chore: Move appsmithctl to RTS

[sharat87]

Move the appsmithctl code to RTS.

RTS' own build system will build appsmithctl as well. We're adding two command scripts, ctl and appsmithctl to /opt/bin, which will be the entrypoints for this. The appsmithctl is now just an alias to the much shorter and non-redundancy-inducing ctl.

We aren't migrating to TypeScript in this PR so we're ignoring the new ctl folder in both tsconfig.json and .eslintrc. That's temporary, the next PR will fix that.

Automation

/test sanity

🔍 Cypress test results

Tip

🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
Workflow run: https://github.com/appsmithorg/appsmith/actions/runs/11930931528
Commit: 90b5f97
Cypress dashboard.
Tags: @tag.Sanity
Spec:

---

Wed, 20 Nov 2024 10:36:02 UTC

Communication

Should the DevRel and Marketing teams inform users about this change?

• Yes
• No

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced the appsmithctl command for easier command execution.
  • Updated build process to include additional entry points.

• Bug Fixes

  • Streamlined Docker build process, enhancing efficiency and reducing complexity.

• Documentation

  • Added a new section in the README for appsmithctl command description.

• Chores

  • Updated dependencies in package.json.
  • Removed obsolete files and workflows to simplify project structure.

• Style

  • Added a new ESLint configuration for specific project needs.

[coderabbitai]

Walkthrough

The pull request introduces several modifications across various files, primarily focusing on the Dockerfile, build configurations, and package management. Key changes include the simplification of the Dockerfile by removing unnecessary paths and commands, the addition of new entry points in the build process, updates to the package.json to include new dependencies, and the introduction of new scripts for command execution. Additionally, the workflow configurations have been adjusted to remove obsolete jobs and enhance input handling.

Changes

File	Change Summary
Dockerfile	Updated ENV PATH, simplified RUN commands, ensured *.sh files are executable, set permissions.
app/client/packages/rts/build.js	Added src/ctl/index.js as an entry point in the bundle function.
app/client/packages/rts/package.json	Added dependencies: dotenv, mongodb, nodemailer, readline-sync.
app/client/packages/rts/src/ctl/README.md	New section added for appsmithctl command description.
deploy/docker/fs/opt/appsmith/utils/package.json	Removed package.json file for appsmith_utils.
deploy/docker/fs/opt/bin/appsmithctl	New shell script created as an alias for the ctl command.
deploy/docker/fs/opt/bin/ctl	New Bash script created to execute Node.js application at /opt/appsmith/rts/bundle/ctl/index.js.
.github/workflows/appsmithctl.yml	Deleted GitHub Actions workflow file for appsmithctl.
.github/workflows/docs/integration-tests-command.md	Removed test-appsmithctl job from workflow documentation.
.github/workflows/pr-cypress.yml	Removed test-appsmithctl job and added is-pg-build input.
CODEOWNERS	Updated ownership entries for various directories.
app/client/packages/rts/src/ctl/.eslintrc.json	New ESLint configuration file created with customized rules.

Possibly related PRs

• fix: False positive report GHSA-2jcg-qqmg-46q6 #37269: Related to Dockerfile modifications focusing on error handling and installation processes.
• chore: Don't break when Appsmtih API URL isn't set #37309: Connects to updates on API URL handling and error management.
• chore: Remove shelljs from appsmithctl #37401: Aligns with the removal of shelljs from commands for improved build processes.
• fix: Rate limiting key should respect load balancers #37409: Related to changes in rate limiting key handling in load balancer scenarios.

Suggested labels

Task, Git Product, Git Platform Pod

Suggested reviewers

• pratapaprasanna
• mohanarpit
• nidhi-nair

🎉 In the world of code, changes abound,
Docker and scripts, new paths to be found.
Dependencies added, workflows refined,
In this PR's journey, efficiency aligned.
With appsmithctl now clearer and bright,
Let's celebrate progress, our future is bright! 🌟

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between b2e5f30 and 90b5f97.

⛔ Files ignored due to path filters (1)

• app/client/yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (6)

• .github/workflows/appsmithctl.yml (0 hunks)
• .github/workflows/docs/integration-tests-command.md (0 hunks)
• .github/workflows/pr-cypress.yml (0 hunks)
• CODEOWNERS (1 hunks)
• app/client/packages/rts/src/ctl/.eslintrc.json (1 hunks)
• app/client/packages/rts/src/ctl/README.md (1 hunks)

💤 Files with no reviewable changes (3)

• .github/workflows/appsmithctl.yml
• .github/workflows/docs/integration-tests-command.md
• .github/workflows/pr-cypress.yml

✅ Files skipped from review due to trivial changes (1)

• app/client/packages/rts/src/ctl/.eslintrc.json

🚧 Files skipped from review as they are similar to previous changes (1)

• app/client/packages/rts/src/ctl/README.md

🔇 Additional comments (2)

CODEOWNERS (2)

198-198: LGTM! Code ownership aligns with PR objectives.

The new ownership entry for app/client/packages/ctl/**/* correctly assigns ownership to the team handling the appsmithctl RTS migration.

