Wiki

Wiki architecture

Our wiki consists of the following components:

The oppia/oppia.wiki git repository automatically created by GitHub to hold the wiki viewable at https://github.com/oppia/oppia/wiki. This is our deployment repository where we put wiki source files to be viewed by the community.
The oppia/oppia-web-developer-docs repository is our source repository where we store and edit the wiki source files. We consider this to be the single source of truth for our wiki.
A synchronizer bot that keeps the source and deployment repositories in sync. While you might think of bots as running on their own servers somewhere, our bot's code lives in GitHub Actions workflows in both the source and deployment repositories:
- A revert-web-wiki-updates.yml workflow in oppia/oppia reverts any changes made to the wiki through the web interface by creating a revert commit in the deployment repository and pushing that commit to the source repository.
- A deploy.yml workflow in the source repository deploys any new commits in the source repository to the deployment repository.

Contributing to the wiki

If you notice something about the wiki that could be improved, please let us know! There are a couple of ways you can do so:

If the improvement you have in mind is big, you want feedback before you start working on it, or you don't have time to make the change yourself, open an issue in the source repository.
If you can make the change yourself, see the instructions below for opening a pull request (PR).

Opening a pull request

For your first contribution, you'll need to set up your repository (you only have to do this once):

Create a fork of the source repository into your user account (which we'll refer to as user from now on).
Clone the fork to your computer (you can also use SSH if you prefer):
```
git clone https://github.com/user/oppia-web-developer-docs.git
```

Add the upstream repository as a remote:

git remote add upstream https://github.com/oppia/oppia-web-developer-docs.git

Then for every new contribution (including your first), you should follow these steps:

Checkout the develop branch and pull in the latest changes from upstream:
```
git checkout develop
git pull upstream develop
```
Create a new branch for your changes:
```
git checkout -b {{branch name}}
```
Make your changes, being sure to follow our style guide. You can use whatever text editor you prefer for this.
Commit your changes. You can make multiple commits as you write if you prefer.
```
git add {{paths to the files you changed}}
git commit
```
Push your changes to your fork (called origin by default):
```
git push -u origin {{branch name}}
```
Open a pull request. Remember to click the "compare across forks" link since your changes are on a different fork than the source repository. The base for your PR should be the develop branch on the oppia/oppia-web-developer-docs repository.
Wait for the welfare team to review your PR.
Once the welfare team leaves comments, respond to them and make changes as needed. Like on oppia/oppia, please do not resolve review threads--let the reviewer do that. Repeat as needed until reviewers approve. Note that we don't have code owners in the source repository. Instead, the welfare team will ask other developers to review PRs as needed. For example, we'll usually ask team leads to review substantive changes to wiki pages on their team's work.
Once reviewers have approved, the welfare team will merge your PR, and your changes will be automatically deployed to the Oppia wiki. Congratulations!

Run pylint on python files in the Oppia-docs-repo.

Steps:

Install Pylint

If pip refers to python3, then run:

pip install pylint

else run:

pip3 install pylint
Run pylint on all python files in the repository:

pylint **/*.py

When you make changes through the web interface

If you change the wiki through the web interface at https://github.com/oppia/oppia/wiki, the synchronizer bot will automatically revert your change with a commit like this example. Please open a PR to the source repository instead.

Implementation details

GitHub App for synchronizer bot

The code for the synchronizer bot is split across GitHub Actions workflows in the oppia/oppia-web-developer-docs and oppia/oppia repositories. These workflows are part of the same synchronizer bot (which is a GitHub App) because they both authenticate to GitHub using the bot's private key.

We use a GitHub App because it lets us restrict the bot's access to only the relevant repositories. It also means that the bot's actions will appear as being by the bot instead of by a user, which is more accurate.

Here are instructions for creating and using the GitHub App:

Create a GitHub App with the following settings (docs):
- Name and Description that describe the app's purpose.
- For Homepage URL you can just put the link to your documentation source repository. This URL is required by GitHub, but we don't use it for anything.
- Leave Callback URL, Setup URL, Webhook URL, and Webhook secret blank.
- We don't use user authorization tokens, so you can leave Expire user authorization tokens checked and leave Request user authorization (OAuth) during installation and Enable Device Flow unchecked.
- We don't use webhooks, so leave the Active checkbox under Webhook unchecked.
- Give Read & write access to the Contents permission.
- Don't subscribe to any events.
- Allow installation Only on this account since we don't expect this app to be used outside of the organization.
Download the app's private key.
- [!WARNING]: Treat this private key like a password! Anyone in possession of it can access and change the contents of the repositories the app has been installed on.
Install the app on the repository with the wiki source and on the repository whose wiki will contain the deployed documentation.
To both repositories, add the following secrets:
- OPPIA_WIKI_SYNCHRONIZER_APP_ID: The ID for your GitHub App
- OPPIA_WIKI_SYNCHRONIZER_APP_PRIVATE_KEY: A private key for your GitHub App in PEM format.
Delete the private key from your machine. If you need to add the key to a new repository secret in the future, you can just generate a new key.

