Rename workflows and setup Github secrets to generate builds

[rahulharpal1603]

Rename workflows for better organisation.

Summary by CodeRabbit

• Documentation
  • Added new setup guides for manual, script-based, and Docker-based installation for both frontend and backend.
  • Improved README formatting for clarity.
• Chores
  • Updated workflow names and improved secret management in GitHub Actions for enhanced security.
• Refactor
  • Updated Tauri app configuration: removed "dmg" bundle target, updated app version, changed updater public key and endpoint.

[coderabbitai]

Warning

Rate limit exceeded

@rahulharpal1603 has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 12 minutes and 41 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 62995a3 and 19824bc.

📒 Files selected for processing (2)

• .github/workflows/pr-check-build.yml (2 hunks)
• CONTRIBUTING.md (1 hunks)

Walkthrough

Several documentation files were added, including manual and script-based setup guides and Docker setup instructions for both backend and frontend. Multiple GitHub Actions workflow files were updated to rename workflows, improve secret management, and clarify triggers. The Tauri configuration was updated to adjust bundle targets, version, and updater settings. A minor formatting fix was made to the README.

Changes

Files/Groups	Change Summary
.github/workflows/*.yml	Renamed workflows, improved secret handling, updated triggers, and added debug commands in CI workflows.
frontend/src-tauri/tauri.conf.json	Removed "dmg" bundle target, updated version to 0.1.0, changed updater public key and endpoint URL.
README.md	Removed extra space in heading and adjusted line spacing.
docs/Manual_Setup_Guide.md, docs/Script_Setup_Guide.md	Added new setup guides: one for manual setup and one for script-based setup, including platform-specific instructions and troubleshooting.
docs/backend/docker-setup.md, docs/frontend/docker-setup.md	Added detailed Docker setup guides for backend and frontend, covering prerequisites, build/run steps, and troubleshooting.

Poem

A hop, a skip, new docs appear,
With Docker tips and setup clear.
Workflows renamed, secrets tight,
Tauri’s version shining bright.
README trimmed, the codebase neat—
PictoPy’s journey feels complete!
🐇✨

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/docs-deploy.yml (1)

1-1: Add a concurrency block to prevent overlapping deployments

When multiple commits hit main in quick succession, separate workflow runs may step on each other while pushing to gh-pages. Adding a simple concurrency group guards against that:

 name: Docs Deploy
+concurrency:
+  group: docs-deploy-${{ github.ref }}
+  cancel-in-progress: true

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bd3ee6a and 979f859.

📒 Files selected for processing (5)

• .github/workflows/build-and-release.yml (1 hunks)
• .github/workflows/docs-deploy.yml (1 hunks)
• .github/workflows/pr-check-build.yml (1 hunks)
• .github/workflows/pr-check-tests.yml (1 hunks)
• frontend/src-tauri/tauri.conf.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (4)

• GitHub Check: Tauri Tests
• GitHub Check: tauri-build-check (windows-latest)
• GitHub Check: tauri-build-check (ubuntu-22.04)
• GitHub Check: tauri-build-check (macos-latest, --target aarch64-apple-darwin)

🔇 Additional comments (4)

.github/workflows/pr-check-tests.yml (1)

1-1: Descriptive name looks good

The rename clearly conveys the job’s purpose. 👍
Just be sure to update any status-badge URLs or branch protection rules that still reference the old workflow name.

.github/workflows/build-and-release.yml (1)

1-1: Name updated, but double-check external references

The new title is clearer. Verify that:

1. Release-triggering workflow-dispatch docs reference the new name.
2. Any README badges / external dashboards aren’t hard-coded to the previous “Build and Release”.

.github/workflows/pr-check-build.yml (1)

1-1: Clearer workflow title approved

No functional impact; same note on badge / rule updates applies.

frontend/src-tauri/tauri.conf.json (1)

32-32: Ensure version bump stays consistent across crates & package.json

tauri-apps/tauri-action will substitute __VERSION__, but mismatched versions in:

• frontend/package.json
• frontend/src-tauri/Cargo.toml

could confuse auto-updaters. Please verify all manifests were bumped to 0.0.3.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (9)

README.md (1)

9-11: Drop the trailing ? to silence markdown-lint noise

Rule MD026 complains about punctuation at the end of headings.
Removing the question-mark keeps the intent while avoiding the warning.

-## 💡 **Want to contribute?**
+## 💡 **Want to contribute**

docs/frontend/docker-setup.md (2)

38-45: Passing the signing key via --build-arg leaks the secret into the image history

Docker ‑-build-arg values are baked into the intermediate layers and can be recovered with docker history.
Prefer one of:

1. Multi-stage build that copies the key only into a disposable stage and deletes it.
2. docker buildx build --secret/RUN --mount=type=secret (BuildKit).
3. Bind-mount the key at runtime instead of build time.

Documenting the safer pattern avoids accidental key exposure.

---

41-45: Minor grammar: missing comma after “password”

-… private key and password and <image_name> with …
+… private key and password, and <image_name> with …

docs/backend/docker-setup.md (2)

70-75: Add a language tag to the fenced block for MD040 compliance

-```
-http://localhost:8000
-```
+```text
+http://localhost:8000
+```

---

17-18: Tiny wording tweak

“ensure you have the Docker installed” → “ensure Docker is installed”

Not critical, but improves readability.

docs/Script_Setup_Guide.md (2)

10-10: Use the official spelling “Node.js”

-- [NodeJS](https://nodejs.org/en) (LTS Version Recommended)
+- [Node.js](https://nodejs.org/en) (LTS version recommended)

---

3-15: Multiple headings end with : – triggers MD026

Consistently drop trailing colons to avoid markdown-lint noise.

docs/Manual_Setup_Guide.md (2)

7-7: macOS capitalization

Apple brands it “macOS”, not “MacOS”.

---

32-40: Add explicit language tags to fenced blocks

Several blocks (e.g., lines 32-40) omit the language spec, producing MD040 warnings.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 32653ab and 62995a3.

📒 Files selected for processing (7)

• .github/workflows/pr-check-build.yml (3 hunks)
• README.md (1 hunks)
• docs/Manual_Setup_Guide.md (1 hunks)
• docs/Script_Setup_Guide.md (1 hunks)
• docs/backend/docker-setup.md (1 hunks)
• docs/frontend/docker-setup.md (1 hunks)
• frontend/src-tauri/tauri.conf.json (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• frontend/src-tauri/tauri.conf.json
• .github/workflows/pr-check-build.yml

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

README.md

9-9: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

docs/Manual_Setup_Guide.md

3-3: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

---

5-5: Bare URL used

(MD034, no-bare-urls)

---

9-9: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

---

15-15: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

---

21-21: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

---

27-27: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

---

32-32: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

36-36: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

40-40: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

44-44: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

---

52-52: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

60-60: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

66-66: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

74-74: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

80-80: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

92-92: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

100-100: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

114-114: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

---

126-126: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

docs/Script_Setup_Guide.md

3-3: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

---

8-8: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

---

13-13: Trailing punctuation in heading
Punctuation: ':'

(MD026, no-trailing-punctuation)

---

15-15: Bare URL used

(MD034, no-bare-urls)

docs/backend/docker-setup.md

72-72: Fenced code blocks should have a language specified

(MD040, fenced-code-language)

docs/frontend/docker-setup.md

14-14: Link fragments should be valid

(MD051, link-fragments)

🪛 LanguageTool

docs/Manual_Setup_Guide.md

[grammar] ~7-~7: The operating system from Apple is written “macOS”.
Context: ...toPy #### 2. Open your Terminal (Linux/MacOS) or Powershell (Windows) #### 3. Clone...

(MAC_OS)

---

[uncategorized] ~46-~46: A comma might be missing here.
Context: ...d Setup Steps: > Note: For backend setup make sure that you have **Python versio...

(AI_EN_LECTOR_MISSING_PUNCTUATION_COMMA)

---

[uncategorized] ~46-~46: You might be missing the article “the” here.
Context: ...are using Powershell for the setup, not command prompt. 1. **Navigate to the Backend ...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[grammar] ~58-~58: The operating system from Apple is written “macOS”.
Context: ...cies. Create one using: Bash(Linux/MacOS) ``` python3 -m venv .env ...

(MAC_OS)

---

[grammar] ~72-~72: The operating system from Apple is written “macOS”.
Context: ... Virtual Environment:** Bash(Linux/MacOS) ``` source .env/bin/activate ...

(MAC_OS)

docs/Script_Setup_Guide.md

[uncategorized] ~10-~10: The official spelling of this programming framework is “Node.js”.
Context: ...?v=a7I0ZRE-SHk) ### Prerequisites: - NodeJS (LTS Version Re...

(NODE_JS)

docs/backend/docker-setup.md

[uncategorized] ~53-~53: Loose punctuation mark.
Context: ...\ -v /:/host \ ``` - -it: Runs the container interactively, attac...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~54-~54: Loose punctuation mark.
Context: ...minal for input/output. - -p 8000:8000: Maps port 8000 on the host to port 8000...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~55-~55: Loose punctuation mark.
Context: ...st to port 8000 in the container. - -v: Mounts a volume to share data between t...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~56-~56: Loose punctuation mark.
Context: ...the host and container. - <image_name>: Specifies the image to use (the one we ...

(UNLIKELY_OPENING_PUNCTUATION)

---

[grammar] ~97-~97: The verb form ‘execute’ does not seem to be suitable in this context.
Context: ...sion issues**: Ensure that run.sh has execute permissions(for linux only): ```bas...

(HAVE_VB)

docs/frontend/docker-setup.md

[uncategorized] ~41-~41: Possible missing comma found.
Context: ...ur actual Tauri signing private key and password and <image_name> with the image name. I...

(AI_HYDRA_LEO_MISSING_COMMA)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: Tauri Tests
• GitHub Check: Tauri Build Check (macos-latest, --target aarch64-apple-darwin)
• GitHub Check: Tauri Build Check (ubuntu-22.04)

🔇 Additional comments (2)

docs/Script_Setup_Guide.md (1)

50-61: fastapi dev may not exist in a vanilla install

Unless the project pins fastapi[cli] (or a custom wrapper), contributors will get “command not found”.

Confirm the command is available or replace with the ubiquitous Uvicorn invocation:

uvicorn app.main:app --reload --host 0.0.0.0 --port 8000

docs/Manual_Setup_Guide.md (1)

96-104: Double : in heading & repeated fastapi dev caveat

1. Heading “Running the backend:**:” contains two colons.
2. Same fastapi dev concern as in the script guide—verify or replace.

[coderabbitai]

⚠️ Potential issue

Mounting the full host filesystem can be dangerous

-v /:/host gives the container read-write access to the entire host FS, a huge attack surface if the image (or dependencies) is compromised.

Unless the app genuinely needs root-level access, mount only the required directories (e.g., the pictures folder) or switch to a named volume.

-      -v /:/host \
+      # Limit to the directory that actually needs to be shared
+      -v "$PWD/images":/app/images \

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	docker run -it --name frontend-container --network host -p 1420:1420 -e DISPLAY=${DISPLAY} \
	-v /tmp/.X11-unix:/tmp/.X11-unix \
	-v images-data:/app/images \
	-v /:/host \
	<image-name>
	```
	docker run -it --name frontend-container --network host -p 1420:1420 -e DISPLAY=${DISPLAY} \
	-v /tmp/.X11-unix:/tmp/.X11-unix \
	-v images-data:/app/images \
	# Limit to the directory that actually needs to be shared
	-v "$PWD/images":/app/images \
	<image-name>

🤖 Prompt for AI Agents

In docs/frontend/docker-setup.md around lines 60 to 65, the Docker run command
mounts the entire host filesystem with '-v /:/host', which poses a security risk
by giving the container full read-write access. To fix this, replace this mount
with only the specific directories the app needs access to, such as the pictures
folder, or use a named volume instead to limit the container's access and reduce
the attack surface.

[coderabbitai]

⚠️ Potential issue

sudo apt install x installs … nothing

Package x does not exist on Debian/Ubuntu.
If the goal is to install an X-server, suggest xorg (or a lighter meta-package such as x11-apps).

-  sudo apt install x
+  # Minimal X-server utilities
+  sudo apt update
+  sudo apt install -y xorg

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- For Linux : An X server also installed
	```bash
	sudo apt install x
	```
	- For Linux : An X server also installed

🤖 Prompt for AI Agents

In docs/frontend/docker-setup.md around lines 20 to 23, the command `sudo apt
install x` is incorrect because the package `x` does not exist on Debian/Ubuntu.
Replace this command with `sudo apt install xorg` or `sudo apt install x11-apps`
to correctly install an X server or a lighter meta-package as intended.

[coderabbitai]

⚠️ Potential issue

Avoid granting the container blanket access to /

Same concern as the frontend guide: -v /:/host is rarely justified and undermines container isolation.

Recommend replacing with a narrowly-scoped bind mount or named volume.

🤖 Prompt for AI Agents

In docs/backend/docker-setup.md around lines 47 to 51, the Docker run command
mounts the entire host root directory with `-v /:/host`, which compromises
container isolation. Replace this broad mount with a more narrowly-scoped bind
mount or a named volume that only exposes the specific directories needed by the
container, thereby improving security and maintaining proper isolation.