Added maintenance guide

[alirana01]

Description

Created a maintenance guide document

The information needs to be verified.
The workflow files mentioned here were just for my understanding but i have left them there to be reviewed.

[gemini-code-assist]

Summary of Changes

Hello @alirana01, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a critical maintenance guide for the ESP-IDF Installation Manager (EIM). The guide centralizes comprehensive information on how to maintain EIM's diverse distribution channels, ensuring consistency, security, and functionality across various platforms and package managers. It aims to streamline future maintenance efforts by providing clear procedures and references for all external components and workflows involved in EIM's release process, thereby enhancing the long-term sustainability and reliability of the project.

Highlights

• New Maintenance Guide Added: A comprehensive MAINTENANCE.md document has been introduced, detailing the procedures and components involved in maintaining the ESP-IDF Installation Manager (EIM).
• Extensive Coverage of Distribution Channels: The guide covers maintenance aspects for various EIM distribution methods, including Scoop manifests (offline and online), PowerShell scripts, Docker repositories, GitHub Install Actions, Homebrew, TLDR pages, Man pages, APT/RPM repositories, and WinGet.
• Detailed Workflow and Secret References: Each section provides insights into how workflows interact with these components, their purpose, file locations, and specific maintenance tasks. It also includes a dedicated section for secrets management, outlining required tokens, their scopes, and renewal processes.
• Structured Maintenance Checklists: The document includes practical checklists for maintenance activities to be performed after each release, monthly, with major EIM changes, and during quarterly security reviews.
• Documentation Navigation Update: The SUMMARY.md file has been updated to include a link to the new MAINTENANCE.md guide, making it accessible within the project's documentation.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• docs/src/MAINTENANCE.md
  • Added a new comprehensive maintenance guide for the ESP-IDF Installation Manager (EIM).
  • Details maintenance procedures for various distribution components like Scoop, Docker, Homebrew, APT/RPM, WinGet, and documentation.
  • Includes sections on release workflows, secrets management, and maintenance checklists.
• docs/src/SUMMARY.md
  • Updated the documentation summary to include a link to the newly added MAINTENANCE.md guide.

Activity

• The author created a new maintenance guide document.
• The author noted that the information in the guide needs verification.
• The author included details about workflow files for their own understanding and requested review on them.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a comprehensive maintenance guide for the EIM project, which is a valuable addition for future maintainers. The guide is well-structured and detailed. My review focuses on improving its long-term maintainability and ensuring all information is accurate and points to official resources.

Key feedback points include:

• Removing hardcoded line numbers which can become outdated.
• Replacing references to personal repositories with official ones.
• Ensuring consistency in examples.
• Aligning the documented components with the actual source code implementation.

Overall, this is a great initiative. Addressing these points will make the guide more robust and professional.

[gemini-code-assist]

This section, and others throughout the document (e.g., Docker Hub link, WinGet fork), refer to repositories and artifacts under the personal user Hahihula. For an official maintenance guide, all resources should point to official espressif organization repositories or assets. Using personal repositories introduces a single point of failure and potential security concerns, especially as the PR description notes some of this was for personal understanding.

Please replace all instances of Hahihula with the appropriate espressif organization-owned repository or a clear placeholder like espressif/<repo-name>. This applies to repository URLs, Docker image names, and fork user configurations.

Example occurrences:

• Line 280: https://github.com/Hahihula/eim-idf-build-docker
• Line 282: https://hub.docker.com/r/hahihula/eim-idf-build
• Line 968: Hahihula/winget-pkgs
• Line 1190: https://github.com/Hahihula/eim-idf-build-docker

[gemini-code-assist]

The tables in this document (e.g., here, and also at lines 194-197, 220-226, etc.) and various references to workflow files include hardcoded line counts and line ranges. This information is very brittle and will become outdated as soon as the referenced files are modified. This will make the maintenance guide harder to trust and use over time.

It would be more robust to remove the "Lines" column from tables and avoid referencing specific line numbers for code blocks or workflow files. Describing the function or section by name is sufficient and more maintainable.

[gemini-code-assist]

The example for non-interactive installation uses a hardcoded version {{v5.3.2}}. Other examples in this section correctly use a generic placeholder {{version}}. Using a hardcoded version can become outdated and is inconsistent with the rest of the examples.

Suggested change

	`eim install -i {{v5.3.2}}`
	`eim install -i {{version}}`

[gemini-code-assist]

This table lists a manifest template for Python 3.10 (python310.json). However, reviewing the implementation in src-tauri/src/lib/offline_installer.rs (lines 338-343), it appears that only the python311.json template is actually used for offline installation. The documentation should accurately reflect the code to avoid confusion for maintainers.

Please remove this line for python310.json to align the documentation with the current implementation.

[Hahihula]

Great work. Thanks.
But do we actually want this to be part of the public facing documentation? I see this more as internal document.
I would suggest moving the md to the project root and removing it from the docs. WDYT?
Added couple of small remarks.

[Hahihula]

important notice:
the real links for where to get. the actually file URLs are currently hardcoded in the offline installed. I do not see any mention of this. this will ikely change during EIM-381 implementation but currently whis update procedure as is will not work!

[Hahihula]

we have the official docker image in the esp-idf repository which is being migrated to eim currently, probably after next release. we also have the CI images in the esp-dockerfiles and we have dockerfile example in the documentation.

[Hahihula]

we do not have scoop repository at the moment and the workflow is turned off

[Hahihula]

werify correct version of eim AND offline installer archives is on dl.espressif

[Hahihula]

update dependencies? (suggestion)

[Hahihula]

!check signing certificates expiration dates!

[Hahihula]

I would suggest to actually move the maintenance checklist to the top of this document and have the (great) detailed description under it as we will use the checklist much more often :-)

[alirana01]

@Hahihula fixed the review comments kindly take a look