diff --git a/.github/MAINTAINER_GUIDELINES.md b/.github/MAINTAINER_GUIDELINES.md index ab4319e21ed..f97cf425292 100644 --- a/.github/MAINTAINER_GUIDELINES.md +++ b/.github/MAINTAINER_GUIDELINES.md @@ -4,12 +4,13 @@ In general, the same [guidelines](https://devdocs.magento.com/contributor-guide/ ## General expectations -- Self assign issues/pull requests (mostly pull requests) - - Review and approve or request changes - - Enforce the use of the issue/pull requests template - - Ask contributors to link to the code base to validate documentation updates when applicable - - Ask contributors not to contribute to unsupported versions of documentation when applicable -- If a DevDocs maintainer creates a pull request, it must be reviewed by another maintainer or DevDocs admin +- Self assign issues/pull requests (mostly pull requests). See the [Pull Request Process wiki topic](https://github.com/magento/devdocs/wiki/Pull-Request-Process) to learn more. + - Review and approve, or request changes. + - Enforce the use of the issue/pull request template. + - Ask contributors to link to the code base to validate documentation updates when applicable. + - Ask contributors not to contribute to unsupported versions of documentation when applicable. + - Ask contributors to add a [`whatsnew`](https://github.com/magento/devdocs/wiki/Pull-Request-Process) to their `New Topic`, `Major Update`, or `Technical` labeled PRs. +- If a DevDocs maintainer creates a pull request, it must be reviewed by another maintainer or DevDocs admin. ## Labels @@ -23,12 +24,21 @@ Here is a brief summary of the most important labels: - `Editorial`: Typos, grammatical inconsistencies, or minor rewrites - `small changes`: See [Small changes workflow](#small-changes-workflow) +PRs with the `Internal Dev` label were created by Magento/Adobe employees and will be handled by the Documentation team only. + We also use version labels when appropriate (for example, 2.3.x). As a maintainer, we expect you to add or remove labels according to these guidelines. See https://github.com/magento/devdocs/labels for all labels and their descriptions. +## Communicating internally and externally + +There may be instances in which a maintainer has questions about a specific PR or issue. There are proper channels for communicating internally (Magento) and externally (contributors): + +- Externally: Questions, revisions, or other conversation with the contributor must happen within the applicable PR or issue. Tag the contributor, if needed, to get their attention. +- Internally: Questions for the Magento Documentation team about a PR or issue can happen as a comment in the applicable PR or issue or within the #devdocs_maintainers channel in Magento Community Engineering Slack. If your question pertains to a specific team member, you can tag their name to initiate the conversation. + ## Testing We use a private CI/CD stack and do not provide access to it. diff --git a/src/_data/toc/cloud-guide.yml b/src/_data/toc/cloud-guide.yml index 5301ccbc623..7f65c8bbb9b 100644 --- a/src/_data/toc/cloud-guide.yml +++ b/src/_data/toc/cloud-guide.yml @@ -343,7 +343,7 @@ pages: versionless: true - label: IP allow list - url: /cloud/cdn/fastly-vcl-whitelist.html + url: /cloud/cdn/fastly-vcl-allowlist.html versionless: true - label: IP block list diff --git a/src/_data/toc/marketplace-sellers.yml b/src/_data/toc/marketplace-sellers.yml index a3c9b13553d..d0d30361686 100644 --- a/src/_data/toc/marketplace-sellers.yml +++ b/src/_data/toc/marketplace-sellers.yml @@ -103,8 +103,24 @@ pages: url: /marketplace/sellers/technical-review-guidelines.html versionless: true - - label: Code Validation - url: /marketplace/sellers/code-validation.html + - label: Malware Scan + url: /marketplace/sellers/malware-scan.html + versionless: true + + - label: Code Sniffer + url: /marketplace/sellers/code-sniffer.html + versionless: true + + - label: Installation and Varnish Tests + url: /marketplace/sellers/installation-and-varnish-tests.html + versionless: true + + - label: Copy Paste Detector + url: /marketplace/sellers/copy-paste-detector.html + versionless: true + + - label: Semantic Version Check + url: /marketplace/sellers/semantic-version-check.html versionless: true - label: Submit for Marketing Review @@ -153,12 +169,3 @@ pages: - label: Analytics url: /marketplace/sellers/analytics.html versionless: true - -- label: Technical Reference - url: /marketplace/sellers/technical-reference.html - versionless: true - children: - - - label: Packaging v1.x Extensions - url: /marketplace/sellers/packaging-v1x-extensions.html - versionless: true diff --git a/src/cloud/architecture/pro-architecture.md b/src/cloud/architecture/pro-architecture.md index 48840e2b590..3ab346baa22 100644 --- a/src/cloud/architecture/pro-architecture.md +++ b/src/cloud/architecture/pro-architecture.md @@ -148,7 +148,7 @@ You cannot create a branch from the Production environment branch. You must push Rather than running a traditional, active-passive master or a master-slave setup, {{site.data.var.ece}} runs a redundant architecture where all three instances accept reads and writes. This architecture offers zero downtime when scaling and provides guaranteed transactional integrity. -Because of our unique, redundant hardware, we can provide you with three gateway servers. Most external services enable you to [whitelist](https://glossary.magento.com/whitelist) multiple IP addresses, so having more than one fixed IP address is not a problem. +Because of our unique, redundant hardware, we can provide you with three gateway servers. Most external services enable you to add multiple IP addresses to an [allowlist](https://glossary.magento.com/whitelist), so having more than one fixed IP address is not a problem. The three gateways map to the three servers in your Production environment cluster and retain static IP addresses. It is fully redundant and highly available at every level: diff --git a/src/cloud/cdn/fastly-vcl-allowlist.md b/src/cloud/cdn/fastly-vcl-allowlist.md index fcca4541c17..750194aa8f2 100644 --- a/src/cloud/cdn/fastly-vcl-allowlist.md +++ b/src/cloud/cdn/fastly-vcl-allowlist.md @@ -1,8 +1,6 @@ --- group: cloud-guide title: Custom VCL for allowing requests -redirect_from: - - /cloud/configure/fastly-vcl-whitelist.html functional_areas: - Cloud - Setup @@ -89,11 +87,11 @@ In the code sample, the condition `!req.http.Fastly-FF` is important when using After reviewing and updating the code for your environment, use either of the following methods to add the custom VCL snippet to your Fastly service configuration: -- [Add the custom VCL snippet from the Magento Admin](#add-whitelist-vcl). This method is recommended if you can access the Magento Admin UI. (Requires [Fastly CDN module for Magento 2 version 1.2.58]({{site.baseurl}}/cloud/cdn/configure-fastly.html#upgrade) or later.) +- [Add the custom VCL snippet from the Magento Admin](#add-the-custom-vcl-snippet). This method is recommended if you can access the Magento Admin UI. (Requires [Fastly CDN module for Magento 2 version 1.2.58]({{site.baseurl}}/cloud/cdn/configure-fastly.html#upgrade) or later.) - Save the JSON code example to a file (for example, `allowlist.json`) and [upload it using the Fastly API]({{site.baseurl}}/cloud/cdn/cloud-vcl-custom-snippets.html#manage-custom-vcl-snippets-using-the-api). Use this method if you cannot access the Magento Admin UI. -## Add the custom VCL snippet {#add-whitelist-vcl} +## Add the custom VCL snippet {% include cloud/admin-ui-login-step.md %} diff --git a/src/cloud/docker/docker-extend.md b/src/cloud/docker/docker-extend.md index 67dd31aa8e7..39e41948a0c 100644 --- a/src/cloud/docker/docker-extend.md +++ b/src/cloud/docker/docker-extend.md @@ -15,8 +15,8 @@ You can use the built-in extension mechanism of Docker to specify [multiple comp version: '2' services: deploy: - environment: - - ENABLE_SENDMAIL=false + environment: + - ENABLE_SENDMAIL=false ``` 1. Pass both configuration files while executing your commands. For example: @@ -27,17 +27,16 @@ You can use the built-in extension mechanism of Docker to specify [multiple comp ## Specify Docker build sources -To test changes to images or make more extensive changes to the containers, you must build them from source. You can do this by -by adding the `build:context` configuration to the `docker-compose.override.yml` file. +To test changes to images or make more extensive changes to the containers, you must build them from source. You can do this by adding the `build:context` configuration to the `docker-compose.override.yml` file. The following example defines the build context for the Web container. You can use the same technique to build from any of the images in the `vendor/magento/magento-cloud-docker` directory or any other Docker image, including local images that are resourced outside the project. ```yaml version: '2.1' services: - web: + web: build: - context: ./vendor/magento/magento-cloud-docker/images/nginx/1.9/ + context: ./vendor/magento/magento-cloud-docker/images/nginx/1.9/ ``` To update the container configuration and test iteratively, use the `--force-recreate` option to refresh the container build: @@ -48,64 +47,111 @@ docker-compose up -d --force-recreate --build ## Add a new version of existing service -In {{site.data.var.mcd}} package the available [service versions] are determined by the Docker service images configured in the {{site.data.var.mcd}} `images` directory. You can add a new service version by creating a directory for the version and adding a `Dockerfile` and other files to configure the new version. +In the `{{site.data.var.mcd-package}}` package, the available [service versions] are determined by the Docker service images configured in the `images` directory. You add a new service version by creating a directory for the version and adding a `Dockerfile` and other files to configure the new version. {:.procedure} To add a new service version using a `Dockerfile`: -1. Clone the `{{site.data.var.mcd}}` project to your local environment if necessary. +1. Clone the `{{site.data.var.mcd-package}}` project to your local environment if necessary. 1. On the command line, change to the directory that contains the existing service version configurations. ```bash - cd magento-cloud-docker/images/ + cd magento-cloud-docker/images/ ``` 1. Create a directory for the new version. -1. In the new directory, add the `Dockerfile` that contains the image configuration details for the new version. Use the `Dockerfile` for an existing version as a template and add any other required configuration such as supported plugins. +1. Change to the new directory. + +1. Create a `Dockerfile` with any additional configuration details for the new version, such as supported plugins. You can use the `Dockerfile` from the previous version as a template. 1. Add the `docker-entrypoint.sh` and `healthcheck` files if needed. 1. Add any necessary `.conf` and `.ini` files for the service to the `etc` directory. -1. Run the following command to build the image. +1. Build the image. - `docker build -t test/:` + ```bash + docker build -t test/: + ``` -1. Once the build succeeds, test the changes by specifying the [Docker build sources]. +1. After the build succeeds, test the changes by specifying the [Docker build sources]. ## Add a new PHP extension -In addition to built-in extensions, you can add PHP extensions to the PHP container. +You can add PHP extensions to the PHP container by adding the extension configuration to the [ExtensionResolver.php] configuration file for {{ site.data.var.mcd-prod }}. {:.procedure} To add a new PHP extension: -1. Clone the `{{site.data.var.mcd}}` project to your local environment if necessary. +1. Clone the `{{site.data.var.mcd-package}}` project to your local environment. 1. On the command line, navigate to the PHP directory. ```bash cd magento-cloud-docker/src/Compose/Php + ``` -1. Open the `ExtensionResolver.php` file, define the required extension inside the `getConfig` method by specifying the extension type and dependency. +1. Add one or more extensions to the `ExtensionResolver.php` file: - For instance the following block adds the GNUPG extension: + - Open the `ExtensionResolver.php` file for editing. - ```php?start_inline=1 - 'gnupg' => [ - '>=7.0' => [ - self::EXTENSION_TYPE => self::EXTENSION_TYPE_PECL, - self::EXTENSION_OS_DEPENDENCIES => ['libgpgme11-dev'], - ],], - ``` + - Specify the required extension in the `getConfig` method by specifying the extension type and dependency. + + For example, the following block adds the `bcmath` extension: - The extension type can be either CORE or PECL, which are defined as `EXTENSION_TYPE_PECL` or `EXTENSION_TYPE_CORE` respectively. + ```php?start_inline=1 + public static function getConfig(): array + ... + + 'bcmath' => [ + '>=7.0' => [self::EXTENSION_TYPE => self::EXTENSION_TYPE_CORE], + ], + ... + ``` + {:.no-copy} + + In this case, the `bcmath` PHP core extension installs from `docker-php-source` images. + + {:.bs-callout-info} + The configuration you specify depends on the location of the extension source files and method of installation. You can add PHP core extensions from the official Docker PHP images, from the PECL repository, or using an installation script. For details on the configuration attributes and format for the `getConfig` method, see [PHP extension configuration reference](#php-extension-configuration-reference). + +1. Enable the extension by default, or by adding it to the `.magento.app.yaml` file: + + - To enable an extension by default, add it to the `DEFAULT_PHP_EXTENSIONS` array in the `ExtensionResolver.php` file. + + ```php?start_inline=1 + + /** + * Extensions which should be installed by default + */ + public const DEFAULT_PHP_EXTENSIONS = [ + 'bcmath', + 'bz2', + 'calendar', + 'exif', + 'gd', + 'gettext', + 'intl', + 'mysqli', + 'pcntl', + 'pdo_mysql', + 'soap', + 'sockets', + 'sysvmsg', + 'sysvsem', + 'sysvshm', + 'opcache', + 'zip', + ]; + ``` + + - If you add the extension to the `.magento.app.yaml` for your Cloud project, you must regenerate the Docker compose configuration file and restart the Docker container. 1. Add any required `.ini` files to the PHP FPM container configuration. - - On the command line, navigate to FPM image directory `magento-cloud-docker/images/php/fpm`: + - On the command line, navigate to the FPM image directory `magento-cloud-docker/images/php/fpm`: ```bash cd ../../../images/php/fpm @@ -131,9 +177,9 @@ To add a new PHP extension: - For each `.ini` file that you add, you must add the following line to the `Dockerfile` (`magento-cloud-docker/images/php/cli/Dockerfile`): - ```conf - ADD etc/.ini /usr/local/etc/php/conf.d/.ini - ``` + ```conf + ADD etc/.ini /usr/local/etc/php/conf.d/.ini + ``` 1. Generate an updated `Dockerfile` for all PHP image versions included in the {{site.data.var.mcd}} package. @@ -143,9 +189,99 @@ To add a new PHP extension: 1. Test the extension by specifying the [Docker build sources]. -[multiple compose files]: https://docs.docker.com/compose/reference/overview/#specifying-multiple-compose-files -[service versions]: https://devdocs.magento.com/cloud/docker/docker-containers.html#service-containers +### PHP extension configuration reference + +Use the following attributes to specify the PHP extension configuration in the `getConfig` method located in the [ExtensionResolver.php] file. The configuration you specify depends on method of installation: from the official Docker PHP images, from the PECL repository, or using an installation script. + +| Configuration option | Description +| -------------------- | ------------ +| PHP version constraint | Specifies the extension versions to install. If different versions have different installation requirements, you must add the configuration for each version. +| `EXTENSION_TYPE_CORE` | Extension that can be installed from a `docker-php-source` images. +| `EXTENSION_TYPE_PECL` | Extensions that can be installed from the [PECL] repository. +| `EXTENSION_TYPE_INSTALLATION_SCRIPT` | For extensions that install using a command sequence. +| `EXTENSION_TYPE` | Specifies whether the extension installed from the Docker PHP images, the PECL repository, or using an installation script. Valid values: `EXTENSION_TYPE_CORE`, `EXTENSION_TYPE_PECL`, or `EXTENSION_TYPE_INSTALLATION_SCRIPT`