Workflow to revert changes through the web interface

Here are a few points about the revert-web-wiki-updates.yml workflow:

The workflow uses the oppia/get-github-app-token action to retrieve an authentication token using the synchronizer bot's private key. We specify the version of the action using a git hash as an extra security precaution since the oppia/get-github-app-token repository won't be as closely watched as oppia/oppi. This means that even if oppia/get-github-app-token is compromised, any malicious code added there won't be pulled into oppia/oppia.
We configure the git name as oppia-wiki-synchronizer[bot] and email as 102317631+oppia-wiki-synchronizer[bot]@users.noreply.github.com. This choice of name and email causes GitHub to show the app as the commit author, though this feature is not documented by GitHub.
When we push to the deployment repository, we run git push source master:develop. The master:develop says to push the local master branch to the remote develop branch. We have different branch names because at Oppia we generally use develop as our main development branch, but GitHub requires that the wiki deployment repository main branch be called master (this detail is also not documented).

Security analysis

This approach introduces the following security concerns:

The permissions for the documentation source repository must be maintained as they no longer automatically follow the deployment repository permissions.
Access to the GitHub App must be secured. In particular, the app should be created at the organization level, and the minimum number of people should be granted app manager permissions. Organization owners automatically have access.
The GitHub App's credentials must also be secured. In particular, there should be no copies of the private key outside of GitHub actions secrets.

Here are some alternative approaches:

Creating a new user account that we can give access to the necessary repositories and who the scripts will act as.
- This means we have to keep track of securing another account and that account's credentials. The GitHub App approach is better because we can use existing GitHub accounts to manage the app, and it's not possible to log in as the app.
- The app's actions are clearly marked as being by a bot, which is better than a user account which will look like a human user.
Using a personal access token (PAT).
- The PAT generated by a user gives broad access across all the repositories where the user has privileges. This introduces a risk that a compromise of Oppia could grant an attacker access to other, unaffiliated repositories. A GitHub App has more fine-grained permissions that can be restricted to particular repositories.
Using the GITHUB_TOKEN generated automatically for actions workflows.
- This token does not grant access to the wiki, so even if we force-deployed from the source repository instead of creating a revert commit, the workflow in the deployment repository that detects an edit through the web interface would not have permission to force-deploy the source documentation to the deployment wiki.

Failed to push changes to wiki upon PR merge.

If the deployment of changes to the wiki following the merging of a pull request was unsuccessful, you have the option to manually push the changes to the wiki by following these steps:

Navigate to the Oppia wiki repository's Actions tab.
Select the "Deploy to wiki" workflow.
Refer to these instructions to manually execute the workflow.

Tips and Tricks

How can I see markdown (wiki) preview in Visual Studio Code?

Right-click on the editor Tab and select Open Preview (Windows/Linux: Ctrl+Shift+V, Mac: Command+Shift+V) or use the Command Palette Windows/Linux: Ctrl+Shift+V, Mac: Command+Shift+V to run the Markdown: Open Preview to the Side command (Windows/Linux: Ctrl+K+V, Mac: Command+K+V).

Have an idea for how to improve the wiki? Please help make our documentation better by following our instructions for contributing to the wiki.

Core documentation

Developing Oppia

FAQs
How to get help
- Troubleshooting
Getting started with the project
- 'Getting started' guide
- Installing Oppia
  - Set up your development tools
- How to access Oppia webpages
  - Glossary of terms
  - User documentation
- Populating data on local server
- Team onboarding guides
  - LaCE Team
  - Contributor Dashboard Team
How the codebase is organized
Making your first PR
Debugging
Testing
Codebase policies and processes
- Guidelines for launching new features
- Guidelines for making an urgent fix (hotfix)
- Testing jobs and other features on production
- Guidelines for Developers with Write Access to oppia/oppia
- Release schedule and other information
- Revert and Regression Policy
- Privacy aware programming
- Code review:
  - Instructions for Reviewers
  - Oppia's code owners and checks to be carried out by developers
- Project organization:
  - Triaging Process
- QA Testing:
  - Guide for release testers
  - Instructions for QA coordinators
- Design docs:
  - How to write design docs
Team-Specific Guides
- LaCE/CD:
  - 👣 Make a simple UI change
  - Testing for Accessibility
  - Release accessibility checklist
  - Apache Beam Jobs
  - Translations:
    - Adding new translations
    - How to develop for i18n
  - Server errors:
    - Server errors and solutions
- Developer Workflow:

Developer Reference

Oppiabot
Git cheat sheet
Frontend
Backend
Webpack
Third-party libraries
Extension frameworks
Oppia-ml Extension
Mobile development
Performance testing
Build process
Best practices for leading Oppia teams
Past Events
- Google Summer of Code: 2023, 2022, 2021, 2020, 2019, 2018, 2017, 2016
- Hacktoberfest: 2023, 2022, 2021, 2020, 2019, 2018, 2017, 2016
- GHC Open Source Day: 2019, 2018
- Season of Docs: 2024, 2021, 2019
- DSC-SLoP (Semester Long Project): 2022, 2020
- Outreachy: Dec 2021 to Mar 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly