From ba7cd961075eca4e2a2d89998cc2200833d02646 Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Tue, 27 Jan 2026 15:29:51 +0000 Subject: [PATCH] Add package dependencies and project settings page Package Dependencies: - Add artifact dependency management system - Add dependency API endpoints (get, resolve, reverse) - Add ensure file parsing for declaring dependencies - Add circular dependency and conflict detection - Add frontend dependency visualization with graph modal - Add migration for artifact_dependencies table Project Settings Page (#65): - Add dedicated settings page for project admins - General settings section (description, visibility) - Access management section (moved from project page) - Danger zone with inline delete confirmation - Add Settings button to project page header --- CHANGELOG.md | 36 + backend/app/dependencies.py | 723 +++++++++++++ backend/app/models.py | 54 + backend/app/routes.py | 425 +++++++- backend/app/schemas.py | 137 +++ backend/app/seed.py | 49 +- backend/tests/test_dependencies.py | 1080 +++++++++++++++++++ frontend/src/App.tsx | 2 + frontend/src/api.ts | 74 ++ frontend/src/components/DependencyGraph.css | 338 ++++++ frontend/src/components/DependencyGraph.tsx | 323 ++++++ frontend/src/components/Layout.tsx | 1 - frontend/src/pages/Home.css | 6 + frontend/src/pages/PackagePage.css | 354 ++++++ frontend/src/pages/PackagePage.tsx | 372 ++++++- frontend/src/pages/ProjectPage.tsx | 38 +- frontend/src/pages/ProjectSettingsPage.css | 476 ++++++++ frontend/src/pages/ProjectSettingsPage.tsx | 308 ++++++ frontend/src/types.ts | 74 ++ helm/orchard/templates/deployment.yaml | 2 + helm/orchard/values-dev.yaml | 1 + helm/orchard/values-prod.yaml | 1 + helm/orchard/values-stage.yaml | 1 + migrations/008_artifact_dependencies.sql | 48 + 24 files changed, 4894 insertions(+), 29 deletions(-) create mode 100644 backend/app/dependencies.py create mode 100644 backend/tests/test_dependencies.py create mode 100644 frontend/src/components/DependencyGraph.css create mode 100644 frontend/src/components/DependencyGraph.tsx create mode 100644 frontend/src/pages/ProjectSettingsPage.css create mode 100644 frontend/src/pages/ProjectSettingsPage.tsx create mode 100644 migrations/008_artifact_dependencies.sql diff --git a/CHANGELOG.md b/CHANGELOG.md index 17a0b56..0c3f4d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,8 +6,44 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### Added +- Added Project Settings page accessible to project admins (#65) + - General settings section for editing description and visibility + - Access Management section (moved from project page) + - Danger Zone section with inline delete confirmation requiring project name + - Settings button (gear icon) on project page header for admins +- Added artifact dependency management system (#76, #77, #78, #79, #80, #81) + - `artifact_dependencies` table with version/tag constraints and check constraints + - `ArtifactDependency` SQLAlchemy model with indexes for fast lookups + - Ensure file parsing (`orchard.ensure` YAML format) during artifact upload + - Circular dependency detection at upload time (rejected with 400) + - Dependency conflict detection at resolution time (409 with conflict details) +- Added dependency API endpoints (#78, #79): + - `GET /api/v1/artifact/{artifact_id}/dependencies` - Get dependencies by artifact ID + - `GET /api/v1/project/{project}/{package}/+/{ref}/dependencies` - Get dependencies by ref + - `GET /api/v1/project/{project}/{package}/reverse-dependencies` - Get reverse dependencies (paginated) + - `GET /api/v1/project/{project}/{package}/+/{ref}/resolve` - Resolve full dependency tree +- Added dependency resolution with topological sorting (#79) + - Returns flat list of all artifacts needed in dependency order + - Includes download URLs, sizes, and version info for each artifact +- Added frontend dependency visualization (#84, #85, #86): + - Dependencies section on package page showing direct dependencies for selected tag + - Tag/version selector to switch between artifacts + - "Used By" section showing reverse dependencies with pagination + - Interactive dependency graph modal with: + - Tree visualization with collapsible nodes + - Zoom (mouse wheel + buttons) and pan (click-drag) + - Click to navigate to package + - Hover tooltip with package details + - Error display for circular dependencies and conflicts +- Added migration `008_artifact_dependencies.sql` for dependency schema +- Added `dependencies.py` module with parsing, validation, and resolution logic +- Added comprehensive integration tests for all dependency features + ### Changed - Added pre-test stage reset to ensure known environment state before integration tests (#54) +- Upload endpoint now accepts optional `ensure` file parameter for declaring dependencies +- Updated upload API documentation with ensure file format and examples ## [0.5.1] - 2026-01-23 ### Changed diff --git a/backend/app/dependencies.py b/backend/app/dependencies.py new file mode 100644 index 0000000..196a927 --- /dev/null +++ b/backend/app/dependencies.py @@ -0,0 +1,723 @@ +""" +Dependency management module for artifact dependencies. + +Handles: +- Parsing orchard.ensure files +- Storing dependencies in the database +- Querying dependencies and reverse dependencies +- Dependency resolution with topological sorting +- Circular dependency detection +- Conflict detection +""" + +import yaml +from typing import List, Dict, Any, Optional, Set, Tuple +from sqlalchemy.orm import Session +from sqlalchemy import and_ + +from .models import ( + Project, + Package, + Artifact, + Tag, + ArtifactDependency, + PackageVersion, +) +from .schemas import ( + EnsureFileContent, + EnsureFileDependency, + DependencyResponse, + ArtifactDependenciesResponse, + DependentInfo, + ReverseDependenciesResponse, + ResolvedArtifact, + DependencyResolutionResponse, + DependencyConflict, + PaginationMeta, +) + + +class DependencyError(Exception): + """Base exception for dependency errors.""" + pass + + +class CircularDependencyError(DependencyError): + """Raised when a circular dependency is detected.""" + def __init__(self, cycle: List[str]): + self.cycle = cycle + super().__init__(f"Circular dependency detected: {' -> '.join(cycle)}") + + +class DependencyConflictError(DependencyError): + """Raised when conflicting dependency versions are detected.""" + def __init__(self, conflicts: List[DependencyConflict]): + self.conflicts = conflicts + super().__init__(f"Dependency conflicts detected: {len(conflicts)} conflict(s)") + + +class DependencyNotFoundError(DependencyError): + """Raised when a dependency cannot be resolved.""" + def __init__(self, project: str, package: str, constraint: str): + self.project = project + self.package = package + self.constraint = constraint + super().__init__(f"Dependency not found: {project}/{package}@{constraint}") + + +class InvalidEnsureFileError(DependencyError): + """Raised when the ensure file is invalid.""" + pass + + +class DependencyDepthExceededError(DependencyError): + """Raised when dependency resolution exceeds max depth.""" + def __init__(self, max_depth: int): + self.max_depth = max_depth + super().__init__(f"Dependency resolution exceeded maximum depth of {max_depth}") + + +# Safety limits to prevent DoS attacks +MAX_DEPENDENCY_DEPTH = 50 # Maximum levels of nested dependencies +MAX_DEPENDENCIES_PER_ARTIFACT = 200 # Maximum direct dependencies per artifact + + +def parse_ensure_file(content: bytes) -> EnsureFileContent: + """ + Parse an orchard.ensure file. + + Args: + content: Raw bytes of the ensure file + + Returns: + Parsed EnsureFileContent + + Raises: + InvalidEnsureFileError: If the file is invalid YAML or has wrong structure + """ + try: + data = yaml.safe_load(content.decode('utf-8')) + except yaml.YAMLError as e: + raise InvalidEnsureFileError(f"Invalid YAML: {e}") + except UnicodeDecodeError as e: + raise InvalidEnsureFileError(f"Invalid encoding: {e}") + + if data is None: + return EnsureFileContent(dependencies=[]) + + if not isinstance(data, dict): + raise InvalidEnsureFileError("Ensure file must be a YAML dictionary") + + dependencies = [] + deps_data = data.get('dependencies', []) + + if not isinstance(deps_data, list): + raise InvalidEnsureFileError("'dependencies' must be a list") + + # Safety limit: prevent DoS through excessive dependencies + if len(deps_data) > MAX_DEPENDENCIES_PER_ARTIFACT: + raise InvalidEnsureFileError( + f"Too many dependencies: {len(deps_data)} exceeds maximum of {MAX_DEPENDENCIES_PER_ARTIFACT}" + ) + + for i, dep in enumerate(deps_data): + if not isinstance(dep, dict): + raise InvalidEnsureFileError(f"Dependency {i} must be a dictionary") + + project = dep.get('project') + package = dep.get('package') + version = dep.get('version') + tag = dep.get('tag') + + if not project: + raise InvalidEnsureFileError(f"Dependency {i} missing 'project'") + if not package: + raise InvalidEnsureFileError(f"Dependency {i} missing 'package'") + if not version and not tag: + raise InvalidEnsureFileError( + f"Dependency {i} must have either 'version' or 'tag'" + ) + if version and tag: + raise InvalidEnsureFileError( + f"Dependency {i} cannot have both 'version' and 'tag'" + ) + + dependencies.append(EnsureFileDependency( + project=project, + package=package, + version=version, + tag=tag, + )) + + return EnsureFileContent(dependencies=dependencies) + + +def validate_dependencies( + db: Session, + dependencies: List[EnsureFileDependency], +) -> List[str]: + """ + Validate that all dependency projects exist. + + Args: + db: Database session + dependencies: List of dependencies to validate + + Returns: + List of error messages (empty if all valid) + """ + errors = [] + + for dep in dependencies: + project = db.query(Project).filter(Project.name == dep.project).first() + if not project: + errors.append(f"Project '{dep.project}' not found") + + return errors + + +def store_dependencies( + db: Session, + artifact_id: str, + dependencies: List[EnsureFileDependency], +) -> List[ArtifactDependency]: + """ + Store dependencies for an artifact. + + Args: + db: Database session + artifact_id: The artifact ID that has these dependencies + dependencies: List of dependencies to store + + Returns: + List of created ArtifactDependency objects + """ + created = [] + + for dep in dependencies: + artifact_dep = ArtifactDependency( + artifact_id=artifact_id, + dependency_project=dep.project, + dependency_package=dep.package, + version_constraint=dep.version, + tag_constraint=dep.tag, + ) + db.add(artifact_dep) + created.append(artifact_dep) + + return created + + +def get_artifact_dependencies( + db: Session, + artifact_id: str, +) -> List[DependencyResponse]: + """ + Get all dependencies for an artifact. + + Args: + db: Database session + artifact_id: The artifact ID + + Returns: + List of DependencyResponse objects + """ + deps = db.query(ArtifactDependency).filter( + ArtifactDependency.artifact_id == artifact_id + ).all() + + return [DependencyResponse.from_orm_model(dep) for dep in deps] + + +def get_reverse_dependencies( + db: Session, + project_name: str, + package_name: str, + page: int = 1, + limit: int = 50, +) -> ReverseDependenciesResponse: + """ + Get all artifacts that depend on a given package. + + Args: + db: Database session + project_name: Target project name + package_name: Target package name + page: Page number (1-indexed) + limit: Results per page + + Returns: + ReverseDependenciesResponse with dependents and pagination + """ + # Query dependencies that point to this project/package + query = db.query(ArtifactDependency).filter( + ArtifactDependency.dependency_project == project_name, + ArtifactDependency.dependency_package == package_name, + ) + + total = query.count() + offset = (page - 1) * limit + deps = query.offset(offset).limit(limit).all() + + dependents = [] + for dep in deps: + # Get artifact info to find the project/package/version + artifact = db.query(Artifact).filter(Artifact.id == dep.artifact_id).first() + if not artifact: + continue + + # Find which package this artifact belongs to via tags or versions + tag = db.query(Tag).filter(Tag.artifact_id == dep.artifact_id).first() + if tag: + pkg = db.query(Package).filter(Package.id == tag.package_id).first() + if pkg: + proj = db.query(Project).filter(Project.id == pkg.project_id).first() + if proj: + # Get version if available + version_record = db.query(PackageVersion).filter( + PackageVersion.artifact_id == dep.artifact_id, + PackageVersion.package_id == pkg.id, + ).first() + + dependents.append(DependentInfo( + artifact_id=dep.artifact_id, + project=proj.name, + package=pkg.name, + version=version_record.version if version_record else None, + constraint_type="version" if dep.version_constraint else "tag", + constraint_value=dep.version_constraint or dep.tag_constraint, + )) + + total_pages = (total + limit - 1) // limit + + return ReverseDependenciesResponse( + project=project_name, + package=package_name, + dependents=dependents, + pagination=PaginationMeta( + page=page, + limit=limit, + total=total, + total_pages=total_pages, + has_more=page < total_pages, + ), + ) + + +def _resolve_dependency_to_artifact( + db: Session, + project_name: str, + package_name: str, + version: Optional[str], + tag: Optional[str], +) -> Optional[Tuple[str, str, int]]: + """ + Resolve a dependency constraint to an artifact ID. + + Args: + db: Database session + project_name: Project name + package_name: Package name + version: Version constraint (exact) + tag: Tag constraint + + Returns: + Tuple of (artifact_id, resolved_version_or_tag, size) or None if not found + """ + # Get project and package + project = db.query(Project).filter(Project.name == project_name).first() + if not project: + return None + + package = db.query(Package).filter( + Package.project_id == project.id, + Package.name == package_name, + ).first() + if not package: + return None + + if version: + # Look up by version + pkg_version = db.query(PackageVersion).filter( + PackageVersion.package_id == package.id, + PackageVersion.version == version, + ).first() + if pkg_version: + artifact = db.query(Artifact).filter( + Artifact.id == pkg_version.artifact_id + ).first() + if artifact: + return (artifact.id, version, artifact.size) + + # Also check if there's a tag with this exact name + tag_record = db.query(Tag).filter( + Tag.package_id == package.id, + Tag.name == version, + ).first() + if tag_record: + artifact = db.query(Artifact).filter( + Artifact.id == tag_record.artifact_id + ).first() + if artifact: + return (artifact.id, version, artifact.size) + + if tag: + # Look up by tag + tag_record = db.query(Tag).filter( + Tag.package_id == package.id, + Tag.name == tag, + ).first() + if tag_record: + artifact = db.query(Artifact).filter( + Artifact.id == tag_record.artifact_id + ).first() + if artifact: + return (artifact.id, tag, artifact.size) + + return None + + +def _detect_package_cycle( + db: Session, + project_name: str, + package_name: str, + target_project: str, + target_package: str, + visiting: Set[str], + visited: Set[str], + path: List[str], +) -> Optional[List[str]]: + """ + Detect cycles at the package level using DFS. + + Args: + db: Database session + project_name: Current project being visited + package_name: Current package being visited + target_project: The project we're checking for cycles back to + target_package: The package we're checking for cycles back to + visiting: Set of package keys currently in the recursion stack + visited: Set of fully processed package keys + path: Current path for cycle reporting + + Returns: + Cycle path if detected, None otherwise + """ + pkg_key = f"{project_name}/{package_name}" + + # Check if we've reached the target package (cycle detected) + if project_name == target_project and package_name == target_package: + return path + [pkg_key] + + if pkg_key in visiting: + # Unexpected internal cycle + return None + + if pkg_key in visited: + return None + + visiting.add(pkg_key) + path.append(pkg_key) + + # Get the package and find any artifacts with dependencies + project = db.query(Project).filter(Project.name == project_name).first() + if project: + package = db.query(Package).filter( + Package.project_id == project.id, + Package.name == package_name, + ).first() + if package: + # Find all artifacts in this package via tags + tags = db.query(Tag).filter(Tag.package_id == package.id).all() + artifact_ids = {t.artifact_id for t in tags} + + # Get dependencies from all artifacts in this package + for artifact_id in artifact_ids: + deps = db.query(ArtifactDependency).filter( + ArtifactDependency.artifact_id == artifact_id + ).all() + + for dep in deps: + cycle = _detect_package_cycle( + db, + dep.dependency_project, + dep.dependency_package, + target_project, + target_package, + visiting, + visited, + path, + ) + if cycle: + return cycle + + path.pop() + visiting.remove(pkg_key) + visited.add(pkg_key) + + return None + + +def check_circular_dependencies( + db: Session, + artifact_id: str, + new_dependencies: List[EnsureFileDependency], + project_name: Optional[str] = None, + package_name: Optional[str] = None, +) -> Optional[List[str]]: + """ + Check if adding the new dependencies would create a circular dependency. + + Args: + db: Database session + artifact_id: The artifact that will have these dependencies + new_dependencies: Dependencies to be added + project_name: Project name (optional, will try to look up from tag if not provided) + package_name: Package name (optional, will try to look up from tag if not provided) + + Returns: + Cycle path if detected, None otherwise + """ + # First, get the package info for this artifact to build path labels + if project_name and package_name: + current_path = f"{project_name}/{package_name}" + else: + # Try to look up from tag + artifact = db.query(Artifact).filter(Artifact.id == artifact_id).first() + if not artifact: + return None + + # Find package for this artifact + tag = db.query(Tag).filter(Tag.artifact_id == artifact_id).first() + if not tag: + return None + + package = db.query(Package).filter(Package.id == tag.package_id).first() + if not package: + return None + + project = db.query(Project).filter(Project.id == package.project_id).first() + if not project: + return None + + current_path = f"{project.name}/{package.name}" + + # Extract target project and package from current_path + if "/" in current_path: + target_project, target_package = current_path.split("/", 1) + else: + return None + + # For each new dependency, check if it would create a cycle back to our package + for dep in new_dependencies: + # Check if this dependency (transitively) depends on us at the package level + visiting: Set[str] = set() + visited: Set[str] = set() + path: List[str] = [current_path] + + # Check from the dependency's package + cycle = _detect_package_cycle( + db, + dep.project, + dep.package, + target_project, + target_package, + visiting, + visited, + path, + ) + if cycle: + return cycle + + return None + + +def resolve_dependencies( + db: Session, + project_name: str, + package_name: str, + ref: str, + base_url: str, +) -> DependencyResolutionResponse: + """ + Resolve all dependencies for an artifact recursively. + + Args: + db: Database session + project_name: Project name + package_name: Package name + ref: Tag or version reference + base_url: Base URL for download URLs + + Returns: + DependencyResolutionResponse with all resolved artifacts + + Raises: + DependencyNotFoundError: If a dependency cannot be resolved + CircularDependencyError: If circular dependencies are detected + DependencyConflictError: If conflicting versions are required + """ + # Resolve the initial artifact + project = db.query(Project).filter(Project.name == project_name).first() + if not project: + raise DependencyNotFoundError(project_name, package_name, ref) + + package = db.query(Package).filter( + Package.project_id == project.id, + Package.name == package_name, + ).first() + if not package: + raise DependencyNotFoundError(project_name, package_name, ref) + + # Try to find artifact by tag or version + resolved = _resolve_dependency_to_artifact( + db, project_name, package_name, ref, ref + ) + if not resolved: + raise DependencyNotFoundError(project_name, package_name, ref) + + root_artifact_id, root_version, root_size = resolved + + # Track resolved artifacts and their versions + resolved_artifacts: Dict[str, ResolvedArtifact] = {} + # Track version requirements for conflict detection + version_requirements: Dict[str, List[Dict[str, Any]]] = {} # pkg_key -> [(version, required_by)] + # Track visiting/visited for cycle detection + visiting: Set[str] = set() + visited: Set[str] = set() + # Resolution order (topological) + resolution_order: List[str] = [] + + def _resolve_recursive( + artifact_id: str, + proj_name: str, + pkg_name: str, + version_or_tag: str, + size: int, + required_by: Optional[str], + depth: int = 0, + ): + """Recursively resolve dependencies with cycle/conflict detection.""" + # Safety limit: prevent DoS through deeply nested dependencies + if depth > MAX_DEPENDENCY_DEPTH: + raise DependencyDepthExceededError(MAX_DEPENDENCY_DEPTH) + + pkg_key = f"{proj_name}/{pkg_name}" + + # Cycle detection (at artifact level) + if artifact_id in visiting: + # Build cycle path + raise CircularDependencyError([pkg_key, pkg_key]) + + # Conflict detection - check if we've seen this package before with a different version + if pkg_key in version_requirements: + existing_versions = {r["version"] for r in version_requirements[pkg_key]} + if version_or_tag not in existing_versions: + # Conflict detected - same package, different version + requirements = version_requirements[pkg_key] + [ + {"version": version_or_tag, "required_by": required_by} + ] + raise DependencyConflictError([ + DependencyConflict( + project=proj_name, + package=pkg_name, + requirements=[ + { + "version": r["version"], + "required_by": [{"path": r["required_by"]}] if r["required_by"] else [] + } + for r in requirements + ], + ) + ]) + # Same version already resolved - skip + if artifact_id in visited: + return + + if artifact_id in visited: + return + + visiting.add(artifact_id) + + # Track version requirement + if pkg_key not in version_requirements: + version_requirements[pkg_key] = [] + version_requirements[pkg_key].append({ + "version": version_or_tag, + "required_by": required_by, + }) + + # Get dependencies + deps = db.query(ArtifactDependency).filter( + ArtifactDependency.artifact_id == artifact_id + ).all() + + # Resolve each dependency first (depth-first) + for dep in deps: + resolved_dep = _resolve_dependency_to_artifact( + db, + dep.dependency_project, + dep.dependency_package, + dep.version_constraint, + dep.tag_constraint, + ) + + if not resolved_dep: + constraint = dep.version_constraint or dep.tag_constraint + raise DependencyNotFoundError( + dep.dependency_project, + dep.dependency_package, + constraint, + ) + + dep_artifact_id, dep_version, dep_size = resolved_dep + _resolve_recursive( + dep_artifact_id, + dep.dependency_project, + dep.dependency_package, + dep_version, + dep_size, + pkg_key, + depth + 1, + ) + + visiting.remove(artifact_id) + visited.add(artifact_id) + + # Add to resolution order (dependencies before dependents) + resolution_order.append(artifact_id) + + # Store resolved artifact info + resolved_artifacts[artifact_id] = ResolvedArtifact( + artifact_id=artifact_id, + project=proj_name, + package=pkg_name, + version=version_or_tag, + size=size, + download_url=f"{base_url}/api/v1/project/{proj_name}/{pkg_name}/+/{version_or_tag}", + ) + + # Start resolution from root + _resolve_recursive( + root_artifact_id, + project_name, + package_name, + root_version, + root_size, + None, + ) + + # Build response in topological order + resolved_list = [resolved_artifacts[aid] for aid in resolution_order] + total_size = sum(r.size for r in resolved_list) + + return DependencyResolutionResponse( + requested={ + "project": project_name, + "package": package_name, + "ref": ref, + }, + resolved=resolved_list, + total_size=total_size, + artifact_count=len(resolved_list), + ) diff --git a/backend/app/models.py b/backend/app/models.py index 1ba4365..92aa6c0 100644 --- a/backend/app/models.py +++ b/backend/app/models.py @@ -117,6 +117,9 @@ class Artifact(Base): tags = relationship("Tag", back_populates="artifact") uploads = relationship("Upload", back_populates="artifact") versions = relationship("PackageVersion", back_populates="artifact") + dependencies = relationship( + "ArtifactDependency", back_populates="artifact", cascade="all, delete-orphan" + ) @property def sha256(self) -> str: @@ -507,3 +510,54 @@ class PackageHistory(Base): Index("idx_package_history_changed_at", "changed_at"), Index("idx_package_history_package_changed_at", "package_id", "changed_at"), ) + + +class ArtifactDependency(Base): + """Dependency declared by an artifact on another package. + + Each artifact can declare dependencies on other packages, specifying either + an exact version or a tag. This enables recursive dependency resolution. + """ + + __tablename__ = "artifact_dependencies" + + id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4) + artifact_id = Column( + String(64), + ForeignKey("artifacts.id", ondelete="CASCADE"), + nullable=False, + ) + dependency_project = Column(String(255), nullable=False) + dependency_package = Column(String(255), nullable=False) + version_constraint = Column(String(255), nullable=True) + tag_constraint = Column(String(255), nullable=True) + created_at = Column(DateTime(timezone=True), default=datetime.utcnow) + + # Relationship to the artifact that declares this dependency + artifact = relationship("Artifact", back_populates="dependencies") + + __table_args__ = ( + # Exactly one of version_constraint or tag_constraint must be set + CheckConstraint( + "(version_constraint IS NOT NULL AND tag_constraint IS NULL) OR " + "(version_constraint IS NULL AND tag_constraint IS NOT NULL)", + name="check_constraint_type", + ), + # Each artifact can only depend on a specific project/package once + Index( + "idx_artifact_dependencies_artifact_id", + "artifact_id", + ), + Index( + "idx_artifact_dependencies_target", + "dependency_project", + "dependency_package", + ), + Index( + "idx_artifact_dependencies_unique", + "artifact_id", + "dependency_project", + "dependency_package", + unique=True, + ), + ) diff --git a/backend/app/routes.py b/backend/app/routes.py index 3f82ae7..68121b2 100644 --- a/backend/app/routes.py +++ b/backend/app/routes.py @@ -14,7 +14,7 @@ from fastapi import ( Cookie, status, ) -from fastapi.responses import StreamingResponse, RedirectResponse +from fastapi.responses import StreamingResponse, RedirectResponse, PlainTextResponse from sqlalchemy.orm import Session from sqlalchemy import or_, and_, func, text from typing import List, Optional, Literal @@ -47,6 +47,7 @@ from .models import ( User, AccessPermission, PackageVersion, + ArtifactDependency, ) from .schemas import ( ProjectCreate, @@ -120,8 +121,28 @@ from .schemas import ( OIDCLoginResponse, PackageVersionResponse, PackageVersionDetailResponse, + ArtifactDependenciesResponse, + DependencyResponse, + ReverseDependenciesResponse, + DependencyResolutionResponse, + CircularDependencyError as CircularDependencyErrorSchema, + DependencyConflictError as DependencyConflictErrorSchema, ) from .metadata import extract_metadata +from .dependencies import ( + parse_ensure_file, + validate_dependencies, + store_dependencies, + get_artifact_dependencies, + get_reverse_dependencies, + check_circular_dependencies, + resolve_dependencies, + InvalidEnsureFileError, + CircularDependencyError, + DependencyConflictError, + DependencyNotFoundError, + DependencyDepthExceededError, +) from .config import get_settings from .checksum import ( ChecksumMismatchError, @@ -144,6 +165,18 @@ def sanitize_filename(filename: str) -> str: return re.sub(r'[\r\n"]', "", filename) +def read_ensure_file(ensure_file: UploadFile) -> bytes: + """Read the content of an ensure file upload. + + Args: + ensure_file: The uploaded ensure file + + Returns: + Raw bytes content of the file + """ + return ensure_file.file.read() + + def build_content_disposition(filename: str) -> str: """Build a Content-Disposition header value with proper encoding. @@ -2272,6 +2305,7 @@ def upload_artifact( package_name: str, request: Request, file: UploadFile = File(...), + ensure: Optional[UploadFile] = File(None, description="Optional orchard.ensure file with dependencies"), tag: Optional[str] = Form(None), version: Optional[str] = Form(None), db: Session = Depends(get_db), @@ -2303,6 +2337,26 @@ def upload_artifact( - `throughput_mbps`: Upload throughput in MB/s - `deduplicated`: True if content already existed + **Dependencies (orchard.ensure file):** + Optionally include an `ensure` file to declare dependencies for this artifact. + The file must be valid YAML with the following format: + + ```yaml + dependencies: + - project: some-project + package: some-lib + version: "1.2.3" # Exact version (mutually exclusive with tag) + + - project: another-project + package: another-lib + tag: stable # Tag reference (mutually exclusive with version) + ``` + + **Dependency validation:** + - Each dependency must specify either `version` or `tag`, not both + - Referenced projects must exist (packages are not validated at upload time) + - Circular dependencies are rejected at upload time + **Example (curl):** ```bash curl -X POST "http://localhost:8080/api/v1/project/myproject/mypackage/upload" \\ @@ -2311,6 +2365,15 @@ def upload_artifact( -F "tag=v1.0.0" ``` + **Example with dependencies (curl):** + ```bash + curl -X POST "http://localhost:8080/api/v1/project/myproject/mypackage/upload" \\ + -H "Authorization: Bearer " \\ + -F "file=@myfile.tar.gz" \\ + -F "ensure=@orchard.ensure" \\ + -F "tag=v1.0.0" + ``` + **Example (Python requests):** ```python import requests @@ -2611,6 +2674,45 @@ def upload_artifact( f"ref_count={artifact.ref_count}, saved_bytes={saved_bytes}" ) + # Process ensure file if provided + dependencies_stored = [] + if ensure: + try: + ensure_content = read_ensure_file(ensure) + parsed_ensure = parse_ensure_file(ensure_content) + + if parsed_ensure.dependencies: + # Validate dependencies (projects must exist) + validation_errors = validate_dependencies(db, parsed_ensure.dependencies) + if validation_errors: + raise HTTPException( + status_code=400, + detail=f"Invalid ensure file: {'; '.join(validation_errors)}" + ) + + # Check for circular dependencies + cycle = check_circular_dependencies( + db, storage_result.sha256, parsed_ensure.dependencies, + project_name=project_name, package_name=package_name + ) + if cycle: + raise HTTPException( + status_code=400, + detail=f"Circular dependency detected: {' -> '.join(cycle)}" + ) + + # Store dependencies + dependencies_stored = store_dependencies( + db, storage_result.sha256, parsed_ensure.dependencies + ) + logger.info( + f"Stored {len(dependencies_stored)} dependencies for artifact " + f"{storage_result.sha256[:12]}..." + ) + + except InvalidEnsureFileError as e: + raise HTTPException(status_code=400, detail=f"Invalid ensure file: {e}") + # Audit log _log_audit( db, @@ -6508,3 +6610,324 @@ def factory_reset( status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=f"Factory reset failed: {str(e)}", ) + + +# ============================================================================= +# Dependency Management Endpoints +# ============================================================================= + + +@router.get( + "/api/v1/artifact/{artifact_id}/dependencies", + response_model=ArtifactDependenciesResponse, + tags=["dependencies"], +) +def get_artifact_dependencies_endpoint( + artifact_id: str, + db: Session = Depends(get_db), + current_user: Optional[User] = Depends(get_current_user_optional), +): + """ + Get all dependencies for an artifact by its ID. + + Returns the list of packages this artifact depends on. + """ + # Verify artifact exists + artifact = db.query(Artifact).filter(Artifact.id == artifact_id).first() + if not artifact: + raise HTTPException(status_code=404, detail="Artifact not found") + + deps = get_artifact_dependencies(db, artifact_id) + + return ArtifactDependenciesResponse( + artifact_id=artifact_id, + dependencies=deps, + ) + + +@router.get( + "/api/v1/project/{project_name}/{package_name}/+/{ref}/dependencies", + response_model=ArtifactDependenciesResponse, + tags=["dependencies"], +) +def get_dependencies_by_ref( + project_name: str, + package_name: str, + ref: str, + db: Session = Depends(get_db), + current_user: Optional[User] = Depends(get_current_user_optional), +): + """ + Get dependencies for an artifact by project/package/ref. + + The ref can be a tag name or version. + """ + # Check project access (handles private project authorization) + project = check_project_access(db, project_name, current_user, "read") + + package = db.query(Package).filter( + Package.project_id == project.id, + Package.name == package_name, + ).first() + if not package: + raise HTTPException(status_code=404, detail="Package not found") + + # Try to resolve ref to an artifact + artifact_id = None + + # Try as tag first + tag = db.query(Tag).filter( + Tag.package_id == package.id, + Tag.name == ref, + ).first() + if tag: + artifact_id = tag.artifact_id + + # Try as version if not found as tag + if not artifact_id: + version_record = db.query(PackageVersion).filter( + PackageVersion.package_id == package.id, + PackageVersion.version == ref, + ).first() + if version_record: + artifact_id = version_record.artifact_id + + # Try as artifact ID prefix + if not artifact_id and len(ref) >= 8: + artifact = db.query(Artifact).filter( + Artifact.id.like(f"{ref}%") + ).first() + if artifact: + artifact_id = artifact.id + + if not artifact_id: + raise HTTPException( + status_code=404, + detail=f"Reference '{ref}' not found in {project_name}/{package_name}" + ) + + deps = get_artifact_dependencies(db, artifact_id) + + return ArtifactDependenciesResponse( + artifact_id=artifact_id, + dependencies=deps, + ) + + +@router.get( + "/api/v1/project/{project_name}/{package_name}/+/{ref}/ensure", + response_class=PlainTextResponse, + tags=["dependencies"], +) +def get_ensure_file( + project_name: str, + package_name: str, + ref: str, + db: Session = Depends(get_db), + current_user: Optional[User] = Depends(get_current_user_optional), +): + """ + Get the orchard.ensure file content for an artifact. + + Returns the dependencies in YAML format that can be used as an ensure file. + """ + # Check project access + project = check_project_access(db, project_name, current_user, "read") + + package = db.query(Package).filter( + Package.project_id == project.id, + Package.name == package_name, + ).first() + if not package: + raise HTTPException(status_code=404, detail="Package not found") + + # Resolve ref to artifact + artifact_id = None + + # Try as tag first + tag = db.query(Tag).filter( + Tag.package_id == package.id, + Tag.name == ref, + ).first() + if tag: + artifact_id = tag.artifact_id + + # Try as version + if not artifact_id: + version = db.query(PackageVersion).filter( + PackageVersion.package_id == package.id, + PackageVersion.version == ref, + ).first() + if version: + artifact_id = version.artifact_id + + # Try as artifact ID prefix + if not artifact_id and len(ref) >= 8: + artifact = db.query(Artifact).filter( + Artifact.id.like(f"{ref}%") + ).first() + if artifact: + artifact_id = artifact.id + + if not artifact_id: + raise HTTPException(status_code=404, detail="Artifact not found") + + # Get artifact details + artifact = db.query(Artifact).filter(Artifact.id == artifact_id).first() + + # Get version info if available + version_record = db.query(PackageVersion).filter( + PackageVersion.package_id == package.id, + PackageVersion.artifact_id == artifact_id, + ).first() + version_str = version_record.version if version_record else None + + # Get dependencies + deps = get_artifact_dependencies(db, artifact_id) + + # Build YAML content with full format + lines = [] + + # Header comment + lines.append(f"# orchard.ensure - Generated from {project_name}/{package_name}@{ref}") + lines.append(f"# Artifact: {artifact_id}") + if version_str: + lines.append(f"# Version: {version_str}") + lines.append(f"# Generated: {datetime.now(timezone.utc).isoformat()}") + lines.append("") + + # Top-level project + lines.append(f"project: {project_name}") + lines.append("") + + # Projects section + lines.append("projects:") + lines.append(f" - name: {project_name}") + + if deps: + lines.append(" dependencies:") + for dep in deps: + # Determine if cross-project dependency + is_cross_project = dep.project != project_name + + lines.append(f" - package: {dep.package}") + if is_cross_project: + lines.append(f" project: {dep.project} # Cross-project dependency") + if dep.version: + lines.append(f" version: \"{dep.version}\"") + elif dep.tag: + lines.append(f" tag: {dep.tag}") + # Suggest a path based on package name + lines.append(f" path: {dep.package}/") + else: + lines.append(" dependencies: []") + + lines.append("") + + return PlainTextResponse( + "\n".join(lines), + media_type="text/yaml", + ) + + +@router.get( + "/api/v1/project/{project_name}/{package_name}/reverse-dependencies", + response_model=ReverseDependenciesResponse, + tags=["dependencies"], +) +def get_package_reverse_dependencies( + project_name: str, + package_name: str, + page: int = Query(1, ge=1), + limit: int = Query(50, ge=1, le=100), + db: Session = Depends(get_db), + current_user: Optional[User] = Depends(get_current_user_optional), +): + """ + Get packages that depend on this package (reverse dependencies). + + Returns a paginated list of artifacts that declare a dependency on this package. + """ + # Check project access (handles private project authorization) + project = check_project_access(db, project_name, current_user, "read") + + package = db.query(Package).filter( + Package.project_id == project.id, + Package.name == package_name, + ).first() + if not package: + raise HTTPException(status_code=404, detail="Package not found") + + return get_reverse_dependencies(db, project_name, package_name, page, limit) + + +@router.get( + "/api/v1/project/{project_name}/{package_name}/+/{ref}/resolve", + response_model=DependencyResolutionResponse, + tags=["dependencies"], +) +def resolve_artifact_dependencies( + project_name: str, + package_name: str, + ref: str, + request: Request, + db: Session = Depends(get_db), + current_user: Optional[User] = Depends(get_current_user_optional), +): + """ + Resolve all dependencies for an artifact recursively. + + Returns a flat list of all artifacts needed, in topological order + (dependencies before dependents). Includes download URLs for each artifact. + + **Error Responses:** + - 404: Artifact or dependency not found + - 409: Circular dependency or version conflict detected + """ + # Check project access (handles private project authorization) + check_project_access(db, project_name, current_user, "read") + + # Build base URL for download links + base_url = str(request.base_url).rstrip("/") + + try: + return resolve_dependencies(db, project_name, package_name, ref, base_url) + except DependencyNotFoundError as e: + raise HTTPException( + status_code=404, + detail=f"Dependency not found: {e.project}/{e.package}@{e.constraint}" + ) + except CircularDependencyError as e: + raise HTTPException( + status_code=409, + detail={ + "error": "circular_dependency", + "message": str(e), + "cycle": e.cycle, + } + ) + except DependencyConflictError as e: + raise HTTPException( + status_code=409, + detail={ + "error": "dependency_conflict", + "message": str(e), + "conflicts": [ + { + "project": c.project, + "package": c.package, + "requirements": c.requirements, + } + for c in e.conflicts + ], + } + ) + except DependencyDepthExceededError as e: + raise HTTPException( + status_code=400, + detail={ + "error": "dependency_depth_exceeded", + "message": str(e), + "max_depth": e.max_depth, + } + ) diff --git a/backend/app/schemas.py b/backend/app/schemas.py index 275f827..f893187 100644 --- a/backend/app/schemas.py +++ b/backend/app/schemas.py @@ -916,3 +916,140 @@ class ProjectWithAccessResponse(ProjectResponse): """Project response with user's access level""" user_access_level: Optional[str] = None + +# Artifact Dependency schemas +class DependencyCreate(BaseModel): + """Schema for creating a dependency""" + project: str + package: str + version: Optional[str] = None + tag: Optional[str] = None + + @field_validator('version', 'tag') + @classmethod + def validate_constraint(cls, v, info): + return v + + def model_post_init(self, __context): + """Validate that exactly one of version or tag is set""" + if self.version is None and self.tag is None: + raise ValueError("Either 'version' or 'tag' must be specified") + if self.version is not None and self.tag is not None: + raise ValueError("Cannot specify both 'version' and 'tag'") + + +class DependencyResponse(BaseModel): + """Schema for dependency response""" + id: UUID + artifact_id: str + project: str + package: str + version: Optional[str] = None + tag: Optional[str] = None + created_at: datetime + + class Config: + from_attributes = True + + @classmethod + def from_orm_model(cls, dep) -> "DependencyResponse": + """Create from ORM model with field mapping""" + return cls( + id=dep.id, + artifact_id=dep.artifact_id, + project=dep.dependency_project, + package=dep.dependency_package, + version=dep.version_constraint, + tag=dep.tag_constraint, + created_at=dep.created_at, + ) + + +class ArtifactDependenciesResponse(BaseModel): + """Response containing all dependencies for an artifact""" + artifact_id: str + dependencies: List[DependencyResponse] + + +class DependentInfo(BaseModel): + """Information about an artifact that depends on a package""" + artifact_id: str + project: str + package: str + version: Optional[str] = None + constraint_type: str # 'version' or 'tag' + constraint_value: str + + +class ReverseDependenciesResponse(BaseModel): + """Response containing packages that depend on a given package""" + project: str + package: str + dependents: List[DependentInfo] + pagination: PaginationMeta + + +class EnsureFileDependency(BaseModel): + """Dependency entry from orchard.ensure file""" + project: str + package: str + version: Optional[str] = None + tag: Optional[str] = None + + @field_validator('version', 'tag') + @classmethod + def validate_constraint(cls, v, info): + return v + + def model_post_init(self, __context): + """Validate that exactly one of version or tag is set""" + if self.version is None and self.tag is None: + raise ValueError("Either 'version' or 'tag' must be specified") + if self.version is not None and self.tag is not None: + raise ValueError("Cannot specify both 'version' and 'tag'") + + +class EnsureFileContent(BaseModel): + """Parsed content of orchard.ensure file""" + dependencies: List[EnsureFileDependency] = [] + + +class ResolvedArtifact(BaseModel): + """A resolved artifact in the dependency tree""" + artifact_id: str + project: str + package: str + version: Optional[str] = None + tag: Optional[str] = None + size: int + download_url: str + + +class DependencyResolutionResponse(BaseModel): + """Response from dependency resolution endpoint""" + requested: Dict[str, str] # project, package, ref + resolved: List[ResolvedArtifact] + total_size: int + artifact_count: int + + +class DependencyConflict(BaseModel): + """Details about a dependency conflict""" + project: str + package: str + requirements: List[Dict[str, Any]] # version/tag and required_by info + + +class DependencyConflictError(BaseModel): + """Error response for dependency conflicts""" + error: str = "dependency_conflict" + message: str + conflicts: List[DependencyConflict] + + +class CircularDependencyError(BaseModel): + """Error response for circular dependencies""" + error: str = "circular_dependency" + message: str + cycle: List[str] # List of "project/package" strings showing the cycle + diff --git a/backend/app/seed.py b/backend/app/seed.py index 34cc98e..ed1a29d 100644 --- a/backend/app/seed.py +++ b/backend/app/seed.py @@ -5,7 +5,7 @@ import hashlib import logging from sqlalchemy.orm import Session -from .models import Project, Package, Artifact, Tag, Upload, PackageVersion +from .models import Project, Package, Artifact, Tag, Upload, PackageVersion, ArtifactDependency from .storage import get_storage logger = logging.getLogger(__name__) @@ -123,6 +123,17 @@ TEST_ARTIFACTS = [ }, ] +# Dependencies to create (source artifact -> dependency) +# Format: (source_project, source_package, source_version, dep_project, dep_package, version_constraint, tag_constraint) +TEST_DEPENDENCIES = [ + # ui-components v1.1.0 depends on design-tokens v1.0.0 + ("frontend-libs", "ui-components", "1.1.0", "frontend-libs", "design-tokens", "1.0.0", None), + # auth-lib v1.0.0 depends on common-utils v2.0.0 + ("backend-services", "auth-lib", "1.0.0", "backend-services", "common-utils", "2.0.0", None), + # auth-lib v1.0.0 also depends on design-tokens (stable tag) + ("backend-services", "auth-lib", "1.0.0", "frontend-libs", "design-tokens", None, "latest"), +] + def is_database_empty(db: Session) -> bool: """Check if the database has any projects.""" @@ -240,6 +251,40 @@ def seed_database(db: Session) -> None: db.add(tag) tag_count += 1 + db.flush() + + # Create dependencies + dependency_count = 0 + for dep_data in TEST_DEPENDENCIES: + src_project, src_package, src_version, dep_project, dep_package, version_constraint, tag_constraint = dep_data + + # Find the source artifact by looking up its version + src_pkg = package_map.get((src_project, src_package)) + if not src_pkg: + logger.warning(f"Source package not found: {src_project}/{src_package}") + continue + + # Find the artifact for this version + src_version_record = db.query(PackageVersion).filter( + PackageVersion.package_id == src_pkg.id, + PackageVersion.version == src_version, + ).first() + + if not src_version_record: + logger.warning(f"Source version not found: {src_project}/{src_package}@{src_version}") + continue + + # Create the dependency + dependency = ArtifactDependency( + artifact_id=src_version_record.artifact_id, + dependency_project=dep_project, + dependency_package=dep_package, + version_constraint=version_constraint, + tag_constraint=tag_constraint, + ) + db.add(dependency) + dependency_count += 1 + db.commit() - logger.info(f"Created {artifact_count} artifacts, {tag_count} tags, and {version_count} versions") + logger.info(f"Created {artifact_count} artifacts, {tag_count} tags, {version_count} versions, and {dependency_count} dependencies") logger.info("Database seeding complete") diff --git a/backend/tests/test_dependencies.py b/backend/tests/test_dependencies.py new file mode 100644 index 0000000..5da2dcd --- /dev/null +++ b/backend/tests/test_dependencies.py @@ -0,0 +1,1080 @@ +"""Tests for artifact dependency management. + +Tests cover: +- #76: Database Schema for Artifact Dependencies +- #77: Ensure File Parsing and Storage on Upload +- #78: Dependency Query API Endpoints +- #79: Server-Side Dependency Resolution +- #80: Circular Dependency Detection +- #81: Dependency Conflict Detection and Reporting +""" + +import pytest +import yaml +from uuid import uuid4 +from io import BytesIO + +# For schema validation tests +from pydantic import ValidationError + + +def unique_content(base: str, test_id: str, extra: str = "") -> bytes: + """Generate unique content to avoid artifact hash collisions between tests.""" + return f"{base}-{test_id}-{extra}-{uuid4().hex[:8]}".encode() + + +class TestDependencySchema: + """Tests for #76: Database Schema for Artifact Dependencies""" + + @pytest.mark.integration + def test_create_dependency_with_version( + self, integration_client, test_package, unique_test_id + ): + """Test creating a dependency with version constraint.""" + project_name, package_name = test_package + + # First upload an artifact + content = unique_content("test-deps", unique_test_id, "schema1") + files = {"file": ("test.tar.gz", BytesIO(content), "application/gzip")} + response = integration_client.post( + f"/api/v1/project/{project_name}/{package_name}/upload", + files=files, + data={"tag": f"v1.0.0-{unique_test_id}"}, + ) + assert response.status_code == 200 + + # Create a second project to depend on + dep_project_name = f"dep-project-{uuid4().hex[:8]}" + response = integration_client.post( + "/api/v1/projects", json={"name": dep_project_name} + ) + assert response.status_code == 200 + + try: + # Now test the dependency creation via API (once implemented) + # For now, verify the schema constraints work at DB level + pass + finally: + # Cleanup + integration_client.delete(f"/api/v1/projects/{dep_project_name}") + + @pytest.mark.integration + def test_dependency_requires_version_or_tag(self, integration_client): + """Test that dependency must have either version or tag, not both or neither.""" + from app.schemas import DependencyCreate + + # Test: neither version nor tag + with pytest.raises(ValidationError) as exc_info: + DependencyCreate(project="proj", package="pkg") + assert "Either 'version' or 'tag' must be specified" in str(exc_info.value) + + # Test: both version and tag + with pytest.raises(ValidationError) as exc_info: + DependencyCreate(project="proj", package="pkg", version="1.0.0", tag="stable") + assert "Cannot specify both 'version' and 'tag'" in str(exc_info.value) + + # Test: valid with version + dep = DependencyCreate(project="proj", package="pkg", version="1.0.0") + assert dep.version == "1.0.0" + assert dep.tag is None + + # Test: valid with tag + dep = DependencyCreate(project="proj", package="pkg", tag="stable") + assert dep.tag == "stable" + assert dep.version is None + + @pytest.mark.integration + def test_dependency_unique_constraint( + self, integration_client, test_package + ): + """Test that an artifact can only have one dependency per project/package.""" + # This will be tested once the upload with ensure file is implemented + pass + + +class TestEnsureFileParsing: + """Tests for #77: Ensure File Parsing and Storage on Upload""" + + @pytest.mark.integration + def test_upload_with_valid_ensure_file( + self, integration_client, test_package, unique_test_id + ): + """Test uploading an artifact with a valid orchard.ensure file.""" + project_name, package_name = test_package + + # Create dependency project + dep_project_name = f"dep-project-{unique_test_id}" + response = integration_client.post( + "/api/v1/projects", json={"name": dep_project_name} + ) + assert response.status_code == 200 + + try: + # Create ensure file content + ensure_content = yaml.dump({ + "dependencies": [ + {"project": dep_project_name, "package": "some-pkg", "version": "1.0.0"} + ] + }) + + # Upload artifact with ensure file - use unique content to avoid conflicts + content = unique_content("test-ensure", unique_test_id, "valid") + files = { + "file": ("test-artifact.tar.gz", BytesIO(content), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_content.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{project_name}/{package_name}/upload", + files=files, + data={"tag": f"v1.0.0-{unique_test_id}"}, + ) + assert response.status_code == 200 + data = response.json() + artifact_id = data["artifact_id"] + + # Verify dependencies were stored + response = integration_client.get( + f"/api/v1/artifact/{artifact_id}/dependencies" + ) + assert response.status_code == 200 + deps = response.json() + assert len(deps["dependencies"]) == 1 + assert deps["dependencies"][0]["project"] == dep_project_name + assert deps["dependencies"][0]["package"] == "some-pkg" + assert deps["dependencies"][0]["version"] == "1.0.0" + + finally: + integration_client.delete(f"/api/v1/projects/{dep_project_name}") + + @pytest.mark.integration + def test_upload_with_invalid_ensure_file( + self, integration_client, test_package, unique_test_id + ): + """Test uploading with invalid YAML ensure file.""" + project_name, package_name = test_package + + # Invalid YAML + content = unique_content("test-invalid", unique_test_id, "yaml") + files = { + "file": ("test-artifact.tar.gz", BytesIO(content), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(b"invalid: yaml: content: ["), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{project_name}/{package_name}/upload", + files=files, + data={"tag": f"v1.0.0-{unique_test_id}"}, + ) + assert response.status_code == 400 + assert "Invalid ensure file" in response.json().get("detail", "") + + @pytest.mark.integration + def test_upload_with_missing_dependency_project( + self, integration_client, test_package, unique_test_id + ): + """Test uploading with ensure file referencing non-existent project.""" + project_name, package_name = test_package + + ensure_content = yaml.dump({ + "dependencies": [ + {"project": "nonexistent-project-xyz", "package": "some-pkg", "version": "1.0.0"} + ] + }) + + content = unique_content("test-missing", unique_test_id, "project") + files = { + "file": ("test-artifact.tar.gz", BytesIO(content), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_content.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{project_name}/{package_name}/upload", + files=files, + data={"tag": f"v1.0.0-{unique_test_id}"}, + ) + assert response.status_code == 400 + assert "Project" in response.json().get("detail", "") + assert "not found" in response.json().get("detail", "").lower() + + @pytest.mark.integration + def test_upload_without_ensure_file( + self, integration_client, test_package, unique_test_id + ): + """Test normal upload without ensure file still works.""" + project_name, package_name = test_package + + content = unique_content("test-nodeps", unique_test_id, "upload") + files = { + "file": ("test-artifact.tar.gz", BytesIO(content), "application/gzip"), + } + response = integration_client.post( + f"/api/v1/project/{project_name}/{package_name}/upload", + files=files, + data={"tag": f"v1.0.0-nodeps-{unique_test_id}"}, + ) + assert response.status_code == 200 + + @pytest.mark.integration + def test_upload_ensure_file_both_version_and_tag( + self, integration_client, test_package, unique_test_id + ): + """Test that ensure file with both version and tag is rejected.""" + project_name, package_name = test_package + + dep_project_name = f"dep-project-{unique_test_id}" + response = integration_client.post( + "/api/v1/projects", json={"name": dep_project_name} + ) + assert response.status_code == 200 + + try: + ensure_content = yaml.dump({ + "dependencies": [ + {"project": dep_project_name, "package": "pkg", "version": "1.0.0", "tag": "stable"} + ] + }) + + content = unique_content("test-both", unique_test_id, "constraint") + files = { + "file": ("test.tar.gz", BytesIO(content), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_content.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{project_name}/{package_name}/upload", + files=files, + data={"tag": f"v1.0.0-{unique_test_id}"}, + ) + assert response.status_code == 400 + assert "both" in response.json().get("detail", "").lower() or \ + "version" in response.json().get("detail", "").lower() + finally: + integration_client.delete(f"/api/v1/projects/{dep_project_name}") + + +class TestDependencyQueryEndpoints: + """Tests for #78: Dependency Query API Endpoints""" + + @pytest.mark.integration + def test_get_artifact_dependencies( + self, integration_client, test_package, unique_test_id + ): + """Test GET /api/v1/artifact/{artifact_id}/dependencies""" + project_name, package_name = test_package + + # Create dependency project + dep_project_name = f"dep-project-{unique_test_id}" + response = integration_client.post( + "/api/v1/projects", json={"name": dep_project_name} + ) + assert response.status_code == 200 + + try: + # Upload artifact with dependencies + ensure_content = yaml.dump({ + "dependencies": [ + {"project": dep_project_name, "package": "lib-a", "version": "1.0.0"}, + {"project": dep_project_name, "package": "lib-b", "tag": "stable"}, + ] + }) + + content = unique_content("test-deps", unique_test_id, "query") + files = { + "file": ("artifact.tar.gz", BytesIO(content), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_content.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{project_name}/{package_name}/upload", + files=files, + data={"tag": f"v2.0.0-{unique_test_id}"}, + ) + assert response.status_code == 200 + artifact_id = response.json()["artifact_id"] + + # Get dependencies + response = integration_client.get(f"/api/v1/artifact/{artifact_id}/dependencies") + assert response.status_code == 200 + data = response.json() + assert data["artifact_id"] == artifact_id + assert len(data["dependencies"]) == 2 + + # Verify both dependencies + deps = {d["package"]: d for d in data["dependencies"]} + assert "lib-a" in deps + assert deps["lib-a"]["version"] == "1.0.0" + assert deps["lib-a"]["tag"] is None + assert "lib-b" in deps + assert deps["lib-b"]["tag"] == "stable" + assert deps["lib-b"]["version"] is None + + finally: + integration_client.delete(f"/api/v1/projects/{dep_project_name}") + + @pytest.mark.integration + def test_get_dependencies_by_ref( + self, integration_client, test_package, unique_test_id + ): + """Test GET /api/v1/project/{proj}/{pkg}/+/{ref}/dependencies""" + project_name, package_name = test_package + + dep_project_name = f"dep-project-{unique_test_id}" + response = integration_client.post( + "/api/v1/projects", json={"name": dep_project_name} + ) + assert response.status_code == 200 + + try: + ensure_content = yaml.dump({ + "dependencies": [ + {"project": dep_project_name, "package": "lib-c", "version": "2.0.0"}, + ] + }) + + tag_name = f"v3.0.0-{unique_test_id}" + content = unique_content("test-ref", unique_test_id, "deps") + files = { + "file": ("artifact.tar.gz", BytesIO(content), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_content.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{project_name}/{package_name}/upload", + files=files, + data={"tag": tag_name}, + ) + assert response.status_code == 200 + + # Get dependencies by tag + response = integration_client.get( + f"/api/v1/project/{project_name}/{package_name}/+/{tag_name}/dependencies" + ) + assert response.status_code == 200 + data = response.json() + assert len(data["dependencies"]) == 1 + assert data["dependencies"][0]["package"] == "lib-c" + + finally: + integration_client.delete(f"/api/v1/projects/{dep_project_name}") + + @pytest.mark.integration + def test_get_reverse_dependencies( + self, integration_client, test_package, unique_test_id + ): + """Test GET /api/v1/project/{proj}/{pkg}/reverse-dependencies""" + project_name, package_name = test_package + + # Create the dependency target project/package + dep_project_name = f"lib-project-{unique_test_id}" + response = integration_client.post( + "/api/v1/projects", json={"name": dep_project_name} + ) + assert response.status_code == 200 + + try: + # Create the target package with an artifact + response = integration_client.post( + f"/api/v1/project/{dep_project_name}/packages", + json={"name": "target-lib"} + ) + assert response.status_code == 200 + + content = unique_content("lib", unique_test_id, "target") + files = { + "file": ("lib.tar.gz", BytesIO(content), "application/gzip"), + } + response = integration_client.post( + f"/api/v1/project/{dep_project_name}/target-lib/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Now upload an artifact that depends on the target + ensure_content = yaml.dump({ + "dependencies": [ + {"project": dep_project_name, "package": "target-lib", "version": "1.0.0"}, + ] + }) + + content = unique_content("app", unique_test_id, "reverse") + files = { + "file": ("app.tar.gz", BytesIO(content), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_content.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{project_name}/{package_name}/upload", + files=files, + data={"tag": f"v4.0.0-{unique_test_id}"}, + ) + assert response.status_code == 200 + + # Check reverse dependencies + response = integration_client.get( + f"/api/v1/project/{dep_project_name}/target-lib/reverse-dependencies" + ) + assert response.status_code == 200 + data = response.json() + assert data["project"] == dep_project_name + assert data["package"] == "target-lib" + assert len(data["dependents"]) >= 1 + + # Find our dependent + found = False + for dep in data["dependents"]: + if dep["project"] == project_name: + found = True + assert dep["constraint_type"] == "version" + assert dep["constraint_value"] == "1.0.0" + break + assert found, "Our package should be in the dependents list" + + finally: + integration_client.delete(f"/api/v1/projects/{dep_project_name}") + + @pytest.mark.integration + def test_get_dependencies_empty( + self, integration_client, test_package, unique_test_id + ): + """Test getting dependencies for artifact with no deps.""" + project_name, package_name = test_package + + # Upload without ensure file + content = unique_content("nodeps", unique_test_id, "empty") + files = { + "file": ("nodeps.tar.gz", BytesIO(content), "application/gzip"), + } + response = integration_client.post( + f"/api/v1/project/{project_name}/{package_name}/upload", + files=files, + data={"tag": f"v5.0.0-nodeps-{unique_test_id}"}, + ) + assert response.status_code == 200 + artifact_id = response.json()["artifact_id"] + + response = integration_client.get(f"/api/v1/artifact/{artifact_id}/dependencies") + assert response.status_code == 200 + data = response.json() + assert data["artifact_id"] == artifact_id + assert len(data["dependencies"]) == 0 + + +class TestDependencyResolution: + """Tests for #79: Server-Side Dependency Resolution""" + + @pytest.mark.integration + def test_resolve_simple_chain( + self, integration_client, test_project, unique_test_id + ): + """Test resolving A -> B -> C dependency chain.""" + # Create packages A, B, C + pkg_a = f"pkg-a-{unique_test_id}" + pkg_b = f"pkg-b-{unique_test_id}" + pkg_c = f"pkg-c-{unique_test_id}" + + # Create all packages + for pkg in [pkg_a, pkg_b, pkg_c]: + response = integration_client.post( + f"/api/v1/project/{test_project}/packages", + json={"name": pkg} + ) + assert response.status_code == 200 + + try: + # Upload C (no deps) + content_c = unique_content("pkg-c", unique_test_id, "chain") + files = {"file": ("c.tar.gz", BytesIO(content_c), "application/gzip")} + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_c}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Upload B (depends on C) + ensure_b = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_c, "version": "1.0.0"} + ] + }) + content_b = unique_content("pkg-b", unique_test_id, "chain") + files = { + "file": ("b.tar.gz", BytesIO(content_b), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_b.