chore: include dependencies on version post endpoint

[adityachoudhari26]

Summary by CodeRabbit

Release Notes

• New Features

  • Added support for specifying dependencies with version selectors when creating deployment versions.
  • Added new API endpoints to list, update, and delete deployment version dependencies.
  • Added new endpoint to retrieve a deployment by name within a workspace.

• Bug Fixes

  • Updated deployment version creation response codes for improved clarity (HTTP 201 for success, 404 for missing resources).

[coderabbitai]

Warning

Rate limit exceeded

@adityachoudhari26 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 35 minutes and 49 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 15d27fa1-6fd4-4166-b903-39579b4f4cbd

📥 Commits

Reviewing files that changed from the base of the PR and between 23de89d and 5ff22fa.

📒 Files selected for processing (4)

• apps/api/openapi/openapi.json
• apps/api/src/routes/v1/workspaces/deployments.ts
• apps/api/src/types/openapi.ts
• e2e/api/schema.ts

📝 Walkthrough

Walkthrough

The PR extends deployment version creation to accept optional dependency specifications. Each dependency maps a deployment ID to a CEL expression selector. The handler validates dependencies (syntax, self-reference, workspace membership) and persists them atomically with the version via new deploymentVersionDependency table rows. OpenAPI schemas, TypeScript types, and response definitions are updated, with comprehensive E2E tests covering CRUD operations for dependency edges.

Changes

Cohort / File(s)	Summary
OpenAPI Schema & Definitions apps/api/openapi/openapi.json, apps/api/openapi/paths/deploymentversions.jsonnet, apps/api/openapi/schemas/deploymentversions.jsonnet	Added dependencies property to CreateDeploymentVersionRequest schema, mapping dependency deployment IDs to objects with required versionSelector CEL expression. Updated response from acceptedResponse to okResponse with explicit notFoundResponse inclusion.
TypeScript Type Definitions apps/api/src/types/openapi.ts	Added optional dependencies field to exported CreateDeploymentVersionRequest type, mirroring OpenAPI schema structure.
API Handler apps/api/src/routes/v1/workspaces/deployments.ts	Extended createDeploymentVersion to validate dependencies (CEL syntax, non-self-reference, workspace existence), extract non-dependency fields, and atomically insert version with dependency edges into deploymentVersionDependency table within transaction.
E2E API Schema e2e/api/schema.ts	Added paths for dependency listing, upsert, and deletion per version; introduced DeploymentVersionDependency and UpsertDeploymentVersionDependencyRequest schemas; added getDeploymentByName endpoint.
E2E Tests & Configuration e2e/tests/api/deployment-version-dependencies.spec.ts, e2e/package.json	Created comprehensive Playwright test suite covering creation, listing, updating, and deletion of dependency edges with validation error cases (invalid CEL, self-dependency, missing deployments). Added test:deployment-version-deps script.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• chore: reconcile downstream version dependencies on job success #1085: Adds reconciliation logic that reads and processes the deploymentVersionDependency records created and persisted by this PR during deployment release events.
• refactor: convert to dependency to live on version not deployment #1084: Implements the same feature—version-scoped deployment dependencies—with deploymentVersionId-based DB tables and API handlers.
• chore: version dependencies ui #1086: Adds UI components and tRPC routes that consume the new dependency API endpoints and database records introduced here.

Poem

🐰 Dependencies now bloom with care,
Each version marks what it will share,
CEL selectors guide the way,
Through atomic transactions, come what may! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding support for dependencies in the deployment version creation endpoint.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch insert-deps-with-version-post

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 35 minutes and 49 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR extends the deployment-version create (POST) API to support declaring dependency edges inline at version creation time, updates the OpenAPI schema accordingly, and adds E2E coverage for the dependency CRUD endpoints and the new inline-create behavior.

Changes:

• Add dependencies to the deployment version POST request body and insert dependency edges in the same DB transaction.
• Update OpenAPI specs/types to include the new request field and dependency endpoints.
• Add Playwright E2E tests covering inline dependency creation and dependency list/upsert/delete endpoints.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
e2e/tests/api/deployment-version-dependencies.spec.ts	Adds E2E coverage for dependency endpoints and inline dependency creation on version POST.
e2e/package.json	Adds a dedicated script to run the new dependency E2E spec.
e2e/api/schema.ts	Regenerates/updates the E2E OpenAPI client schema with dependency routes/types and related additions.
apps/api/src/types/openapi.ts	Updates API OpenAPI-derived TS types to include dependencies on version creation.
apps/api/src/routes/v1/workspaces/deployments.ts	Implements inline dependency validation + atomic insert during deployment version creation.
apps/api/openapi/schemas/deploymentversions.jsonnet	Adds dependencies to the deployment version create schema.
apps/api/openapi/paths/deploymentversions.jsonnet	Updates version-create responses to 200 + adds 400/404 responses.
apps/api/openapi/openapi.json	Updates generated OpenAPI JSON to reflect the schema changes.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

dependencies entries can omit versionSelector and still pass validation because validResourceSelector(undefined) returns true. That would allow creating dependency edges with an unintended default/undefined selector (or trigger a DB error depending on how undefined is serialized). Add an explicit runtime check that edge.versionSelector is a non-empty string before calling validResourceSelector (and return 400 when missing).

[Copilot]

dependencyEntries keys are treated as deployment UUIDs and passed directly into inArray(schema.deployment.id, dependencyDeploymentIds). If a client supplies a non-UUID key (or dependencies isn’t an object), Postgres will throw invalid input syntax for type uuid, resulting in a 500. Validate each depDeploymentId is a UUID (and that dependencies is a plain object) and return 400 for invalid IDs before querying.

[Copilot]

This handler does not verify that deploymentId belongs to workspaceId (or even exists) before inserting a deployment version and enqueuing work. That allows cross-workspace writes if a caller can guess a deployment ID from another workspace. Add a lookup on schema.deployment scoped by (workspaceId, deploymentId) and return 404 when not found before proceeding.

Suggested change

	const deployment = await db
	.select({ id: schema.deployment.id })
	.from(schema.deployment)
	.where(
	and(
	eq(schema.deployment.workspaceId, workspaceId),
	eq(schema.deployment.id, deploymentId),
	),
	)
	.then(takeFirst);
	if (!deployment)
	throw new ApiError(`Deployment ${deploymentId} not found`, 404);

[Copilot]

onConflictDoNothing().returning().then(takeFirst) will throw when a (deploymentId, tag) conflict occurs because returning() returns 0 rows on DO NOTHING; takeFirst then raises an exception, producing a 500. Decide on intended behavior and handle it explicitly (e.g., return 409 conflict, or fetch and return the existing version).

Suggested change

	const inserted = await tx
	.insert(schema.deploymentVersion)
	.values(data)
	.onConflictDoNothing()
	.returning()
	.then(takeFirst);
	const insertedRows = await tx
	.insert(schema.deploymentVersion)
	.values(data)
	.onConflictDoNothing()
	.returning();
	const inserted = insertedRows[0];
	if (inserted == null)
	throw new ApiError(
	`Deployment version with tag ${data.tag} already exists for deployment ${deploymentId}`,
	409,
	);

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/api/openapi/paths/deploymentversions.jsonnet`:
- Around line 35-40: The OpenAPI spec change switched the create deployment
version response to 200 (openapi.okResponse for DeploymentVersion) but the
generated client types still model createDeploymentVersion as 202; regenerate
the OpenAPI artifacts so generated types (the createDeploymentVersion return
type in the generated openapi.ts) reflect the new 200 response. Run the
project's OpenAPI generation script/command used to produce
apps/api/src/types/openapi.ts (the generator that converts the
deploymentversions.jsonnet spec into types), commit the regenerated artifacts,
and verify createDeploymentVersion now expects a 200 DeploymentVersion response
instead of 202.

In `@apps/api/src/routes/v1/workspaces/deployments.ts`:
- Around line 403-446: The current dependency existence check runs before the
db.transaction and can race with deletes; move the lookup into the same
transaction (use tx.select(...) instead of db.select(...)) and validate
dependencyDeploymentIds inside the transaction before inserting edges, i.e.
perform the found = await tx.select({ id: schema.deployment.id
}).from(schema.deployment).where(... inArray(dependencyDeploymentIds) ...) and
build foundIds to throw ApiError for missing ids prior to the tx.insert of
schema.deploymentVersionDependency, or alternatively catch the FK/db error from
the tx insert and translate it to a 404; locate usage of dependencyEntries,
dependencyDeploymentIds, found, tx, inserted, and
tx.insert(schema.deploymentVersionDependency) to apply the change.

In `@e2e/api/schema.ts`:
- Around line 141-181: The OpenAPI-generated types in e2e/api/schema.ts are
incorrect: the path entries for
"/v1/workspaces/{workspaceId}/deployment-versions/{deploymentVersionId}/dependencies",
"/v1/workspaces/{workspaceId}/deployment-versions/{deploymentVersionId}/dependencies/{dependencyDeploymentId}",
and "/v1/workspaces/{workspaceId}/deployments/name/{name}" declare
parameters.path as never while the OpenAPI spec and the corresponding operations
(e.g., operations["listDeploymentVersionDependencies"],
operations["requestDeploymentVersionDependencyUpsert"],
operations["requestDeploymentVersionDependencyDeletion"]) require path params
(workspaceId, deploymentVersionId, dependencyDeploymentId, name); fix by
regenerating the OpenAPI TypeScript types from the canonical OpenAPI source so
those path parameter definitions are emitted correctly (ensuring the paths
entries include the required path parameter shapes) rather than hand-editing the
file.

In `@e2e/tests/api/deployment-version-dependencies.spec.ts`:
- Around line 12-72: Replace the manual provisioning/teardown in test.beforeAll
and test.afterAll with YAML fixture helpers: remove the API POST/DELETE blocks
that create systemId, downstreamId, upstreamId, secondUpstreamId and instead
call importEntitiesFromYaml at the start of the suite to load a .spec.yaml
fixture that declares those entities (names/slugs), and call
cleanupImportedEntities in test.afterAll to tear them down; update references to
systemId/downstreamId/upstreamId/secondUpstreamId to use the IDs returned by
importEntitiesFromYaml (or the fixture loader’s result) so
test.beforeAll/test.afterAll no longer perform direct API calls.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 90e12a5d-c799-4786-a68a-4f8eda3c1ec6

📥 Commits

Reviewing files that changed from the base of the PR and between 392000c and 23de89d.

📒 Files selected for processing (8)

• apps/api/openapi/openapi.json
• apps/api/openapi/paths/deploymentversions.jsonnet
• apps/api/openapi/schemas/deploymentversions.jsonnet
• apps/api/src/routes/v1/workspaces/deployments.ts
• apps/api/src/types/openapi.ts
• e2e/api/schema.ts
• e2e/package.json
• e2e/tests/api/deployment-version-dependencies.spec.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

rg -n -C 4 'deployment-versions/\{deploymentVersionId\}/dependencies|deployment-versions/\{deploymentVersionId\}/dependencies/\{dependencyDeploymentId\}|deployments/name/\{name\}' apps/api/openapi e2e/api/schema.ts

Repository: ctrlplanedev/ctrlplane

Length of output: 6094

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Check the parameters defined for the first endpoint in openapi.json
echo "=== Parameters for /v1/workspaces/{workspaceId}/deployment-versions/{deploymentVersionId}/dependencies ==="
rg -A 30 '"/v1/workspaces/\{workspaceId\}/deployment-versions/\{deploymentVersionId\}/dependencies"' apps/api/openapi/openapi.json | head -50

echo ""
echo "=== Check operations section for listDeploymentVersionDependencies ==="
rg -A 5 '"listDeploymentVersionDependencies"' e2e/api/schema.ts

echo ""
echo "=== Check operations section for requestDeploymentVersionDependencyUpsert ==="
rg -A 5 '"requestDeploymentVersionDependencyUpsert"' e2e/api/schema.ts

Repository: ctrlplanedev/ctrlplane

Length of output: 1960

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Find the operation definitions in the schema.ts to see if they have proper path parameters
echo "=== Full operation definition for listDeploymentVersionDependencies ==="
rg -B 2 -A 20 'listDeploymentVersionDependencies:' e2e/api/schema.ts

echo ""
echo "=== Check parameters for second endpoint in openapi.json ==="
rg -A 35 '"/v1/workspaces/\{workspaceId\}/deployment-versions/\{deploymentVersionId\}/dependencies/\{dependencyDeploymentId\}"' apps/api/openapi/openapi.json | head -55

Repository: ctrlplanedev/ctrlplane

Length of output: 2225

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Check the third endpoint parameters in openapi.json
echo "=== Parameters for /v1/workspaces/{workspaceId}/deployments/name/{name} ==="
rg -A 30 '"/v1/workspaces/\{workspaceId\}/deployments/name/\{name\}"' apps/api/openapi/openapi.json | head -50

echo ""
echo "=== Check if paths entries have any path param definitions ==="
rg -B 5 -A 10 '"/v1/workspaces/\{workspaceId\}/deployment-versions/\{deploymentVersionId\}/dependencies":' e2e/api/schema.ts | head -20

Repository: ctrlplanedev/ctrlplane

Length of output: 1751

---

Regenerate the OpenAPI types; path entries are missing path parameter definitions.

The paths entries for the new dependency and deployment endpoints declare parameters.path?: never, but the OpenAPI source and the corresponding operations definitions both include required path parameters (workspaceId, deploymentVersionId, dependencyDeploymentId, and/or name). This breaks type safety for callers relying on the paths interface. Regenerate this file from the OpenAPI source rather than manually patching.

Affected lines:

• Line 141: /v1/workspaces/{workspaceId}/deployment-versions/{deploymentVersionId}/dependencies
• Line 161: /v1/workspaces/{workspaceId}/deployment-versions/{deploymentVersionId}/dependencies/{dependencyDeploymentId}
• Line 217: /v1/workspaces/{workspaceId}/deployments/name/{name}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@e2e/api/schema.ts` around lines 141 - 181, The OpenAPI-generated types in
e2e/api/schema.ts are incorrect: the path entries for
"/v1/workspaces/{workspaceId}/deployment-versions/{deploymentVersionId}/dependencies",
"/v1/workspaces/{workspaceId}/deployment-versions/{deploymentVersionId}/dependencies/{dependencyDeploymentId}",
and "/v1/workspaces/{workspaceId}/deployments/name/{name}" declare
parameters.path as never while the OpenAPI spec and the corresponding operations
(e.g., operations["listDeploymentVersionDependencies"],
operations["requestDeploymentVersionDependencyUpsert"],
operations["requestDeploymentVersionDependencyDeletion"]) require path params
(workspaceId, deploymentVersionId, dependencyDeploymentId, name); fix by
regenerating the OpenAPI TypeScript types from the canonical OpenAPI source so
those path parameter definitions are emitted correctly (ensuring the paths
entries include the required path parameter shapes) rather than hand-editing the
file.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major | 🏗️ Heavy lift

Use YAML fixtures for this e2e suite.

This file hand-rolls entity provisioning and teardown. As per coding guidelines, **/e2e/**/*.spec.ts should declare test entities in a .spec.yaml fixture and load/clean them with importEntitiesFromYaml / cleanupImportedEntities.

As per coding guidelines: **/e2e/**/*.spec.ts: E2E tests use YAML fixture files (.spec.yaml alongside .spec.ts) to declare test entities; use importEntitiesFromYaml to load them and cleanupImportedEntities to tear them down.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@e2e/tests/api/deployment-version-dependencies.spec.ts` around lines 12 - 72,
Replace the manual provisioning/teardown in test.beforeAll and test.afterAll
with YAML fixture helpers: remove the API POST/DELETE blocks that create
systemId, downstreamId, upstreamId, secondUpstreamId and instead call
importEntitiesFromYaml at the start of the suite to load a .spec.yaml fixture
that declares those entities (names/slugs), and call cleanupImportedEntities in
test.afterAll to tear them down; update references to
systemId/downstreamId/upstreamId/secondUpstreamId to use the IDs returned by
importEntitiesFromYaml (or the fixture loader’s result) so
test.beforeAll/test.afterAll no longer perform direct API calls.