chore: dependencies trigger downstream target reconciles

[adityachoudhari26]

Summary by CodeRabbit

• New Features

  • Deployment-dependency reconciliation: when a job succeeds, dependent release targets are automatically reconciled.

• Behavior Change

  • Reconciliation now proceeds even when no policies apply, ensuring actions and metrics run consistently.

• Tests

  • Removed an obsolete unit test for the "no applicable policies" path; end-to-end test sequence adjusted for job-success handling.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds a DeploymentDependencyAction and TriggerJobSuccess, registers the action in the orchestrator to reconcile dependent targets on job success, removes an orchestrator early-return when policies are empty so actions run with an empty policy slice, deletes one unit test, and tweaks an E2E job-update sequence to use a job copy.

Changes

Cohort / File(s)	Summary
DeploymentDependencyAction implementation apps/workspace-engine/pkg/workspace/releasemanager/policy/evaluator/deploymentdependency/deployment_dependency_policy_action.go	New DeploymentDependencyAction and ReconcileFn type. On job-success it enumerates release targets for the affected deployment, excludes the current target, loads each target's policies, detects DeploymentDependency rules, and invokes the reconcile function for dependent targets with error handling.
Action registration & trigger enum apps/workspace-engine/pkg/workspace/workspace.go, apps/workspace-engine/pkg/workspace/releasemanager/trace/types.go	Registers DeploymentDependencyAction in the orchestrator to call ReconcileTarget with TriggerJobSuccess. Adds TriggerJobSuccess constant.
Orchestrator flow change apps/workspace-engine/pkg/workspace/releasemanager/action/orchestrator.go	Removed early-return when policies is empty so orchestration continues (with an empty policies slice) and actions are executed even if no policies matched.
Tests and E2E adjustments apps/workspace-engine/pkg/workspace/releasemanager/action/orchestrator_test.go, apps/workspace-engine/test/e2e/engine_policy_deployment_dependency_test.go	Deleted TestOrchestrator_OnJobStatusChange_NoPolicies unit test. E2E test now uses a copied job object for JobUpdateEvent (avoids in-place mutation) and removed a prior WorkspaceTick event push in that path.

Sequence Diagram

sequenceDiagram
    participant Job as Job Status Change
    participant Orchestrator as Action Orchestrator
    participant DDA as DeploymentDependencyAction
    participant Store as Store/ReleaseTarget Repo
    participant Reconcile as ReconcileTarget

    Job->>Orchestrator: OnJobSuccess trigger
    Orchestrator->>DDA: Execute(action trigger, context)
    DDA->>Store: GetAllForDeployment(affectedResource)
    Store-->>DDA: [targets...]
    DDA->>DDA: filter out current target
    loop for each remaining target
        DDA->>Store: GetPolicies(target)
        Store-->>DDA: [policies...]
        alt target has DeploymentDependency rule
            DDA->>Reconcile: ReconcileFn(target, TriggerJobSuccess)
            Reconcile-->>DDA: result / error
        end
    end
    DDA-->>Orchestrator: complete

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Inspect policy-loading and detection logic in DeploymentDependencyAction.Execute().
• Verify correct use of GetAllForDeployment and exclusion of the current target.
• Confirm orchestrator registration in workspace.go and correct use of TriggerJobSuccess.
• Validate E2E change: job copy usage and removal of the prior WorkspaceTick event.

Possibly related PRs

• chore: deployment dependency rule #721 — Implements deployment-dependency policy/evaluator and related policy wiring referenced by the new action and trigger.
• policy view #682 — Adjusts policy retrieval/compute paths that the new action relies on when loading policies for targets.
• chore: integrate new-deployment-version into fluent api #655 — Adds/enhances release-target APIs (e.g., GetAllForDeployment) used to enumerate targets for a deployment.

Poem

🐰 A job hops through with joyful cheer,
I nudge other targets far and near.
Policies whisper, "follow along,"
Reconcile hums a little song.
✨ Hop, patch, reconcile — we're clear!

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: introducing deployment dependency actions that trigger reconciliation of downstream release targets.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependencies-trigger-downstream-reconcile

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 4f6b464 and d4debe2.

📒 Files selected for processing (1)

• apps/workspace-engine/pkg/workspace/releasemanager/policy/evaluator/deploymentdependency/deployment_dependency_policy_action.go (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

apps/workspace-engine/**/*.go

📄 CodeRabbit inference engine (apps/workspace-engine/CLAUDE.md)

apps/workspace-engine/**/*.go: Do not add extraneous inline comments that state the obvious
Do not add comments that simply restate what the code does
Do not add comments for standard Go patterns (e.g., noting WaitGroup or semaphore usage)
Write comments that explain why, document complex logic/algorithms, provide non-obvious context, include TODO/FIXME, and document exported functions/types/methods

Files:

• apps/workspace-engine/pkg/workspace/releasemanager/policy/evaluator/deploymentdependency/deployment_dependency_policy_action.go

🧠 Learnings (2)

📓 Common learnings

Learnt from: adityachoudhari26
Repo: ctrlplanedev/ctrlplane PR: 187
File: apps/jobs/src/ephemeral-env-checker/index.ts:57-0
Timestamp: 2024-10-30T23:10:58.869Z
Learning: In the codebase, deployments are decoupled from environments. When deleting environments (e.g., in `apps/jobs/src/ephemeral-env-checker/index.ts`), associated deployments should not be deleted.

Learnt from: adityachoudhari26
Repo: ctrlplanedev/ctrlplane PR: 637
File: packages/events/src/kafka/client.ts:10-16
Timestamp: 2025-08-01T04:41:41.345Z
Learning: User adityachoudhari26 prefers not to add null safety checks for required environment variables when they are guaranteed to be present in their deployment configuration, similar to their preference for simplicity over defensive programming in test code.

Learnt from: adityachoudhari26
Repo: ctrlplanedev/ctrlplane PR: 601
File: e2e/tests/api/policies/retry-policy.spec.ts:23-24
Timestamp: 2025-06-24T23:52:50.732Z
Learning: The user adityachoudhari26 prefers not to add null safety checks or defensive programming in test code, particularly in e2e tests, as they prioritize simplicity and focus on the main functionality being tested rather than comprehensive error handling within the test itself.

📚 Learning: 2025-08-12T20:49:05.086Z

Learnt from: adityachoudhari26
Repo: ctrlplanedev/ctrlplane PR: 655
File: apps/workspace-engine/pkg/engine/workspace/fluent.go:166-171
Timestamp: 2025-08-12T20:49:05.086Z
Learning: The UpdateDeploymentVersions() method with OperationCreate case in apps/workspace-engine/pkg/engine/workspace/fluent.go is specifically designed only for creating new deployment versions, not for handling potential duplicates or existing versions.

Applied to files:

• apps/workspace-engine/pkg/workspace/releasemanager/policy/evaluator/deploymentdependency/deployment_dependency_policy_action.go

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: workspace-engine-tests
• GitHub Check: Lint
• GitHub Check: Typecheck
• GitHub Check: build (linux/amd64)
• GitHub Check: tests

🔇 Additional comments (7)

apps/workspace-engine/pkg/workspace/releasemanager/policy/evaluator/deploymentdependency/deployment_dependency_policy_action.go (7)

1-9: LGTM! Clean package structure and imports.

The package declaration and imports are well-organized with only necessary dependencies.

---

11-16: LGTM! Well-designed types.

The ReconcileFn callback type and DeploymentDependencyAction struct are cleanly defined with appropriate visibility.

---

18-23: LGTM! Standard constructor pattern.

The constructor follows idiomatic Go conventions and properly initializes the action.

---

25-27: LGTM!

The Name method provides an appropriate identifier for the action.

---

29-38: LGTM! Clean setup and trigger filtering.

The early return for non-matching triggers and the initialization logic are well-structured.

---

40-64: Previous concern about duplicate reconciliations has been addressed.

The logic now correctly uses the hasDeploymentDependencyRule flag to break from both the inner rules loop (line 56) and the outer policies loop (line 61), ensuring each target is appended at most once regardless of how many policies or rules contain DeploymentDependency configurations.

---

70-74: Verify fail-fast reconciliation behavior is intentional.

The current implementation stops reconciling remaining targets when the first reconcileFn call fails (line 72). Depending on requirements, you may want to reconcile all targets and collect errors instead of stopping at the first failure. The fail-fast approach is reasonable but confirm it aligns with the intended behavior.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

apps/workspace-engine/pkg/workspace/releasemanager/policy/evaluator/deploymentdependency/deployment_dependency_policy_action.go (1)

45-48: Consider wrapping underlying errors for better error traces.

The error handling loses the original error context. Wrapping errors with %w would preserve the error chain for debugging.

Apply this diff:

 		policies, err := d.store.ReleaseTargets.GetPolicies(ctx, target)
 		if err != nil {
-			return fmt.Errorf("failed to get policies for release target: %s", target.Key())
+			return fmt.Errorf("failed to get policies for release target %s: %w", target.Key(), err)
 		}

 	for _, target := range targetsToReconcile {
 		if err := d.reconcileFn(ctx, target); err != nil {
-			return fmt.Errorf("failed to reconcile target: %s", target.Key())
+			return fmt.Errorf("failed to reconcile target %s: %w", target.Key(), err)
 		}
 	}

Also applies to: 65-67

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 8f556d2 and 8f43d26.

📒 Files selected for processing (5)

• apps/workspace-engine/pkg/workspace/releasemanager/action/orchestrator_test.go (0 hunks)
• apps/workspace-engine/pkg/workspace/releasemanager/policy/evaluator/deploymentdependency/deployment_dependency_policy_action.go (1 hunks)
• apps/workspace-engine/pkg/workspace/releasemanager/trace/types.go (1 hunks)
• apps/workspace-engine/pkg/workspace/workspace.go (2 hunks)
• apps/workspace-engine/test/e2e/engine_policy_deployment_dependency_test.go (1 hunks)

💤 Files with no reviewable changes (1)

• apps/workspace-engine/pkg/workspace/releasemanager/action/orchestrator_test.go

🧰 Additional context used

📓 Path-based instructions (2)

apps/workspace-engine/**/*.go

📄 CodeRabbit inference engine (apps/workspace-engine/CLAUDE.md)

apps/workspace-engine/**/*.go: Do not add extraneous inline comments that state the obvious
Do not add comments that simply restate what the code does
Do not add comments for standard Go patterns (e.g., noting WaitGroup or semaphore usage)
Write comments that explain why, document complex logic/algorithms, provide non-obvious context, include TODO/FIXME, and document exported functions/types/methods

Files:

• apps/workspace-engine/test/e2e/engine_policy_deployment_dependency_test.go
• apps/workspace-engine/pkg/workspace/releasemanager/policy/evaluator/deploymentdependency/deployment_dependency_policy_action.go
• apps/workspace-engine/pkg/workspace/releasemanager/trace/types.go
• apps/workspace-engine/pkg/workspace/workspace.go

apps/workspace-engine/**/*_test.go

📄 CodeRabbit inference engine (apps/workspace-engine/CLAUDE.md)

Follow the existing test structure used in *_test.go files

Files:

• apps/workspace-engine/test/e2e/engine_policy_deployment_dependency_test.go

🧠 Learnings (4)

📓 Common learnings

Learnt from: adityachoudhari26
Repo: ctrlplanedev/ctrlplane PR: 637
File: packages/events/src/kafka/client.ts:10-16
Timestamp: 2025-08-01T04:41:41.345Z
Learning: User adityachoudhari26 prefers not to add null safety checks for required environment variables when they are guaranteed to be present in their deployment configuration, similar to their preference for simplicity over defensive programming in test code.

Learnt from: adityachoudhari26
Repo: ctrlplanedev/ctrlplane PR: 601
File: e2e/tests/api/policies/retry-policy.spec.ts:23-24
Timestamp: 2025-06-24T23:52:50.732Z
Learning: The user adityachoudhari26 prefers not to add null safety checks or defensive programming in test code, particularly in e2e tests, as they prioritize simplicity and focus on the main functionality being tested rather than comprehensive error handling within the test itself.

📚 Learning: 2025-10-24T00:02:29.723Z

Learnt from: adityachoudhari26
Repo: ctrlplanedev/ctrlplane PR: 696
File: apps/workspace-engine/pkg/workspace/releasemanager/deployment/executor.go:63-67
Timestamp: 2025-10-24T00:02:29.723Z
Learning: In workspace-engine replay mode (apps/workspace-engine/pkg/workspace/releasemanager/deployment/executor.go), jobs are created with Pending status even during replay because job updates are still accepted and processed. If a job remains Pending after replay completes, it genuinely is still pending because no updates occurred during replay.

Applied to files:

• apps/workspace-engine/test/e2e/engine_policy_deployment_dependency_test.go

📚 Learning: 2025-08-12T20:49:05.086Z

Learnt from: adityachoudhari26
Repo: ctrlplanedev/ctrlplane PR: 655
File: apps/workspace-engine/pkg/engine/workspace/fluent.go:166-171
Timestamp: 2025-08-12T20:49:05.086Z
Learning: The UpdateDeploymentVersions() method with OperationCreate case in apps/workspace-engine/pkg/engine/workspace/fluent.go is specifically designed only for creating new deployment versions, not for handling potential duplicates or existing versions.

Applied to files:

• apps/workspace-engine/test/e2e/engine_policy_deployment_dependency_test.go
• apps/workspace-engine/pkg/workspace/workspace.go

📚 Learning: 2025-08-12T18:13:54.630Z

Learnt from: CR
Repo: ctrlplanedev/ctrlplane PR: 0
File: apps/workspace-engine/CLAUDE.md:0-0
Timestamp: 2025-08-12T18:13:54.630Z
Learning: Applies to apps/workspace-engine/**/*.go : Write comments that explain why, document complex logic/algorithms, provide non-obvious context, include TODO/FIXME, and document exported functions/types/methods

Applied to files:

• apps/workspace-engine/pkg/workspace/workspace.go

🧬 Code graph analysis (3)

apps/workspace-engine/test/e2e/engine_policy_deployment_dependency_test.go (2)

apps/workspace-engine/pkg/workspace/releasemanager/trace/types.go (1)

• Status (68-68)

apps/workspace-engine/pkg/oapi/oapi.gen.go (3)

• JobStatusSuccessful (135-135)
• JobUpdateEvent (691-698)
• Job (657-671)

apps/workspace-engine/pkg/workspace/releasemanager/policy/evaluator/deploymentdependency/deployment_dependency_policy_action.go (3)

apps/workspace-engine/pkg/workspace/releasemanager/action/action.go (2)

• ActionTrigger (9-9)
• ActionContext (19-23)

apps/workspace-engine/pkg/workspace/releasemanager/trace/types.go (1)

• TriggerJobSuccess (94-94)

apps/workspace-engine/pkg/oapi/oapi.gen.go (1)

• Release (878-885)

apps/workspace-engine/pkg/workspace/workspace.go (4)

apps/workspace-engine/pkg/workspace/releasemanager/policy/evaluator/deploymentdependency/deployment_dependency_policy_action.go (1)

• NewDeploymentDependencyAction (18-23)

apps/workspace-engine/pkg/oapi/oapi.gen.go (1)

• ReleaseTarget (888-892)

apps/workspace-engine/pkg/workspace/releasemanager/trace/recorder.go (1)

• ReconcileTarget (18-41)

apps/workspace-engine/pkg/workspace/releasemanager/trace/types.go (2)

• WithTrigger (167-171)
• TriggerJobSuccess (94-94)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: build (linux/amd64)
• GitHub Check: tests
• GitHub Check: workspace-engine-tests
• GitHub Check: Lint
• GitHub Check: Typecheck

🔇 Additional comments (7)

apps/workspace-engine/pkg/workspace/workspace.go (2)

5-5: LGTM!

The new imports are properly utilized in the action registration below.

Also applies to: 10-11

---

40-47: LGTM!

The action registration correctly follows the existing pattern and integrates the deployment dependency reconciliation flow with the appropriate trigger.

apps/workspace-engine/pkg/workspace/releasemanager/trace/types.go (1)

94-94: LGTM!

The new trigger constant is well-defined and follows the established pattern.

apps/workspace-engine/test/e2e/engine_policy_deployment_dependency_test.go (1)

102-114: LGTM!

Creating a copy of the job before mutation is the correct approach to avoid side effects on the original test data. The copy pattern is safe since the modified fields are value types or pointer reassignments.

apps/workspace-engine/pkg/workspace/releasemanager/policy/evaluator/deploymentdependency/deployment_dependency_policy_action.go (3)

11-23: LGTM!

The type definitions and constructor follow Go best practices and are straightforward.

---

25-27: LGTM!

The Name method provides a clear identifier for the action.

---

30-30: No action required. The action.TriggerJobSuccess constant is properly defined in action.go and used correctly at line 30. The reference to trace.TriggerJobSuccess in the review comment is incorrect—no such constant exists in the codebase.

Likely an incorrect or invalid review comment.