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_b}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Upload A (depends on B) + ensure_a = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_b, "version": "1.0.0"} + ] + }) + content_a = unique_content("pkg-a", unique_test_id, "chain") + files = { + "file": ("a.tar.gz", BytesIO(content_a), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_a.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_a}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Resolve dependencies for A + response = integration_client.get( + f"/api/v1/project/{test_project}/{pkg_a}/+/1.0.0/resolve" + ) + assert response.status_code == 200 + data = response.json() + + # Should have 3 artifacts: C, B, A (in topological order) + assert data["artifact_count"] == 3 + packages = [r["package"] for r in data["resolved"]] + + # C should come before B, B should come before A + assert packages.index(pkg_c) < packages.index(pkg_b) + assert packages.index(pkg_b) < packages.index(pkg_a) + + finally: + # Cleanup packages + for pkg in [pkg_a, pkg_b, pkg_c]: + integration_client.delete(f"/api/v1/project/{test_project}/packages/{pkg}") + + @pytest.mark.integration + def test_resolve_diamond_dependency( + self, integration_client, test_project, unique_test_id + ): + """Test resolving diamond: A -> B -> D, A -> C -> D (D appears once).""" + pkg_a = f"diamond-a-{unique_test_id}" + pkg_b = f"diamond-b-{unique_test_id}" + pkg_c = f"diamond-c-{unique_test_id}" + pkg_d = f"diamond-d-{unique_test_id}" + + for pkg in [pkg_a, pkg_b, pkg_c, pkg_d]: + response = integration_client.post( + f"/api/v1/project/{test_project}/packages", + json={"name": pkg} + ) + assert response.status_code == 200 + + try: + # Upload D (no deps) + content_d = unique_content("pkg-d", unique_test_id, "diamond") + files = {"file": ("d.tar.gz", BytesIO(content_d), "application/gzip")} + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_d}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Upload B (depends on D) + ensure_b = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_d, "version": "1.0.0"} + ] + }) + content_b = unique_content("pkg-b", unique_test_id, "diamond") + files = { + "file": ("b.tar.gz", BytesIO(content_b), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_b.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_b}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Upload C (also depends on D) + ensure_c = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_d, "version": "1.0.0"} + ] + }) + content_c = unique_content("pkg-c", unique_test_id, "diamond") + files = { + "file": ("c.tar.gz", BytesIO(content_c), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_c.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_c}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Upload A (depends on B and C) + ensure_a = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_b, "version": "1.0.0"}, + {"project": test_project, "package": pkg_c, "version": "1.0.0"}, + ] + }) + content_a = unique_content("pkg-a", unique_test_id, "diamond") + files = { + "file": ("a.tar.gz", BytesIO(content_a), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_a.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_a}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Resolve A + response = integration_client.get( + f"/api/v1/project/{test_project}/{pkg_a}/+/1.0.0/resolve" + ) + assert response.status_code == 200 + data = response.json() + + # Should have 4 artifacts, D appears only once + assert data["artifact_count"] == 4 + packages = [r["package"] for r in data["resolved"]] + assert packages.count(pkg_d) == 1 # D only once + + # D should come before B and C + d_idx = packages.index(pkg_d) + b_idx = packages.index(pkg_b) + c_idx = packages.index(pkg_c) + a_idx = packages.index(pkg_a) + assert d_idx < b_idx + assert d_idx < c_idx + assert b_idx < a_idx + assert c_idx < a_idx + + finally: + for pkg in [pkg_a, pkg_b, pkg_c, pkg_d]: + integration_client.delete(f"/api/v1/project/{test_project}/packages/{pkg}") + + @pytest.mark.integration + def test_resolve_no_dependencies( + self, integration_client, test_package, unique_test_id + ): + """Test resolving artifact with no dependencies.""" + project_name, package_name = test_package + + content = unique_content("solo", unique_test_id, "nodeps") + files = {"file": ("solo.tar.gz", BytesIO(content), "application/gzip")} + response = integration_client.post( + f"/api/v1/project/{project_name}/{package_name}/upload", + files=files, + data={"tag": f"solo-{unique_test_id}"}, + ) + assert response.status_code == 200 + + response = integration_client.get( + f"/api/v1/project/{project_name}/{package_name}/+/solo-{unique_test_id}/resolve" + ) + assert response.status_code == 200 + data = response.json() + assert data["artifact_count"] == 1 + assert data["resolved"][0]["package"] == package_name + + @pytest.mark.integration + def test_resolve_missing_dependency( + self, integration_client, test_package, unique_test_id + ): + """Test resolution fails when dependency doesn't exist.""" + project_name, package_name = test_package + + ensure_content = yaml.dump({ + "dependencies": [ + {"project": project_name, "package": "nonexistent-pkg-xyz", "version": "1.0.0"} + ] + }) + + # First we need a project that exists to reference + # Upload artifact with dependency on nonexistent package version + content = unique_content("missing", unique_test_id, "dep") + files = { + "file": ("missing-dep.tar.gz", BytesIO(content), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_content.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{project_name}/{package_name}/upload", + files=files, + data={"tag": f"missing-dep-{unique_test_id}"}, + ) + # Should fail at upload time since package doesn't exist + # OR succeed at upload but fail at resolution + # Depending on implementation choice + if response.status_code == 200: + # Resolution should fail + response = integration_client.get( + f"/api/v1/project/{project_name}/{package_name}/+/missing-dep-{unique_test_id}/resolve" + ) + assert response.status_code == 404 + + +class TestCircularDependencyDetection: + """Tests for #80: Circular Dependency Detection""" + + @pytest.mark.integration + def test_detect_direct_cycle( + self, integration_client, test_project, unique_test_id + ): + """Test detection of direct cycle: A -> B -> A""" + pkg_a = f"cycle-a-{unique_test_id}" + pkg_b = f"cycle-b-{unique_test_id}" + + for pkg in [pkg_a, pkg_b]: + response = integration_client.post( + f"/api/v1/project/{test_project}/packages", + json={"name": pkg} + ) + assert response.status_code == 200 + + try: + # Upload A (no deps initially) + content_a1 = unique_content("A-v1", unique_test_id, "cycle") + files = {"file": ("a.tar.gz", BytesIO(content_a1), "application/gzip")} + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_a}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Upload B (depends on A) + ensure_b = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_a, "version": "1.0.0"} + ] + }) + content_b = unique_content("B", unique_test_id, "cycle") + files = { + "file": ("b.tar.gz", BytesIO(content_b), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_b.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_b}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Try to upload A v2 that depends on B (creating cycle) + ensure_a2 = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_b, "version": "1.0.0"} + ] + }) + content_a2 = unique_content("A-v2", unique_test_id, "cycle") + files = { + "file": ("a2.tar.gz", BytesIO(content_a2), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_a2.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_a}/upload", + files=files, + data={"tag": "2.0.0"}, + ) + # Should be rejected with 400 (circular dependency) + assert response.status_code == 400 + data = response.json() + assert "circular" in data.get("detail", "").lower() or \ + data.get("error") == "circular_dependency" + + finally: + for pkg in [pkg_a, pkg_b]: + integration_client.delete(f"/api/v1/project/{test_project}/packages/{pkg}") + + @pytest.mark.integration + def test_detect_indirect_cycle( + self, integration_client, test_project, unique_test_id + ): + """Test detection of indirect cycle: A -> B -> C -> A""" + pkg_a = f"icycle-a-{unique_test_id}" + pkg_b = f"icycle-b-{unique_test_id}" + pkg_c = f"icycle-c-{unique_test_id}" + + for pkg in [pkg_a, pkg_b, pkg_c]: + response = integration_client.post( + f"/api/v1/project/{test_project}/packages", + json={"name": pkg} + ) + assert response.status_code == 200 + + try: + # Upload A v1 (no deps) + content_a1 = unique_content("A-v1", unique_test_id, "icycle") + files = {"file": ("a.tar.gz", BytesIO(content_a1), "application/gzip")} + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_a}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Upload B (depends on A) + ensure_b = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_a, "version": "1.0.0"} + ] + }) + content_b = unique_content("B", unique_test_id, "icycle") + files = { + "file": ("b.tar.gz", BytesIO(content_b), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_b.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_b}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Upload C (depends on B) + ensure_c = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_b, "version": "1.0.0"} + ] + }) + content_c = unique_content("C", unique_test_id, "icycle") + files = { + "file": ("c.tar.gz", BytesIO(content_c), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_c.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_c}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Try to upload A v2 that depends on C (creating cycle A -> C -> B -> A) + ensure_a2 = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_c, "version": "1.0.0"} + ] + }) + content_a2 = unique_content("A-v2", unique_test_id, "icycle") + files = { + "file": ("a2.tar.gz", BytesIO(content_a2), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_a2.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_a}/upload", + files=files, + data={"tag": "2.0.0"}, + ) + assert response.status_code == 400 + data = response.json() + assert "circular" in data.get("detail", "").lower() or \ + data.get("error") == "circular_dependency" + + finally: + for pkg in [pkg_a, pkg_b, pkg_c]: + integration_client.delete(f"/api/v1/project/{test_project}/packages/{pkg}") + + @pytest.mark.integration + def test_diamond_is_not_cycle( + self, integration_client, test_project, unique_test_id + ): + """Test that diamond dependency is allowed (not a cycle).""" + # Diamond: A -> B -> D, A -> C -> D + # This is already tested in test_resolve_diamond_dependency + # Just verify it doesn't trigger cycle detection + pass # Covered by TestDependencyResolution.test_resolve_diamond_dependency + + +class TestConflictDetection: + """Tests for #81: Dependency Conflict Detection and Reporting""" + + @pytest.mark.integration + def test_detect_version_conflict( + self, integration_client, test_project, unique_test_id + ): + """Test conflict when two deps require different versions of same package.""" + pkg_app = f"conflict-app-{unique_test_id}" + pkg_lib_a = f"conflict-lib-a-{unique_test_id}" + pkg_lib_b = f"conflict-lib-b-{unique_test_id}" + pkg_common = f"conflict-common-{unique_test_id}" + + for pkg in [pkg_app, pkg_lib_a, pkg_lib_b, pkg_common]: + response = integration_client.post( + f"/api/v1/project/{test_project}/packages", + json={"name": pkg} + ) + assert response.status_code == 200 + + try: + # Upload common v1.0.0 + content_common1 = unique_content("common-v1", unique_test_id, "conflict") + files = {"file": ("common1.tar.gz", BytesIO(content_common1), "application/gzip")} + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_common}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Upload common v2.0.0 + content_common2 = unique_content("common-v2", unique_test_id, "conflict") + files = {"file": ("common2.tar.gz", BytesIO(content_common2), "application/gzip")} + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_common}/upload", + files=files, + data={"tag": "2.0.0"}, + ) + assert response.status_code == 200 + + # Upload lib-a (depends on common@1.0.0) + ensure_lib_a = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_common, "version": "1.0.0"} + ] + }) + content_lib_a = unique_content("lib-a", unique_test_id, "conflict") + files = { + "file": ("lib-a.tar.gz", BytesIO(content_lib_a), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_lib_a.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_lib_a}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Upload lib-b (depends on common@2.0.0) + ensure_lib_b = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_common, "version": "2.0.0"} + ] + }) + content_lib_b = unique_content("lib-b", unique_test_id, "conflict") + files = { + "file": ("lib-b.tar.gz", BytesIO(content_lib_b), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_lib_b.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_lib_b}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Upload app (depends on both lib-a and lib-b) + ensure_app = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_lib_a, "version": "1.0.0"}, + {"project": test_project, "package": pkg_lib_b, "version": "1.0.0"}, + ] + }) + content_app = unique_content("app", unique_test_id, "conflict") + files = { + "file": ("app.tar.gz", BytesIO(content_app), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_app.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_app}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Try to resolve app - should report conflict + response = integration_client.get( + f"/api/v1/project/{test_project}/{pkg_app}/+/1.0.0/resolve" + ) + assert response.status_code == 409 + data = response.json() + # Error details are nested in "detail" for HTTPException + detail = data.get("detail", data) + assert detail.get("error") == "dependency_conflict" + assert len(detail.get("conflicts", [])) > 0 + + # Verify conflict details + conflict = detail["conflicts"][0] + assert conflict["package"] == pkg_common + assert len(conflict["requirements"]) == 2 + + finally: + for pkg in [pkg_app, pkg_lib_a, pkg_lib_b, pkg_common]: + integration_client.delete(f"/api/v1/project/{test_project}/packages/{pkg}") + + @pytest.mark.integration + def test_no_conflict_same_version( + self, integration_client, test_project, unique_test_id + ): + """Test no conflict when multiple deps require same version.""" + pkg_app = f"noconflict-app-{unique_test_id}" + pkg_lib_a = f"noconflict-lib-a-{unique_test_id}" + pkg_lib_b = f"noconflict-lib-b-{unique_test_id}" + pkg_common = f"noconflict-common-{unique_test_id}" + + for pkg in [pkg_app, pkg_lib_a, pkg_lib_b, pkg_common]: + response = integration_client.post( + f"/api/v1/project/{test_project}/packages", + json={"name": pkg} + ) + assert response.status_code == 200 + + try: + # Upload common v1.0.0 + content_common = unique_content("common", unique_test_id, "noconflict") + files = {"file": ("common.tar.gz", BytesIO(content_common), "application/gzip")} + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_common}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Both lib-a and lib-b depend on common@1.0.0 + for lib_name, lib_pkg in [("lib-a", pkg_lib_a), ("lib-b", pkg_lib_b)]: + ensure = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_common, "version": "1.0.0"} + ] + }) + content_lib = unique_content(lib_name, unique_test_id, "noconflict") + files = { + "file": (f"{lib_name}.tar.gz", BytesIO(content_lib), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{lib_pkg}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # App depends on both + ensure_app = yaml.dump({ + "dependencies": [ + {"project": test_project, "package": pkg_lib_a, "version": "1.0.0"}, + {"project": test_project, "package": pkg_lib_b, "version": "1.0.0"}, + ] + }) + content_app = unique_content("app", unique_test_id, "noconflict") + files = { + "file": ("app.tar.gz", BytesIO(content_app), "application/gzip"), + "ensure": ("orchard.ensure", BytesIO(ensure_app.encode()), "application/x-yaml"), + } + response = integration_client.post( + f"/api/v1/project/{test_project}/{pkg_app}/upload", + files=files, + data={"tag": "1.0.0"}, + ) + assert response.status_code == 200 + + # Resolution should succeed (no conflict) + response = integration_client.get( + f"/api/v1/project/{test_project}/{pkg_app}/+/1.0.0/resolve" + ) + assert response.status_code == 200 + data = response.json() + # common should appear only once + packages = [r["package"] for r in data["resolved"]] + assert packages.count(pkg_common) == 1 + + finally: + for pkg in [pkg_app, pkg_lib_a, pkg_lib_b, pkg_common]: + integration_client.delete(f"/api/v1/project/{test_project}/packages/{pkg}") diff --git a/frontend/src/App.tsx b/frontend/src/App.tsx index 49f820e..8e77d92 100644 --- a/frontend/src/App.tsx +++ b/frontend/src/App.tsx @@ -10,6 +10,7 @@ import ChangePasswordPage from './pages/ChangePasswordPage'; import APIKeysPage from './pages/APIKeysPage'; import AdminUsersPage from './pages/AdminUsersPage'; import AdminOIDCPage from './pages/AdminOIDCPage'; +import ProjectSettingsPage from './pages/ProjectSettingsPage'; // Component that checks if user must change password function RequirePasswordChange({ children }: { children: React.ReactNode }) { @@ -45,6 +46,7 @@ function AppRoutes() { } /> } /> } /> + } /> } /> diff --git a/frontend/src/api.ts b/frontend/src/api.ts index 6101cdc..56df640 100644 --- a/frontend/src/api.ts +++ b/frontend/src/api.ts @@ -33,6 +33,9 @@ import { OIDCConfigUpdate, OIDCStatus, PackageVersion, + ArtifactDependenciesResponse, + ReverseDependenciesResponse, + DependencyResolutionResponse, } from './types'; const API_BASE = '/api/v1'; @@ -171,6 +174,30 @@ export async function getProject(name: string): Promise { return handleResponse(response); } +export async function updateProject( + projectName: string, + data: { description?: string; is_public?: boolean } +): Promise { + const response = await fetch(`${API_BASE}/projects/${projectName}`, { + method: 'PUT', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify(data), + credentials: 'include', + }); + return handleResponse(response); +} + +export async function deleteProject(projectName: string): Promise { + const response = await fetch(`${API_BASE}/projects/${projectName}`, { + method: 'DELETE', + credentials: 'include', + }); + if (!response.ok) { + const error = await response.json().catch(() => ({ detail: 'Unknown error' })); + throw new Error(error.detail || `HTTP ${response.status}`); + } +} + // Package API export async function listPackages(projectName: string, params: PackageListParams = {}): Promise> { const query = buildQueryString(params as Record); @@ -488,3 +515,50 @@ export async function deleteVersion( throw new Error(error.detail || `HTTP ${response.status}`); } } + +// Dependency API +export async function getArtifactDependencies(artifactId: string): Promise { + const response = await fetch(`${API_BASE}/artifact/${artifactId}/dependencies`); + return handleResponse(response); +} + +export async function getDependenciesByRef( + projectName: string, + packageName: string, + ref: string +): Promise { + const response = await fetch(`${API_BASE}/project/${projectName}/${packageName}/+/${ref}/dependencies`); + return handleResponse(response); +} + +export async function getReverseDependencies( + projectName: string, + packageName: string, + params: { page?: number; limit?: number } = {} +): Promise { + const query = buildQueryString(params as Record); + const response = await fetch(`${API_BASE}/project/${projectName}/${packageName}/reverse-dependencies${query}`); + return handleResponse(response); +} + +export async function resolveDependencies( + projectName: string, + packageName: string, + ref: string +): Promise { + const response = await fetch(`${API_BASE}/project/${projectName}/${packageName}/+/${ref}/resolve`); + return handleResponse(response); +} + +export async function getEnsureFile( + projectName: string, + packageName: string, + ref: string +): Promise { + const response = await fetch(`${API_BASE}/project/${projectName}/${packageName}/+/${ref}/ensure`); + if (!response.ok) { + const error = await response.json().catch(() => ({ detail: 'Unknown error' })); + throw new ApiError(error.detail || `HTTP ${response.status}`, response.status); + } + return response.text(); +} diff --git a/frontend/src/components/DependencyGraph.css b/frontend/src/components/DependencyGraph.css new file mode 100644 index 0000000..9374b63 --- /dev/null +++ b/frontend/src/components/DependencyGraph.css @@ -0,0 +1,338 @@ +/* Dependency Graph Modal */ +.dependency-graph-modal { + position: fixed; + top: 0; + left: 0; + right: 0; + bottom: 0; + background: rgba(0, 0, 0, 0.8); + display: flex; + align-items: center; + justify-content: center; + z-index: 1000; + padding: 24px; +} + +.dependency-graph-content { + background: var(--bg-secondary); + border: 1px solid var(--border-primary); + border-radius: var(--radius-lg); + width: 100%; + max-width: 1200px; + height: 80vh; + display: flex; + flex-direction: column; + overflow: hidden; +} + +.dependency-graph-header { + display: flex; + align-items: center; + gap: 16px; + padding: 16px 20px; + border-bottom: 1px solid var(--border-primary); + background: var(--bg-tertiary); +} + +.dependency-graph-header h2 { + margin: 0; + font-size: 1.125rem; + font-weight: 600; + color: var(--text-primary); +} + +.dependency-graph-info { + display: flex; + align-items: center; + gap: 12px; + flex: 1; + font-size: 0.875rem; + color: var(--text-secondary); +} + +.graph-stats { + color: var(--text-muted); + font-size: 0.8125rem; +} + +.close-btn { + background: transparent; + border: none; + color: var(--text-secondary); + cursor: pointer; + padding: 4px; + border-radius: var(--radius-sm); + display: flex; + align-items: center; + justify-content: center; +} + +.close-btn:hover { + background: var(--bg-hover); + color: var(--text-primary); +} + +.dependency-graph-toolbar { + display: flex; + align-items: center; + gap: 8px; + padding: 12px 20px; + border-bottom: 1px solid var(--border-primary); + background: var(--bg-secondary); +} + +.zoom-level { + margin-left: auto; + font-size: 0.8125rem; + color: var(--text-muted); + font-family: 'JetBrains Mono', monospace; +} + +.dependency-graph-container { + flex: 1; + overflow: hidden; + position: relative; + background: + linear-gradient(90deg, var(--border-primary) 1px, transparent 1px), + linear-gradient(var(--border-primary) 1px, transparent 1px); + background-size: 20px 20px; + background-position: center center; +} + +.graph-canvas { + padding: 40px; + min-width: 100%; + min-height: 100%; + transform-origin: center center; + transition: transform 0.1s ease-out; +} + +/* Graph Nodes */ +.graph-node-container { + display: flex; + flex-direction: column; + align-items: flex-start; +} + +.graph-node { + background: var(--bg-tertiary); + border: 2px solid var(--border-primary); + border-radius: var(--radius-md); + padding: 12px 16px; + min-width: 200px; + cursor: pointer; + transition: all var(--transition-fast); + position: relative; +} + +.graph-node:hover { + border-color: var(--accent-primary); + box-shadow: 0 4px 12px rgba(16, 185, 129, 0.2); +} + +.graph-node--root { + background: linear-gradient(135deg, rgba(16, 185, 129, 0.15) 0%, rgba(5, 150, 105, 0.15) 100%); + border-color: var(--accent-primary); +} + +.graph-node--hovered { + transform: scale(1.02); +} + +.graph-node__header { + display: flex; + align-items: center; + gap: 8px; + margin-bottom: 4px; +} + +.graph-node__name { + font-weight: 600; + color: var(--accent-primary); + font-family: 'JetBrains Mono', monospace; + font-size: 0.875rem; +} + +.graph-node__toggle { + background: var(--bg-hover); + border: 1px solid var(--border-primary); + border-radius: 4px; + width: 20px; + height: 20px; + display: flex; + align-items: center; + justify-content: center; + cursor: pointer; + font-size: 0.875rem; + color: var(--text-secondary); + font-weight: 600; + margin-left: auto; +} + +.graph-node__toggle:hover { + background: var(--bg-tertiary); + color: var(--text-primary); +} + +.graph-node__details { + display: flex; + align-items: center; + gap: 12px; + font-size: 0.75rem; + color: var(--text-muted); +} + +.graph-node__version { + font-family: 'JetBrains Mono', monospace; + color: var(--text-secondary); +} + +.graph-node__size { + color: var(--text-muted); +} + +/* Graph Children / Tree Structure */ +.graph-children { + display: flex; + padding-left: 24px; + margin-top: 8px; + position: relative; +} + +.graph-connector { + position: absolute; + left: 12px; + top: 0; + bottom: 50%; + width: 12px; + border-left: 2px solid var(--border-primary); + border-bottom: 2px solid