Short description of the Open Social project:
What does the Open Social distribution do?
Open Social is a Drupal 8 distribution for building communities and social intranets. It is positioned as the successor of Drupal Commons, taking full advantage of the new possibilities of Drupal 8.
In a nutshell, our software empowers people to effectively collaborate and organize. At the time of writing Open Social is the most installed Drupal 8 distribution with over 800 active installations.
A detailed description about the project is available in this article from Acquia Developer Center.
Open Social development is done on Github but is pushed to drupal.org every new release. Our policy is that the code needs to be reviewed by at least one other developer in our team to make sure it works and to comply to the correct Drupal security practices. In addition to this we also have Travis Integration to run our functionality, unit and security tests. Example: https://travis-ci.org/goalgorilla/open_social/builds/263457859
Manual reviews of other projects
- https://www.drupal.org/node/2897211#comment-12228929
- https://www.drupal.org/node/2792763#comment-12233639
- https://www.drupal.org/node/2911452#comment-12288495
Open Social project page:
The project page of Open Social can be found at: https://www.drupal.org/project/social
Git clone command:
git clone --branch 8.x-1.x https://git.drupal.org/project/social.git
Comment | File | Size | Author |
---|---|---|---|
Open-Social-Screenshots.zip | 3.91 MB | frankgraave |
Comments
Comment #2
PA robot CreditAttribution: PA robot commentedThere are some errors reported by automated review tools, did you already check them? See http://pareview.sh/pareview/httpsgitdrupalorgprojectsocialgit
We are currently quite busy with all the project applications and we prefer projects with a review bonus. Please help reviewing and put yourself on the high priority list, then we will take a look at your project right away :-)
Also, you should get your friends, colleagues or other community members involved to review this application. Let them go through the review checklist and post a comment that sets this issue to "needs work" (they found some problems with the project) or "reviewed & tested by the community" (they found no major flaws).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #3
Open Social CreditAttribution: Open Social at Open Social commentedComment #4
jaapjan CreditAttribution: jaapjan commentedComment #5
slowflyer CreditAttribution: slowflyer commentedAutomated Review
pareview.sh shows a huge amount of messages.
A lot of messages can be cleared by running PHPCBF (CAN FIX THE n MARKED SNIFF VIOLATIONS AUTOMATICALLY)
I suggest to do this first to reduce the huge amount of messages
Manual Review
Individual user account
Yes Does follow the guidelines for individual user accounts.
No duplication
Yes: Does not cause module duplication and/or fragmentation.
Master Branch
Yes: Follows the guidelines for master branch.
Licensing
Yes: Follows the licensing requirements.
3rd party assets/code
Yes: Follows the guidelines for 3rd party assets/code.
README.txt/README.md
Yes: Follows the guidelines for in-project documentation and/or the README Template.
Code long/complex enough for review
Yes: Follows the guidelines for project length and complexity.
Secure code
Yes: Meets the security requirements. / No: List of security issues identified.]
Others
I found an inconsitency in installation methods:
https://www.drupal.org/node/2901220
Comment #6
frankgraave CreditAttribution: frankgraave for Open Social commentedHi slowflyer,
Thank you for taking the time to review our project, it is greatly appreciated! We will try out PHPCBF and see if this will work for us. We've already fixed quite a lot of these issues manually. See this pull request: https://github.com/goalgorilla/open_social/pull/475
Unfortunately, on pareview.sh we see a lot of issues with javascript and css files. We're currently looking into this and how we can fix this.
We will also take a look at the inconsistency issue regarding installation methods.
Frank
Comment #7
frankgraave CreditAttribution: frankgraave for Open Social commentedComment #8
bramtenhove CreditAttribution: bramtenhove for Open Social commentedComment #9
PA robot CreditAttribution: PA robot commentedClosing due to lack of activity. If you are still working on this application, you should fix all known problems and then set the status to "Needs review". (See also the project application workflow).
I'm a robot and this is an automated message from Project Applications Scraper.
Comment #10
Wim LeersI just tried to do another pareview.sh run, but it failed. I also don't see where we can read previous runs?
What remains to be done here? How much progress was made in making OpenSocial's code style comply with Drupal's coding standards?
Comment #11
frankgraave CreditAttribution: frankgraave for Open Social commentedHi Wim,
Thank you for taking the time and effort to help out, we appreciate it! I see, I'm also getting an error while doing another pareview.sh run.. Not sure why this happens!
We've actually just moved 3rd party libraries to composer. We've already manually fixed a lot of coding standards. But these 3rd party libraries caused a lot of coding standard issues in the automated review (which of course should not be there).
The related PR's that moves these libraries to composer:
Currently we're busy writing some documentation about these changes to help out users of Open Social before they run into any trouble. After these's PR's have been merged we will do another pareview.sh run, if it works by then. In the meantime we're trying to do a third manual review ourself to get the review bonus! A manual review is always very welcome! Thanks again!
Cheers, Frank.
Comment #12
frankgraave CreditAttribution: frankgraave for Open Social commentedComment #13
Wim Leers3rd party libraries don't need to comply with coding standards.