+`EXTENSION_OS_DEPENDENCIES` | For PHP core or PECL extensions, specifies Linux package dependencies. These packages install in the order listed before installing the extension. +`EXTENSION_CONFIGURE_OPTIONS` | For PHP core extensions, specifies any configuration options to apply when Docker configures the PHP extension using the `docker-php-ext-configure` command. +`EXTENSION_PACKAGE_NAME` | Specifies the extension package name. This value is used to generate the installation command. +`EXTENSION_INSTALLATION_SCRIPT` | For extension type `EXTENSION_TYPE_INSTALLATION_SCRIPT`, specifies the Bash script to install the extension. + +{:.bs-callout-info} +For more information about extension types and extension installation, see _How to install more PHP extensions_ section of the [PHP, Docker Official Images] page in Docker Hub. + +#### Example: Core extension configuration + +The following example shows the configuration for adding the PHP core extension `gd` in the `ExtensionResolver.php` file. + +```php?start_inline=1 +public static function getConfig(): array +... + 'gd' => [ + '>=7.0 <=7.3' => [ + self::EXTENSION_TYPE => self::EXTENSION_TYPE_CORE, + self::EXTENSION_OS_DEPENDENCIES => ['libjpeg62-turbo-dev', 'libpng-dev', 'libfreetype6-dev'], + self::EXTENSION_CONFIGURE_OPTIONS => [ + '--with-freetype-dir=/usr/include/', + '--with-jpeg-dir=/usr/include/' + ], + ], + '>=7.4' => [ + self::EXTENSION_TYPE => self::EXTENSION_TYPE_CORE, + self::EXTENSION_OS_DEPENDENCIES => ['libjpeg62-turbo-dev', 'libpng-dev', 'libfreetype6-dev'], + self::EXTENSION_CONFIGURE_OPTIONS => [ + '--with-freetype=/usr/include/', + '--with-jpeg=/usr/include/' + ], + ], + + ], +... +``` + +#### Example: PECL extension configuration + +The following example shows the configuration for adding the `gnupg` extension from the PECL repository. + +```php?start_inline=1 +public static function getConfig(): array +... + 'gnupg' => [ + '>=7.0' => [ + self::EXTENSION_TYPE => self::EXTENSION_TYPE_PECL, + self::EXTENSION_OS_DEPENDENCIES => ['libgpgme11-dev'], + ], + ], +... +``` + +#### Example: Configuration for extension installed using a script + +The following example shows the configuration for installing the `ioncube` extension using an installation script. + +```php?start_inline=1 +public static function getConfig(): array +... + + 'ioncube' => [ + '>=7.0 <=7.3' => [ + self::EXTENSION_TYPE => self::EXTENSION_TYPE_INSTALLATION_SCRIPT, + self::EXTENSION_INSTALLATION_SCRIPT => <<< BASH +cd /tmp +curl -O https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz +tar zxvf ioncube_loaders_lin_x86-64.tar.gz +export PHP_VERSION=$(php -r "echo PHP_MAJOR_VERSION.'.'.PHP_MINOR_VERSION;") +export PHP_EXT_DIR=$(php-config --extension-dir) +cp "./ioncube/ioncube_loader_lin_\${PHP_VERSION}.so" "\${PHP_EXT_DIR}/ioncube.so" +rm -rf ./ioncube +rm ioncube_loaders_lin_x86-64.tar.gz +BASH + ], + ], +... +``` + [Docker build sources]: https://devdocs.magento.com/cloud/docker/docker-extend.html#specify-docker-build-sources +[ExtensionResolver.php]: https://github.com/magento/magento-cloud-docker/tree/develop/src/Compose/Php +[PECL]: https://pecl.php.net/ +[PHP, Docker Official Images]: https://hub.docker.com/_/php [multiple compose files]: https://docs.docker.com/compose/reference/overview/#specifying-multiple-compose-files [service versions]: https://devdocs.magento.com/cloud/docker/docker-containers.html#service-containers -[Docker build sources]: https://devdocs.magento.com/cloud/docker/docker-extend.html#specify-docker-build-sources diff --git a/src/cloud/env/environments-start.md b/src/cloud/env/environments-start.md index e271c9264c7..0adb9a1030b 100644 --- a/src/cloud/env/environments-start.md +++ b/src/cloud/env/environments-start.md @@ -112,7 +112,7 @@ To activate an inactive environment, use the `magento-cloud environment:activate The following table lists incoming and outgoing IP addresses used by {{site.data.var.ece}} [Integration environments]({{ site.baseurl }}/cloud/architecture/pro-architecture.html#cloud-arch-int). These IP addresses are stable, but might change. We always notify customers before making any IP address changes. -If you have a corporate firewall that blocks outgoing SSH connections, you can add the inbound IP addresses to your whitelist. +If you have a corporate firewall that blocks outgoing SSH connections, you can add the inbound IP addresses to your allowlist. ### AWS regions diff --git a/src/cloud/live/live.md b/src/cloud/live/live.md index 40433e9edb0..2402fb967a0 100644 --- a/src/cloud/live/live.md +++ b/src/cloud/live/live.md @@ -49,7 +49,7 @@ content='The security scan tool uses the following public IP addresses: 52.87.98.44 ``` -You must whitelist these IP addresses in your network firewall rules to allow the tool to scan your site. The tool posts requests to ports 80 and 443 only.' +You must add these IP addresses to an allowlist in your network firewall rules to allow the tool to scan your site. The tool posts requests to ports 80 and 443 only.' %} The Magento Security Scan Tool enables you to regularly monitor your store websites and receive updates for known security risks, malware, and out-of-date software. This is a free service available for all implementations and versions of {{site.data.var.ece}}. You access the tool through your [Magento Marketplace account](https://account.magento.com/customer/account/login). diff --git a/src/cloud/project/magento-app-php-ini.md b/src/cloud/project/magento-app-php-ini.md index 46efe0a0946..cded7411dd7 100644 --- a/src/cloud/project/magento-app-php-ini.md +++ b/src/cloud/project/magento-app-php-ini.md @@ -54,4 +54,4 @@ cat /etc/php5/fpm/php.ini ``` {:.bs-callout-info} -If you use {{site.data.var.mcd-prod}} for local development, see [Docker service containers]({{site.baseurl}}//cloud/docker/docker-containers-service.html#fpm-container) for information about using a custom `php.ini` file in a Docker environment. +If you use {{site.data.var.mcd-prod}} for local development, see [Docker service containers]({{site.baseurl}}/cloud/docker/docker-containers-service.html#fpm-container) for information about using a custom `php.ini` file in a Docker environment. diff --git a/src/cloud/project/project-webint-basic.md b/src/cloud/project/project-webint-basic.md index b01e6e1e4e2..4f138fbd289 100644 --- a/src/cloud/project/project-webint-basic.md +++ b/src/cloud/project/project-webint-basic.md @@ -135,7 +135,7 @@ Routes allow you to set redirects or upstream settings for applications for your 1. Enter the **Upstream** route. 1. Use the toggle to enable or disable the **Cache** for the route. 1. Enter the cookies to list: No cookies, All cookies, or Specify a specific cookie. You can enter multiple specific cookies. - 1. For Headers to Whitelist, select Default Headers or Specify a header. You can enter multiple headers. + 1. To add Headers to an allowlist, select Default Headers or Specify a header. You can enter multiple headers. 1. Use the toggle to enable or disable the Server-Side Includes (**SSI**). 1. To configure a Redirect, enter a URL to **Redirect to**. You can use `{default}` in the URL, which is a placeholder for the default domain. diff --git a/src/cloud/project/sendgrid.md b/src/cloud/project/sendgrid.md index cd0e5149bdc..f1e9dfb7787 100644 --- a/src/cloud/project/sendgrid.md +++ b/src/cloud/project/sendgrid.md @@ -26,4 +26,4 @@ You can find Sendgrid details for your account in the Onboarding UI. Use the `ht The CNAME records resolve to the Domain Keys Identified Mail (DKIM) and Sender Policy Framework (SPF) records managed by SendGrid, so that spam filters are less likely to inhibit your messages. -Magento does not support whitelisting, but you can review the [Sender Policy Framework (SPF)](https://sendgrid.com/docs/Glossary/spf.html) guidelines to improve delivery. +Magento does not support allowlists, but you can review the [Sender Policy Framework (SPF)](https://sendgrid.com/docs/Glossary/spf.html) guidelines to improve delivery. diff --git a/src/cloud/project/services-mysql.md b/src/cloud/project/services-mysql.md index 2fe294eef5b..5f910fae7f2 100644 --- a/src/cloud/project/services-mysql.md +++ b/src/cloud/project/services-mysql.md @@ -8,7 +8,7 @@ redirect_from: - /cloud/project/project-conf-files_services-mysql.html --- -The `mysql` service provides persistent data storage based on [MariaDB](https://mariadb.com/) versions 10.0-10.1, supporting the [XtraDB](https://www.percona.com/software/mysql-database/percona-server/xtradb) storage engine and reimplemented features from MySQL 5.6 and 5.7. +The `mysql` service provides persistent data storage based on [MariaDB](https://mariadb.com/) versions 10.2-10.4, supporting the [XtraDB](https://www.percona.com/software/mysql-database/percona-server/xtradb) storage engine and reimplemented features from MySQL 5.6 and 5.7. {% include install/maria-db.md %} diff --git a/src/contributor-guide/contributing.md b/src/contributor-guide/contributing.md index ff438f19171..9b3548fd3e7 100644 --- a/src/contributor-guide/contributing.md +++ b/src/contributor-guide/contributing.md @@ -206,7 +206,7 @@ When you want to verify an issue or pull request, use the `instance` command to @magento give me {$version} instance ``` -Replace `{$version}` with the version tag for the version required. The currently supported values are the latest [version tags](https://github.com/magento/magento2/tags) and the 2.4-develop branch. For example: +Replace `{$version}` with the version tag or branch. The following values are supported: the version tag for the latest release and `2.4-develop` for the development branch. ```text @magento give me 2.4.0 instance @@ -275,33 +275,6 @@ For example, append the following text to the PR comment to deploy a {{site.data with edition b2b ``` -#### Environment - -Append the following text to your PR comment to specify the version for applications and services to use when you [Deploy a vanilla Magento instance](#vanilla-pr) or [Deploy an instance based on PR changes](#deploy-pr). - -```text -with env PHP {$phpVersion}, search-engine ElasticSearch {$searchEngineVersion}, database {$dbEngine} {$dbEngineVersion} -``` - -Replace variables in the command with the following values as needed for your environment: - -- `{$phpVersion}`–Specify the PHP version for the instance. - -- `{$searchEngineVersion}`–Specify the Elasticsearch version for the instance. - -- `{$dbEngine}`–Specify the database type, either `MariaDB` or `MySQL`. - -- `{$dbEngineVersion}`–Specify the version of the database engine for the instance. - -For example, append the following text to the PR comment to deploy an instance with PHP 7.4, Elasticsearch version 7, and MariaDB version 10.4. - -```text -with env PHP 7.4, search-engine Elasticsearch 7, database MariaDB 10.4 -``` - -{:.bs-callout-info} -We generally recommend that you deploy the default environment. Use the custom configuration options only when you require a special configuration to test specfic use cases. - #### Add extensions Append the following text to your PR comment to specify extensions to add to an instance when you [Deploy a vanilla Magento instance](#vanilla-pr) or [Deploy an instance based on PR changes](#deploy-pr). diff --git a/src/guides/v2.3/ext-best-practices/tutorials/copy-fieldsets.md b/src/guides/v2.3/ext-best-practices/tutorials/copy-fieldsets.md index 1254a188afe..fe843e78823 100644 --- a/src/guides/v2.3/ext-best-practices/tutorials/copy-fieldsets.md +++ b/src/guides/v2.3/ext-best-practices/tutorials/copy-fieldsets.md @@ -36,6 +36,8 @@ The code snippet in the next step uses the name of the fieldset and aspect to sp **etc/fieldset.xml:** +The following example shows how to copy `sales_convert_quote`.`demo` to `sales_order`.`demo`. + ```xml @@ -49,6 +51,42 @@ The code snippet in the next step uses the name of the fieldset and aspect to sp ``` +Use the `targetField` attribute to specify the destination field. The following example shows how to copy `sales_convert_quote`.`demo` to `sales_order`.`order_demo`. + +```xml + + +
+ + + +
+ + +``` + +Define a new `aspect` if you need to copy a field of a source table into multiple fields in a destination table. + +The following example shows how to copy `sales_convert_quote`.`demo` into + +- `sales_order`.`demo` +- `sales_order`.`order_demo` + +```xml + + +
+ + + + +
