Add I,librarian free app to Appstore

[viktor-c]

I wish to add an app to the app store using the new dynamic config.
I Librarian lets me organize, annotate, highlight and search my scientific papers and articles.

Summary by CodeRabbit

• New Features

  • Introduced a new configuration file for the "i-librarian" application, detailing metadata and settings for deployment.
  • Added Docker Compose configurations to streamline the setup and management of the "i-librarian" service, including health checks and routing rules.
  • Included a markdown description file outlining the service's features and functionalities, such as document management and collaboration tools.

• Documentation

  • New description.md file added to provide an overview of the service's capabilities.

[coderabbitai]

Walkthrough

This pull request introduces several new configuration files for the "i-librarian" application, including config.json, docker-compose.json, docker-compose.yml, and description.md. The config.json file contains application metadata and settings. The Docker Compose files define the service configuration, including port mappings, volume mounts, and health checks. The description.md file outlines the functionality and features of the service, emphasizing its document management capabilities.

Changes

File Path	Change Summary
apps/i-librarian/config.json	New configuration file added with application metadata and settings in JSON format.
apps/i-librarian/docker-compose.json	New Docker Compose configuration file for the i-librarian service with service properties.
apps/i-librarian/docker-compose.yml	New Docker Compose configuration with operational parameters and Traefik labels for routing.
apps/i-librarian/metadata/description.md	New markdown file added outlining the functionality and features of the "I, Librarian" service.

Possibly related PRs

• [App] Metabase #4603: The changes in this PR involve a new config.json file for the Metabase application, which also defines metadata and settings in JSON format, similar to the config.json introduced in the main PR for "i-librarian."
• Add hoarder #4782: This PR introduces a config.json file for the "Hoarder" application, which includes similar metadata and configuration parameters as seen in the main PR for "i-librarian."
• app: homer #5171: The config.json file for the "Homer" application introduced in this PR also contains metadata and settings structured in JSON format, paralleling the changes made in the main PR for "i-librarian."

Suggested reviewers

• steveiliop56

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 7d58e4b and 45b8e7a.

📒 Files selected for processing (1)

• apps/i-librarian/docker-compose.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/i-librarian/docker-compose.yml

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 3

🧹 Outside diff range and nitpick comments (2)

apps/i-librarian/docker-compose.yml (2)

29-38: Review local domain routing configuration

The local domain routing configuration appears correct with both HTTP and HTTPS handling. However, there's a potential security consideration regarding the local domain access.

Consider adding IP-based access restrictions for local domain routes to prevent unauthorized access. This can be achieved using Traefik middleware:

+      # Local domain IP restriction
+      traefik.http.middlewares.local-ipwhitelist.ipwhitelist.sourcerange: 127.0.0.1/32,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+      traefik.http.routers.ilibrarian-local.middlewares: local-ipwhitelist
+      traefik.http.routers.ilibrarian-local-insecure.middlewares: local-ipwhitelist

---

1-39: Add health check configuration

The service configuration is missing health checks, which are crucial for container orchestration and reliability.

Add health check configuration:

     image: cgrima/i-librarian:latest
+    healthcheck:
+      test: ["CMD", "curl", "-f", "http://localhost:80/"]
+      interval: 30s
+      timeout: 10s
+      retries: 3
+      start_period: 40s

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 1e83ecb and 8851459.

⛔ Files ignored due to path filters (1)

• apps/i-librarian/metadata/logo.jpg is excluded by !**/*.jpg

📒 Files selected for processing (4)

• apps/i-librarian/config.json (1 hunks)
• apps/i-librarian/docker-compose.json (1 hunks)
• apps/i-librarian/docker-compose.yml (1 hunks)
• apps/i-librarian/metadata/description.md (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• apps/i-librarian/config.json

🧰 Additional context used

🪛 LanguageTool

apps/i-librarian/metadata/description.md

[style] ~2-~2: The phrase ‘a lot of’ might be wordy and overused. Consider using an alternative.
Context: ...apers and office documents. It provides a lot of extra features for students and researc...

