Sandbox request for learn.wordpress.org testing

I would like to request a Dotorg sandbox in order to test bug fixes and enhancements for learn.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/.

At the moment members of the WordPress training team do have a way to configure a local development environment for testing bug fixes and enhancements, but it doesn’t allow us to easily test those against as close to a copy of the live environment as possible.

This means we have to rely on someone who already has a sandbox to do a final test before we can merge any changes.

To achieve this, I’d like to request a sandbox that does not have svn commit access, meaning I would not be able to commit changes or trigger a deployment, but has write access to the files and folders relevant to learn.wordpress.org so that I could test code changes submitted as PRs on our GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ repository.

The relevant files and folders are:

  • wp-content/mu-plugins/pub/locale-switcher.php
  • wp-content/mu-plugins/pub/class-validator.php
  • wp-content/mu-plugins/pub/locales.php
  • wp-content/plugins/sensei-pro
  • wp-content/plugins/wporg-learn
  • wp-content/themes/pub/wporg-learn-2020

A sandbox with this configuration will allow us to perform this final test within the training team, without needing to rely on folks from other teams. DeployingDeploy Launching code from a local development environment to the production web server, so that it's available to visitors. the changes would still require an additional check from a member of the MetaMeta Meta is a term that refers to the inside workings of a group. For us, this is the team that works on internal WordPress sites like WordCamp Central and Make WordPress. team who does have svn commit access. 

Please let me know if you have any questions about this request, or if you need anything from me.

#prio2

Help Scout DKIM update

Hi, we got the following email from Help Scout. I’m not sure if it applies to both of our instances, or only one of them. The records need to be updated by October 16th.

As of October 16th, 2023 we will no longer be relying on SPF authentication tied to your domain when using Help Scout servers to send email as your custom email address. We are moving to a method with a focus on DKIM instead, to both modernize our infrastructure and align with industry best practices.

You’re receiving this message because your domain(s) currently has a DMARC record set to p=reject, but does not have the CNAME records to allow DKIM authentication for emails sent from Help Scout. If you do not take action before we make these changes, emails you send from Help Scout will be rejected by many email servers as they will no longer be DMARC aligned.

To continue using Help Scout servers to send emails as your domain, you’ll need to create a couple of CNAME records at the DNSDNS DNS is an acronym for Domain Name System - how you assign a human readable address to a website’s exact numeric coded location (ie. wordpress.org uses the actual IP address 198.143.164.252). provider for your domain so that recipient servers can authenticate the DKIM signature on emails you send from Help Scout.

You’ll need two CNAME records:

strong1._domainkey.[yourdomain] should point to strong1._domainkey.helpscout.net
strong2._domainkey.[yourdomain] should point to strong2._domainkey.helpscout.net

Our article Use DKIM to Help With Email Deliverability has a bit more information if you need it.

Alternatively, you may choose to set up your Help Scout mailbox to connect to your email provider to send email, instead of sending from our servers. You do not need to make changes to your DNS records if you choose to change the sending method.

Our article Outgoing Email Settings explains a bit more about the different options and has links to help with setting up the connection to your provider.

#prio1

Email for events.wordpress.org

Hi, the Community Team would like to start creating events.wordpress.org email addresses, to correspond with the sites we recently setup. Similar to WordCampWordCamp WordCamps are casual, locally-organized conferences covering everything related to WordPress. They're one of the places where the WordPress community comes together to teach one another what they’ve learned throughout the year and share the joy. Learn more. addresses, they would be hosted in the WordPress Foundation GSuite, and would take the format of japan@events.wordpress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/, etc.

Are there any complications around that? If not, can you please set it up? I’ve added the domain to the info@wordpressfoundation.org account, but it needs to be verified with a TXT record. You can get the value from https://admin.google.com/ > Account > Domains > Manage Domains. I’m assuming they’ll provide the MX values etc after that process is complete.

Let me know if you have any thoughts or if there’s anything else you need.

Thanks!

#prio2

Upgrade TracWPCookies plugin

tl;dr: Please upgrade TracTrac Trac is the place where contributors create issues for bugs or feature requests much like GitHub.https://core.trac.wordpress.org/. to run: 0.2-transitional – Supports existing cookies, and future session cookies. diff .zip. A second request will be made to upgrade to 0.2.