+ + +``` + ## Step 3: Copy the fieldset {#step-3} For copying the fieldset, we'll observe the `sales_model_service_quote_submit_before` event by using the following code in our `etc/events.xml`: @@ -108,7 +146,6 @@ class SaveOrderBeforeSalesModelQuoteObserver implements ObserverInterface return $this; } } - ``` In the code, an instance of the `Copy` class is obtained from the constructor using [dependency injection][2]. diff --git a/src/guides/v2.3/install-gde/prereq/mysql.md b/src/guides/v2.3/install-gde/prereq/mysql.md index 3ccc2b76592..1b62f845309 100644 --- a/src/guides/v2.3/install-gde/prereq/mysql.md +++ b/src/guides/v2.3/install-gde/prereq/mysql.md @@ -414,6 +414,12 @@ To configure a MySQL database instance: If this setting is not enabled, `setup:db:status` will always report that `Declarative Schema is not up to date`. +{:.bs-callout-info} +The `explicit_defaults_for_timestamp` setting is deprecated. This setting controls deprecated TIMESTAMP behaviors that will be removed in a future MySQL release. When those behaviors are removed, the `explicit_defaults_for_timestamp` setting will be removed as well. + +{:.bs-callout-warning} +On Magento projects deployed on the Cloud platform, the `explicit_defaults_for_timestamp` setting for MySQL (MariaDB) defaults to *OFF* + {:.ref-header} Related topics diff --git a/src/guides/v2.3/install-gde/system-requirements-tech.md b/src/guides/v2.3/install-gde/system-requirements-tech.md index dde2f596970..36652bcaad0 100644 --- a/src/guides/v2.3/install-gde/system-requirements-tech.md +++ b/src/guides/v2.3/install-gde/system-requirements-tech.md @@ -19,10 +19,12 @@ Magento is not supported on Microsoft Windows and macOS. Upgrading the Magento applications and extensions you obtain from Magento Marketplaces and other sources can require up to 2GB of RAM. If you are using a system with less than 2GB of RAM, we recommend you create a [swap file](https://support.magento.com/hc/en-us/articles/360032980432); otherwise, your upgrade might fail. -## Composer (latest stable version) +## Composer [Composer][] is required for developers who wish to contribute to the Magento 2 codebase or anyone who wishes to develop Magento extensions. +Magento does not support Composer 2.x. + ## Web servers * [Apache 2.4][] diff --git a/src/guides/v2.3/performance-best-practices/advanced-setup.md b/src/guides/v2.3/performance-best-practices/advanced-setup.md index df1a607a3c4..45d9b6fe4ba 100644 --- a/src/guides/v2.3/performance-best-practices/advanced-setup.md +++ b/src/guides/v2.3/performance-best-practices/advanced-setup.md @@ -60,13 +60,13 @@ To configure additional databases, you must create an empty database and run one For Checkout Master DB ```bash -bin/magento setup:db-schema:add-slave +bin/magento setup:db-schema:split-quote ``` For OMS Master DB ```bash -bin/magento setup:db-schema:add-slave +bin/magento setup:db-schema:split-sales ``` These commands migrate specific domain tables from the main database to a domain database. They also change the Magento configuration to allow corresponding connectivity and constraints processing. diff --git a/src/guides/v2.3/release-notes/commerce-2-3-6.md b/src/guides/v2.3/release-notes/commerce-2-3-6.md index 77f543727b0..172f3b7687c 100644 --- a/src/guides/v2.3/release-notes/commerce-2-3-6.md +++ b/src/guides/v2.3/release-notes/commerce-2-3-6.md @@ -820,11 +820,11 @@ We have fixed hundreds of issues in the Magento 2.3.6 core code. ## Known issues -**Issue**: The new CAPTCHA feature for checkout does not work as expected on the Place Order page when using third-party payment providers. Merchants running Magento 2.3.6 or 2.4.1 who have enabled CAPTCHA protection on the Place Order storefront page will see this error when checking out using a third-party payment provider such as PayPal: `Please provide CAPTCHA code and try again`. A fix for this issue be available in the next few weeks, and will be included in our next quarterly patch (Q12021). Please contact Support for additional information. +**Issue**: The new CAPTCHA feature for checkout does not work as expected on the Place Order page when using third-party payment providers. Merchants running Magento 2.3.6 or 2.4.1 who have enabled CAPTCHA protection on the Place Order storefront page will see this error when checking out using a third-party payment provider such as PayPal: `Please provide CAPTCHA code and try again`. **Workaround**: A fix for this issue is now available. See the [Magento Commerce v2.3.6/2.4.1 CAPTCHA in checkout not working](https://support.magento.com/hc/en-us/articles/360051235772) Knowledge Base article. A fix will also be included in our next quarterly patch (Q12021). **Issue**: Merchants upgrading their stores from 2.3.5-p2 to 2.3.6 will note that two module versions downgrade. These messages reflect the incomplete delivery of two security fixes to the 2.3.x quarterly patches. These fixes for low severity issues are included in Magento 2.3.5-p2, 2.4.1, and 2.4.0-p1 but are missing from Magento 2.3.6. No hot fixes will be provided. These fixes will be merged along with the other security fixes in Magento 2.3.6-p1, which is scheduled for Q12021. -**Issue**: The **Submit** button on the Create New Account page remains disabled if a shopper has entered invalid data. This prevents shoppers from re-attempting to create an account after making an error. [GitHub-30513](https://github.com/magento/magento2/issues/30513) +**Issue**: The **Create an Account** button on the Create New Account page remains disabled if a shopper has entered invalid data. This prevents shoppers from re-attempting to create an account after making an error. **Workaround**: Apply patch `MC-38509`. A fix will also be included in our next quarterly releases (2.4.2, 2.4.1-p1 and 2.3.6-p1), which are scheduled for release in Q1 2021. See the [2.4.1 and 2.3.6 create an account button disabled hotfix](https://support.magento.com/hc/en-us/articles/360051130212) Knowledge Base article. [GitHub-30513](https://github.com/magento/magento2/issues/30513) **Issue**: Merchants cannot log in to dotdigital from the Admin when dotdigital is enabled. See the [It's impossible to login in the dotdigital via admin panel when dotdigital account is enabled](https://support.magento.com/hc/en-us/articles/360050092291) Knowledge Base article. diff --git a/src/guides/v2.3/release-notes/open-source-2-3-6.md b/src/guides/v2.3/release-notes/open-source-2-3-6.md index 3a7be56ce7e..e6748655f49 100644 --- a/src/guides/v2.3/release-notes/open-source-2-3-6.md +++ b/src/guides/v2.3/release-notes/open-source-2-3-6.md @@ -681,11 +681,11 @@ We have fixed hundreds of issues in the Magento 2.3.6 core code. ## Known issues -**Issue**: The new CAPTCHA feature for checkout does not work as expected on the Place Order page when using third-party payment providers. Merchants running Magento 2.3.6 or 2.4.1 who have enabled CAPTCHA protection on the Place Order storefront page will see this error when checking out using a third-party payment provider such as PayPal: `Please provide CAPTCHA code and try again`. A fix for this issue be available in the next few weeks, and will be included in our next quarterly patch (Q12021). Please contact Support for additional information. +**Issue**: The new CAPTCHA feature for checkout does not work as expected on the Place Order page when using third-party payment providers. Merchants running Magento 2.3.6 or 2.4.1 who have enabled CAPTCHA protection on the Place Order storefront page will see this error when checking out using a third-party payment provider such as PayPal: `Please provide CAPTCHA code and try again`. **Workaround**: A fix for this issue is now available. See the [Magento Commerce v2.3.6/2.4.1 CAPTCHA in checkout not working](https://support.magento.com/hc/en-us/articles/360051235772) Knowledge Base article. A fix will also be included in our next quarterly patch (Q12021). **Issue**: Merchants upgrading their stores from 2.3.5-p2 to 2.3.6 will note that two module versions downgrade. These messages reflect the incomplete delivery of two security fixes to the 2.3.x quarterly patches. These fixes for low severity issues are included in Magento 2.3.5-p2, 2.4.1, and 2.4.0-p1 but are missing from Magento 2.3.6. No hot fixes will be provided. These fixes will be merged along with the other security fixes in Magento 2.3.6-p1, which is scheduled for Q12021. -**Issue**: The **Submit** button on the Create New Account page remains disabled if a shopper has entered invalid data. This prevents shoppers from re-attempting to create an account after making an error. [GitHub-30513](https://github.com/magento/magento2/issues/30513) +**Issue**: The **Create an Account** button on the Create New Account page remains disabled if a shopper has entered invalid data. This prevents shoppers from re-attempting to create an account after making an error. **Workaround**: Apply patch `MC-38509`. A fix will also be included in our next quarterly releases (2.4.2, 2.4.1-p1 and 2.3.6-p1), which are scheduled for release in Q1 2021. See the [2.4.1 and 2.3.6 create an account button disabled hotfix](https://support.magento.com/hc/en-us/articles/360051130212) Knowledge Base article. [GitHub-30513](https://github.com/magento/magento2/issues/30513) **Issue**: Merchants cannot log in to dotdigital from the Admin when dotdigital is enabled. See the [It's impossible to login in the dotdigital via admin panel when dotdigital account is enabled](https://support.magento.com/hc/en-us/articles/360050092291) Knowledge Base article. diff --git a/src/guides/v2.4/install-gde/prereq/mysql.md b/src/guides/v2.4/install-gde/prereq/mysql.md index 73173bb7216..b6ece2c13f6 100644 --- a/src/guides/v2.4/install-gde/prereq/mysql.md +++ b/src/guides/v2.4/install-gde/prereq/mysql.md @@ -182,6 +182,12 @@ To configure a MySQL database instance: If this setting is not enabled, `setup:db:status` will always report that `Declarative Schema is not up to date`. +{:.bs-callout-info} +The `explicit_defaults_for_timestamp` setting is deprecated. This setting controls deprecated TIMESTAMP behaviors that will be removed in a future MySQL release. When those behaviors are removed, the `explicit_defaults_for_timestamp` setting will be removed as well. + +{:.bs-callout-warning} +On Magento projects deployed on the Cloud platform, the `explicit_defaults_for_timestamp` setting for MySQL (MariaDB) defaults to *OFF* + {:.ref-header} Related topics diff --git a/src/guides/v2.4/install-gde/system-requirements-tech.md b/src/guides/v2.4/install-gde/system-requirements-tech.md index bc6885abbfd..c06eace7ffd 100644 --- a/src/guides/v2.4/install-gde/system-requirements-tech.md +++ b/src/guides/v2.4/install-gde/system-requirements-tech.md @@ -19,10 +19,12 @@ Magento is not supported on Microsoft Windows and macOS. Upgrading the Magento applications and extensions you obtain from Magento Marketplaces and other sources can require up to 2GB of RAM. If you are using a system with less than 2GB of RAM, we recommend you create a [swap file](https://support.magento.com/hc/en-us/articles/360032980432); otherwise, your upgrade might fail. -## Composer (latest stable version) +## Composer [Composer][] is required for developers who wish to contribute to the Magento 2 codebase or anyone who wishes to develop Magento extensions. +Magento does not support Composer 2.x. + ## Web servers * [Apache 2.4][] diff --git a/src/guides/v2.4/performance-best-practices/advanced-setup.md b/src/guides/v2.4/performance-best-practices/advanced-setup.md index b7d8eb512ad..dd711f662cb 100644 --- a/src/guides/v2.4/performance-best-practices/advanced-setup.md +++ b/src/guides/v2.4/performance-best-practices/advanced-setup.md @@ -54,13 +54,13 @@ To configure additional databases, you must create an empty database and run one For Checkout Master DB ```bash -bin/magento setup:db-schema:add-slave +bin/magento setup:db-schema:split-quote ``` For OMS Master DB ```bash -bin/magento setup:db-schema:add-slave +bin/magento setup:db-schema:split-sales ``` These commands migrate specific domain tables from the main database to a domain database. They also change the Magento configuration to allow corresponding connectivity and constraints processing. diff --git a/src/guides/v2.4/release-notes/b2b-release-notes.md b/src/guides/v2.4/release-notes/b2b-release-notes.md index c1121fa8478..dd7b97b1b1f 100644 --- a/src/guides/v2.4/release-notes/b2b-release-notes.md +++ b/src/guides/v2.4/release-notes/b2b-release-notes.md @@ -56,8 +56,6 @@ This release includes improvements to order approvals, shipping methods, shoppin - {:.fix} Magento no longer displays a 404 page when a merchant uses the **Enter** button instead of clicking the **Save** button when creating a requisition list on the storefront. -- {:.fix} When a merchant creates a new shared catalog, permissions are now automatically set to **Allow** for the **Display Product Prices** and **Add to Cart** features in categories when the customer group has been assigned this access in catalog permission settings. Previously, these settings were automatically set to **Deny** even when catalog permissions were set to **Allow**. - - {:.fix} Category permissions no longer change when a new product is assigned to a public shared catalog. Previously, category permissions were duplicated. - {:.fix} The REST API endpoint PUT `rest/default/V1/company/{id}`, which is used to update Company email, is no longer case-sensitive. diff --git a/src/guides/v2.4/release-notes/commerce-2-4-1.md b/src/guides/v2.4/release-notes/commerce-2-4-1.md index 5d9b5c3ad0b..0fa7bb9d6dc 100644 --- a/src/guides/v2.4/release-notes/commerce-2-4-1.md +++ b/src/guides/v2.4/release-notes/commerce-2-4-1.md @@ -1906,11 +1906,11 @@ We have fixed hundreds of issues in the Magento 2.4.1 core code. ## Known issues -**Issue**: The new CAPTCHA feature for checkout does not work as expected on the Place Order page when using third-party payment providers. Merchants running Magento 2.3.6 or 2.4.1 who have enabled CAPTCHA protection on the Place Order storefront page will see this error when checking out using a third-party payment provider such as PayPal: `Please provide CAPTCHA code and try again`. A fix for this issue be available in the next few weeks, and will be included in our next quarterly patch (Q12021). Please contact Support for additional information. +**Issue**: The new CAPTCHA feature for checkout does not work as expected on the Place Order page when using third-party payment providers. Merchants running Magento 2.3.6 or 2.4.1 who have enabled CAPTCHA protection on the Place Order storefront page will see this error when checking out using a third-party payment provider such as PayPal: `Please provide CAPTCHA code and try again`. **Workaround**: A fix for this issue is now available. See the [Magento Commerce v2.3.6/2.4.1 CAPTCHA in checkout not working](https://support.magento.com/hc/en-us/articles/360051235772) Knowledge Base article. A fix will also be included in our next quarterly patch (Q12021). **Issue**: Users without administrator privileges cannot currently set up their personal 2FA access. 2FA as implemented in Magento includes two ACL roles. One role affects global system configuration and it is needed only when configuring the system. The second ACL role affects individual user 2FA accounts. An admin user must configure this second type of 2FA ACL. **Workaround**: After the user has logged in and seen the Access denied screen, they can visit `https:////tfa/tfa/requestconfig/` to force configuration. Note: We do not recommend disabling security settings. However, this workaround is effective only when Admin URL secret keys are disabled. -**Issue**: The **Submit** button on the Create New Account page remains disabled if a shopper has entered invalid data. This prevents shoppers from re-attempting to create an account after making an error. [GitHub-30513](https://github.com/magento/magento2/issues/30513) +**Issue**: The **Create an Account** button on the Create New Account page remains disabled if a shopper has entered invalid data. This prevents shoppers from re-attempting to create an account after making an error. **Workaround**: Apply patch `MC-38509`. A fix will also be included in our next quarterly releases (2.4.2, 2.4.1-p1 and 2.3.6-p1), which are scheduled for release in Q1 2021. See the [2.4.1 and 2.3.6 create an account button disabled hotfix](https://support.magento.com/hc/en-us/articles/360051130212) Knowledge Base article. [GitHub-30513](https://github.com/magento/magento2/issues/30513) **Issue**: Merchants cannot log in to dotdigital from the Admin in Safari when dotdigital is enabled. See the [It's impossible to login in the dotdigital via admin panel when dotdigital account is enabled](https://support.magento.com/hc/en-us/articles/360050092291) Knowledge Base article. diff --git a/src/guides/v2.4/release-notes/open-source-2-4-1.md b/src/guides/v2.4/release-notes/open-source-2-4-1.md index 8e9675d625f..3c275236c4f 100644 --- a/src/guides/v2.4/release-notes/open-source-2-4-1.md +++ b/src/guides/v2.4/release-notes/open-source-2-4-1.md @@ -1648,11 +1648,11 @@ _Fix submitted by Michał Derlatka in pull request [29256](https://github.com/ma ## Known issues -**Issue**: The new CAPTCHA feature for checkout does not work as expected on the Place Order page when using third-party payment providers. Merchants running Magento 2.3.6 or 2.4.1 who have enabled CAPTCHA protection on the Place Order storefront page will see this error when checking out using a third-party payment provider such as PayPal: `Please provide CAPTCHA code and try again`. A fix for this issue be available in the next few weeks, and will be included in our next quarterly patch (Q12021). Please contact Support for additional information. +**Issue**: The new CAPTCHA feature for checkout does not work as expected on the Place Order page when using third-party payment providers. Merchants running Magento 2.3.6 or 2.4.1 who have enabled CAPTCHA protection on the Place Order storefront page will see this error when checking out using a third-party payment provider such as PayPal: `Please provide CAPTCHA code and try again`. **Workaround**: A fix for this issue is now available. See the [Magento Commerce v2.3.6/2.4.1 CAPTCHA in checkout not working](https://support.magento.com/hc/en-us/articles/360051235772) Knowledge Base article. A fix will also be included in our next quarterly patch (Q12021). **Issue**: Users without administrator privileges cannot currently set up their personal 2FA access. 