---

201-201: LGTM! Cypress test ownership is properly assigned.

The ownership assignment for cypress tests to the QA team members is appropriate.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (3)

app/client/packages/rts/tsconfig.json (1)

Line range hint 3-3: Remove duplicate "lib" configuration

The "lib" field is defined twice - once in compilerOptions and once at the root level. The root level entry appears to be outdated (es2015).

Remove the duplicate entry:

{
  "compilerOptions": {
    "target": "es6",
    "lib": ["ES2021"],
    ...
  },
  "include": ["src/**/*", "src/**/*.json"],
  "exclude": ["jest.config.js", "src/test", "index.js", "build.js", "src/ctl"],
-  "lib": ["es2015"]
}

Also applies to: 25-25

app/client/packages/rts/package.json (1)

26-26: Consider updating dotenv to a newer version

The current version (10.0.0) is quite old. Consider upgrading to the latest stable version (16.x) for improved features and security fixes.

app/client/packages/rts/build.js (1)

Line range hint 47-58: Consider separating build configurations for different entry points.

Since src/ctl/index.js is a JavaScript file while src/server.ts is TypeScript, consider creating separate build configurations to handle their specific needs more effectively.

Example refactor:

-      entryPoints: ["src/server.ts", "src/ctl/index.js"],
-      bundle: true,
-      sourcemap: true,
-      platform: "node",
-      external: [...externalWorkflowPackages, "dtrace-provider"],
-      loader: {
-        ".ts": "ts",
-      },
-      tsconfig: "tsconfig.json",
-      outdir: "dist/bundle",
-      target: "node" + process.versions.node,
-      minify: true,
-      keepNames: true,
+      // Common options
+      const commonOptions = {
+        bundle: true,
+        sourcemap: true,
+        platform: "node",
+        external: [...externalWorkflowPackages, "dtrace-provider"],
+        outdir: "dist/bundle",
+        target: "node" + process.versions.node,
+        minify: true,
+        keepNames: true,
+      };
+
+      // Server build
+      await esbuild.build({
+        ...commonOptions,
+        entryPoints: ["src/server.ts"],
+        loader: { ".ts": "ts" },
+        tsconfig: "tsconfig.json",
+      });
+
+      // CTL build
+      await esbuild.build({
+        ...commonOptions,
+        entryPoints: ["src/ctl/index.js"],
+      });

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between c70adf7 and b2e5f30.

⛔ Files ignored due to path filters (2)

• app/client/yarn.lock is excluded by !**/yarn.lock, !**/*.lock
• deploy/docker/fs/opt/appsmith/utils/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (10)

• Dockerfile (1 hunks)
• app/client/packages/rts/.eslintrc.json (1 hunks)
• app/client/packages/rts/build.js (1 hunks)
• app/client/packages/rts/package.json (1 hunks)
• app/client/packages/rts/src/ctl/README.md (1 hunks)
• app/client/packages/rts/tsconfig.json (1 hunks)
• deploy/docker/fs/opt/appsmith/utils/package.json (0 hunks)
• deploy/docker/fs/opt/bin/appsmithctl (1 hunks)
• deploy/docker/fs/opt/bin/ctl (1 hunks)
• scripts/local_testing.sh (1 hunks)

💤 Files with no reviewable changes (1)

• deploy/docker/fs/opt/appsmith/utils/package.json

✅ Files skipped from review due to trivial changes (4)

• app/client/packages/rts/.eslintrc.json
• app/client/packages/rts/src/ctl/README.md
• deploy/docker/fs/opt/bin/appsmithctl
• deploy/docker/fs/opt/bin/ctl

🔇 Additional comments (5)

app/client/packages/rts/tsconfig.json (1)

24-24: LGTM on excluding ctl directory

The exclusion aligns with the PR objective of postponing TypeScript migration for the ctl folder.

Let's verify no TypeScript files exist in the ctl directory:

✅ Verification successful

Confirmed: Excluding ctl directory is appropriate

The src/ctl directory contains only JavaScript files (.js and .mjs), confirming that excluding it from TypeScript compilation is the correct approach until migration is planned.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for any TypeScript files in src/ctl
fd -e ts -e tsx . app/client/packages/rts/src/ctl

Length of output: 51

---

Script:

#!/bin/bash
# First verify if the ctl directory exists
fd ctl app/client/packages/rts/src

# Check all files in ctl directory if it exists
find app/client/packages/rts/src/ctl -type f 2>/dev/null || echo "Directory not found"

# Double check with ripgrep for any potential TypeScript imports or references
rg -g '!*.d.ts' -g '!*.test.ts' -l "from ['\"]\./ctl/" app/client/packages/rts/src

Length of output: 926

app/client/packages/rts/package.json (1)

26-26: Verify security advisories for new dependencies

Let's check for any known vulnerabilities in the newly added dependencies.

Also applies to: 31-33

✅ Verification successful

Let me check the exact versions of these dependencies to provide accurate security advice.