Currently WordPress.orgWordPress.org The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization. https://wordpress.org/ doesn’t use WordPress Sessions, this was for two reasons: 1) bbPressbbPress Free, open source software built on top of WordPress for easily creating forums on sites. https://bbpress.org. 1.x, 2) Trac

We no longer have any bbPress 1.x installations present requiring authentication, leaving Trac as the only barrier to enabling the usage of it on WordPress.org infrastructure.
Current 2FA work will require sessions in order to keep track of the authentication type and time since last-2fa-challenge.

WordPress uses user_meta to store the Sessions by default, but that’s not ideal for our usage (primarily due to PHPPHP PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML. http://php.net/manual/en/intro-whatis.php. Serialized arrays needing decoding by trac python), so I’ve adopted the same table structure used on WordPress.comWordPress.com An online implementation of WordPress code that lets you immediately access a new WordPress environment to publish your content. WordPress.com is a private company owned by Automattic that hosts the largest multisite in the world. This is arguably the best place to start blogging if you have never touched WordPress before. https://wordpress.com/ for user sessions – wp_user_sessions

Here are two versions of the pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party, and a diff (GitHubGitHub GitHub is a website that offers online implementation of git repositories that can easily be shared, copied and modified by other developers. Public repositories are free to host, private repositories require a paid subscription. GitHub introduced the concept of the ‘pull request’ where code changes done in branches by contributors can be reviewed and discussed before being merged be the repository owner. https://github.com/ PRs) from present for code/security review if wanted.

  • 0.2 – Supports user cookies with session tokens only diff .zip
  • 0.2-transitional – Supports existing cookies, and future session cookies. diff .zip

Installation steps:

  • Define wp_user_sessions = wporg_user_sessions in the [wordpress] section of the existing Trac config.
  • Remove existing 0.1 version of the plugin.
  • Install 0.2-transitional, Existing cookies should continue to work.

At a future date when Session support has been enabled permanently on WordPress.org:

  • Remove 0.2-transitional and replace with 0.2
  • Existing cookies at that time should be all with Sessions, and so they’ll continue to work. Older session-less cookies will no longer pass auth.

Implementation notes:

  • The auth_salt and auth_key do not need to be updated during this process, as the tokenised cookies simply add an extra token value.
  • The cookie names will remain the same to avoid any other systems-related changes needing to be made.
  • The SQL introduces a join to an additional table for sessions, a const index is used.
  • The WordPress wp_user_session code is here: https://github.com/WordPress/wporg-mu-plugins/pull/345 (It’s WordPress 6.2+, Includes memcache, is based off the WordPress.com implementation)
  • I have tested this on my own Trac + WordPress install, using both wp_user_sessions and no-session cookies.

#auth, #prio1, #trac

Upgrade Node.js/npm on the Build Server

Can Node.js 18.x be installed on the build server with the paired version of npm (currently 9.3.1)?

CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. currently uses Node.js 14.x, which will reach EOL on April 30, 2023. Work is underway for both Core and GutenbergGutenberg The Gutenberg project is the new Editor Interface for WordPress. The editor improves the process and experience of creating new content, making writing rich content much simpler. It uses ‘blocks’ to add richness rather than shortcodes, custom HTML etc. https://wordpress.org/gutenberg/ to support 18.x (see Core Trac-56658 and this Gutenberg PR/Issue list). The changes needed to support 18.x are being made now with the aim of changing the actual version used in both locations prior the EOL date in a few months.

There are currently no plans to update older branches receiving minor or security releases at this time, so 14.x will need to remain on the server for the time being.

CC: @gziolo who I’ve been coordinating with on the Gutenberg side of things.