2FA as implemented in Magento includes two ACL roles. One role affects global system configuration and it is needed only when configuring the system. The second ACL role affects individual user 2FA accounts. An admin user must configure this second type of 2FA ACL. **Workaround**: After the user has logged in and seen the Access denied screen, they can visit `https:////tfa/tfa/requestconfig/` to force configuration. Note: We do not recommend disabling security settings. However, this workaround is effective only when Admin URL secret keys are disabled. -**Issue**: The **Submit** button on the Create New Account page remains disabled if a shopper has entered invalid data. This prevents shoppers from re-attempting to create an account after making an error. [GitHub-30513](https://github.com/magento/magento2/issues/30513) +**Issue**: The **Create an Account** button on the Create New Account page remains disabled if a shopper has entered invalid data. This prevents shoppers from re-attempting to create an account after making an error. **Workaround**: Apply patch `MC-38509`. A fix will also be included in our next quarterly releases (2.4.2, 2.4.1-p1 and 2.3.6-p1), which are scheduled for release in Q1 2021. See the [2.4.1 and 2.3.6 create an account button disabled hotfix](https://support.magento.com/hc/en-us/articles/360051130212) Knowledge Base article. [GitHub-30513](https://github.com/magento/magento2/issues/30513) **Issue**: Merchants cannot log in to dotdigital from the Admin in Safari when dotdigital is enabled. See the [It's impossible to login in the dotdigital via admin panel when dotdigital account is enabled](https://support.magento.com/hc/en-us/articles/360050092291) Knowledge Base article. diff --git a/src/guides/v2.4/security/two-factor-authentication.md b/src/guides/v2.4/security/two-factor-authentication.md index 5798ad5b37f..914a2dc0717 100644 --- a/src/guides/v2.4/security/two-factor-authentication.md +++ b/src/guides/v2.4/security/two-factor-authentication.md @@ -68,7 +68,7 @@ Two-Factor Authentication is implemented for Magento Web APIs with the following ## Magento Functional Testing Framework -MFTF uses Google Authenticator to execute tests with 2FA enabled. The following steps summarize how to configure MFTF with an encoded shared secret. For more information, see [Configuring MFTF for Two-Factor Authentication (2FA)][12]. +MFTF uses Google Authenticator to execute tests with 2FA enabled. The following steps summarize how to configure MFTF with an encoded shared secret. For more information, see [Configuring MFTF for Two-Factor Authentication (2FA)](({{ page.baseurl }}/security/two-factor-authentication.html#magento-functional-testing-framework). 1. Select Google Authenticator as the 2FA provider: @@ -82,7 +82,7 @@ MFTF uses Google Authenticator to execute tests with 2FA enabled. The following bin/magento config:set twofactorauth/google/otp_window 60 ``` -1. Generate a Base32-encoded string for the shared secret value. For example, encoding the string `abcd` with the online [Base32 Encode][13] tool returns the value `MFRGGZDF`. Use the following key to add the encoded value to the MFTF `.credentials` file: +1. Generate a Base32-encoded string for the shared secret value. For example, encoding the string `abcd` with the online [Base32 Encode](https://emn178.github.io/online-tools/base32_encode.html) tool returns the value `MFRGGZDF`. Use the following key to add the encoded value to the MFTF `.credentials` file: ```bash magento/tfa/OTP_SHARED_SECRET=MFRGGZDF diff --git a/src/marketplace/sellers/code-sniffer.md b/src/marketplace/sellers/code-sniffer.md new file mode 100644 index 00000000000..3b750045363 --- /dev/null +++ b/src/marketplace/sellers/code-sniffer.md @@ -0,0 +1,63 @@ +--- +group: marketplace-sellers +title: Code Sniffer +--- + +## Overview + +Code Sniffer is a static test that uses static code analysis to detect violations of the [Magento Coding Standard](https://github.com/magento/magento-coding-standard/) to prevent common coding errors. + +## What testing is for + +Magento projects typically use source code from several vendors. By adopting the [Magento Coding Standard](https://github.com/magento/magento-coding-standard), we solve two problems: + +1. Identify common coding errors and pitfalls at an early stage before code execution. +1. Standardize and unify the way code is written, so that it can be read easily by developers from different organizations. + +## When testing is done + +Code Sniffer is mandatory for extensions of any type. When you submit an extension, Magento uses Code Sniffer to analyze the entire code base regardless of the scope of changes. Only extensions that have passed Code Sniffer testing can be listed in the [Magento Marketplace](https://marketplace.magento.com/). + +## What is being checked + +Code Sniffer validates that the implementation of the submitted extension adheres to the [Magento Coding Standard](https://github.com/magento/magento-coding-standard/). + +## Tools and environments used + +The Magento EQP Code Sniffer is based on the [PHP_CodeSniffer](https://github.com/squizlabs/PHP_CodeSniffer) and uses [Magento Coding Standard](https://github.com/magento/magento-coding-standard/) as a ruleset. + +You can complete Code Sniffer testing in a development environment by using Composer to install PHPCS and the Magento Coding Standard as a global dependency for a particular project. + +You can test an extension to detect violations of the [Magento Coding Standard](https://github.com/magento/magento-coding-standard/) using the following [PHPCS CLI command](https://github.com/squizlabs/PHP_CodeSniffer/blob/master/bin/phpcs): + +```bash +phpcs --standard=Magento2 --extensions=php,phtml --error-severity=10 --ignore-annotations --report=json --report-file=report.json +``` +If PHPCS finds any errors, the extension in `` is rejected. + +## Reading the error report + +All detected errors include a description of the problem with references to the locations in the code where the errors were detected. + +The Magento Coding Standard evolves continuously and the rules change. You can find the most current version with an up-to-date list of implemented rules in the [Magento Coding Standard GitHub repository](https://github.com/magento/magento-coding-standard/blob/develop/Magento2/ruleset.xml). + +According to the Magento Coding Standard, Code Sniffer classifies detected violations in the following type categories: + +| Type | Severity | Description | +|------|----------|-------------| +| Error | 10 | Critical code issues that indicate a bug or security vulnerability. | +| Warning | 9 | Possible security issues that can cause bugs. | +| Warning | 8 | Magento specific code issues and design violations. | +| Warning | 7 | General code issues. | +| Warning | 6 | Code style issues. | +| Warning | 5 | PHPDoc formatting and commenting issues. | + +Only violations of type "Error" (severity >= 10) prevent a submitted extension from being published on the Magento Marketplace. Although other reported issues do not block delivery of the extension, we encourage developers to review and fix them. + +## Troubleshooting + +As a best practice, we recommend that developers include [PHPCS](https://github.com/squizlabs/PHP_CodeSniffer) and the [Magento Coding Standard](https://github.com/magento/magento-coding-standard/) in their development workflow and CI/CD infrastructure to verify that code complies with the coding standards before submitting to the Magento Marketplace. + +The [Magento Coding Standard](https://github.com/magento/magento-coding-standard/) is an open source project. You can report issues or submit pull requests with enhancements directly on GitHub. + +We welcome feedback and discussion on the [Magento Community Engineering Slack](https://magentocommeng.slack.com/archives/C7SL5CGDN) #marketplace channel. diff --git a/src/marketplace/sellers/code-validation.md b/src/marketplace/sellers/code-validation.md deleted file mode 100644 index 41a0be867c1..00000000000 --- a/src/marketplace/sellers/code-validation.md +++ /dev/null @@ -1,138 +0,0 @@ ---- -group: marketplace-sellers -title: Code Validation ---- - -During technical review, all submissions are checked to ensure that the code meets Magento standards. - -| Type | Severity | Description | -|---------- -| Error | 10 | A critical error with severity level 10 prevents an extension from passing technical review. | -| Warning | 8 | A severity level 8 warning does not prevent an extension from passing technical review. Developers are encouraged to resolve any issues that trigger a level 8 warning. | -| Warning | 6 | A severity level 6 warning does not prevent an extension from passing technical review. Developers are encouraged to resolve any issues that trigger a level 6 warning. | - -## Magento 2.x rules - -### Critical errors - severity 10 - -`Generic.Functions.CallTimePassByReference.NotAllowed`|Call-time pass-by-reference calls are prohibited. -`Generic.PHP.CharacterBeforePHPOpeningTag.Found`|The opening PHP tag must be the first content in the file. -`Generic.PHP.DeprecatedFunctions.Deprecated`|Function has been deprecated. -`MEQP1.Exceptions.Namespace.NotFoundNamespace`|Namespace is not specified. -`MEQP1.PHP.Goto.FoundGoto`|Use of goto is discouraged. -`MEQP1.Security.LanguageConstruct.DirectOutput`|Use of echo and print language construct is discouraged. -`MEQP1.Security.LanguageConstruct.ExitUsage`|Use of exit language construct is discouraged. -`MEQP1.Security.LanguageConstruct.WrongBackQuotesUsage`|Incorrect usage of back quote string constant. Back quotes should be always inside strings. -`MEQP1.Strings.RegEx.PossibleExecutableRegEx`|Possible executable regular expression. Make sure that the pattern doesn’t contain “e” modifier. -`MEQP1.Strings.StringPosition.ImproperValueTesting`|Identical operator === is not used for testing the return value of %s function. -`MEQP2.PHP.Syntax.PHPSyntax`|PHP syntax error. -`MEQP2.Security.Superglobal.SuperglobalUsageError`|Direct use of Superglobal detected. -`PSR1.Classes.ClassDeclaration.MissingNamespace`|Each class must be in a namespace of at least one level (a top-level vendor name). -`PSR1.Classes.ClassDeclaration.MultipleClasses`|Each class must be in a file by itself. -`PSR2.Files.ClosingTag.NotAllowed`|A closing tag is not permitted at the end of a PHP file. -`Squiz.PHP.Eval.Discouraged`|Use of eval() is discouraged. - -### Warnings - severity 8 - -`Generic.Arrays.DisallowLongArraySyntax.Found`|Short array syntax must be used to define arrays. -`Generic.Classes.DuplicateClassName.Found`|Duplicate class name found. -`Generic.CodeAnalysis.JumbledIncrementer.Found`|Loop incrementor jumbling with inner loop. -`Generic.Files.LineEndings.InvalidEOLChar`|End of line character is invalid. -`Generic.Metrics.CyclomaticComplexity.MaxExceeded`|The cyclomatic complexity of the function exceeds allowed maximum of 20. -`Generic.Metrics.CyclomaticComplexity.TooHigh`|The cyclomatic complexity of the function exceeds 10; consider refactoring the function. -`Generic.Metrics.NestingLevel.MaxExceeded`|The nesting level of the function exceeds allowed maximum of 10. -`Generic.Metrics.NestingLevel.TooHigh`|The nesting level of the function exceeds 5; consider refactoring the function. -`Generic.PHP.NoSilencedErrors.Discouraged`|Silencing errors is discouraged. -`MEQP1.Performance.CollectionCount.FoundCollectionCount`|Unnecessary loading of a Magento data collection. Use the `getSize()` method instead. -`MEQP1.PHP.Var.FoundVar`|Use of `var` class variables is discouraged. -`MEQP1.Security.IncludeFile.FoundIncludeFile`|File manipulations are discouraged. -`MEQP1.SQL.RawQuery.FoundRawSql`|Possible raw SQL statement detected. -`MEQP1.Strings.StringConcat.ImproperStringConcatenation`|Use of `+` operator to concatenate two strings detected. -`MEQP2.Classes.ObjectInstantiation.FoundDirectInstantiation`|Direct object instantiation is discouraged in Magento 2. -`MEQP2.Classes.ResourceModel.OutsideOfResourceModel`|Data access method detected outside of Resource Model. -`MEQP2.Exceptions.DirectThrow.FoundDirectThrow`|Direct throw of exception is discouraged. -`MEQP2.SQL.MissedIndexes.MissedIndexes`|No index found in database schema file. -`MEQP2.Templates.RawJavaScript.FoundRawJS`|Missing JS component initialization. Use `x-magento-init` or `x-magento-template`. -`MEQP2.Templates.XssTemplate.FoundUnescaped`|Unescaped output detected. -`Squiz.Functions.GlobalFunction.Found`|Consider putting global function in a static class. -`Squiz.PHP.GlobalKeyword.NotAllowed`|Use of the `global` keyword is forbidden. - -## Magento 1.x rules - -### Critical errors - severity 10 - -`Generic.Arrays.DisallowShortArraySyntax.Found`|Short array syntax is not allowed. -`Generic.Functions.CallTimePassByReference.NotAllowed`|Call-time pass-by-reference calls are prohibited. -`Generic.PHP.CharacterBeforePHPOpeningTag.Found`|The opening PHP tag must be the first content in the file. -`Generic.PHP.DeprecatedFunctions.Deprecated`|Function has been deprecated. -`MEQP1.Exceptions.Namespace.NotFoundNamespace`|Namespace for `%s` class is not specified. -`MEQP1.PHP.Goto.FoundGoto`|Use of `goto` is discouraged. -`MEQP1.PHP.Syntax.PHPSyntax`|PHP syntax error. -`MEQP1.Security.Acl.MissingAclMethod`|Missing the `_isAllowed()` ACL method in the class. -`MEQP1.Security.LanguageConstruct.DirectOutput`|Use of `echo` and print language construct is discouraged. -`MEQP1.Security.LanguageConstruct.ExitUsage`|Use of `exit` language construct is discouraged. -`MEQP1.Security.LanguageConstruct.WrongBackQuotesUsage`|Incorrect usage of back quote string constant. Back quotes should be always inside strings. -`MEQP1.Security.Superglobal.SuperglobalUsageError`|Direct use of `Superglobal` detected. -`MEQP1.Strings.RegEx.PossibleExecutableRegEx`|Possible executable regular expression. Make sure that the pattern doesn’t contain “e” modifier. -`MEQP1.Strings.StringPosition.ImproperValueTesting`|Identical operator `===` is not used for testing the return value of `%s` function. -`PSR1.Classes.ClassDeclaration.MultipleClasses`|Each class must be in a file by itself. -`Squiz.PHP.Eval.Discouraged`|Use of `eval()` is discouraged. -`Zend.Files.ClosingTag.NotAllowed`|A closing tag is not permitted at the end of a PHP file. - -### Warnings - severity 8 - -`Generic.Classes.DuplicateClassName.Found`|Duplicate class name found. -`Generic.CodeAnalysis.JumbledIncrementer.Found`|Loop incrementor jumbling with inner loop. -`Generic.Metrics.CyclomaticComplexity.MaxExceeded`|The cyclomatic complexity of the function exceeds allowed maximum of 20. -`Generic.Metrics.CyclomaticComplexity.TooHigh`|The cyclomatic complexity of the function exceeds 10; consider refactoring the function. -`Generic.Metrics.NestingLevel.MaxExceeded`|The nesting level of the function exceeds allowed maximum of 10. -`Generic.Metrics.NestingLevel.TooHigh`|The nesting level of the function exceeds 5; consider refactoring the function. -`Generic.PHP.NoSilencedErrors.Discouraged`|Silencing errors is discouraged. -`MEQP1.Classes.ObjectInstantiation.FoundDirectInstantiation`|Direct object instantiation is discouraged in Magento. -`MEQP1.Classes.ResourceModel.OutsideOfResourceModel`|Data access method detected outside of Resource Model. -`MEQP1.Performance.CollectionCount.FoundCollectionCount`|Unnecessary loading of a Magento data collection. Use the `getSize()` method instead. -`MEQP1.Performance.FetchAll.FoundFetchAll`|`fetchAll()` can be memory inefficient for large data sets. -`MEQP1.Performance.GetFirstItem.FoundGetFirstItem`|`getFirstItem()` does not limit the result of collection load to one item. -`MEQP1.Performance.Loop.ArraySize`|Array size calculation function detected in loop. -`MEQP1.Performance.Loop.DataLoad`|Data load method detected in loop. -`MEQP1.Performance.Loop.ModelLSD`|Model LSD method detected in loop. -`MEQP1.PHP.Var.FoundVar`|Use of `var` class variables is discouraged. -`MEQP1.SQL.RawQuery.FoundRawSql`|Possible raw SQL statement detected. -`MEQP1.SQL.SlowQuery.FoundSlowSql`|Possible slow SQL method detected. -`MEQP1.SQL.SlowQuery.FoundSlowRawSql`|Possible slow SQL method detected. -`MEQP1.Strings.StringConcat.ImproperStringConcatenation`|Use of `+` operator to concatenate two strings detected. -`MEQP1.Security.IncludeFile.FoundIncludeFile`|File manipulations are discouraged. -`MEQP1.SQL.MissedIndexes.MissedIndexes`|There was not found any index in database schema file. -`Squiz.Functions.GlobalFunction.Found`|Consider putting global function in a static class. -`Squiz.PHP.GlobalKeyword.NotAllowed`|Use of the `global` keyword is forbidden. - -### Code quality issues and solutions - -#### Copy paste detector (CPD) - -Issue |The Copy Paste Detector indicates that the extension contains duplicate code from Magento native products or from other extensions. -Solution|The Marketplace team will provide a list of places in your extension code that were identified as duplicate. If the extension is found to duplicate Magento code, review the list, and remove each instance of duplicate code. Then, upload a new package and resubmit the extension.Any extension that is found to duplicate code from another extension will be rejected. To prove that you own the code in question, see [Magento Marketplace Support][1]. - -#### Sniffs - -Issue|The extension contains code elements that are not allowed to be used in Marketplace extensions. See the Technical Report for a list of elements in your code that are not allowed. -Solution|To duplicate the tests locally, use the MEQP [CodeSniffer][2] tool. Remove all disallowed code elements. Then, upload a new package and resubmit the extension. To learn more, see [Magento Extension Quality Program Coding Standard][3]. - -#### Inconsistency - -Issue|The extension conflicts with other extensions. -Solution|The Marketplace team will provide you with a list of the identified conflicts. Correct the code that is causing the conflict. Then, upload a new package and resubmit the extension. - -#### M1 Package missing - -Issue|The package file was not submitted, or is missing from the Magento repository. It's possible that the package file was not included correctly during the migration. -Solution|Upload a new package, and resubmit the extension. - -#### Hidden files in archive - -Issue|Hidden files were detected in the archive. It is possible that configuration files from the development environment were included in the distribution package. Such hidden files can cause configuration problems for the end user. -Solution|Remove the hidden files. Then, upload a new package, and resubmit the extension. - -[1]: https://marketplacesupport.magento.com/ -[2]: https://github.com/squizlabs/PHP_CodeSniffer -[3]: https://github.com/magento/marketplace-eqp diff --git a/src/marketplace/sellers/copy-paste-detector.md b/src/marketplace/sellers/copy-paste-detector.md new file mode 100644 index 00000000000..52beeced4a9 --- /dev/null +++ b/src/marketplace/sellers/copy-paste-detector.md @@ -0,0 +1,42 @@ +--- +group: marketplace-sellers +title: Copy Paste Detector +--- + +## Overview + +The Copy Paste Detector check validates that implementation of the submitted extension is unique and not duplicated code from an already known extension. + +## What testing is for + +Only original extensions can be listed in the [Magento Marketplace](https://marketplace.magento.com/). We test submitted extensions to detect duplication of code from Magento or from another extension available in the Magento Marketplace. If duplication is extensive, the extension submission is rejected on the grounds that the content is plagiarized. + +## When testing is done + +All submissions are subject to the Copy Past Detector check regardless of extension type and scope of changes. + +## What is being checked + +Copy Paste Detector performs a static analysis of the source code and tries to detect similar code snippets. + +If the Detector identifies many similarities between the submitted extension and a previously known extension, we may mark the check as failed if there is strong evidence of plagiarism. We can also schedule problematic submissions for human code review if there are concerns regarding code fragments. Expert judgement is required to make final decisions about plagiarism. + +## Tools and environments used + +Copy Paste Detector includes, but is not limited to, [PHPCPD](https://github.com/sebastianbergmann/phpcpd). We also use a proprietary solution to search for duplicates across multiple extensions and their versions. This solution ignores irrelevant implementation details such as variables, classes and method names, and so on. + +## Reading an error report + +Copy Paste Detector provides a list of places in your extension code that were identified as duplicates. If the extension is found to duplicate Magento code, review the list and remove each instance of duplicated code. Then, upload a new package and resubmit the extension. We reject any extension submission that has duplicate code from another extension. + +## Troubleshooting + +Implementing a solution for detecting plagiarism in source code is not a trivial task. As a result, we expect that the test results will sometimes be inaccurate, for example: + +- We may not detect 'copy paste' if the code was changed significantly, or if only the concept of the extension was copied. We still consider such use-cases as plagiarism and hope that the original extension authors and the Magento community will report such behavior. + +- We might incorrectly identify code fragments that follow a common pattern as duplicates. To prevent an extension submission from being rejected due to incorrect results, we also perform manual code review. Even with manual reviews, we can still make mistakes. + +If you notice an extension submission that is rejected or approved based on inaccurate information from the Copy Paste Detector, [create a Marketplace Support ticket](https://marketplacesupport.magento.com/hc/en-us) so that we can resolve your case and keep our community healthy. Please specify your Submission ID in a ticket. + +We always welcome feedback and discussion on the [Magento Community Engineering Slack](https://magentocommeng.slack.com/archives/C7SL5CGDN) #marketplace channel. diff --git a/src/marketplace/sellers/extension-create.md b/src/marketplace/sellers/extension-create.md index 7f09cb6eb2d..2bb6ce5426e 100644 --- a/src/marketplace/sellers/extension-create.md +++ b/src/marketplace/sellers/extension-create.md @@ -26,7 +26,6 @@ Magento Marketplace does not support encrypted extensions at this time. Testing your extension in advance reduces the time it takes to pass Technical Review. For a list of code sniffer rules, see [Magento Extension Quality Program Coding Standard][2]. 1. Prepare, validate, and zip your extension as described in [Packaging a Component]({{site.baseurl}}/guides/v2.4/extension-dev-guide/package/package_module.html). - 1. Prepare the following preliminary documentation: - Release notes in text format diff --git a/src/marketplace/sellers/installation-and-varnish-tests.md b/src/marketplace/sellers/installation-and-varnish-tests.md new file mode 100644 index 00000000000..99c6aefb780 --- /dev/null +++ b/src/marketplace/sellers/installation-and-varnish-tests.md @@ -0,0 +1,134 @@ +--- +group: marketplace-sellers +title: Installation & Varnish Tests +--- + +## Overview + +The Installation and Varnish tests are automated EQP checks to ensure that the submitted extension version is compatible with the Magento versions and the editions that it claims to support. + +## What testing is for + +Magento is a complex, highly extensible platform. To ensure that third-party extensions are production-ready, the Installation and Varnish tests verify successful installation with the extension included, ability to switch to Magento [production mode](https://devdocs.magento.com/guides/v2.4/config-guide/bootstrap/magento-modes.html), and that the extension does not affect the caching mechanism for the most critical scenarios. The caching check ensures that the Magento storefront provides a high performance customer experience. + +## When testing is done + +All extension submissions must pass the mandatory Installation and Varnish tests, regardless of extension type and scope of changes. Only extensions that have passed these tests can be listed in the [Magento Marketplace](https://marketplace.magento.com/). + +## What is being checked + +The Installation and Varnish tests complete the following checks: + +1. Successful installation of Magento with the submitted extension and ability to switch to production mode–This check includes the following steps: + + - Verify ability to add the extension to the [Magento project](https://devdocs.magento.com/guides/v2.4/install-gde/install-quick-ref.html#get-the-magento-software) with [Composer](https://getcomposer.org/). + - After adding and enabling the extension, verify successful Magento installation. + - Verify that you can [compile Magento code](https://devdocs.magento.com/guides/v2.4/config-guide/cli/config-cli-subcommands-compiler.html). + - Verify that you can [deploy static content](https://devdocs.magento.com/guides/v2.4/config-guide/cli/config-cli-subcommands-static-view.html). + - Verify that you can [enable Magento Production mode](https://devdocs.magento.com/guides/v2.4/config-guide/cli/config-cli-subcommands-mode.html). + - Check that you can [reindex all data](https://devdocs.magento.com/guides/v2.4/config-guide/cli/config-cli-subcommands-index.html) with the installed extension. + +1. Check availability of critical pages and correct cache processing–This check includes the following steps: + + - Complete acceptance testing to validate that product and category pages are properly cached. + - Complete acceptance testing to validate that the product and category page cache is reset when a product is edited. + - Verify that different product types are validated. + +## Tools and environments used + +The Magento test infrastructure follows the [recommended setup](https://devdocs.magento.com/guides/v2.4/install-gde/install-quick-ref.html) for the Magento installation. The Installation and Varnish tests always runs on the most up-to-date version of software compatible with the Magento release. You can use [Magento Cloud Docker](https://devdocs.magento.com/cloud/docker/docker-development.html) to create a similar environment. + +The Installation and Varnish tests always use the latest patch version for the Magento release line that the submitted extension claims to support. For each supported release line, the entire test suite is performed on all compatible PHP versions. + +### Additional Magento Configuration + +The Varnish test requires [Varnish as a caching application](https://devdocs.magento.com/guides/v2.4/config-guide/varnish/config-varnish-magento.html). The test checks for the presence of the **X-EQP-Cache** HTTP header set by Varnish and analyzes its value on page loads. To complete this check, the following additional instruction must be added to the **vcl_deliver** function: + +```vcl +sub vcl_deliver { + if (resp.http.x-varnish ~ " ") { + set resp.http.X-EQP-Cache = "HIT"; + } else { + set resp.http.X-EQP-Cache = "MISS"; + } + ... +} +``` + +The Varnish test also uses the [setup:performance:generate-fixtures command](https://devdocs.magento.com/guides/v2.4/config-guide/cli/config-cli-subcommands-perf-data.html) to install sample products to run the test against: + +```bash +magento setup:performance:generate-fixtures ./varnish-config/profile.xml +``` + +> `*./varnish-config/profile.xml* file` contents + +```xml + + + + 1 + 1 + 1 + 1 + 0 + 10 + 2 + + + admin/security/use_form_key + default + 0 + 0 + + + system/full_page_cache/caching_application + default + 0 + 2 + + + + +``` + +### Varnish Test Execution + +The Varnish test issues a series of requests, and then analyzes the value of the `X-EQP-Cache` HTTP header: + +1. Check the value of the `X-EQP-Cache` header by submitting the following series of requests two times to the same URL to verify the cache operation. + - On the first set of requests against a fresh installation, the test verifies that each response returns the `X-EQP-Cache` header with the `MISS` value because the page has never been cached. + - On the second set of requests, the test verifies that each response returns the `X-EQP-Cache` header with the `HIT` value because the page was added to the cache after the initial request. + - GET "https://\/simple-product-1.html" + - GET "https://\/simple-product-2.html" + - GET "https://\/simple-product-3.html" + - GET "https://\/category-1.html" + - GET "https://\/category-2.html" + - GET "https://\/" +1. After updating product prices, the test runs the following requests to verify that the FPC cache is cleared: + - PUT "https://\/rest/V1/products/product_dynamic_1" with `{"product":{"price":"999.99"}}` + - PUT "https://\/rest/V1/products/product_dynamic_2" with `{"product":{"price":"999.99"}}` + - PUT "https://\/rest/V1/products/product_dynamic_3" with `{"product":{"price":"999.99"}}` +1. After the FPC cache has been cleared, verify the cache operation again by submitting the following series of requests two times to the same URL to verify the cache operation. + - On the