---

Security advisory check reveals vulnerabilities requiring attention

Based on the security scan and package versions:

• dotenv@10.0.0 - No known vulnerabilities
• mongodb@5.8.0 - No vulnerabilities (above the vulnerable range < 5.8.0)
• nodemailer@6.9.9 - Using latest patched version
• readline-sync@1.4.10 - No known vulnerabilities

All dependencies are either using patched versions or have no known vulnerabilities. The code can proceed as is.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for security advisories in new dependencies

echo "Checking security advisories for new dependencies..."

for pkg in "dotenv" "mongodb" "nodemailer" "readline-sync"; do
  echo "Checking $pkg..."
  gh api graphql -f query='{
    securityVulnerabilities(first: 5, ecosystem: NPM, package: "'$pkg'") {
      nodes {
        advisory {
          summary
          severity
          publishedAt
        }
        vulnerableVersionRange
        firstPatchedVersion {
          identifier
        }
      }
    }
  }'
done

Length of output: 3616

---

Script:

#!/bin/bash
# Check package.json for exact versions
cat app/client/packages/rts/package.json | grep -A5 '"dependencies":'

Length of output: 343

---

Script:

#!/bin/bash
# Let's get the full package.json content to see all dependencies
cat app/client/packages/rts/package.json

Length of output: 1474

Dockerfile (2)

Line range hint 32-52: LGTM: Secure file permission setup

The permission setup follows security best practices:

• Disabling setuid/setgid bits
• Explicit executable permissions for scripts
• Write permissions limited to necessary directories

---

32-32: Verify PATH modification impact

The removal of /opt/appsmith/utils/node_modules/.bin from PATH aligns with moving appsmithctl to RTS, but let's verify no other scripts depend on utils binaries.

✅ Verification successful

PATH modification is safe to proceed

The removal of /opt/appsmith/utils/node_modules/.bin from PATH appears safe as no references to utils binaries were found in the codebase. This aligns with the PR objective of moving appsmithctl to RTS.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for any references to executables that might have been in utils/node_modules/.bin
rg -g '!{node_modules,dist,build}' --type sh '/opt/appsmith/utils/node_modules/.bin'

# Check for any package.json scripts that might reference utils binaries
fd package.json --type f --exec jq -r '.scripts | values[]' {} \; | rg '/opt/appsmith/utils/node_modules'

Length of output: 193

---

Script:

#!/bin/bash
# Let's try a different approach to find any dependencies on utils binaries
# Search for any shell scripts that might reference utils directory
rg -g '!{node_modules,dist,build}' --type sh 'utils/node_modules' -l

# Search for any references to utils in package.json files
fd package.json --type f --exec grep -l "utils/node_modules" {} \;

# Check if there are any binaries in utils/node_modules/.bin that we need to be aware of
fd -t f . -p '**/utils/node_modules/.bin/*'

# Look for any references to utils binaries in shell scripts or configuration files
rg -t sh -t yaml -t json 'utils/node_modules/.bin' -l

Length of output: 354

app/client/packages/rts/build.js (1)

47-47: Verify the existence of the new entry point file.

The build configuration now includes src/ctl/index.js as an entry point.

✅ Verification successful

Entry point file exists and is properly configured

The new entry point src/ctl/index.js exists in the correct location and the build configuration is properly set up to handle it with the existing loader configuration.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the existence of the new entry point file
# and check its contents for potential issues

# Check if the file exists
fd --type f "index.js" "src/ctl"

# Check the file contents if it exists
rg -A 5 "exports|module.exports" "src/ctl/index.js" || echo "No exports found"

Length of output: 277

---

Script:

#!/bin/bash
# Let's verify if the file exists in the repository root or app/client/packages/rts directory
fd --type f "index.js" "app/client/packages/rts"

# Check the build.js file to understand the context better
cat "app/client/packages/rts/build.js"

Length of output: 2560

[sharat87]

Errors in this file fixed in #37553.

[mohanarpit]

@sharat87 Can you help me understand he rationale behind this change? Why are we clubbing rts with Appsmithctl? Won't this lead to confusion around what rts is responsible for? I'm asking because rts is a service while ctl is a command line utility.

[sharat87]

@mohanarpit, thanks for asking. I should've clarified that in the description. Let me do that here.

You're right. RTS is an API service, and ctl is a command line tool for a different purpose. The reason for clubbing ctl into RTS codebase isn't centered around their purposes being aligned. It's to piggy back on the existing pipelines and processes built for RTS.

If ctl is a separate project, next to RTS perhaps, then it'll need its own build.sh, a build step in all the CI workflows that need to build the Docker image, and a tests workflow, changes to Dockerfile to copy ctl's artefacts, all that effort for where the difference in value derived compared to this PR's solution, isn't all that much. I only had to make a one-line change to RTS' build.js script to get it to also build ctl.

Another way I think about this is, some of our backend logic, like AST parsing, SCIM support, are implemented in RTS, almost solely because they're Javascript. Well, ctl is also Javascript and in some convoluted sense, we could say ctl command in Appsmith comes as part of the RTS codebase.

Overall, decision to have ctl be part of RTS is more rooted in the significant difference in effort vs ctl being separate. I'm completely open to pulling ctl out of RTS later and put it as a separate folder under client/packages, but then, again, the value needs to be worth the effort.

Does that sound okay?