Conversation
- Add target: "*" to safe-outputs configuration for add-labels and add-comment - This allows the workflow to apply comments and labels to multiple issues when running in scheduled/manual trigger mode (batch processing) - Previously, safe-outputs jobs were skipped because they required github.event.issue.number which only exists in event-triggered runs - With target: "*", the workflow now reads issue numbers from the agent output and applies changes to each issue individually
- Replace 'gh label list' bash command instruction with 'list_labels' GitHub MCP tool - GitHub MCP tools are already enabled and authenticated, no additional config needed - Fixes permission denied errors when agent tried to use gh CLI
The correct tool name in GitHub MCP server is 'list_label' (singular), not 'list_labels' (plural). This was causing the agent to fall back to bash commands like 'gh label list' instead of using the proper MCP tool.
- Add github tool configuration with 'default' and 'labels' toolsets - The labels toolset was not enabled by default, causing the agent to fall back to bash commands like 'gh label list' - Now list_label MCP tool will be available to the agent
…d workflow stop-time
- look for duplicate issues across the org - fix deprecated timeout_minutes
- Include issues updated in last 24 hours (with new comments), not just newly created - Add non-English content check: detect and request English translation respectfully - Add multi-topic detection: ask users to split issues with multiple unrelated topics - Improve spam detection with clear guidance - Enhanced with empathetic approach for language and topic guidance - Add parameter hints for list_label tool usage - Clarify good first issue label application criteria - Update summary message to reflect new triage scope
The list_issues tool's 'since' parameter already filters by updated_at, which captures both newly created issues AND recently commented issues in a single query. Removed redundant second query.
fix: Enable batch mode for issue triage safe-outputs
feat: docker-compose maildev update, traefik localhost domains
Update README files to match new tagline
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
📝 WalkthroughWalkthroughThis pull request introduces infrastructure and automation updates across multiple components. The workflow file gains enhanced agent output processing, threat detection instrumentation, and improved environment variable handling for safer output configuration. Workflow documentation expands triage logic to include spam detection, multi-step issue analysis, and cross-repo relationship checking. README files are updated with revised branding messaging and removal of Gitpod integration. Docker Compose configuration adds Traefik routing labels, gateway networking, and integrates additional services (Adminer and RedisInsight) with custom configuration mounting. Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Security Scan Results for PRDocker Image Scan Results
Source Code Scan Results🎉 No vulnerabilities found! |
There was a problem hiding this comment.
Actionable comments posted: 4
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
README.md (1)
63-64: Cloud status inconsistency (GA vs public beta).Header announces GA, but this section says “public beta”. Update wording.
-The easiest way to get started with Appwrite is by [signing up for Appwrite Cloud](https://cloud.appwrite.io/). While Appwrite Cloud is in public beta, you can build with Appwrite completely free, and we won't collect your credit card information. +The easiest way to get started with Appwrite is by [signing up for Appwrite Cloud](https://cloud.appwrite.io/). Appwrite Cloud is GA. You can build on the free tier, and we won't collect your credit card information to start.
🧹 Nitpick comments (8)
README-CN.md (1)
191-202: 确认 Apple SDK 的归类是否正确。“服务器”列表中包含 Apple SDK,通常 Apple 客户端 SDK 应归于“客户端”。请确认是否应移至“客户端”列表。
如需更正,可将对应条目移动到“客户端”部分并移除“服务器”中的重复。
.github/workflows/issue-triage.md (2)
24-31: Tighten safe-outputs targets to reduce blast radius.Using target "*" for add-labels/add-comment allows cross-item actions. Prefer “triggering” unless cross-targeting is explicitly required.
add-labels: - max: 100 - target: "*" + max: 100 + target: "triggering" add-comment: - max: 10 - target: "*" + max: 10 + target: "triggering"
101-114: Fix Markdown list indentation and capitalization.Address MD007 and proper noun “Markdown”.