#prio2

Deploy & Clear caches for: Planet & Codex

Planet:

In r18253-dotorg I altered a feed url from httpHTTP HTTP is an acronym for Hyper Text Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. to httpsHTTPS HTTPS is an acronym for Hyper Text Transfer Protocol Secure. HTTPS is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. This is especially helpful for protecting sensitive data like banking information., which requires the planet cache to be cleared in order for feed updates to continue. I have not deployedDeploy Launching code from a local development environment to the production web server, so that it's available to visitors. this change yet to planet.
r18257-dotorg alters where planet gets it’s headerHeader The header of your site is typically the first thing people will experience. The masthead or header art located across the top of your page is part of the look and feel of your website. It can influence a visitor’s opinion about your content and you/ your organization’s brand. It may also look different on different screen sizes./footer from, using some new APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. endpoints, to fetch a new header/footer.

Tested & confirmed working on sandbox.

Please deployDeploy Launching code from a local development environment to the production web server, so that it's available to visitors. & clear Planet cache.

Codex:

In r14081-deploy I altered the Codex header/footer curl script to pull from the same set of new API endpoints.

Tested & confirmed working on my sandbox.

Please deploy & clear the Codex cache.

#prio2 #codex #planet #deploy

Hi, can the following users…

Hi, can the following users get MC and GA access for dotorg? Release management is not needed, it’s for stats.

  • callye
  • dansoschin
  • eidolonnight

#prio2

cc @andreamiddleton

Patterns API: maybe cache/direct to proper upstreams

https://api.wordpress.org/patterns/1.0/ will start to receive increased GET API requests following Gutenberg PR 28800 being merged, and ultimately being used in WordPress 5.8.

I’m unsure what the request load will be to this endpoint, or how varied the requests will be at this stage, so just flagging this early for attention.

Currently this APIAPI An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways. endpoint is handled by the catchall API upstream pool, it might make sense to shift this into the coreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. or plugins/themes API pools.

The API currently assumes that it’ll be cached by nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/. (which it’s not), and loads WordPress on every API request. No caching is included at present, other than standard WordPress object caching.
The API only accepts GET requests.

Requests to this endpoint will be all GET and potentially of high volume with similar cacheable responses:

  • GET https://api.wordpress.org/patterns/1.0/?pattern-keywords=11
  • GET https://api.wordpress.org/patterns/1.0/?pattern-categories=1234
  • GET https://api.wordpress.org/patterns/1.0/?search=gallery
  • GET https://api.wordpress.org/patterns/1.0/?pattern-keywords=11&search=gallery
  • GET https://api.wordpress.org/patterns/1.0/?pattern-categories=1234&search=instagram

cc @iandunn

#prio1

Vary nginx cache by wporg_locale cookie value

This cookie gets set by the locale-detection pluginPlugin A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https://wordpress.org/plugins/ or can be cost-based plugin from a third-party, which is used on the login site, and soon on the Learn WordPress site. In the case of Learn, the value of this cookie will determine the language that is displayed in the front end UIUI UI is an acronym for User Interface - the layout of the page the user interacts with. Think ‘how are they doing that’ and less about what they are doing. of the site (see this PR). Caching the pages without consideration of the chosen locale has a lot of potential for bad UXUX UX is an acronym for User Experience - the way the user uses the UI. Think ‘what they are doing’ and less about how they do it..

Could we update the nginxNGINX NGINX is open source software for web serving, reverse proxying, caching, load balancing, media streaming, and more. It started out as a web server designed for maximum performance and stability. In addition to its HTTP server capabilities, NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. https://www.nginx.com/. config to take this cookie into account when caching wporg pages? This locale switching functionality is intended for use on various wp.org sites beyond just Learn, so ideally this change would apply for *.wordpress.org

#prio1 because we’d like to get the locale switcher launched on the Learn site soon.

Bumping this down to #prio2 as it was worked around, but needs a call on whether this should just be closed or not.

DNS hosting for gutenberg.run

Hi, I’m working w/ @aduth to transfer the gutenberg.run domain to the Foundation. MarkMonitor has initiated the transfer, can you please setup DNSDNS DNS is an acronym for Domain Name System - how you assign a human readable address to a website’s exact numeric coded location (ie. wordpress.org uses the actual IP address 198.143.164.252). hosting on our end, and update the nameservers w/ MM after the domain lands?

I think the only needed record is an A to 138.197.4.192, and the www CNAME.

#prio1 (since the old registrar is currently doing DNS hosting)

Thanks!