first set of requests, the test verifies that each response returns the `X-EQP-Cache` header with the `MISS` value because the cache was cleared and the page has not been cached yet. + - On the second set of requests, the test verifies that each response returns the `X-EQP-Cache` header with the `HIT` value because the page was added to the cache after the previous request. + - GET "https://\/simple-product-1.html" + - GET "https://\/simple-product-2.html" + - GET "https://\/simple-product-3.html" + +## Reading the error report + +The Installation test returns the logs of the Magento CLI commands. You can reproduce any error in the log by running the failed command in a local environment. + +The Varnish test provides the following information about failures: + +- A brief description of the failed scenario +- Expected and actual cache behavior (HIT or MISS for cached page) + +To debug Varnish test errors, we recommend using a locally installed Magento version with the Varnish cache configured to submit requests and check the HTTP headers in the response. + +## Troubleshooting + +If the extension submission fails Installation and Varnish testing, and you cannot reproduce or troubleshoot the issues locally, [create a Support ticket](https://marketplacesupport.magento.com/hc/en-us) to request assistance. Ensure that the relevant Submission ID is included on the ticket. + +We always welcome feedback and discussion on the [Magento Community Engineering Slack](https://magentocommeng.slack.com/archives/C7SL5CGDN) #marketplace channel. diff --git a/src/marketplace/sellers/malware-scan.md b/src/marketplace/sellers/malware-scan.md new file mode 100644 index 00000000000..f99e079cc30 --- /dev/null +++ b/src/marketplace/sellers/malware-scan.md @@ -0,0 +1,46 @@ +--- +group: marketplace-sellers +title: Malware Scan +--- + +## Overview + +The Malware Scan checks the submitted extension and all media files and documents to verify that they do not contain any malicious code or links. + +## What testing is for + +Security is one of the top concerns for Magento. The Malware Scan ensures that extensions submitted to [Magento Marketplace](https://marketplace.magento.com/) and any associated content do not contain malicious code or viruses. + +## When testing is done + +When you upload an extension and associated files, all code, media files, and documents are scanned before all other checks. + +If the extension submission fails the Malware Scan, it is rejected without any further verification or validation. + +## What is being checked + +The Malware Scan checks all files for the following issues: + +- Signatures of known viruses and malware software +- Links to sites known to contain malware or other malicious content + +## Tools and environments used + +The Malware Scan uses the following tools to check the extension submission: + +- General purpose antivirus with automatically updated virus database. +- [Yara](https://github.com/virustotal/yara) with a set of Magento specific rules. + +## Reading the error report + +The Magento Developer portal notifies the user if any malware or malicious links are detected during the file upload process. + +If the Malware Scan fails, check the integrity of the files you uploaded by using an antivirus application to scan an environment where the package was generated. + +## Troubleshooting + +If the Malware Scan fails on a valid extension, [create a Support ticket](https://marketplacesupport.magento.com/hc/en-us) and describe the use case. + +If you find any code on the [Magento Marketplace](https://marketplace.magento.com/) that looks suspicious, contact Magento immediately through the [Marketplace Support Portal](https://marketplacesupport.magento.com/hc/en-us). + +We always welcome feedback and discussion on the [Magento Community Engineering Slack](https://magentocommeng.slack.com/archives/C7SL5CGDN) #marketplace channel. diff --git a/src/marketplace/sellers/packaging-v1x-extensions.md b/src/marketplace/sellers/packaging-v1x-extensions.md deleted file mode 100644 index c8d0abd0fbe..00000000000 --- a/src/marketplace/sellers/packaging-v1x-extensions.md +++ /dev/null @@ -1,210 +0,0 @@ ---- -group: marketplace-sellers -title: Packaging Magento Version 1.x Extensions ---- - -Extensions developed for Magento version 1.x have different packaging guidelines than [Magento version 2.x]({{ site.baseurl }}/guides/v2.3/extension-dev-guide/package/package_module.html). - -1. Log in to the Magento Admin. - -1. From the Admin, go to **System** > **Magento Connect** > **Package Extensions**. - - ![]({{ site.baseurl }}/marketplace/sellers/images/create-extension-package.png){: .zoom} - _Create Extension Package_ - - This takes you to the Create Extension Package page, which consists of six sections: - - - Package info - - Release info - - Authors - - Dependencies - - Contents - - Load local package - -## Section A: Package info - -Enter the name of the extension. It is good practice to keep the name short using simple words whenever possible. - -Formatting requirements: The name of an extension can be a combination of letters (a-z or A- Z), numbers (0-9), and the underscore character (\_). Other characters are not allowed. - -{: .bs-callout .bs-callout-info} -The name used in this field will be your extension key. It is case-sensitive. - -![]({{ site.baseurl }}/marketplace/sellers/images/package-info.png){: .zoom} -_Package Info_ - -### Channel - -The Channel field is required and determined by the version of Magento you are using to package your extension. Make sure to type it exactly as it is shown below. These fields are case sensitive. - -- If you are using Magento 1.5 or later to package your extension, type `community`. -- If you are using Magento 1.4 or prior to package your extension, type `connect.magentocommerce.com/community`. - -{: .bs-callout .bs-callout-info} -If the wrong channel is used during the packaging process, you will receive an error and will have to resubmit it. - -### Supported releases - -This field is intended for backward compatibility. - -- Select the option **Pre 1.5** if this extension supports Magento versions 1.4.x and lower. For these releases, the package will be created in PEAR format and all associated files will be saved in the magento/var/pear/ directory. -- Select the option **1.5.0.0 & later** if this extension supports Magento versions 1.5.x and later. For these releases, the package will be saved in the magento/var/connect directory. -- Select both options if this extension supports both older and newer versions. - -{: .bs-callout .bs-callout-info} -If you are using EE 1.9 or earlier versions this field is absent but this won’t affect extension packaging process. You can skip this step in this situation. - -### Upload and packaging options - -If you are packaging an extension using a Magento Pre 1.5 (i.e., 1.4.x and lower) version and the extension only supports Pre 1.5 versions of Magento use the following settings: - -- Channel: **connect.magentocommerce.com/community** -- Supported Releases: **Pre 1.5** -- Package file will appear in `/var/pear/`. Package will appear in PEAR format. - -{: .bs-callout .bs-callout-info} -If there is no `/var/pear` folder, create it before packaging your extension. - -If you are packaging an extension using a Magento 1.5 and later version and the extension only supports 1.5 and later versions of Magento use the following settings: - -- Channel: **Community** -- Supported releases: **1.5 & later** -- Package file will appear in `/var/connect/`. - -If you are packaging an extension using a Magento 1.5 and later version, but the extension supports both Magento Pre 1.5 and Magento 1.5 and later versions use the following settings: - -- Channel: **connect.magentocommerce.com/community** -- Supported Releases: **Pre 1.5 and 1.5 & later (select both)** -- Package will appear in `/var/pear`. - -{: .bs-callout .bs-callout-info} -Another package will be created in `/var/connect`. You will need this file if your extension is paid and you prefer to give customers the .tgz file to upload into their Magento Connect Manager. - -If you are supporting two extensions with the same name when one of them is compatible with Magento Pre 1.5 and another with Magento 1.5+ do the following: - -- Package version of your extension for Magento Pre 1.5 in Channel 1.0 format and [submit it to Magento Marketplace]({{ site.baseurl }}/marketplace/sellers/submit-for-review.html). -- Package new version of your extension for Magento versions 1.5+ in Channel 2.0 format and [submit it to Magento Marketplace]({{ site.baseurl }}/marketplace/sellers/submit-for-review.html). -- Package will appear in `/var/pear`. - -{: .bs-callout .bs-callout-info} -Version numbers for your Pre 1.5 and 1.5+ versions should be different. You are not allowed to upload several versions with the same version number to Magento Marketplace. - -{: .bs-callout .bs-callout-tip} -It’s a good idea to also mention information about the supported releases in the extensions description, so merchants can quickly know whether or not they can use it. - -### Summary and description - -Provide a brief summary and description about the extension. This is a required field. Magento uses this information in the extension review process. The summary will be displayed in Magento Marketplace. - -### License - -The License field is required. Select the license that your extension falls under. The full list of possible licenses as stated on the Magento community website is: - -- Open Software License (OSL) -- Mozilla Public License (MPL) -- Massachusetts Institute of Technology License (MITL) -- GNU Lesser General Public License (LGPL) -- GNU General Public License (GPL) -- Berkeley Software Distribution License (BSDL) -- Apache Software License (ASL) -- Academic Free License (AFL) -- You can specify another (commercial) license if you distribute the extension package as paid. - -{: .bs-callout .bs-callout-info} -If you are using EE 1.9 or earlier versions, this field is absent but this won’t affect extension packaging process. You can skip this step in such situation. - -### License URL - -Use this field to link to the license text. It is not required, but recommended. - -For example, http://opensource.org/licenses/osl-3.0.php - -## Section B: Release info - -In order to understand this process, see [Software Versioning][1]. - -![]({{ site.baseurl }}/marketplace/sellers/images/release-info.png){: .zoom} -_Release Info_ - -### Release version - -The release version can be any arbitrary number value that you want to use as the base version. This is often set to 1.0.0 or 10.0.0. It is critical, however, to increment the release version number every time you update and repackage this extension. To protect against incorrect release version inputs, Magento Marketplace will not allow you to upload the same version twice. - -### Release stability - -The release version can be any arbitrary number value that you want to use as the base version. This is often set to 1.0.0 or 10.0.0. It is critical, however, to increment the release version number every time you update and repackage this extension. To protect against incorrect release version inputs, Magento Marketplace will not allow you to upload the same version twice. - -Release stability can be set to: - -- Alpha -- Beta -- Stable - -By default, Magento Marketplace users are only allowed to install Stable release extensions. To download development, alpha, or beta releases, the user must change this setting in the backend of Magento Marketplace. If you upload a package with release stability alpha or beta, add this information into the extension description. - -{: .bs-callout .bs-callout-info} -Do not attempt to upload an extension with release stability Development. This option is used for testing purposes only. No Development release extensions will be approved. - -### Notes - -Add any notes you may have for this release. - -## Section C: Authors - -In the Authors section, type in the real name, user name, and email address of all members who contributed to this extension. The first user must match the user name of your Magento Developer account used to display your extensions on Magento Marketplace. - -![]({{ site.baseurl }}/marketplace/sellers/images/authors.png){: .zoom} -_Authors_ - -## Section D: Dependencies - -The dependencies tab is used to specify the dependence of our code in regard to the PHP version. If it is necessary, the dependence on other extension packages can be filled out as well. During the installation of an extension, the system will check it in regard to all versions specified for it, and if dependent extensions are not installed, Magento Marketplace offers to install them. Also, you can specify the dependence on the PHP extensions, for example, if your module uses GD library functions of the latest version. In this case, if a necessary PHP extension is not installed on the server, Marketplace will show an alert the administrator. - -The following example provides an example of dependency on the `Mage\_Core\_Modules` package. This means that our extension will only work with Magento versions within the set range. The PHP [`version\_compare`][2] function is used to verify the compatibility of versions during the extension installation. - -![]({{ site.baseurl }}/marketplace/sellers/images/dependencies.png){: .zoom} -_Dependencies_ - -## Section E: Contents - -This is one of the most important sections in the extension packaging process. It is also the easiest to mess up. Be careful here. - -For proper compilation of extension package contents, use the following tips for the Target field. The following options correspond to the path on the disk: - -- Magento Local module file - `./app/code/local` -- Magento Community module file - `./app/code/community` -- Magento Core team module file - `./app/code/core` -- Magento User Interface (layouts, templates) - `./app/design` -- Magento Global Configuration - `./app/etc` -- Magento PHP Library file - `./lib` -- Magento Locale language file - `./app/locale` -- Magento Media library - `./media` -- Magento Theme Skin (Images, CSS, JS) - `./skin` -- Magento Other web accessible file - `./` -- Magento PHPUnit test - `./tests` -- Magento other - `./` - -_Where “`./`” represents the Magento root directory._ - -In the Path field, enter the path relative to the path in the Target field. In the Include and Ignore fields, enter a regular expression which will check the path with the file name only for the rows where the Type field is set to Recursive Dir. A file to be included in the extension package must match the expression specified in the Include field. If the file matches the expression in the Ignore field, it will not be included in the extension package correspondingly. - -![]({{ site.baseurl }}/marketplace/sellers/images/contents.png){: .zoom} -_Contents_ - -## Section F: Load local package - -After you fill in all of the fields, click **Save Data and Create the Package**. - -This saves it in a package data file and creates a package file. - -**Package data file** - The package data file is an XML document that stores the rules for building the package. This file is saved on the disk in the magento/var/connect/ folder if packaged with Magento 1.5 and later or in the magento/var/pear directory if packaged using Magento 1.4 or prior. A different location can be specified if you click the Save As button. - -**Extension package file** - The Extension Package file contains all source code needed. In addition, the archive includes another file that is created by a packager - `package.xml`. This file contains information about the extension, including the description of the structure of files and folders included in the package, and md5 sum for each file. - -When the extension package file is ready, it can be [submitted for review]({{ site.baseurl }}/marketplace/sellers/submit-for-review.html). - -{: .bs-callout .bs-callout-info} -First you should set write permissions to the appropriate folders. - -[1]: https://en.wikipedia.org/wiki/Software_versioning -[2]: http://php.net/version-compare diff --git a/src/marketplace/sellers/semantic-version-check.md b/src/marketplace/sellers/semantic-version-check.md new file mode 100644 index 00000000000..59d20d3467b --- /dev/null +++ b/src/marketplace/sellers/semantic-version-check.md @@ -0,0 +1,62 @@ +--- +group: marketplace-sellers +title: Semantic Version Check +--- + +## Overview + +The Semantic Version Check (SVC) is a quality check that validates the change level of an extension submission against the change level declared by the extension developer. + +## What testing is for + +[Semantic Versioning](https://semver.org/) is a good way to communicate what kind of changes were introduced between software releases. Clients can use this information to estimate the risk level of upgrading a particular software package and to determine how much effort is required to adopt the new version. + +Magento follows Semantic Versioning and encourages all third-party vendors to apply this versioning strategy for their Magento extensions as well. + +Magento Marketplace uses version information to fast-track the extension validation process for submissions that introduce patch level changes, as these are expected to be backwards compatible bug fixes without any new functionality. + +## When testing is done + +For the Semantic Version check to be applied, the extension submission must meet the following conditions: + +1. A new submission must update an already existing version of an extension that has been previously published to the Marketplace storefront. +1. The extension developer must declare the new submission as a "PATCH" level change. + +## What is being checked + +The Semantic Version check analyzes the submission to determine the change level of the new submission and to verify whether the change level qualifies as a "PATCH" level change. + +If the submission is a "PATCH" level change, the submission is fast-tracked and is exempt from the Manual QA process. Otherwise, this check fails. + +A failed Semantic Version check has no impact on extension approval. If a submission receives Manual QA approval, then the extension will be published. + +## Tools and environments used + +The Semantic Version Check is implemented using the publicly available, [magento/magento-semver](https://github.com/magento/magento-semver) tool. + +Magento SemVer is a static analysis tool that validates the change level of Magento source code based on the [Semantic Versioning Specification](https://semver.org/) and makes suggestions about the version increment to use, for example _PATCH_, _MINOR_, or _MAJOR_. + +Magento SemVer can: + +1. Detect PATCH, MINOR and MAJOR change levels and suggest the appropriate change level for a new version. +1. Validate an update against a desired change level. + +## Reading the error report + +The error report lists minor and major changes detected in the extension source code. To fix an error, refactor the implementation until it no longer introduces non-patch level changes. + +## Troubleshooting + +The Magento Semantic Version check uses the following command to check an extension: + +```bash +php magento-semver/bin/svc compare 1 +``` + +This command requires an environment with PHP version 7.2.29 or later. + +If the Semantic Version check detects any issues, [create a Magento Support ticket](https://marketplacesupport.magento.com/hc/en-us) to request assistance. Specify the relevant Submission ID in the ticket. + +As the check is solely based on [Magento SemVer open source project](https://github.com/magento/magento-semver), submitting an issue or pull request on GitHub is highly recommended. + +We always welcome feedback and discussion on the [Magento Community Engineering Slack](https://magentocommeng.slack.com/archives/C7SL5CGDN) #marketplace channel. diff --git a/src/marketplace/sellers/submit-for-technical-review.md b/src/marketplace/sellers/submit-for-technical-review.md index 2f620d96267..f5fd653871a 100644 --- a/src/marketplace/sellers/submit-for-technical-review.md +++ b/src/marketplace/sellers/submit-for-technical-review.md @@ -5,7 +5,7 @@ title: Submit for Technical Review All extensions submitted to Magento Marketplace must pass the automated technical review as part of the extension submission workflow. Technical review helps to improve the quality of products on Magento Marketplace by checking for indications of plagiarism, malware, and adherence to Magento coding standards. Developers whose extensions do not pass technical review receive a report of the results. After the issues are resolved, you are welcome to resubmit the extension. Extensions must pass technical review to receive a listing on Magento Marketplace. -When your [extension entry]({{ site.baseurl }}/marketplace/sellers/extension-information.html) is complete, you can submit your extension for technical review. During the process, we [review the code]({{ site.baseurl }}/marketplace/sellers/code-validation.html) according to [technical guidelines]({{ site.baseurl }}/marketplace/sellers/technical-review-guidelines.html), install and use the extension according to your documentation, and verify specifics from your submission form. You can track the status and progress of your extension submission through your Marketplace account. +When your [extension entry]({{ site.baseurl }}/marketplace/sellers/extension-information.html) is complete, you can submit your extension for technical review. During the process, we review the code according to [technical guidelines]({{ site.baseurl }}/marketplace/sellers/technical-review-guidelines.html), install and use the extension according to your documentation, and verify specifics from your submission form. You can track the status and progress of your extension submission through your Marketplace account. ![]({{ site.baseurl }}/marketplace/sellers/images/tech-review-content.png){: .zoom} diff --git a/src/marketplace/sellers/technical-reference.md b/src/marketplace/sellers/technical-reference.md index ec69b3b1143..b9cfcb50807 100644 --- a/src/marketplace/sellers/technical-reference.md +++ b/src/marketplace/sellers/technical-reference.md @@ -5,27 +5,27 @@ title: Technical Reference ## Guides -- [PHP Developer Guide]({{ site.baseurl }}/guides/v2.3/extension-dev-guide/bk-extension-dev-guide.html) -- [Magento Architecture]({{ site.baseurl }}/guides/v2.3/architecture/bk-architecture.html) -- [PHP Developers]({{ site.baseurl }}/guides/v2.3/extension-dev-guide/bk-extension-dev-guide.html) (includes code and packaging components for Marketplace) -- [Composer]({{ site.baseurl }}/guides/v2.3/extension-dev-guide/intro/intro-composer.html) -- [File Structure]({{ site.baseurl }}/guides/v2.3/extension-dev-guide/prepare/prepare_file-str.html) -- [Register]({{ site.baseurl }}/guides/v2.3/extension-dev-guide/build/component-registration.html) -- [Create]({{ site.baseurl }}/guides/v2.3/extension-dev-guide/build/build.html) -- [Enable]({{ site.baseurl }}/guides/v2.3/extension-dev-guide/build/enable-module.html) -- [Test]({{ site.baseurl }}/guides/v2.3/extension-dev-guide/validate/test-module.html) -- [Package]({{ site.baseurl }}/guides/v2.3/extension-dev-guide/package/package_module.html) -- [Coding Standards]({{ site.baseurl }}/guides/v2.3/coding-standards/bk-coding-standards.html) -- [Frontend Developers]({{ site.baseurl }}/guides/v2.3/frontend-dev-guide/bk-frontend-dev-guide.html) -- [Admin Pattern Library]({{ site.baseurl }}/guides/v2.3/pattern-library/bk-pattern.html) -- [JavaScript Developers]({{ site.baseurl }}/guides/v2.3/javascript-dev-guide/bk-javascript-dev-guide.html) -- [Magento Web APIs]({{ site.baseurl }}/guides/v2.3/get-started/bk-get-started-api.html) -- [REST]({{ site.baseurl }}/guides/v2.3/get-started/rest_front.html) -- [SOAP]({{ site.baseurl }}/guides/v2.3/get-started/soap/soap-web-api-calls.html) +- [PHP Developer Guide]({{ site.baseurl }}/guides/v2.4/extension-dev-guide/bk-extension-dev-guide.html) +- [Magento Architecture]({{ site.baseurl }}/guides/v2.4/architecture/bk-architecture.html) +- [PHP Developers]({{ site.baseurl }}/guides/v2.4/extension-dev-guide/bk-extension-dev-guide.html) (includes code and packaging components for Marketplace) +- [Composer]({{ site.baseurl }}/guides/v2.4/extension-dev-guide/intro/intro-composer.html) +- [File Structure]({{ site.baseurl }}/guides/v2.4/extension-dev-guide/prepare/prepare_file-str.html) +- [Register]({{ site.baseurl }}/guides/v2.4/extension-dev-guide/build/component-registration.html) +- [Create]({{ site.baseurl }}/guides/v2.4/extension-dev-guide/build/build.html) +- [Enable]({{ site.baseurl }}/guides/v2.4/extension-dev-guide/build/enable-module.html) +- [Test]({{ site.baseurl }}/guides/v2.4/extension-dev-guide/validate/test-module.html) +- [Package]({{ site.baseurl }}/guides/v2.4/extension-dev-guide/package/package_module.html) +- [Coding Standards]({{ site.baseurl }}/guides/v2.4/coding-standards/bk-coding-standards.html) +- [Frontend Developers]({{ site.baseurl }}/guides/v2.4/frontend-dev-guide/bk-frontend-dev-guide.html) +- [Admin Pattern Library]({{ site.baseurl }}/guides/v2.4/pattern-library/bk-pattern.html) +- [JavaScript Developers]({{ site.baseurl }}/guides/v2.4/javascript-dev-guide/bk-javascript-dev-guide.html) +- [Magento Web APIs]({{ site.baseurl }}/guides/v2.4/get-started/bk-get-started-api.html) +- [REST]({{ site.baseurl }}/guides/v2.4/get-started/rest_front.html) +- [SOAP]({{ site.baseurl }}/guides/v2.4/get-started/soap/soap-web-api-calls.html) - [Marketplace EQP API]({{ site.baseurl }}/marketplace/eqp/v1/api.html) ## System -- [Installation]({{ site.baseurl }}/guides/v2.3/install-gde/bk-install-guide.html) -- [Configuration]({{ site.baseurl }}/guides/v2.3/config-guide/bk-config-guide.html) -- [Component Manager]({{ site.baseurl }}/guides/v2.3/comp-mgr/bk-compman-upgrade-guide.html) (used by merchants to manage components) +- [Installation]({{ site.baseurl }}/guides/v2.4/install-gde/bk-install-guide.html) +- [Configuration]({{ site.baseurl }}/guides/v2.4/config-guide/bk-config-guide.html) +- [Component Manager]({{ site.baseurl }}/guides/v2.4/comp-mgr/bk-compman-upgrade-guide.html) (used by merchants to manage components) diff --git a/src/marketplace/sellers/technical-review-guidelines.md b/src/marketplace/sellers/technical-review-guidelines.md index 6a3d6ae5242..e885c7c065a 100644 --- a/src/marketplace/sellers/technical-review-guidelines.md +++ b/src/marketplace/sellers/technical-review-guidelines.md @@ -5,42 +5,16 @@ title: Technical Review Guidelines During technical review, your code is examined to detect the presence of viruses, malware, and any indication of plagiarism. The process also ensures that the package meets Composer packaging and format requirements and Magento coding standards. -## Validate: Verify package for required files +## Submission -The submitted package must be a Magento module, theme, language pack, or metapackage, that meets Composer packaging and format requirements. All Magento modules, themes, and language packs must contain a `composer.json` and `registration.php` file. +The technical review begins as soon as you upload an extension package at [Developer Portal](https://developer.magento.com/) and consists of two mandatory steps to generate the submission id and trigger further extension testing: -### Required Files +1. [Malware Scan]({{ site.baseurl }}/marketplace/sellers/malware-scan.html) — Ensures that uploaded packages do not contain viruses or malware software. +1. Extension Package Verification — Checks that the uploaded file is a zip archive which is a [Composer](https://getcomposer.org/) package with Magento extension. -|--- |--- | -|All|`composer.json`
`registration.php`| -|Module|`etc/module.xml`| -|Theme|`theme.xml`| -|Language Pack|`language.xml`| -|Metapackage|`composer.json`| +### Extension Package Verification -Developers of Magento 2.x extensions can use the validation tool to test the package before it is submitted to Magento Marketplace. To download the tool, see the Marketplace Tools GitHub repository. - -_See also:_ - -- [PHP Developer Guide]({{ site.baseurl }}/guides/v2.3/extension-dev-guide/bk-extension-dev-guide.html) -- [How to Package Magento Extensions]({{ site.baseurl }}/guides/v2.3/extension-dev-guide/package/package_module.html) -- [Packaging Magento Version 1.x Extensions]({{ site.baseurl }}/marketplace/sellers/packaging-v1x-extensions.html) - -## Coding Standards: Check code quality/syntax - -The Marketplace coding standard review uses a custom set of coding sniffs. If the submitted code fails to pass the review, a technical report is generated that describes each issue found, and its location in the codebase. - -_See also:_ [Coding Standards]({{ site.baseurl }}/guides/v2.3/coding-standards/bk-coding-standards.html) - -### Package Validation: verify that submitted code is a valid Magento extension - -This check verifies that submitted code: - -- Is packaged as a valid Magento module, theme, language package, or meta-package -- Enforces best practices for Magento code distribution -- Helps to avoid common pitfalls - -Any code submitted for technical review at [Magento Developers Portal](https://developer.magento.com/) is examined to ensure that: +Package submissions must contain a Magento module, theme, language pack, or metapackage that meets Composer packaging and format requirements: 1. Code submitted as a zip archive. 