-11. Add an issue comment to the issue with your analysis: - - Start with "🎯 Agentic Issue Triage" - - Provide a brief summary of the issue +11. Add an issue comment to the issue with your analysis: + - Start with "🎯 Agentic Issue Triage" + - Provide a brief summary of the issue - - **If duplicate or related issues were found**, add sections listing them with links: - - "### 🔗 Potentially Related Issues (this repo)" – bullet list of same-repo issues with titles and links - - If applicable: "### 🌐 Cross-repo related issues (org: appwrite)" – bullet list including `owner/repo#number` with titles and links + - **If duplicate or related issues were found**, add sections listing them with links: + - "### 🔗 Potentially Related Issues (this repo)" – bullet list of same-repo issues with titles and links + - If applicable: "### 🌐 Cross-repo related issues (org: appwrite)" – bullet list including `owner/repo#number` with titles and links ... - - If appropriate break the issue down to sub-tasks and write a checklist of things to do - - Use collapsed-by-default sections in the GitHub markdown to keep the comment tidy. Collapse all sections except the short main summary at the top. For bolded section titles, wrap the text with `<strong>` and `</strong>` to make it bold. + - If appropriate break the issue down to sub-tasks and write a checklist of things to do + - Use collapsed-by-default sections in the GitHub Markdown to keep the comment tidy. Collapse all sections except the short main summary at the top. For bolded section titles, wrap the text with `<strong>` and `</strong>` to make it bold..github/workflows/issue-triage.lock.yml (4)
928-932: Label addition scope is too broad.GH_AW_LABELS_TARGET="*" allows labeling arbitrary items; cap to “triggering” or require explicit allowlist.
- GH_AW_LABELS_TARGET: "*" + GH_AW_LABELS_TARGET: "triggering"Optionally set GH_AW_LABELS_ALLOWED to a comma-separated allowlist generated from repository labels.
539-542: Comment target set to “*”.Allowing comments on arbitrary targets increases risk; prefer “triggering” unless cross-targeting is required.
- GH_AW_COMMENT_TARGET: "*" + GH_AW_COMMENT_TARGET: "triggering"
1241-1256: Secrets requirement may fail on forked PRs.Hard-failing when COPILOT_* secrets are missing blocks community PR contexts. Consider skip/soft-fail when event is pull_request from a fork.
Example guard:
- if [ -z "$COPILOT_GITHUB_TOKEN" ] && [ -z "$COPILOT_CLI_TOKEN" ]; then + if [ -z "$COPILOT_GITHUB_TOKEN" ] && [ -z "$COPILOT_CLI_TOKEN" ]; then + if [ "${{ github.event_name }}" = "pull_request" ] && [ "${{ github.event.pull_request.head.repo.fork }}" = "true" ]; then + echo "Skipping agent: secrets unavailable on forked PRs" + exit 0 + fi echo "Error: Neither COPILOT_GITHUB_TOKEN nor COPILOT_CLI_TOKEN secret is set" ...Edit .md source then recompile.
Also applies to: 4775-4791
1272-1273: Safe-outputs config: broadened limits noted. Consider allowlists.Max add_comment=10 and add_labels=100 are generous. Add an allowlist in config.json (add_labels.allowed) to constrain label names.
-{"add_comment":{"max":10,"target":"*"},"add_labels":{"max":100},"missing_tool":{}} +{"add_comment":{"max":10,"target":"triggering"},"add_labels":{"max":100,"allowed":["bug","enhancement","documentation"]},"missing_tool":{}}Also applies to: 2060-2105
README.md (1)
73-101: Confirm the install image tag is the latest 1.8.x.Hard-coding 1.8.0 may be stale if newer 1.8.x exists. Consider using the latest patch or documenting how to pick it.
#!/bin/bash # Check available tags for appwrite/appwrite and suggest the highest 1.8.x tag curl -s 'https://hub.docker.com/v2/repositories/appwrite/appwrite/tags/?page_size=100' \ | jq -r '.results[].name' | grep -E '^1\.8\.[0-9]+$' | sort -V | tail -1If a newer 1.8.x exists, update the tag in all install snippets accordingly.
