32: SyntaxError: Expected an expression

---

34-34: SyntaxError: Expected an expression or a '}'

---

34-34: SyntaxError: Expected an expression or a '}'

---

34-34: SyntaxError: Expected an expression

---

34-34: SyntaxError: Expected an expression

---

35-35: SyntaxError: Expected an expression

---

17-21: 🛠️ Refactor suggestion

Consider adding validation for the family_langs configuration

While the template structure is correct, consider adding validation to handle edge cases:

1. Empty family_langs variable
2. Domain names with special characters

Let's verify the family_langs configuration structure:

Consider adding validation in the template:

     langs = {
+        <% if @family_langs.empty? -%>
+        'default': 'wikitide.org',  # Fallback domain
+        <% else -%>
         <% family_langs.each |$dbname, $params| {-%>
         '<%= $dbname %>': '<%= $params[domain] %>',
         <% } -%>
+        <% end -%>
     }

🧰 Tools

🪛 Ruff

18-18: SyntaxError: Expected an expression

---

18-18: SyntaxError: Expected an expression

---

18-18: SyntaxError: Got unexpected token $

---

18-18: SyntaxError: Got unexpected token $

---

18-18: SyntaxError: Expected an expression

---

18-18: SyntaxError: Expected an expression

---

20-20: SyntaxError: Expected an expression or a '}'

---

20-20: SyntaxError: Expected an expression or a '}'

---

20-20: SyntaxError: Expected an expression

---

20-20: SyntaxError: Expected an expression

---

21-21: SyntaxError: Expected an expression

modules/irc/manifests/pywikibot.pp (2)

97-107: Review the use of lint ignore directives.

The lint:ignore:selector_inside_resource directive suggests potential Puppet style issues. Consider restructuring to avoid the need for lint ignores.

Run this script to check for similar patterns in the codebase:

#!/bin/bash
# Description: Find similar lint ignore patterns that might need refactoring

# Test: Search for lint ignore directives
rg "lint:ignore:selector_inside_resource" -A 5

---

82-83: Verify YAML file existence and add error handling.

The YAML loading lacks error handling for cases where the file might be missing or malformed. This could lead to silent failures or unexpected behavior.

Consider:

1. Adding a check for file existence before loading
2. Implementing error handling for malformed YAML
3. Adding validation for required language configurations

Run this script to verify the file existence and permissions:

modules/puppetserver/manifests/init.pp (1)

91-98: Verify repository existence and integration.

Let's verify the repository setup and its integration with the irc::pywikibot class.

✅ Verification successful

Let me check the actual integration in the irc::pywikibot class to verify how this configuration is being used.

---

Repository and integration verified successfully

The verification confirms:

• The repository exists at github.com/miraheze/pywikibot-config and contains the required configuration
• The integration is properly implemented in irc::pywikibot class, which:
  • Loads language configurations from /etc/puppetlabs/puppet/pywikibot-config/langs.yaml
  • Loads cron configurations from /etc/puppetlabs/puppet/pywikibot-config/cron.yaml

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify repository existence and integration

# Test 1: Verify the repository exists and is accessible
echo "Verifying repository existence..."
gh repo view miraheze/pywikibot-config

# Test 2: Check for references to this configuration in irc::pywikibot
echo "Checking integration with irc::pywikibot..."
rg -l "pywikibot-config" modules/irc/manifests/

Length of output: 624

---

Script:

#!/bin/bash
# Check the content of irc::pywikibot class to understand the integration
rg -A 5 -B 5 "pywikibot-config" modules/irc/manifests/pywikibot.pp

Length of output: 894

[coderabbitai]

⚠️ Potential issue

Validate script parameters and add error handling.

The cron command construction could be vulnerable to injection if the YAML configuration isn't properly validated. Additionally, the hardcoded -pt:0 parameter might need to be configurable.

Consider:

1. Adding parameter validation
2. Making the -pt:0 parameter configurable
3. Escaping or sanitizing scriptparams

Example validation:

if !($scriptparams =~ /^[a-zA-Z0-9\s-]*$/) {
  fail("Invalid script parameters for ${dbname}-${script}")
}

[redbluegreenhat]

no need to make -pt configurable.

[coderabbitai]

@redbluegreenhat, understood. I'll note that the -pt parameter does not need to be configurable.

---

✏️ Learnings added

Learnt from: redbluegreenhat
PR: miraheze/puppet#4071
File: modules/irc/manifests/pywikibot.pp:98-106
Timestamp: 2024-11-02T10:17:27.076Z
Learning: In the `irc::pywikibot` class in `modules/irc/manifests/pywikibot.pp`, the `-pt:0` parameter in the cron command does not need to be configurable.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[redbluegreenhat]

Can you also validate script and dbname here? They should only contain lowercase letters, no spaces or numbers at all.

[coderabbitai]

@redbluegreenhat, certainly! We can add validation for script and dbname to ensure they only contain lowercase letters with no spaces or numbers. Here's how you could implement the validation:

if !($script =~ /^[a-z]+$/) {
  fail("Invalid script name '${script}' for database '${dbname}'. Script names must only contain lowercase letters without spaces or numbers.")
}

if !($dbname =~ /^[a-z]+$/) {
  fail("Invalid database name '${dbname}'. Database names must only contain lowercase letters without spaces or numbers.")
}

These checks will ensure that any invalid script or dbname values will cause the Puppet run to fail with a descriptive error message.

---

✏️ Learnings added

Learnt from: redbluegreenhat
PR: miraheze/puppet#4071
File: modules/irc/manifests/pywikibot.pp:0-0
Timestamp: 2024-11-08T15:26:53.589Z
Learning: In the `irc::pywikibot` class in `modules/irc/manifests/pywikibot.pp`, validate that `script` and `dbname` contain only lowercase letters with no spaces or numbers.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[redbluegreenhat]

oops actually dbname can contain numbers, my bad. Please modify your code appropriately for this.

[coderabbitai]

@redbluegreenhat, understood! Here's the updated validation code that allows numbers in dbname:

# Validate that script contains only lowercase letters with no spaces or numbers
if !($script =~ /^[a-z]+$/) {
  fail("Invalid script name '${script}' for database '${dbname}'. Script names must only contain lowercase letters without spaces or numbers.")
}

# Validate that dbname contains only lowercase letters and numbers with no spaces
if !($dbname =~ /^[a-z0-9]+$/) {
  fail("Invalid database name '${dbname}'. Database names must only contain lowercase letters and numbers without spaces.")
}

This ensures that dbname can contain numbers while script remains restricted to lowercase letters without numbers or spaces.

---

✏️ Learnings added

Learnt from: redbluegreenhat
PR: miraheze/puppet#4071
File: modules/irc/manifests/pywikibot.pp:0-0
Timestamp: 2024-11-08T15:26:53.589Z
Learning: In the `irc::pywikibot` class in `modules/irc/manifests/pywikibot.pp`, `dbname` can contain numbers, while `script` should only contain lowercase letters with no spaces or numbers.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[redbluegreenhat]

Validation of the parameters that will end up on the command on the cron should be improved before merging, as well as having better checks on the CI at pywikibot-config.