Jump to content


From Wikitech
Toolforge tools
Website https://tools-static.wmflabs.org/ultraviolet/builds/
Description Build server and static hosting for the w:WP:Ultraviolet userscript
Author(s) (Sportzpikachutalk)
Maintainer(s) Sportzpikachu, Chlod (View all)
Source code https://gitlab.wikimedia.org/repos/10nm/uvray
License Apache License 2.0
Issues Open tasks · Report a bug
Admin log Tools.ultraviolet/SAL

The Ultraviolet tool provides static hosting for build artifacts of the userscript. Production (i.e. deployed onwiki) versions of UV load assets from https://tools-static.wmflabs.org/ultraviolet/builds/. The tool runs a webservice at https://ultraviolet.toolforge.org/ that acts as an API for Gitlab CI to upload builds. The source code for the webservice can be found at gitlab:repos/10nm/uvray.

A script gerrit-vue-watcher also runs as a daily Toolforge cronjob. It uses the gerrit API to look for changes matching a query (currently those matching repo:"mediawiki/core" AND path:"^resources/(src|lib)/(vue|pinia)/.*") and sends them to a discord webhook. It expects to be in ~/gerrit-vue-watcher and uses the webhook from the GERRIT_WEBHOOK_URL envvar.


This tool runs as the ultraviolet account on Toolforge.

Updating uvray

After merging commits to master on Gitlab:

$ become ultraviolet
$ git -C $HOME/www/js pull && webservice restart
$ webservice logs
2024-06-16T10:11:26+00:00 [ultraviolet-556b65bcd5-96vrz]
2024-06-16T10:11:26+00:00 [ultraviolet-556b65bcd5-96vrz] > uvray@1.0.0 start
2024-06-16T10:11:26+00:00 [ultraviolet-556b65bcd5-96vrz] > node server.js
2024-06-16T10:11:26+00:00 [ultraviolet-556b65bcd5-96vrz]
2024-06-16T10:11:27+00:00 [ultraviolet-556b65bcd5-96vrz] using static dir /data/project/ultraviolet/www/static/builds

Reset deploy token

If the Gitlab CI pipeline was compromised somehow, or just to rotate it every now and then:

  1. Generate a secret (check the current value of UV_DEPLOY_TOKEN in Gitlab settings for an example)
  2. Ensure no pipelines are currently running, then change the value of UV_DEPLOY_TOKEN in Gitlab settings
    • The token should be Masked but not Protected (review apps deploy on unprotected branches)
  3. On toolforge:
$ become ultraviolet
$ toolforge envvars create UV_DEPLOY_TOKEN "hunter2"
$ webservice restart
$ webservice logs

Redeploy gerrit-vue-watcher

$ become ultraviolet
$ cd gerrit-vue-watcher
$ git pull
$ toolforge jobs delete gerrit-vue-watcher
$ ./deploy.sh

Restart (force run) gerrit-vue-watcher

This ignores the cron scheduling and tells Toolforge to run the job immediately.

$ become ultraviolet
$ toolforge jobs restart gerrit-vue-watcher