Also applies to: 85-91
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (2)
public/images/banner.pngis excluded by!**/*.pngpublic/images/github.pngis excluded by!**/*.png
📒 Files selected for processing (5)
.github/workflows/issue-triage.lock.yml(42 hunks).github/workflows/issue-triage.md(2 hunks)README-CN.md(4 hunks)README.md(1 hunks)docker-compose.yml(3 hunks)
🧰 Additional context used
🧠 Learnings (1)
📚 Learning: 2025-07-08T01:20:14.364Z
Learnt from: stnguyen90
Repo: appwrite/appwrite PR: 10119
File: app/controllers/api/account.php:1226-1232
Timestamp: 2025-07-08T01:20:14.364Z
Learning: In Appwrite, `_APP_DOMAIN` is a required environment variable that must always be set for the system to function properly.
Applied to files:
README-CN.md
🪛 LanguageTool
.github/workflows/issue-triage.md
[uncategorized] ~112-~112: Did you mean the formatting language “Markdown” (= proper noun)?
Context: ...apsed-by-default sections in the GitHub markdown to keep the comment tidy. Collapse all ...
(MARKDOWN_NNP)
🪛 markdownlint-cli2 (0.18.1)
.github/workflows/issue-triage.md
97-97: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
98-98: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
99-99: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
102-102: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
103-103: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
104-104: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
105-105: Unordered list indentation
Expected: 2; Actual: 5
(MD007, ul-indent)
106-106: Unordered list indentation
Expected: 2; Actual: 5
(MD007, ul-indent)
107-107: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
108-108: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
109-109: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
110-110: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
111-111: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
112-112: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
113-113: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (28)
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: scan
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: scan
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: scan
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: scan
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: scan
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: scan
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: scan
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: scan
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: scan
- GitHub Check: Benchmark
- GitHub Check: Setup & Build Appwrite Image
- GitHub Check: scan
🔇 Additional comments (4)
docker-compose.yml (1)
1205-1244: Verify Docker Compose version supports inline configs.The changes use Docker Compose inline config definitions with
contentblocks, which require Docker Compose version 3.3 or later. Ensure yourdocker-compose.ymlversion header supports this feature, or the compose file will fail to parse.Check the compose file version by looking at the top-level
versionfield (if present) or verify Docker Compose CLI is up to date. The inlineconfigsblock syntax requires version 3.3+..github/workflows/issue-triage.md (2)
13-21: Stricter error patterns: LGTM.Patterns and escaping look correct for YAML and JSON-in-string contexts.
40-40: timeout-minutes key rename: LGTM..github/workflows/issue-triage.lock.yml (1)
75-76: ubuntu-slim is a valid, official GitHub-hosted runner.GitHub provides
ubuntu-slimas a public preview option for lightweight, single-CPU container-based jobs. No changes are needed; this is not a non-standard runner and does not require a self-hosted alternative. The current configuration is appropriate.Likely an incorrect or invalid review comment.
| 10. Apply the selected labels: | ||
|
|
||
| - Use the `update_issue` tool to apply the labels to the issue | ||
| - DO NOT communicate directly with users | ||
| - If no labels are clearly applicable, do not apply any labels | ||
|
|
||
| 10. Add an issue comment to the issue with your analysis: | ||
| 11. Add an issue comment to the issue with your analysis: |
There was a problem hiding this comment.
Use the correct tool for labeling.
Instruction says “Use the update_issue tool to apply the labels,” but the safe-outputs tool is add-labels.
