Compatibility/System Addon/Override Policies and Workflows: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
m (→‎Types of Overrides: rename section)
(Remove interventions process + IRO stuff --> https://wiki.mozilla.org/Compatibility/Interventions_Releases#Interventions_Release_Process)
Line 93: Line 93:


In addition, the injection file has to be registered in the array located in [https://github.com/mozilla/webcompat-addon/blob/master/src/data/injections.js rc/data/injections.js]. Details on available parameters can be found [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/content_scripts in the MDN web docs].
In addition, the injection file has to be registered in the array located in [https://github.com/mozilla/webcompat-addon/blob/master/src/data/injections.js rc/data/injections.js]. Details on available parameters can be found [https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/content_scripts in the MDN web docs].
= Interventions Release Process =
''Note: for simplicity, interventions and UA overrides will be referred to solely as interventions in this section.''
== Intervention Types ==
There are two types of interventions that we ship in Firefox: high priority and low priority. As a general rule of thumb, a low priority intervention will fix a long-standing bug. A high priority intervention will fix a regression in a top site. In case of confusion, please get in touch with Mike Taylor for clarification as to which class we’re dealing with.
Low priority interventions should be landed in the [https://github.com/mozilla-extensions/webcompat-addon Mozilla webcompat-addon repo] on GitHub and upstreamed to the relevant tree once per release. These do not require outside collaboration or approval to ship (except for the case of Fennec ESR, which will require Relman uplift to the ESR branch while it exists as a supported product), beyond WebCompat Addon module peer or owner approval.
High priority interventions require shipping out-of-band via Balrog ([https://bugzilla.mozilla.org/show_bug.cgi?id=1571535 or Normandy in the future]), and as such, require a more in-depth QA and Relman release process, at least for Fennec and Desktop. The process for Release Fenix is currently undefined.
== Shipping Scenarios ==
All interventions should first land in the [https://github.com/mozilla-extensions/webcompat-addon Mozilla webcompat-addon repo] on GitHub and be accompanied by a version number bump in the addon’s manifest.json. There may be high priority situations where it’s more desirable to land in Mozilla Central first. In these cases, the patches must be backported to GitHub as soon as the intervention is shipped.
Once the intervention is reviewed by a [[https://wiki.mozilla.org/Modules/All#WebCompat_Addons WebCompat Addon module peer]] and landed, one or more of the following shipping scenarios is followed, depending on the affected platforms and products:
=== Desktop Releases ===
==== Low Priority ====
# Make sure the version number in manifest.json is incremented.
# Land the updated addon version in Mozilla Central via a bug in [https://bugzilla.mozilla.org/buglist.cgi?product=Web%20Compatibility&component=Interventions&resolution=---&list_id=15330878 Web Compatibility::Interventions]
# That’s it. Let the code ride the trains.
==== High Priority ====
{{todo| make sure this is up to date with the new mozilla-extensions github actions workflow|mike}}
# File a bug to ship the addon via Balrog in the [https://bugzilla.mozilla.org/buglist.cgi?product=Web%20Compatibility&component=Interventions&resolution=---&list_id=15330878 Web Compatibility::Interventions] component
# Attach an XPI for the WebCompat QA team to test locally using the following naming convention: webcompat-N.N.N.unsigned.xpi
# When testing, QA can use an unbranded build, or Nightly.
# Describe how QA can test and verify the intervention in a comment
# QA will test and leave a comment with their findings: either sign-off, or describing unexpected behavior that needs to be investigated.
# Request the signed addon be staged to the release-sysaddon channel by :rdalal
# Ask QA to verify the release-sysaddon update works (instructions here), and the intervention works as expected
# Once QA signs off, request Relman for signoff in Balrog (a needinfo request in the bug is sufficient)
# Once the addon ships to release:
## Land the addon in Mozilla Central and request Beta uplift
## File a bug to remove the addon from Balrog in the [https://bugzilla.mozilla.org/describecomponents.cgi?product=Firefox&component=System%20Add-ons%3A%20Off-train%20Deployment#System%20Add-ons%3A%20Off-train%20Deployment Firefox::System Add-ons: Off-train Deployment] component. This should happen when the next addon version rides to release, otherwise it will be overridden by the older version in Balrog. e.g., [https://bugzilla.mozilla.org/show_bug.cgi?id=1587186 Bug 1587186].
=== Mobile Releases ===
==== Fennec ESR ====
The process for Fennec will match Desktop, except the patches need to be written against the ESR branch.
===== Low Priority =====
# Relman will need to approve ESR uplift for the next ESR release once the patch has landed in the ESR branch. This happens in Bugzilla by requesting ESR approval for the patch.
===== High Priority =====
# Follow the same steps as Desktop High Priority.
==== Fenix / Android Components ====
