doc: add tutorial for releasing sdks #10745

ChiragAgg5k · 2025-10-31T11:53:28Z

No description provided.

coderabbitai · 2025-10-31T11:53:52Z

📝 Walkthrough

Walkthrough

A new documentation file docs/tutorials/release-sdks.md is added that provides a comprehensive guide for the Appwrite SDK release process. The documentation covers prerequisites for SDK generator and dependencies, Docker secret configuration for SSH and GitHub access, API specification updates, execution of the SDK release script with interactive prompts, batch SDK releases, PR and GitHub release workflows including dry-run and actual release procedures, configuration file references, troubleshooting guidance, and example commands.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Single documentation file addition with no code logic or functional changes
Content is structured documentation describing existing operational procedures
No manifest updates or exported declarations involved
Minimal verification needed beyond clarity and accuracy of procedural steps

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run `@coderabbitai generate docstrings` to improve docstring coverage.
Description Check	❓ Inconclusive	The pull request contains no description provided by the author. While the check is described as "very lenient" and should pass if the description is not off-topic, the explicit fail criterion includes situations where the description "does not describe any part of the changeset." An empty description technically satisfies this fail condition by not describing any part of the changeset, creating ambiguity in applying the lenient principle to a missing description.	The author should consider adding a brief description to the PR explaining the purpose and scope of the SDK release tutorial. Even a short explanation would clarify the intent and help reviewers and future readers understand the context. The presence of a description—even minimal—would align with best practices and remove any ambiguity in this check.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The PR title "doc: add tutorial for releasing sdks" directly aligns with the changeset, which adds a new documentation file (docs/tutorials/release-sdks.md) that comprehensively describes the Appwrite SDK release process. The title is concise, clear, and accurately summarizes the main change from the developer's perspective. A teammate scanning the repository history would immediately understand that this PR introduces documentation content for SDK releases.

✨ Finishing touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch sdk-release-doc

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

github-actions · 2025-10-31T11:56:05Z

Security Scan Results for PR

Docker Image Scan Results

Package	Version	Vulnerability	Severity
binutils	2.44-r2	CVE-2025-5244	HIGH
binutils	2.44-r2	CVE-2025-5245	HIGH
libxml2	2.13.8-r0	CVE-2025-49794	CRITICAL
libxml2	2.13.8-r0	CVE-2025-49796	CRITICAL
libxml2	2.13.8-r0	CVE-2025-49795	HIGH
libxml2	2.13.8-r0	CVE-2025-6021	HIGH
pcre2	10.43-r1	CVE-2025-58050	CRITICAL
golang.org/x/crypto	v0.31.0	CVE-2025-22869	HIGH
golang.org/x/oauth2	v0.24.0	CVE-2025-22868	HIGH
stdlib	1.22.10	CVE-2025-47907	HIGH
stdlib	1.22.10	CVE-2025-47912	HIGH
stdlib	1.22.10	CVE-2025-58183	HIGH
stdlib	1.22.10	CVE-2025-58185	HIGH
stdlib	1.22.10	CVE-2025-58186	HIGH
stdlib	1.22.10	CVE-2025-58187	HIGH
stdlib	1.22.10	CVE-2025-58188	HIGH
stdlib	1.22.10	CVE-2025-61723	HIGH
stdlib	1.22.10	CVE-2025-61724	HIGH

Source Code Scan Results

🎉 No vulnerabilities found!

coderabbitai

Actionable comments posted: 1

🧹 Nitpick comments (5)

docs/tutorials/release-sdks.md (5)

44-56: SSH configuration mismatch between documentation and best practice.

Line 52 mounts ~/.ssh:/root/.ssh directly. While this works, the guide should note:

Ensure SSH keys have restrictive permissions (600) on the host.

Consider using ssh-agent forwarding instead for ephemeral access (more secure in containerized environments).

Document that SSH keys must be added to the GitHub account on the host machine before building the container.

Also, clarify whether this mount is necessary if using GitHub CLI with a token (as mentioned in line 37), or if it's only needed for Git SSH operations.

76-91: Interactive prompts lack error handling and retry guidance.

Lines 87-91 describe the interactive prompts but don't address:

What happens if invalid input is provided? Does the script retry, exit, or use defaults?

Can prompts be bypassed with CLI flags? (e.g., --platform=client --sdks=dart --version=1.8.x)

What does * mean for SDKs? Is it documented elsewhere?

Consider adding:

Example interaction showing valid/invalid responses and outcomes

Exit codes or error messages the user might encounter

Whether dry-run is recommended before actual execution

105-110: Pull Request Summary example uses placeholder URLs.

The example PR URLs (lines 107-109) use placeholder PR numbers (e.g., #123). For clarity, document:

Whether PR numbers are predictable or random.

Link to an example of a real SDK release PR for reference.

Note that PR creators should review and address any CI failures or review feedback.

152-158: Configuration file references lack direct links.

The reference section (lines 152-158) lists critical configuration files but doesn't provide direct links to them in the repository. Consider:

Adding GitHub links to each file for quick navigation.

Noting the branch/version (e.g., "in the 1.8.x branch" or "in the main branch") if files differ across versions.

Briefly documenting the structure of app/config/platforms.php (e.g., what fields are required for a new SDK).

160-174: Troubleshootin 8000 g section could include log locations.