- - Use the `update_issue` tool to apply the labels to the issue
+ - Use the `add_labels` tool to apply the labels to the issue🧰 Tools
🪛 markdownlint-cli2 (0.18.1)
97-97: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
98-98: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
99-99: Unordered list indentation
Expected: 0; Actual: 3
(MD007, ul-indent)
🤖 Prompt for AI Agents
.github/workflows/issue-triage.md around lines 95 to 101: the instructions
incorrectly tell users to "Use the update_issue tool to apply the labels" while
the repository's safe-outputs tool for labeling is add-labels; update the text
to reference the correct tool name (add-labels) and adjust any surrounding
wording to match the tool's usage (e.g., "Use the add-labels tool to apply the
labels") so the documentation aligns with the actual tooling.
| adminer-index.php: | ||
| content: | | ||
| <?php | ||
| if(!count($$_GET)) { | ||
| $$_POST['auth'] = [ | ||
| 'server' => $$_ENV['ADMINER_DEFAULT_SERVER'], | ||
| 'driver' => 'server', /* seems to autodetect the driver from server settings */ | ||
| 'username' => $$_ENV['ADMINER_DEFAULT_USERNAME'], | ||
| 'password' => $$_ENV['ADMINER_DEFAULT_PASSWORD'], | ||
| 'db' => $$_ENV['ADMINER_DEFAULT_DB'], | ||
| ]; | ||
| } | ||
| include './adminer.php'; |
There was a problem hiding this comment.
Fix PHP syntax error in adminer-index.php config.
The adminer bootstrap PHP code uses invalid double-dollar syntax ($$_GET, $$_POST, $$_ENV), which is a critical error. These superglobals should use single-dollar prefixes.
Apply this diff to correct the PHP syntax:
adminer-index.php:
content: |
<?php
if(!count($_GET)) {
- $$_POST['auth'] = [
- 'server' => $$_ENV['ADMINER_DEFAULT_SERVER'],
+ $_POST['auth'] = [
+ 'server' => $_ENV['ADMINER_DEFAULT_SERVER'],
'driver' => 'server', /* seems to autodetect the driver from server settings */
- 'username' => $$_ENV['ADMINER_DEFAULT_USERNAME'],
- 'password' => $$_ENV['ADMINER_DEFAULT_PASSWORD'],
- 'db' => $$_ENV['ADMINER_DEFAULT_DB'],
+ 'username' => $_ENV['ADMINER_DEFAULT_USERNAME'],
+ 'password' => $_ENV['ADMINER_DEFAULT_PASSWORD'],
+ 'db' => $_ENV['ADMINER_DEFAULT_DB'],
];
}
include './adminer.php';📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| adminer-index.php: | |
| content: | | |
| <?php | |
| if(!count($$_GET)) { | |
| $$_POST['auth'] = [ | |
| 'server' => $$_ENV['ADMINER_DEFAULT_SERVER'], | |
| 'driver' => 'server', /* seems to autodetect the driver from server settings */ | |
| 'username' => $$_ENV['ADMINER_DEFAULT_USERNAME'], | |
| 'password' => $$_ENV['ADMINER_DEFAULT_PASSWORD'], | |
| 'db' => $$_ENV['ADMINER_DEFAULT_DB'], | |
| ]; | |
| } | |
| include './adminer.php'; | |
| adminer-index.php: | |
| content: | | |
| <?php | |
| if(!count($_GET)) { | |
| $_POST['auth'] = [ | |
| 'server' => $_ENV['ADMINER_DEFAULT_SERVER'], | |
| 'driver' => 'server', /* seems to autodetect the driver from server settings */ | |
| 'username' => $_ENV['ADMINER_DEFAULT_USERNAME'], | |
| 'password' => $_ENV['ADMINER_DEFAULT_PASSWORD'], | |
| 'db' => $_ENV['ADMINER_DEFAULT_DB'], | |
| ]; | |
| } | |
| include './adminer.php'; |
🤖 Prompt for AI Agents
In docker-compose.yml around lines 1246 to 1258 the embedded adminer-index.php
uses invalid double-dollar variables ($$_GET, $$_POST, $$_ENV); change those to
the proper PHP superglobals ($_GET, $_POST, $_ENV) so the conditional and array
assignment are valid, ensuring the conditional checks count($_GET) and sets
$_POST['auth'] with values read from $_ENV before including ./adminer.php.
| <br /> | ||
| <p align="center"> | ||
| <a href="https://appwrite.io" target="_blank"><img src="./public/images/banner.png" alt="Appwrite banner with logo and slogan build like a team of hundreds""></a> | ||
| <a href="https://appwrite.io" target="_blank"><img src="./public/images/banner.png" alt="Appwrite banner, with logo and text saying "The Developer's Cloud""></a> |
There was a problem hiding this comment.
