Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Problem/Motivation
Basically all of the Update module test XML fixtures include a <tag> value. In the vast majority of cases, these values are bogus, and represent tags we used to use in the CVS days:
<tag>DRUPAL-8-0-2</tag>
There's no code in all of Update module, nor its tests, that look at this value:
% grep -i -r 'tag' --exclude '*.xml' core/modules/update
core/modules/update/migrations/update_settings.yml:migration_tags:
core/modules/update/update.module: * 'Insecure' release type tag in update XML provided by Drupal.org to
core/modules/update/update.module: trigger_error("_update_equivalent_security_releases() was a temporary fix and will be removed before 9.0.0. Use the 'Insecure' release type tag in update XML provided by Drupal.org to determine if releases are insecure.", E_USER_DEPRECATED);
core/modules/update/update.services.yml: tags:
core/modules/update/update.services.yml: tags:
I think it's something I added to the feed 10+ years ago, thinking we'd care in core, but in practice, we don't. Other possible consumers of these feeds might care, so we don't want to remove it from d.o, but it's pointless to have bogus tag values in our test fixtures.
We keep copying fixtures to add more test cases, propagating the bogus tags. I keep flagging it for review.
Proposed resolution
Let's completely purge all the test fixtures of <tag> so we don't keep confusing ourselves and generating more noise during patch/test reviews.
Remaining tasks
Purge<tag>from all fixtures.Verify all the tests still pass.- Review.
- RTBC.
- Commit.
User interface changes
N/A
API changes
N/A
Data model changes
N/A
Release notes snippet
N/A
| Comment | File | Size | Author |
|---|---|---|---|
| #10 | 3113798-10.8_8.patch | 122.59 KB | dww |
| #10 | 3113798-10.patch | 122.32 KB | dww |
Comments
Comment #2
dwwperl -n -i.bak -e 'print unless m/<tag>/' *.xml;)
Comment #3
dwwAll tests passed, so crossing that off from remaining tasks.
Also, calling this a sub-task of #3110917: [meta] Fix update XML fixtures bad data
Thanks,
-Derek
Comment #4
tedbowLooking at the XML that drupal.org produces:
legacy
https://updates.drupal.org/release-history/drupal/8.x
and current
https://updates.drupal.org/release-history/drupal/current
They do have the "tag" element although with different values
the documentation https://www.drupal.org/drupalorg/docs/apis/update-status-xml
says
In my opinion our test fixtures should be as close as possible to what drupal.org's XML as possible. If there is no use for this element it should be removed from the drupal.org XML first.
It is very unlikely but having it in our test fixtures would stop us from doing something like
Of course you could make that argument for any possible key of
$releasebut in this we know it will be set on the drupal.org XML.Comment #5
dwwRe: #4:
A) Yes, both feeds have the value. They have the same values (the git tags). Not sure what you mean by "although with different values". I can't spot any examples of that.
B)
Then there are a bunch of other values that our test fixtures are missing, like the entire
<files>section for each release, etc. IMHO, our test fixtures should be realistic, but only include enough info for the tests to do their job. There's 0 code in update module that uses this, neither the code nor the tests, so this is entirely noise:In other core test fixtures (e.g. default views for tests) we tend to keep the default view config as small as possible for each test, instead of having full views exports for every single test view. This generally makes it easier to understand, since you don't have to read through 2000 lines of views config for every test view.
C)
Update module isn't the only possible consumer of this API. Just because update.module nor our tests reference these values doesn't mean d.o should remove them from the feed. Added note about this to the summary.
D)
That's quite a stretch. ;)
If you want to keep
<tag>in the fixtures, then we have a very large task to actually go through and give them accurate values. That's going to take hours, and we have much more important fish to fry. Instead, we could agree that this is completely meaningless garbage in our fixtures that's accumulated over the years from copy/paste that should be purged by script. ;)Thanks,
-Derek
Comment #6
dwwRefreshing this, and adding a 8.8.x version. Interdiff is pointless.
Comment #7
tedbowI still think our test fixtures should mimic updates.drupal.org as much as possible.
Related I created
Comment #8
dww@tedbow Re: #7: It's not clear if you've read #5. I don't want to repeat all those reasons here. Would you be willing to respond to the specific points in #5?
Thanks,
-Derek
Comment #9
xjmComment #10
dwwRe-generated patches now that #3121020: Move Update Manager XML test fixtures into a fixtures/release-history directory landed. The main patch applies cleanly to 9.1.x through 8.9.x. Separate patch needed for 8.8.x.
Comment #12
quietone commentedDipping my toes into the update system here ....
First, I read the issue, then went to see if the latest patch applied to 9.2.x. It does. The I went back to see what the perl command in #2 does (I don't know perl). Figured that out and made a new patch. Made a diff of the with the 9.1.x patch in #10. It is only index changes. So no new changes to the patch. I will start a test for 9.2.x.
Then went back to consider whether
<tag>should be removed or not. There are valid point raised in #5 and #7. I mulled it over for a while and then talked to dww on Slack. I learned that I was confused about the output of updates.durpal.org. I had misunderstood and thought that data ffor<tag>from there was incorrect not just the data in the test files. So, now that that is cleared up I fully support fixture files that have only the data necessary for the test. I think we can trust the dev and the review process to ensure the test is robust. So, yes, lets remove<tag>.Separate from this issue is that I also spent a bit of time looking at documentation.
Comment #13
quietone commentedTests are passing on 9.2.x so RTBC.
Comment #14
dwwYay, thanks @quietone!
I now realize that #3110917: [meta] Fix update XML fixtures bad data is basically duplicate with #1478294: Update manager XML test fixtures contain D7 links to D8 releases, although #3110917 has a better scope at the moment.
I totally agree we (probably I) should document what parts of these feeds the update manager actually uses. I'm not sure if update.api.php is the best spot, since that's usually where we document the external API a given module provides (e.g. the hooks it invokes that other modules can use), right? Do we put internal API docs in there, too? Anyway, split that out to #3203359: Document what elements in the release history XML feeds the Update manager uses. Comments welcome there for where to put the docs.
Also good question on https://www.drupal.org/drupalorg/docs/apis/update-status-xml -- I'm 95% sure that's complete (all thanks to @drumm and @tedbow), but it's worth a review to be sure.
Thanks again!
-Derek
Comment #16
catchOK I am nearly on the fence with this one. It is tempting to say the fixtures should be identical to the feed, but if so I think we'd want to literally copy a snapshot of the feed every so often. i.e. if d.o had suddenly added '' we have no process in core to add it to the test fixtures unless we relied on it. Since we don't have that, having the XML be concise (and hence closer to human-readable) seems like an OK trade-off, especially given some of the values are incorrect in the test fixtures.
Committed/pushed to 9.2.x, thanks!