Can't you add a phpcs.xml file to Open Social to exclude 3rd party libraries from coding standards checks?
Comment #14
bramtenhove CreditAttribution: bramtenhove for Open Social commentedHi Wim,
Correct, but we did not had much or any issues with 3rd party PHP coding standards.
Our main issue were the JavaScript libraries. And for some reason, which I can't remember, we could not get PAReview.sh to ignore certain files or paths. And so we decided to increase the scope and fix the maintainability issues for these libraries at the same time.
We just merged the pull requests which contains all these changes, we'll push it to Drupal.org soon. And then we can see how much we still have left to fix.
Anything that is still left we'll give high priority as we are committed to getting it right!
Comment #15
Wim Leers👏🎉
Comment #16
bramtenhove CreditAttribution: bramtenhove for Open Social commentedA lot of fixes have been done and are now available in the dev branch. I'm putting this on review to also have the automated bot do some tests.
We still have work to do, but the majority of the issues is now gone. Still about 300 (mainly minor) issues left, we're trying to fix those coming week.
If anyone already wants to do a manual review this is much appreciated.
Note: the changes made with regard to the 3rd libraries require a manual change in your project's composer.json file. Please see https://www.drupal.org/docs/8/distributions/open-social/updating-open-so... first if you run into any trouble.
Comment #17
bramtenhove CreditAttribution: bramtenhove for Open Social commentedHi there!
We managed to fix nearly all issues. Tomorrow at the DrupalCon sprint we will deliver a dev version on drupal.org for retesting.
@Wim Leers are you available for a review tomorrow? I’m able (or other OS devs) to talk you through any questions you have.
Other manual reviews are also very welcome!
Comment #18
frankgraave CreditAttribution: frankgraave for Open Social commentedHi all!
There's still a pull request open containing some last bits of coding standard fixes. But other than that we've fixed almost everything regarding these coding standards and best Drupal practice warnings.
In the pareview.sh we have some warnings about modules and their prefixes not being social_. We have this on our radar and will likely deal with it at a later moment. It is not a high priority. You will also notice some issues with .css files, you can safely ignore them as these files are generated! For some reason the pareview.sh script does not detect the usage of .scss files which should skip these checks.
Please help us by giving this project a manual review!
Cheers, Frank
Comment #19
Wim Leers@bramtenhove: Sorry — I was in hard problems meetings pretty much the entire time on Friday, and then I had to catch my flight.
It'd be great if we could get feedback from a maintainer of this issue queue.
Comment #20
bramtenhove CreditAttribution: bramtenhove for Open Social commentedHi Wim, thanks for your comment. I already noticed during Friday that you were kind of busy :)
Agreed, that would be great. We'll be doing another review of one of the projects in the issue queue soon to get us self some more exposure too.
Comment #21
Wim LeersYou should've come and said hi though! :)
Comment #22
frankgraave CreditAttribution: frankgraave for Open Social commentedComment #23
bramtenhove CreditAttribution: bramtenhove for Open Social commentedWe just pushed some more code to Drupal.org and it is ready for manual review. The automated checks are done, you can view the result here: https://pareview.sh/node/2591.
We are aware that there are issues shown in the automated review. There are for example some warnings about dependency injections, we will be fixing these issues gradually during the coming time.
Next to the these warnings you will also notice a lot of errors for .css files. We will not be fixing them as these files are generated based upon our SCSS files. The Pareview.sh script should already ignore them automatically, but there might be a glitch there (see https://github.com/klausi/pareviewsh/blob/7.x-1.x/pareview.sh#L256).
Just to show that we already fixed a ton of coding style issues, the first test result (https://pareview.sh/node/2591/revisions/11398/view) was pretty bad.
Comment #24
frankgraave CreditAttribution: frankgraave for Open Social commentedComment #25
slowflyer CreditAttribution: slowflyer commentedContinue, based on my remarks on #5:
I spend a huge amount of time on Open Social in the last couple of month. Not only reviewing the code, more a learning how to use the distro, how to expand and how to solve issues I found on my way. Therefore I provided patches whenever possible.
I felt really comfortable, how code is structured and how things are implemented.
The last thing I reviewed yesterday and today where the Social API and Social Auth modules for log in using external Accounts (Facebook, Twitter, …). I did not find any issues on that.
From my point of view, the last open issue from pareview.sh, should not block Open Social from getting the “Security Advisory”.
Comment #26
mlhess CreditAttribution: mlhess as a volunteer commentedComment #27
Wim LeersWoot, https://www.drupal.org/project/social is now covered by the security advisory policy! 🎉
Great work, everyone!
Comment #28
frankgraave CreditAttribution: frankgraave for Open Social commentedHi all!
Amazing to see that we are finally covered by the security advisory policy! A big shout out to everyone that helped with pointing out issues, fixing DrupalPractice and coding standards issues. Thank you all very much for the time and effort you've taken to make this happen, it is greatly appreciated!
Cheers, Frank!
Comment #29
Taco PotzeGreat community effort!! Love to see the project in the green and covered :)