修复 alt 属性中的引号错误(HTML 无效)。
内嵌双引号导致属性截断。
- <a href="proxy.php?url=https%3A%2F%2Fappwrite.io" target="_blank"><img src="https://github.com/./public/images/banner.png" alt="Appwrite banner, with logo and text saying "The Developer's Cloud""></a>
+ <a href="proxy.php?url=https%3A%2F%2Fappwrite.io" target="_blank"><img src="https://github.com/./public/images/banner.png" alt="Appwrite banner, with logo and text saying "The Developer’s Cloud""></a>📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| <a href="proxy.php?url=https%3A%2F%2Fappwrite.io" target="_blank"><img src="https://github.com/./public/images/banner.png" alt="Appwrite banner, with logo and text saying "The Developer's Cloud""></a> | |
| <a href="proxy.php?url=https%3A%2F%2Fappwrite.io" target="_blank"><img src="https://github.com/./public/images/banner.png" alt="Appwrite banner, with logo and text saying "The Developer's Cloud""></a> |
🤖 Prompt for AI Agents
In README-CN.md around line 5, the img tag's alt attribute contains unescaped
double quotes which breaks the HTML attribute; fix it by replacing the inner
double quotes with single quotes or escaping them (e.g., use 'The Developer's
Cloud' with proper escaping or change to The Developer’s Cloud) so the alt value
is a valid quoted string and the HTML is well-formed.
| <br /> | ||
| <p align="center"> | ||
| <a href="https://appwrite.io" target="_blank"><img src="./public/images/banner.png" alt="Appwrite banner, with logo and text saying "Build Like a Team of Hundreds"></a> | ||
| <a href="https://appwrite.io" target="_blank"><img src="./public/images/banner.png" alt="Appwrite banner, with logo and text saying "The Developer's Cloud"></a> |
There was a problem hiding this comment.
Fix broken alt attribute quoting (invalid HTML).
Nested double quotes break the alt attribute.
Apply:
- <a href="proxy.php?url=https%3A%2F%2Fappwrite.io" target="_blank"><img src="https://github.com/./public/images/banner.png" alt="Appwrite banner, with logo and text saying "The Developer's Cloud"></a>
+ <a href="proxy.php?url=https%3A%2F%2Fappwrite.io" target="_blank"><img src="https://github.com/./public/images/banner.png" alt="Appwrite banner, with logo and text saying "The Developer’s Cloud""></a>📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| <a href="proxy.php?url=https%3A%2F%2Fappwrite.io" target="_blank"><img src="https://github.com/./public/images/banner.png" alt="Appwrite banner, with logo and text saying "The Developer's Cloud"></a> | |
| <a href="proxy.php?url=https%3A%2F%2Fappwrite.io" target="_blank"><img src="https://github.com/./public/images/banner.png" alt="Appwrite banner, with logo and text saying "The Developer's Cloud""></a> |
🤖 Prompt for AI Agents
In README.md around line 9, the img tag's alt attribute contains nested double
quotes which make the HTML invalid; fix it by replacing the inner double quotes
with single quotes (or escaping them / using ") so the alt value becomes a
single properly quoted string, e.g. alt='Appwrite banner, with logo and text
saying "The Developer\'s Cloud"' or use " for the inner quotes; ensure the
final tag uses matching quotes for the alt attribute and validates as HTML.
✨ Benchmark results
⚡ Benchmark Comparison
|
What does this PR do?
Update 1.8.x with what's in main
Test Plan
Tests should pass
Related PRs and Issues
Checklist