1. Submitted package does not exceed 30 MB. @@ -63,54 +37,125 @@ Any code submitted for technical review at [Magento Developers Portal](https://d - `magento/product-community-edition` - `magento/magento2-ee-base` - `magento/product-enterprise-edition` -1. The package does not use `*` as a version restriction for Magento packages (packages with `magento` vendor). Version restriction should be specified according to [recommendations](https://devdocs.magento.com/guides/v2.3/extension-dev-guide/versioning/dependencies.html?itm_source=devdocs&itm_medium=quick_search&itm_campaign=federated_search&itm_term=versio#determine-module-dependency). + +1. The package does not use `*` as a version restriction for Magento packages (packages with `magento` vendor). You must specify version restriction according to the [recommendations]({{ site.baseurl }}/guides/v2.4/extension-dev-guide/versioning/dependencies.html#determine-module-dependency) in the _Magento PHP Developer Guide_. + 1. [Require inline aliases](https://getcomposer.org/doc/articles/aliases.md#require-inline-alias) are not used in the `composer.json` file. -Additional requirements for package declarations are applied depending on the package type. +Additional requirements for package declarations are applied based on the package type: + +1. Magento modules (packages with type `magento2-module`) must have valid `etc/module.xml` and `registration.php` files. Configured [autoloading](https://getcomposer.org/doc/04-schema.md#autoload) in `composer.json`: `autoload.files` must include at least a `registration.php` file and the `autoload.psr-4` section must declare at least one namespace. +1. Magento themes (package type `magento2-theme`) must have valid `theme.xml` and `registration.php` files. You must include the registration file in the `autoload.files` section of `composer.json`. Do not include an `autoload.psr-4` declaration in a theme package. +1. Magento language packages (type `magento2-language`) must have valid `language.xml` and `registration.php` files. You must include the registration file in the `autoload.files` section of `composer.json`. Do not include an `autoload.psr-4` declaration in a language package. +1. Packages of type `metapackage` must declare at least one dependency in the `require` section. + +_See also:_ + +- [PHP Developer Guide]({{ site.baseurl }}/guides/v2.4/extension-dev-guide/bk-extension-dev-guide.html) +- [How to Package Magento Extensions]({{ site.baseurl }}/guides/v2.4/extension-dev-guide/package/package_module.html) + +## Extension Validation and QA + +After accepting a package for Technical Review, a series of automated checks and manual checks are scheduled. -Magento modules (packages with type `magento2-module`) must have a valid `registrar.php` file. Configured [autoloading](https://getcomposer.org/doc/04-schema.md#autoload) in `compopser.json`: `autoload.files` must include at least a `registrar.php` file and `autoload.psr-4` is expected to declare at least one namespace. +### Code Sniffer: Check code quality/syntax -Magento themes (package type `magento2-theme`) and language packages (type `magento2-language`) must have a valid `registrar.php` file, which must be included in the `autoload.files` section of `composer.json`. `autoload.psr-4` must not be used for these types of packages. +The Marketplace coding standard review uses a custom set of coding sniffs. If the submitted code fails the review, Magento generates a technical report that describes each issue found and its location in the codebase. -Packages of type `metapackage` must declare at least one dependency in the `require` section. +_More details:_ [Code Sniffer]({{ site.baseurl }}/marketplace/sellers/code-sniffer.html) -### Intellectual Property: Check for plagiarism +_See also:_ [Coding Standards]({{ site.baseurl }}/guides/v2.4/coding-standards/bk-coding-standards.html) + +### Copy Paste Detector: Check for plagiarism All code and marketing content that is submitted to Magento Marketplace is checked for plagiarism to ensure that it has not been copied from existing Marketplace extensions or from the Magento codebase. -If the extension contains source code from the Community Edition of Magento 1.x or 2.x, the extension must be licensed under [Open Source License v. 3.0][3] and properly credit Adobe, Inc. +If the extension contains source code from the Open Source Edition, the extension must be licensed under [Open Source License v. 3.0][3] and properly credit Adobe, Inc. + +_More details:_ [Copy Paste Detector]({{ site.baseurl }}/marketplace/sellers/copy-paste-detector.html) _See also:_ [OSL 3.0: A Better License for Open Source Software][4] -### Installation (M2 only): Verify that product installs correctly +### Installation and Varnish Tests: Verify that product installs and caching works correctly -Extensions for Magento 2.x are installed with Varnish Cache enabled for each supported version of PHP, and switched from development to [production mode]({{ site.baseurl }}/guides/v2.3/config-guide/cli/config-cli-subcommands-mode.html). If you have shared packages and dependencies required for your extension, also test installs and usage with those packages. +Extensions for Magento are installed with Varnish Cache enabled for each supported version of PHP and switched from development to [production mode]({{ site.baseurl }}/guides/v2.4/config-guide/cli/config-cli-subcommands-mode.html). If you have shared packages and dependencies required for your extension, the Installation test also tests Magento installation and usage with those packages included. -_See also:_ [Magento System Requirements]({{ site.baseurl }}/guides/v2.3/install-gde/system-requirements.html) +In addition, cacheable pages are accessed to ensure that they are served directly from Varnish Cache. You will be notified if your extension fails the test. -### Page Caching (M2 only): Verify that Varnish works correctly +_More details:_ [Installation and Varnish Tests]({{ site.baseurl }}/marketplace/sellers/installation-and-varnish-tests.html) -In addition to the Production Mode test, cacheable pages are accessed to ensure that they are served directory from Varnish Cache. You will be notified if your extension fails the test. +_See also:_ + +- [Configure and Use Varnish]({{ site.baseurl }}/guides/v2.4/config-guide/varnish/config-varnish.html) +- [Magento System Requirements]({{ site.baseurl }}/guides/v2.4/install-gde/system-requirements.html) + +### Quality Assurance: Pass Manual QA + +This check verifies that the extension installs without error, is configurable (as applicable), and operates as expected. + +Manual QA can be skipped if the [Semantic Version Check]({{ site.baseurl }}/marketplace/sellers/semantic-version-check.html) confirms that only patch-level changes were introduced in a new version of an already listed extension. + +#### Documentation and resources +Magento uses the documentation provided with the extension during manual QA. The submitted documentation must comply with the following requirements: + +1. Submit the user guide in one of the following formats: + + - A PDF that describes the extension setup and features. + - A PDF containing a link to a wiki or a similar page that describes the extension setup and features. + +1. Extension documentation must cover all features of the extension. + +1. Extension documentation must not direct users to make purchases on sites other than Marketplace. + +_See also:_ [Polishing your Marketplace submission: 7 tips from the Marketplace EQP team](https://community.magento.com/t5/Magento-DevBlog/Polishing-your-Marketplace-submission-7-tips-from-the/ba-p/142382) + +#### Manual QA checklist + +To pass Manual QA, the extension must meet the following requirements: + +1. Installs with Composer. +1. Compiles without errors using the following command: [`deploy:mode:set production`](https://devdocs.magento.com/guides/v2.4/config-guide/cli/config-cli-subcommands-mode.html#change-to-production-mode) +1. Extension has all supporting documentation that complies with the [documentation requirements](#documentation-and-resources) +1. Works with each version of Magento that the extension claims to support in the extension product profile. + + - Basic Magento functionality works as expected with the installed extension. + - Basic test suite includes, but is not limited to the following scenarios: + + - Create order as guest user (Simple product, Configurable product) + - Create a new customer + - Create order as (Simple product, Configurable product) + - Place an order via "Check Out with Multiple Addresses" + - Create re-order from previously created order + - Add product to Wishlist + - Add product to Comparison list + - As store admin: Create Invoice, Shipping, Credit Memo + - As store admin: Create new order (re-order) + - As store admin: Create new product with images (Simple product, Configurable product) + - As store admin: Create new product category + +1. Works with each version of PHP that is supported by the Magento version that the extension claims to support in the extension product profile. +1. Has all functionality that is described in the extension documentation and vice versa. +1. Does not crash with unhandled errors. +1. Does not hang when invalid data is submitted. + +_See also:_ -_See also:_ [Configure and Use Varnish]({{ site.baseurl }}/guides/v2.3/config-guide/varnish/config-varnish.html) +- [Install an Extension via Composer](https://devdocs.magento.com/cloud/howtos/install-components.html#install-an-extension) +- [General CLI installation](https://devdocs.magento.com/extensions/install/) -### Quality Assurance (M2 only): Pass manual QA +#### Additional checks for Page Builder extensions -This check verifies that the extension installs without error, is configurable (as applicable), and operates as expected. To pass Manual QA, the extension must meet the following requirements: +Extensions that claim to support Magento Page Builder are subject to the following additional checks: -- Installs with Composer -- Compiles without errors using the following command: `deploy:mode:set production` -- Works with each version of Magento that is shown as supported in the extension product profile -- Works with each version of PHP that is supported by the Magento version that is shown as supported in the extension product profile -- Has all functionality that is described in the extension documentation -- Does not crash with unhandled errors -- Does not hang when invalid data is submitted +1. New and extended content types can be dragged to the stage, edited, duplicated, moved, hidden, saved and deleted from the stage without errors. +1. New and extended content types are rendered on the storefront without errors. +1. Extensions that use Page Builder must also support correct operation of all Page Builder content creation functions. This includes, but is not limited to, all the functions previously described for new and extended content types rendered in the Admin stage and the storefront. -### For Page Builder extensions +#### Exit criteria for testing -- New and extended content types can be dragged to the stage, edited, duplicated, moved, hidden, saved, and deleted from the stage without errors. -- New and extended content types are rendered on the storefront without errors. -- Extensions that use Page Builder should also ensure that all Page Builder content creation functions work correctly. This includes, but is not limited to, all the functions previously described for new and extended content types rendered in the Admin stage and the storefront. +1. At least one major issue found in Magento functionality which was affected by an installed extension. +1. Blocking issue found that affects entire extension functionality. +1. For big extensions, where functionality is not concentrated in one particular area we can switch to the unaffected area and continue to test it in order to provide more errors to the developer. At the same time, we can stop testing once we have found 2 blockers in separate areas of an extension. [3]: https://opensource.org/licenses/OSL-3.0 [4]: http://rosenlaw.com/OSL3.0-explained.htm diff --git a/src/quality-patches/release-notes.md b/src/quality-patches/release-notes.md index a3de00b0eaf..c387ef8d685 100644 --- a/src/quality-patches/release-notes.md +++ b/src/quality-patches/release-notes.md @@ -19,6 +19,16 @@ The [Magento Quality Patches](https://github.com/magento/quality-patches) packag See [Apply patches]({{ site.baseurl }}/guides/v2.4/comp-mgr/patching/mqp.html) for instructions on applying patches to your Magento projects. See [Patches available in MQP tool](https://support.magento.com/hc/en-us/sections/360010506631-Patches-available-in-MQP-tool-) for additional patch details. +## v1.0.8 + +- **MDVA-31242** _(for Magento `>=2.3.0 <2.4.1` with B2B extension)_—Fixes the issue where a wrong currency sign is displayed in Credit Memo grid. +- **MDVA-31295** _(for Magento `>=2.3.0 <2.4.2`)_—Fixes the issue where reward points are not calculated when a partial order is completed and items are taxed. +- **MDVA-30112** _(for Magento `>=2.3.4 <2.4.2`)_—Fixes the issue where if the number of orders exceeds the "bunch-size" value, Magento considers the orders with "pending" status as inconsistencies. +- **MDVA-31150** _(for Magento `>=2.3.0 <2.4.2`)_—Fixes the issue where the store credit and gift card balances are not returned by the GET Invoice Rest API call, when the invoice was posted by Rest API call and the order was partially paid by store credit and gift card accounts. +- **MDVA-30963** _(for Magento `>=2.3.2 <2.4.2`)_—Fixes the issue where products filtering results set to only contain values specified for "All store views" scope in Admin, include products with values overridden on the store view level. +- **MDVA-29954** _(for Magento `>=2.3.0 <2.3.6 || 2.4.0 || 2.4.2` with B2B extension)_—Fixes the issue where the "New Company Registration Request" and "You've been linked to a company" emails are sent from the wrong address. +- **MDVA-28357** _(for Magento `>=2.3.2 <2.3.6 || >=2.4.0 <2.4.1`)_—Replaces the standard analyzer with a custom analyzer with keyword tokenizer for the SKU field in the ElasticSearch index, to make wildcard search queries work with SKUs containing a hyphen ("-"). + ## v1.0.7 - **MDVA-30972** _(for Magento `>=2.3.0 <2.4.2`)_—Fixes the issue where custom order status was changed to Processing after partial shipment creation using WebApi. diff --git a/src/recommendations/verify.md b/src/recommendations/verify.md index c5c660eb4ff..02987147a50 100644 --- a/src/recommendations/verify.md +++ b/src/recommendations/verify.md @@ -9,7 +9,7 @@ After you [install]({{ page.baseurl }}/recommendations/product-recs.html) and [c ## Verify using developer tools in Chrome {:.procedure} -To ensure that the `DataServices.js` file is loading on all site pages: +To ensure that the event collector JS file is loading on all site pages: 1. In Chrome, choose **Customize and control Google Chrome** then select **More Tools** > **Developer Tools**. 1. Choose the **Network** tab then select the **JS** type. @@ -22,9 +22,9 @@ To ensure that the `DataServices.js` file is loading on all site pages: {:.procedure} To ensure events are firing on pages across your site (home, product, checkout, and so on): +1. Make sure you disable any ad blockers on your browser and accept cookies on the site. 1. In Chrome, choose **Customize and control Google Chrome** (the three vertical dots in the upper right corner of the browser) then select **More Tools** > **Developer Tools**. -1. Choose the **Network** tab then select the **XHR** type. -1. Filter for `tp2`. +1. Choose the **Network** tab and filter for `tp2`. 1. Reload the page. 1. You should see calls under `tp2` in the **Name** column. @@ -34,7 +34,7 @@ To ensure events are firing on pages across your site (home, product, checkout, Install the [Snowplow Analytics Debugger extension for Chrome](https://chrome.google.com/webstore/detail/snowplow-analytics-debugg/jbnlcgeengmijcghameodeaenefieedm). This extension displays the events being collected and sent to Magento. -1. Make sure you disable any ad blockers on your browser. +1. Make sure you disable any ad blockers on your browser and accept cookies on the site. 1. In Chrome, choose **Customize and control Google Chrome** (the three vertical dots in the upper right corner of the browser) then select **More Tools** > **Developer Tools**.