(A_LOT_OF)

---

[grammar] ~7-~7: Possible error detected: Should an object pronoun be used here?
Context: ...i-librarian-free ## Why should you use I, Librarian? ### Centralized management ...

(DONT_LIKE_HE)

---

[duplication] ~12-~12: Possible typo: you repeated a word
Context: ...pgrade software. ### Powerful full-text search Search for terms or phrases in metadata, PDF f...

(ENGLISH_WORD_REPEAT_RULE)

---

[grammar] ~19-~19: Possible error detected: Should an object pronoun be used here?
Context: ...er. ### No customer lock-in You can use I, Librarian as online service or on your...

(DONT_LIKE_HE)

---

[duplication] ~42-~42: Possible typo: you repeated a word
Context: ...land University Principia Biopharma ## Copyright Copyright. © 2001-2024 · [Scilico](http://scilico...

(ENGLISH_WORD_REPEAT_RULE)

🪛 Markdownlint

apps/i-librarian/metadata/description.md

5-5: null
Bare URL used

(MD034, no-bare-urls)

🔇 Additional comments (4)

apps/i-librarian/docker-compose.json (3)

20-26: Verify port allocation strategy.

The host port 31547 seems arbitrary. Please verify:

1. If this port follows the project's port allocation strategy
2. If this port is not already in use by other applications
3. The TCP flag is redundant as TCP is the default protocol

#!/bin/bash
# Description: Check for port conflicts and port allocation patterns

# Search for port 31547 usage across all Docker Compose files
echo "Checking for port conflicts..."
rg "31547" --type json --type yaml

# Look for port allocation patterns in other apps
echo "Analyzing port allocation patterns..."
fd -e json -e yml -e yaml . apps/ -x grep -l "hostPort"

---

27-32: 🛠️ Refactor suggestion

Enhance health check reliability.

The current health check configuration has several potential issues:

1. It assumes curl is available in the container
2. It only checks for HTTP response, not application functionality
3. Using localhost might not reflect the actual service endpoint

Consider this improved health check:

       "healthCheck": {
-        "test": "curl --fail http://localhost || exit 1",
+        "test": ["CMD-SHELL", "wget -q --spider http://localhost/index.php || exit 1"],
         "retries": 3,
         "interval": "30s",
         "timeout": "10s"
       }

#!/bin/bash
# Description: Analyze health check patterns in other apps and verify container includes wget

# Check health check patterns in other apps
echo "Analyzing health check patterns..."
rg "healthCheck" --type json apps/

# Look for the base image to verify available tools
echo "Checking base image..."
docker pull cgrima/i-librarian:latest
docker inspect cgrima/i-librarian:latest | jq -r '.[].Config.Cmd, .[].Config.Entrypoint'

---

8-19: Verify data persistence and permissions configuration.

While the volume mounts are correctly defined, consider the following security and operational aspects:

1. Ensure proper permissions are set for the data directory
2. Consider adding user/group ID mapping to avoid permission issues
3. Verify if the app requires additional volumes for configuration or logs

apps/i-librarian/docker-compose.yml (1)

16-28: Verify Traefik routing configuration

The Traefik configuration appears to handle both HTTP and HTTPS routing correctly with proper TLS termination. However, let's verify the configuration matches the app requirements.

✅ Verification successful

Traefik routing configuration is correctly implemented

The Traefik configuration is properly implemented with:

• Correct HTTP to HTTPS redirection using ilibrarian-web-redirect middleware
• Proper TLS termination with myresolver for secure traffic
• Consistent internal port (80) usage across service definition and Traefik labels
• Additional local domain configuration with both HTTP and HTTPS support
• Proper service naming and routing rules for both public and local domains

The configuration follows Traefik best practices for secure routing and TLS termination.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify port consistency across configurations
# Test: Check if the internal port (80) matches in both compose and config files
echo "Checking port configuration consistency..."
rg -l "port.*80" apps/i-librarian/
rg -l "APP_PORT" apps/i-librarian/

# Test: Verify health check configuration exists
echo "Checking health check configuration..."
rg "healthcheck" apps/i-librarian/

Length of output: 360

---

Script:

#!/bin/bash
# Let's examine the complete docker-compose.yml to understand the full configuration
echo "Checking complete docker-compose configuration..."
cat apps/i-librarian/docker-compose.yml

# Check for any environment files that might define APP_DOMAIN
echo -e "\nChecking for environment files..."
fd -t f "\.env" apps/i-librarian/

# Check for any traefik configuration files
echo -e "\nChecking for traefik configuration files..."
fd -t f "traefik" apps/i-librarian/

Length of output: 2162

[coderabbitai]

💡 Codebase verification

Based on the gathered information, I can now provide the final response:

Using unofficial Docker image poses stability and security risks

The current configuration uses an unofficial Docker image (cgrima/i-librarian:latest) while I, Librarian's official repository doesn't provide or recommend any specific Docker image. Instead, it recommends a direct installation with Apache 2.4+ and PHP 7.2+ requirements.

Consider:

1. Creating a verified Docker image based on the official source code (https://github.com/mkucej/i-librarian-free)
2. Document the build process and version compatibility
3. Ensure the image meets the official requirements (Apache 2.4+, PHP 7.2+)

🔗 Analysis chain

Consider using a specific version tag instead of 'latest'.

Using the latest tag in production can lead to unexpected breaking changes during container updates. Additionally, the image is from a personal Docker Hub account which might pose maintenance and security risks.

Consider:

1. Pin to a specific version tag for better stability and predictability
2. Verify if an official image is available
3. Document the process for version updates

---

Let me try a different approach to verify the image and its tags.

This will help us understand:

1. If there's any documentation about the chosen image and version
2. The rationale behind using this specific image
3. Any version requirements or constraints mentioned in the documentation

---

Let me check the official repository mentioned in the description to understand the recommended deployment approach.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check available tags for the i-librarian image and its pull statistics
# to help assess its stability and adoption

# Get image tags and their creation dates
docker_user="cgrima"
repo="i-librarian"
curl -s "https://hub.docker.com/v2/repositories/${docker_user}/${repo}/tags?page_size=100" | jq -r '.results[] | "\(.name) (Last Updated: \(.last_updated))"'

Length of output: 744

---

Script:

#!/bin/bash
# Let's check if there's any documentation or references about the image
rg -i "i-librarian" -g "!*.{json,lock}" -A 3 -B 3

# Also check for any README or documentation in the app directory
fd README -t f --exec cat {} \; apps/i-librarian/

Length of output: 1227

---

Script:

#!/bin/bash
# Check if there are any version-specific requirements or recommendations
curl -s "https://raw.githubusercontent.com/mkucej/i-librarian-free/master/README.md"

# Let's also check if there are any other instances of this image being used in the codebase
rg "cgrima/i-librarian" -g "*.{yml,yaml,json}" --type-add 'docker:*.{dockerfile,Dockerfile}' -t docker

Length of output: 3546

[coderabbitai]

⚠️ Potential issue

Security concern: Untrusted image source and privileged mode

Two critical security issues:

1. The image cgrima/i-librarian:latest is from a personal Docker Hub account rather than an official source
2. The container runs in privileged mode, which grants extensive host system access

Consider these changes:

1. Use an official image if available, or verify and document the trust level of this image
2. Remove privileged mode unless absolutely necessary. If specific capabilities are needed, use cap_add instead:

-    privileged: true
+    # Add only required capabilities if needed
+    cap_add:
+      - specific_capability

Committable suggestion skipped: line range outside the PR's diff.