Skip to content

Feat/site msg backup migrations #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
DhirenMhatre wants to merge 3 commits into
base: 1.9.x
Choose a base branch
from
Open

Feat/site msg backup migrations #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9ae9644
added site migration
premtsd-code Feb 22, 2026
8a3ece5
added site migration E2E test
premtsd-code Feb 22, 2026
51f9f1a
added messaging migration support and E2E test
premtsd-code Feb 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 9 additions & 2 deletions composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@
"utopia-php/locale": "0.8.*",
"utopia-php/logger": "0.6.*",
"utopia-php/messaging": "0.20.*",
"utopia-php/migration": "1.6.*",
"utopia-php/migration": "dev-feat-message-migration",

@greptile-apps greptile-apps Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Dev branch locked into production dependency

dev-feat-message-migration is an unstable branch reference — Composer resolves it to whatever HEAD points to on that branch at install time. Any unreviewed commit pushed to that branch between now and a fresh composer install would silently change the exact code running in production. This also requires the "repositories" VCS override and forces stability-flags to 20 (dev), loosening the stability guarantees for the whole project. This should be replaced with a tagged, stable release once the upstream branch is merged.

@codity-dm codity-dm Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security High

Pinning a production dependency to a mutable dev branch makes builds non-reproducible and allows unreviewed upstream commits to be pulled; pin a tagged release or immutable commit reference instead.

Suggested change
"utopia-php/migration": "dev-feat-message-migration",
"utopia-php/migration": "1.6.*",
Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert json developer with deep knowledge of security, performance, and best practices.

### Context

File: composer.json
Lines: 69-69
Issue Type: security-high
Severity: high

Issue Description:
Pinning a production dependency to a mutable dev branch makes builds non-reproducible and allows unreviewed upstream commits to be pulled; pin a tagged release or immutable commit reference instead.

Current Code:
        "utopia-php/migration": "dev-feat-message-migration",

---

### Instructions

1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow json best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed

### Constraints

- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready

---

Like Dislike Create Issue Jira

@codity-dm codity-dm Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Functional High

Pinning a production dependency to a branch-based dev version makes builds non-reproducible; depend on a tagged release or commit reference instead.

Suggested change
"utopia-php/migration": "dev-feat-message-migration",
"utopia-php/migration": "1.6.*",
Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert json developer with deep knowledge of security, performance, and best practices.

### Context

File: composer.json
Lines: 69-69
Issue Type: functional-high
Severity: high

Issue Description:
Pinning a production dependency to a branch-based dev version makes builds non-reproducible; depend on a tagged release or commit reference instead.

Current Code:
        "utopia-php/migration": "dev-feat-message-migration",

---

### Instructions

1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow json best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed

### Constraints

- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready

---

Like Dislike Create Issue Jira

@codity-dm codity-dm Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Functional High

Pinning a production dependency to a dev branch makes builds non-reproducible; use a tagged release or a commit reference instead.

Suggested change
"utopia-php/migration": "dev-feat-message-migration",
"utopia-php/migration": "1.6.*",
Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert json developer with deep knowledge of security, performance, and best practices.

### Context

File: composer.json
Lines: 69-69
Issue Type: functional-high
Severity: high

Issue Description:
Pinning a production dependency to a dev branch makes builds non-reproducible; use a tagged release or a commit reference instead.

Current Code:
        "utopia-php/migration": "dev-feat-message-migration",

---

### Instructions

1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow json best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed

### Constraints

- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready

---

Like Dislike Create Issue Jira

@codity-dm codity-dm Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security High

Pinning a production dependency to a mutable dev branch makes builds non-reproducible and can pull unreviewed code; pin a tagged release or immutable commit reference instead.

Also reported at: composer.lock L4467–L4476

Suggested change
"utopia-php/migration": "dev-feat-message-migration",
"utopia-php/migration": "1.6.*",
Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert json developer with deep knowledge of security, performance, and best practices.

### Context

File: composer.json
Lines: 69-69
Issue Type: security-high
Severity: high

Issue Description:
Pinning a production dependency to a mutable dev branch makes builds non-reproducible and can pull unreviewed code; pin a tagged release or immutable commit reference instead.

_Also reported at: `composer.lock` L4467–L4476_

Current Code:
        "utopia-php/migration": "dev-feat-message-migration",

---

### Instructions

1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow json best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed

### Constraints

- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready

---

Like Dislike Create Issue Jira

@codity-dm codity-dm Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Functional Critical

Pinning a dependency to a VCS branch name makes builds non-reproducible and can unexpectedly pull breaking changes; pin a tagged release or commit hash instead.

Suggested change
"utopia-php/migration": "dev-feat-message-migration",
"utopia-php/migration": "1.6.*",
Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert json developer with deep knowledge of security, performance, and best practices.

### Context

File: composer.json
Lines: 69-69
Issue Type: functional-critical
Severity: critical

Issue Description:
Pinning a dependency to a VCS branch name makes builds non-reproducible and can unexpectedly pull breaking changes; pin a tagged release or commit hash instead.

Current Code:
        "utopia-php/migration": "dev-feat-message-migration",

---

### Instructions

1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow json best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed

### Constraints

- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready

---

Like Dislike Create Issue Jira

"utopia-php/platform": "0.7.*",
"utopia-php/pools": "1.*",
"utopia-php/span": "1.1.*",
Expand Down Expand Up @@ -109,5 +109,12 @@
"php-http/discovery": true,
"tbachert/spi": true
}
}
},
"repositories": [
{
"type": "vcs",
"url": "https://github.com/utopia-php/migration.git"
}
],
Comment on lines +113 to +118

@codity-dm codity-dm Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security Medium

Adding a direct VCS repository bypasses Packagist trust and can silently change the fetched package source; restrict this to an immutable reference or remove the custom repository for production builds.

Suggested change
"repositories": [
{
"type": "vcs",
"url": "https://github.com/utopia-php/migration.git"
}
],
"repositories": [],
Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert json developer with deep knowledge of security, performance, and best practices.

### Context

File: composer.json
Lines: 113-118
Issue Type: security-medium
Severity: medium

Issue Description:
Adding a direct VCS repository bypasses Packagist trust and can silently change the fetched package source; restrict this to an immutable reference or remove the custom repository for production builds.

Current Code:
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/utopia-php/migration.git"
        }
    ],

---

### Instructions

1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow json best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed

### Constraints

- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready

---

Like Dislike Create Issue Jira

Comment on lines +113 to +118

@codity-dm codity-dm Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security High

Adding a direct VCS repository for production dependencies bypasses normal release provenance controls; use a signed/tagged package release or pin an immutable commit reference.

Suggested fix 
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/utopia-php/migration.git",
            "no-api": true
        }
    ],
Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert json developer with deep knowledge of security, performance, and best practices.

### Context

File: composer.json
Lines: 113-118
Issue Type: security-high
Severity: high

Issue Description:
Adding a direct VCS repository for production dependencies bypasses normal release provenance controls; use a signed/tagged package release or pin an immutable commit reference.

Current Code:
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/utopia-php/migration.git"
        }
    ],

---

### Instructions

1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow json best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed

### Constraints

- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready

---

Like Dislike Create Issue Jira

"prefer-stable": true
Comment on lines +113 to +119

@codity-dm codity-dm Bot May 21, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Functional High

Adding a VCS repository that tracks a mutable GitHub branch allows unreviewed upstream changes into installs; pin the package to a tag or immutable commit hash.

Suggested fix 
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/utopia-php/migration.git"
        }
    ],
    "prefer-stable": true
Prompt for AI assistance

Copy the prompt below and paste it into ChatGPT, Claude, or any LLM:

You are an expert json developer with deep knowledge of security, performance, and best practices.

### Context

File: composer.json
Lines: 113-119
Issue Type: functional-high
Severity: high

Issue Description:
Adding a VCS repository that tracks a mutable GitHub branch allows unreviewed upstream changes into installs; pin the package to a tag or immutable commit hash.

Current Code:
    "repositories": [
        {
            "type": "vcs",
            "url": "https://github.com/utopia-php/migration.git"
        }
    ],
    "prefer-stable": true

---

### Instructions

1. Fix the issue described above
2. Maintain the exact indentation and code style from the original
3. Follow json best practices and language-specific idioms
4. Ensure the fix addresses the root cause, not just the symptoms
5. Add brief inline comments explaining the fix if needed

### Constraints

- Do not change functionality beyond fixing the identified issue
- Preserve existing variable names and function signatures unless they are part of the problem
- Ensure the fix is production-ready

---

Like Dislike Create Issue Jira

}
42 changes: 31 additions & 11 deletions composer.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions src/Appwrite/Platform/Workers/Migrations.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -313,8 +313,20 @@ protected function generateAPIKey(Document $project): string
'files.write',
'functions.read',
'functions.write',
'sites.read',
'sites.write',
'tokens.read',
'tokens.write',
'providers.read',
'providers.write',
'topics.read',
'topics.write',
'subscribers.read',
'subscribers.write',
'messages.read',
'messages.write',
'targets.read',
'targets.write',
]
]);

Expand Down
42 changes: 42 additions & 0 deletions src/Appwrite/Utopia/Response/Model/MigrationReport.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,48 @@ public function __construct()
'default' => 0,
'example' => 20,
])
->addRule(Resource::TYPE_SITE, [
'type' => self::TYPE_INTEGER,
'description' => 'Number of sites to be migrated.',
'default' => 0,
'example' => 5,
])
->addRule(Resource::TYPE_SITE_DEPLOYMENT, [
'type' => self::TYPE_INTEGER,
'description' => 'Number of site deployments to be migrated.',
'default' => 0,
'example' => 5,
])
->addRule(Resource::TYPE_SITE_VARIABLE, [
'type' => self::TYPE_INTEGER,
'description' => 'Number of site variables to be migrated.',
'default' => 0,
'example' => 10,
])
->addRule(Resource::TYPE_PROVIDER, [
'type' => self::TYPE_INTEGER,
'description' => 'Number of messaging providers to be migrated.',
'default' => 0,
'example' => 5,
])
->addRule(Resource::TYPE_TOPIC, [
'type' => self::TYPE_INTEGER,
'description' => 'Number of messaging topics to be migrated.',
'default' => 0,
'example' => 10,
])
->addRule(Resource::TYPE_SUBSCRIBER, [
'type' => self::TYPE_INTEGER,
'description' => 'Number of messaging subscribers to be migrated.',
'default' => 0,
'example' => 50,
])
->addRule(Resource::TYPE_MESSAGE, [
'type' => self::TYPE_INTEGER,
'description' => 'Number of messages to be migrated.',
'default' => 0,
'example' => 100,
])
->addRule('size', [
'type' => self::TYPE_INTEGER,
'description' => 'Size of files to be migrated in mb.',
Expand Down
Loading