due to internal Discourse changes, one of your plugins breaks
the plugin doesn’t just break, it breaks your entire site which now has JS errors or maybe even a white screen
you open a meta support topic about how updating Discourse broke your whole site
we ask “hmm, did you try disabling all third party plugins”
We need a much easier way for people to enter ‘safe mode’ where only official Discourse plugins that are bundled with Discourse during a clean install are loaded.
I am open to whatever implementation makes sense, but switching to “safe mode” needs to be much easier to stem the flood of support topics on Discourse updates breaking third party plugins.
The easiest would be to add a new “--safe” parameter to the launcher (eg “./launcher rebuild --safe”).
That parameter would then be passed to Discourse which would not load any of the non-blessed plugins.
It’s my understanding that we’re trying to keep ./launcher at least sort-of Discourse agnostic. My easiest recommendation would be to have either ./discourse-setup or some other new command that would comment out all non-blessed plugins and rebuild. I think it should have two modes, one that disables non-blessed plugins (is that as simple as the ones from the discourse github account?) and another that would disable all plugins.
A more complex solution would be a ./plugins script that would provide a way to install and remove individual plugins as well as disable them.
I started thinking about a ./help script that would do things like check available memory and ram, offer suggestions (e.g., suggest ./launcher cleanup), and print out disk and memory specs that could be pasted into a plea for help.
Distribute a file with Discourse that lists the names of all “officially supported” plugins.
Split out “plugin.js” from “application.js”, 2 assets will be split out:
a: plugin-safe.js for all officially supported plugins
b: plugin-third-party.js for unofficial plugins.
Add a new ENV var for booting in safe mode: DISCOURSE_SAFE_MODE=1 if set then only supported plugins are installed
Add a new ENV var for booting in “super safe mode”: DISCOURSE_SAFE_MODE=NO-PLUGINS if set no plugins at all are loaded
If booted in safe mode, display a banner to all staff (or something along those lines) showing that site is in safe mode. Banner will link to docker manager page where you can quit safe mode
Amend Docker Manager to allow you to “reload Discourse in Safe Mode” and “Exit Safe Mode”
Points I am thinking about:
In safe mode what do we do about “site customizations” which can potentially break stuff? Current thinking, allow you to specify “how safe” you want stuff when entering safe mode.
In safe mode what do we do about “color” customizations etc which may, in very rare cases, break stuff? Current thinking, do nothing.
New structure will allow you to “preview in JavaScript safe mode” without restarting, if all you want to do is check the JS components of a plugin are not broken. Should we expose this? Current thinking, maybe…
As someone who might write a “disable all 3rd party plugins” script before this grand plan gets implemented, could it be the case that “officially supported” and "live at github under the discourse account be synonymous?
This seems like a fine idea, and given that there’s a means to preview and see not-yet-turned-on customizations, it should be easy enough to implement.