The system addon is served as a component. Currently [https://github.com/mozilla-mobile/fenix/blob/f5f0cb8d9caf556db586b248856a17e7052a4fa3/buildSrc/src/main/java/Dependencies.kt#L138 Fenix pulls in the latest version], which means the updated addon should be served in the next Google Play Store update.
# File an issue and open a pull request against the [https://github.com/mozilla-mobile/android-components Android Components repo] on GitHub which contains the updated addon and request review. Currently Dennis Schubert and Mike Taylor can review and merge, as well as any core member of the mozilla-mobile organization.
# That’s it. The new version will be used when the new android-components version is released (currently weekly).
{{todo| depending on how updated android components are released in Fenix, there may not be a difference between high and low priority releases. But if there is, we need to find out how to ask for an urgent version release...ideally before we need it}}
=== Final Checklist when shipping a release ===
* [ ] Verify addon version has been incremented
* [ ] Verify new intervention(s) appears in about:compat as expected
* [ ] Close all Bugzilla bugs with interventions associated with the current release
* [ ] WebCompat QA has signed off on XPI
* [ ] Balrog folks have uploaded XPI
* [ ] Relman has signed off on XPI in Balrog
* [ ] Fennec ESR uplift request, when relevant
* [ ] Desktop ESR uplift request, when relevant
* [ ] m-c beta or ESR uplift request, when relevant
* [ ] Intent to Ship email is sent to release-drivers@ mailing list for high priority releases
* [ ] WebCompat QA marks each Bugzilla bug associated with the release as VERIFIED
=== Checklist for follow-ups after landing/deploying everywhere ===
When the new addon version is released everywhere and there will be no more changes to that version, there are a couple of follow-up steps to do in preparation for the next release cycle.
* [ ] Tag the version on GitHub with `git tag -a v8.0.0 -m 'v8.0.0'` and push the tags with `git push --tags` so we have a persistent record of "what shipped when" on GitHub as well.
= Interventions Release Rotations =
Engineers on the Web Compatibility team will rotate on ownership of shipping new versions of our interventions addons, serving as an Intervention Release Owner (IRO). The process will follow a predictable 4 week schedule, mirroring the proposed 4 week [[Release_Management/Calendar|Firefox release schedule]], however, we will attempt to land the interventions 1 week before soft freeze (see the schedule above for dates). Another way to look at this is 2 weeks before release.
A tracking bug for the next release should be filed in Bugzilla (in the [[ & Tooling|Web Compatibility::Interventions]] component). Bugs for adding or removing interventions in the current release cycle should block this bug.
During bug diagnosis, if a site is identified as a low priority intervention candidate, a [https://github.com/webcompat/web-bugs/labels/action-needssitepatch label is added] for the next IRO to take care of during their rotation. Low priority interventions ride the trains without any need for uplifts or out of band shipping mechanisms. The expectation is that there will be a single regular low-priority release for each version of Firefox, driven by the IRO.
High priority interventions should be flagged immediately to the IRO who will then begin the process necessary to ship an off-train intervention.
== IRO Rotation Responsibilities ==
* Authoring, testing, landing high priority intervention patches
* Authoring, testing, landing normal priority interventions (see Candidates for interventions section below)
* Requesting testing of high risk interventions from the WebCompat QA team
* Coordinating QA verification and release stakeholders (Balrog, AC, etc) for high priority interventions
* Sending an intent-to-ship email for high priority intervention patches
* Landing patches in GitHub, Mozilla Central, and Android Components repos
* Requesting uplifts for interventions when necessary
* Backporting interventions where necessary
* Handling potential regression fallout from interventions
* Add sitepatch-applied labels to web-bugs issues, as relevant.
=== Candidates for interventions ===
There is a [https://github.com/webcompat/web-bugs/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Aaction-needssitepatch list of sites] as well as a [https://bugzilla.mozilla.org/buglist.cgi?product=Web%20Compatibility&component=Interventions&resolution=---&list_id=15328531 Bugzilla bug query] for sites that need interventions. In addition, the [https://github.com/webcompat/web-bugs/issues?q=is%3Aissue+is%3Aopen+label%3Atype-uaoverride+ `type-uaoverride`] label may be useful to look at. During a rotation, you should look at both of these sites and determine which are the most important to work on and ship (or close, if appropriate).
Lists of currently deployed interventions across the products and channels are available here https://arewehotfixingthewebyet.com/.
In addition, there is also a [https://github.com/webcompat/web-bugs/issues?q=is%3Aissue+label%3Asitepatch-applied `sitepatch-applied`] label that helps to keep track of existing interventions. Take care to add this to bugs after shipping a site patch.


= Open points for further discussion =
= Open points for further discussion =

Revision as of 19:25, 10 July 2020

Preamble

If important sites are broken in Firefox, getting them fixed is our highest priority (even if by the user agent intervening on behalf of the user). However, there's a balance to be struck: we do not have the bandwidth to fix the entire web, and patching certain problem may disincentivize developers from fixing their bugs.

As a guiding principle, if deploying a site patch or override would dramatically improve user experience or fix a top site it should be seriously considered. At the same time, we make efforts to remove the override as soon as possible, working with the site developers where possible.

To Override or not?

Our goal is to fix top sites, or sites that will have the most impact for Firefox users.

  • It's important to consider a site's popularity on a by-country level, in addition to global level.
  • We have no fixed threshold on the sites rank that qualifies for an override. However, we might set a soft limit in the future when we have more experience deploying site patches.
  • Trending sites should also be considered, even when they don't rank highly in global usage metrics.

Types of Interventions

User Agent overrides

Designing the override

  • Since we are able to set a very specific scope for overrides, we aim to limit the scope of overrides as much as possible. If only a specific site in a specific subdirectory is affected, it's much better to override just that segment instead of overriding the UA for the entire site.
  • We try to touch the user agent as little as possible. If adding a segment like "mobile" or "iPhone" solves an issue, this is should be preferred over replacing the entire UA. That way, Firefox still might be recognized by the sites statistics.

Technical details

User agent overrides are defined within src/data/ua_overrides.js of the addon sources. In this file, you will only find an array containing all active user agent overrides. Each object can have three attributes:

  • baseDomain, required: The base domain that further checks and user agents override are applied to. This does not include subdomains.
  • applications: Array of applications this override is valid in. Defaults to ["firefox"], can be one or more of:
    • firefox: Firefox Desktop (regardless of the operating system)
    • fennec: Firefox for Android
  • uriMatcher: Function that gets the requested URI passed in the first argument and needs to return boolean whether or not the override should be applied. If not provided, the user agent override will be applied every time.
  • uaTransformer, required: Function that gets the original Firefox user agent passed as its first argument and needs to return a string that will be used as the the user agent for this URI.

Examples

Gets applied for all requests to mozilla.org and subdomains made on Firefox Desktop: 

  {
    baseDomain: "mozilla.org",
    uriMatcher: (uri) => uri.includes("/app/"),
    uaTransformer: (originalUA) => `Ohai Mozilla, it's me, ${originalUA}`
  }

Applies to *.example.com/app/* on Firefox for Android: 

  {
    baseDomain: "example.com",
    applications: ["fennec"],
    uriMatcher: (uri) => uri.includes("/app/"),
    uaTransformer: (originalUA) => originalUA.replace("Firefox", "Otherfox")
  }

CSS Injections

Designing the injection

As with user agent overrides, CSS injections should be designed to use as little code as possible. Due to the nature of these overrides, it is hard to provide exact guidelines.

Injected CSS files will be in the first place of the cascading chain, so be careful to use selectors with a high specificity, or use the !important keyword.

Technical details

CSS injections are defined within individual files within the src/webextension/injections/css/ directory of the addon sources. In this folder, you will find a collection of files, one file per override or injection. For easier cross-reference, please stick to the bugNNNNN-short-description.css file name schema.

In addition, the injection file has to be registered in the constant array located at the top of src/webextension/background.js. Details on available parameters can be found in the MDN web docs.

JS Injections

Designing the injection

As with user agent overrides, JS injections should be designed to use as little code as possible. Due to the nature of these overrides, it is hard to provide exact guidelines.

The injected JS will be executed in its own context per default, check the MDN web docs for details. If it is required to run JS in the websites context, functions can be exported via exportFunction: 

Object.defineProperty(window.wrappedJSObject, "isTestFeatureSupported", {
  get: exportFunction(function() {
    return true;
  }, window),

  set: exportFunction(function() {}, window)
});

Technical details

JS injections are defined within individual files within the src/webextension/injections/js/ directory of the addon sources. In this folder, you will find a collection of files, one file per override or injection. For easier cross-reference, please stick to the bugNNNNN-short-description.js file name schema.

In addition, the injection file has to be registered in the array located in rc/data/injections.js. Details on available parameters can be found in the MDN web docs.

Open points for further discussion

Some cases might never be added to this decision guide, but discussed with the team on the individual case:

  • Should we override/inject if a site adds a "Your browser is not supported" note? What if the warning is really annoying or even blocking the site, what if it's just a note?
  • How do we make sure that our override is indeed working? What do we need to test?
  • Do we override websites that require a login? How can we ensure that we don't break the site with overriding the user agent or injecting code?
Retrieved from "https://wiki.allizom.org/index.php?title=Compatibility/System_Addon/Override_Policies_and_Workflows&oldid=1228980"