Lines 160-174 cover common issues but don't mention where to find relevant logs:

Docker logs: docker compose logs appwrite

Script output or error messages

GitHub CLI debug output (e.g., gh --debug)

Add guidance like:

If the script fails, check logs with: docker compose logs appwrite -f

This will help users debug issues faster.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4f905e0 and ebee353.

📒 Files selected for processing (1)

docs/tutorials/release-sdks.md (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (17)

GitHub Check: E2E Service Test (VCS)
GitHub Check: E2E Service Test (Tokens)
GitHub Check: E2E Service Test (Sites)
GitHub Check: E2E Service Test (Databases/TablesDB)
GitHub Check: E2E Service Test (FunctionsSchedule)
GitHub Check: E2E Service Test (Teams)
GitHub Check: E2E Service Test (Health)
GitHub Check: E2E Service Test (Functions)
GitHub Check: E2E Service Test (Avatars)
GitHub Check: E2E Service Test (Projects)
GitHub Check: E2E Service Test (Console)
GitHub Check: E2E Service Test (Databases/Legacy)
GitHub Check: E2E Service Test (Account)
GitHub Check: E2E Service Test (Site Screenshots)
GitHub Check: E2E Service Test (Dev Keys)
GitHub Check: E2E General Test
GitHub Check: Unit Test

🔇 Additional comments (1)

docs/tutorials/release-sdks.md (1)

1-9: Verify external links and document context clearly.

Lines 1-9 reference external documents:

CODE_OF_CONDUCT: https://github.com/appwrite/.github/blob/main/CODE_OF_CONDUCT.md

CONTRIBUTING: https://github.com/appwrite/appwrite/blob/master/CONTRIBUTING.md

Please verify these links are current and accessible. Also note:

Are these links maintained by the Appwrite team?

Do they cover SDK release-specific contribution guidance, or is this guide meant to supplement them?

coderabbitai · 2025-10-31T11:57:39Z

docs/tutorials/release-sdks.md

+ARG GH_TOKEN
+ENV GH_TOKEN=your_github_token_here
+RUN git config --global user.email "your-email@example.com"
+RUN apk add --update --no-cache openssh-client github-cli
+```
+
+Replace:
+- `your_github_token_here` with your GitHub personal access token (with appropriate permissions)
+- `your-email@example.com` with your Git email address


⚠️ Potential issue | 🟠 Major

⚠️ Security concern: Avoid hardcoding secrets in Dockerfile.

Lines 34-35 show a Dockerfile with a GitHub token in plaintext (ENV GH_TOKEN=your_github_token_here). This is a significant security risk and anti-pattern:

Secrets should never be in the Dockerfile — they'll be baked into the image layer history.

Credentials exposed in documentation — even as placeholders, this pattern teaches bad practices.

Tokens and email visible to all with image access — anyone with access to the Docker image can extract these values.

Use Docker build secrets or pass credentials at runtime instead. Here's a better approach:

# Don't hardcode — pass at runtime or use Docker build secrets RUN apk add --update --no-cache openssh-client github-cli # Configure Git at runtime or via environment variable

Then document how to pass credentials securely:

docker compose exec appwrite sh -c 'git config --global user.email "your-email@example.com" && gh auth login'

Or leverage Docker build secrets (BuildKit):

RUN --mount=type=secret,id=gh_token \ gh auth login --with-token < /run/secrets/gh_token

🤖 Prompt for AI Agents

In docs/tutorials/release-sdks.md around lines 34 to 42, the Dockerfile snippet hardcodes GH_TOKEN and an email (ENV GH_TOKEN=your_github_token_here and git config --global user.email ...), which is insecure; remove the ARG/ENV token and the hardcoded email from the example and replace with guidance to pass credentials securely at build or runtime (e.g., use Docker BuildKit secrets or pass tokens via runtime environment/interactive auth), update the doc to show the secure workflow steps (how to provide a secret to the build using build secrets and how to run a container and perform git/gh auth at runtime) and include example commands/instructions for both approaches (BuildKit secret usage and runtime gh auth/docker-compose exec) instead of embedding credentials in the Dockerfile.

github-actions · 2025-10-31T12:07:12Z

✨ Benchmark results

Requests per second: 1,240
Requests with 200 status code: 223,241
P99 latency: 0.157505334

⚡ Benchmark Comparison

Metric	This PR	Latest version
RPS	1,240	1,287
200	223,241	231,710
P99	0.157505334	0.15700394

ChiragAgg5k added 2 commits October 31, 2025 17:18

doc: add tutorial for releasing sdks

fce4f72

grammer fixes

8c8073d

final changes

ebee353

coderabbitai bot reviewed Oct 31, 2025

View reviewed changes

loks0n approved these changes Oct 31, 2025

View reviewed changes

loks0n merged commit b525605 into 1.8.x Oct 31, 2025
41 checks passed

ChiragAgg5k deleted the sdk-release-doc branch October 31, 2025 12:01

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

doc: add tutorial for releasing sdks #10745

doc: add tutorial for releasing sdks #10745

Uh oh!

Uh oh!

Walkthrough

Estimated code review effort

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

doc: add tutorial for releasing sdks #10745

doc: add tutorial for releasing sdks #10745

Uh oh!

Conversation

Uh oh!

Uh oh!

Walkthrough

Estimated code review effort

Pre-merge checks and finishing touches

Uh oh!

Uh oh!

Security Scan Results for PR

Docker Image Scan Results

Source Code Scan Results

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

✨ Benchmark results

⚡ Benchmark Comparison

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants