feat: plugin package clean command line tool

[fatelei]

Description

fix langgenius/dify#31518

use command line, keep the latest version, delete the old version

• go run ./cmd/commandline plugin cleanup -p ./cwd -y
• go run ./cmd/commandline plugin cleanup -p ./cwd --dry-run

Type of Change

• Bug fix
• New feature
• Refactor
• Performance improvement
• Other

Essential Checklist

Testing

• I have tested the changes locally and confirmed they work as expected
• I have added unit tests where necessary and they pass successfully

Bug Fix (if applicable)

• I have used GitHub syntax to close the related issue (e.g., Fixes #123 or Closes #123)

Additional Information

Please provide any additional context that would help reviewers understand the changes.

[gemini-code-assist]

Summary of Changes

Hello @fatelei, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses an issue where old plugin versions were not being automatically removed, potentially leading to accumulated files. It introduces a new configuration switch to control this behavior, allowing the system to automatically clean up outdated plugin directories. This enhancement improves disk space management and streamlines plugin lifecycle management.

Highlights

• Automatic Old Plugin Version Cleanup: Introduced a new configuration option, PLUGIN_AUTO_CLEANUP_OLD_VERSION, allowing users to enable or disable the automatic removal of old plugin versions from the working directory.
• Plugin Directory Removal Logic: Implemented a new utility function, removePluginFromCwd, responsible for physically deleting plugin directories based on their unique identifier and working path.
• Enhanced Plugin Removal Conditions: Modified the RemovePluginIfNeeded function to incorporate the new PLUGIN_AUTO_CLEANUP_OLD_VERSION flag, ensuring that old plugin files are cleaned up either when explicitly marked for deletion or when the auto-cleanup feature is enabled.
• Configuration Access in Plugin Manager: Added a Config() method to the PluginManager to provide access to the application's configuration, which is necessary for the new cleanup logic.
• Comprehensive Test Coverage: Added extensive unit tests for the new removePluginFromCwd function and updated tests for RemovePluginIfNeeded to cover various scenarios, including auto-cleanup, different plugin types, and error handling.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a feature to automatically clean up old plugin versions, controlled by a new PLUGIN_AUTO_CLEANUP_OLD_VERSION environment variable. The implementation looks mostly correct, but I've found a critical security vulnerability and some significant maintainability and correctness issues that need to be addressed.

My main concerns are:

• A path traversal vulnerability in the new removePluginFromCwd function, which could allow for arbitrary file deletion.
• The testing strategy for RemovePluginIfNeeded is flawed, as it tests a copy of the production code instead of the function itself. This makes the tests brittle and hard to maintain.
• There are a large number of syntactically incorrect struct tags added to internal/types/app/config.go which could cause runtime issues.

Please review my comments for details and suggestions on how to fix these issues.

[Stream29]

Still awaiting...