var(--border-primary); + border-bottom-left-radius: 8px; +} + +.graph-children-list { + display: flex; + flex-direction: column; + gap: 8px; + position: relative; +} + +.graph-children-list::before { + content: ''; + position: absolute; + left: -12px; + top: 20px; + bottom: 20px; + border-left: 2px solid var(--border-primary); +} + +.graph-children-list > .graph-node-container { + position: relative; +} + +.graph-children-list > .graph-node-container::before { + content: ''; + position: absolute; + left: -12px; + top: 20px; + width: 12px; + border-top: 2px solid var(--border-primary); +} + +/* Loading, Error, Empty States */ +.graph-loading, +.graph-error, +.graph-empty { + display: flex; + flex-direction: column; + align-items: center; + justify-content: center; + height: 100%; + gap: 16px; + color: var(--text-muted); +} + +.graph-loading .spinner { + width: 32px; + height: 32px; + border: 3px solid var(--border-primary); + border-top-color: var(--accent-primary); + border-radius: 50%; + animation: spin 1s linear infinite; +} + +@keyframes spin { + to { transform: rotate(360deg); } +} + +.graph-error { + color: var(--error-color, #ef4444); +} + +.graph-error svg { + opacity: 0.6; +} + +.graph-error p { + max-width: 400px; + text-align: center; + line-height: 1.5; +} + +/* Tooltip */ +.graph-tooltip { + position: fixed; + bottom: 24px; + left: 50%; + transform: translateX(-50%); + background: var(--bg-tertiary); + border: 1px solid var(--border-primary); + border-radius: var(--radius-md); + padding: 12px 16px; + font-size: 0.8125rem; + box-shadow: 0 8px 24px rgba(0, 0, 0, 0.4); + z-index: 1001; +} + +.graph-tooltip strong { + display: block; + color: var(--accent-primary); + font-family: 'JetBrains Mono', monospace; + margin-bottom: 4px; +} + +.graph-tooltip div { + color: var(--text-secondary); + margin-top: 2px; +} + +.tooltip-hint { + margin-top: 8px; + padding-top: 8px; + border-top: 1px solid var(--border-primary); + color: var(--text-muted); + font-size: 0.75rem; +} + +/* Responsive */ +@media (max-width: 768px) { + .dependency-graph-modal { + padding: 0; + } + + .dependency-graph-content { + height: 100vh; + border-radius: 0; + max-width: none; + } + + .dependency-graph-header { + flex-wrap: wrap; + } + + .dependency-graph-info { + flex-basis: 100%; + order: 3; + margin-top: 8px; + } +} diff --git a/frontend/src/components/DependencyGraph.tsx b/frontend/src/components/DependencyGraph.tsx new file mode 100644 index 0000000..475591b --- /dev/null +++ b/frontend/src/components/DependencyGraph.tsx @@ -0,0 +1,323 @@ +import { useState, useEffect, useCallback, useRef } from 'react'; +import { useNavigate } from 'react-router-dom'; +import { ResolvedArtifact, DependencyResolutionResponse, Dependency } from '../types'; +import { resolveDependencies, getArtifactDependencies } from '../api'; +import './DependencyGraph.css'; + +interface DependencyGraphProps { + projectName: string; + packageName: string; + tagName: string; + onClose: () => void; +} + +interface GraphNode { + id: string; + project: string; + package: string; + version: string | null; + size: number; + depth: number; + children: GraphNode[]; + isRoot?: boolean; +} + +function formatBytes(bytes: number): string { + if (bytes === 0) return '0 B'; + const k = 1024; + const sizes = ['B', 'KB', 'MB', 'GB']; + const i = Math.floor(Math.log(bytes) / Math.log(k)); + return parseFloat((bytes / Math.pow(k, i)).toFixed(1)) + ' ' + sizes[i]; +} + +function DependencyGraph({ projectName, packageName, tagName, onClose }: DependencyGraphProps) { + const navigate = useNavigate(); + const containerRef = useRef(null); + + const [loading, setLoading] = useState(true); + const [error, setError] = useState(null); + const [resolution, setResolution] = useState(null); + const [graphRoot, setGraphRoot] = useState(null); + const [hoveredNode, setHoveredNode] = useState(null); + const [zoom, setZoom] = useState(1); + const [pan, setPan] = useState({ x: 0, y: 0 }); + const [isDragging, setIsDragging] = useState(false); + const [dragStart, setDragStart] = useState({ x: 0, y: 0 }); + const [collapsedNodes, setCollapsedNodes] = useState>(new Set()); + + // Build graph structure from resolution data + const buildGraph = useCallback(async (resolutionData: DependencyResolutionResponse) => { + const artifactMap = new Map(); + resolutionData.resolved.forEach(artifact => { + artifactMap.set(artifact.artifact_id, artifact); + }); + + // Fetch dependencies for each artifact to build the tree + const depsMap = new Map(); + + for (const artifact of resolutionData.resolved) { + try { + const deps = await getArtifactDependencies(artifact.artifact_id); + depsMap.set(artifact.artifact_id, deps.dependencies); + } catch { + depsMap.set(artifact.artifact_id, []); + } + } + + // Find the root artifact (the requested one) + const rootArtifact = resolutionData.resolved.find( + a => a.project === resolutionData.requested.project && + a.package === resolutionData.requested.package + ); + + if (!rootArtifact) { + return null; + } + + // Build tree recursively + const visited = new Set(); + + const buildNode = (artifact: ResolvedArtifact, depth: number): GraphNode => { + const nodeId = `${artifact.project}/${artifact.package}`; + visited.add(artifact.artifact_id); + + const deps = depsMap.get(artifact.artifact_id) || []; + const children: GraphNode[] = []; + + for (const dep of deps) { + // Find the resolved artifact for this dependency + const childArtifact = resolutionData.resolved.find( + a => a.project === dep.project && a.package === dep.package + ); + + if (childArtifact && !visited.has(childArtifact.artifact_id)) { + children.push(buildNode(childArtifact, depth + 1)); + } + } + + return { + id: nodeId, + project: artifact.project, + package: artifact.package, + version: artifact.version || artifact.tag, + size: artifact.size, + depth, + children, + isRoot: depth === 0, + }; + }; + + return buildNode(rootArtifact, 0); + }, []); + + useEffect(() => { + async function loadData() { + setLoading(true); + setError(null); + + try { + const result = await resolveDependencies(projectName, packageName, tagName); + setResolution(result); + + const graph = await buildGraph(result); + setGraphRoot(graph); + } catch (err) { + if (err instanceof Error) { + // Check if it's a resolution error + try { + const errorData = JSON.parse(err.message); + if (errorData.error === 'circular_dependency') { + setError(`Circular dependency detected: ${errorData.cycle?.join(' → ')}`); + } else if (errorData.error === 'dependency_conflict') { + setError(`Dependency conflict: ${errorData.message}`); + } else { + setError(err.message); + } + } catch { + setError(err.message); + } + } else { + setError('Failed to load dependency graph'); + } + } finally { + setLoading(false); + } + } + + loadData(); + }, [projectName, packageName, tagName, buildGraph]); + + const handleNodeClick = (node: GraphNode) => { + navigate(`/project/${node.project}/${node.package}`); + onClose(); + }; + + const handleNodeToggle = (node: GraphNode, e: React.MouseEvent) => { + e.stopPropagation(); + setCollapsedNodes(prev => { + const next = new Set(prev); + if (next.has(node.id)) { + next.delete(node.id); + } else { + next.add(node.id); + } + return next; + }); + }; + + const handleWheel = (e: React.WheelEvent) => { + e.preventDefault(); + const delta = e.deltaY > 0 ? -0.1 : 0.1; + setZoom(z => Math.max(0.25, Math.min(2, z + delta))); + }; + + const handleMouseDown = (e: React.MouseEvent) => { + if (e.target === containerRef.current || (e.target as HTMLElement).classList.contains('graph-canvas')) { + setIsDragging(true); + setDragStart({ x: e.clientX - pan.x, y: e.clientY - pan.y }); + } + }; + + const handleMouseMove = (e: React.MouseEvent) => { + if (isDragging) { + setPan({ x: e.clientX - dragStart.x, y: e.clientY - dragStart.y }); + } + }; + + const handleMouseUp = () => { + setIsDragging(false); + }; + + const resetView = () => { + setZoom(1); + setPan({ x: 0, y: 0 }); + }; + + const renderNode = (node: GraphNode, index: number = 0): JSX.Element => { + const isCollapsed = collapsedNodes.has(node.id); + const hasChildren = node.children.length > 0; + + return ( +
+
handleNodeClick(node)} + onMouseEnter={() => setHoveredNode(node)} + onMouseLeave={() => setHoveredNode(null)} + > +
+ {node.project}/{node.package} + {hasChildren && ( + + )} +
+
+ {node.version && @ {node.version}} + {formatBytes(node.size)} +
+
+ + {hasChildren && !isCollapsed && ( +
+
+
+ {node.children.map((child, i) => renderNode(child, i))} +
+
+ )} +
+ ); + }; + + return ( +
+
e.stopPropagation()}> +
+

Dependency Graph

+
+ {projectName}/{packageName} @ {tagName} + {resolution && ( + + {resolution.artifact_count} packages • {formatBytes(resolution.total_size)} total + + )} +
+ +
+ +
+ + + + {Math.round(zoom * 100)}% +
+ +
+ {loading ? ( +
+
+ Resolving dependencies... +
+ ) : error ? ( +
+ + + + + +

{error}

+
+ ) : graphRoot ? ( +
+ {renderNode(graphRoot)} +
+ ) : ( +
No dependencies to display
+ )} +
+ + {hoveredNode && ( +
+ {hoveredNode.project}/{hoveredNode.package} + {hoveredNode.version &&
Version: {hoveredNode.version}
} +
Size: {formatBytes(hoveredNode.size)}
+
Click to navigate
+
+ )} +
+
+ ); +} + +export default DependencyGraph; diff --git a/frontend/src/components/Layout.tsx b/frontend/src/components/Layout.tsx index 73b5f7b..c27470c 100644 --- a/frontend/src/components/Layout.tsx +++ b/frontend/src/components/Layout.tsx @@ -193,7 +193,6 @@ function Layout({ children }: LayoutProps) { diff --git a/frontend/src/pages/Home.css b/frontend/src/pages/Home.css index 6a2f176..9c55517 100644 --- a/frontend/src/pages/Home.css +++ b/frontend/src/pages/Home.css @@ -358,6 +358,12 @@ gap: 4px; } +.page-header__actions { + display: flex; + align-items: center; + gap: 12px; +} + /* Package card styles */ .package-card__header { display: flex; diff --git a/frontend/src/pages/PackagePage.css b/frontend/src/pages/PackagePage.css index 020a0b4..127c25e 100644 --- a/frontend/src/pages/PackagePage.css +++ b/frontend/src/pages/PackagePage.css @@ -127,6 +127,12 @@ h2 { font-size: 0.75rem; } +/* Action buttons in table */ +.action-buttons { + display: flex; + gap: 8px; +} + /* Download by Artifact ID Section */ .download-by-id-section { margin-top: 32px; @@ -424,6 +430,340 @@ tr:hover .copy-btn { white-space: nowrap; } +/* Dependencies Section */ +.dependencies-section { + margin-top: 32px; + background: var(--bg-secondary); +} + +.dependencies-header { + display: flex; + align-items: center; + justify-content: space-between; + margin-bottom: 12px; +} + +.dependencies-header h3 { + margin: 0; + color: var(--text-primary); + font-size: 1rem; + font-weight: 600; +} + +.dependencies-controls { + display: flex; + align-items: center; + gap: 8px; +} + +.dependencies-controls .btn { + display: inline-flex; + align-items: center; +} + +.dependencies-tag-select { + margin-bottom: 16px; +} + +.tag-selector { + padding: 8px 12px; + background: var(--bg-tertiary); + border: 1px solid var(--border-primary); + border-radius: var(--radius-md); + color: var(--text-primary); + font-size: 0.875rem; + cursor: pointer; + min-width: 200px; +} + +.tag-selector:focus { + outline: none; + border-color: var(--accent-primary); +} + +.deps-loading { + color: var(--text-muted); + font-size: 0.875rem; + padding: 16px 0; +} + +.deps-error { + color: var(--error-color, #ef4444); + font-size: 0.875rem; + padding: 12px 16px; + background: rgba(239, 68, 68, 0.1); + border-radius: var(--radius-md); +} + +.deps-empty { + color: var(--text-muted); + font-size: 0.875rem; + padding: 16px 0; +} + +.deps-summary { + color: var(--text-secondary); + font-size: 0.875rem; + margin-bottom: 12px; +} + +.deps-summary strong { + color: var(--accent-primary); +} + +.deps-items { + list-style: none; + margin: 0; + padding: 0; + display: flex; + flex-direction: column; + gap: 8px; +} + +.dep-item { + display: flex; + align-items: center; + gap: 12px; + padding: 12px 16px; + background: var(--bg-tertiary); + border-radius: var(--radius-md); + border: 1px solid var(--border-primary); +} + +.dep-link { + color: var(--accent-primary); + font-weight: 500; + text-decoration: none; + font-family: 'JetBrains Mono', 'Fira Code', 'Consolas', monospace; + font-size: 0.875rem; +} + +.dep-link:hover { + text-decoration: underline; +} + +.dep-constraint { + color: var(--text-muted); + font-size: 0.8125rem; + font-family: 'JetBrains Mono', 'Fira Code', 'Consolas', monospace; +} + +.dep-status { + margin-left: auto; + font-size: 0.875rem; + font-weight: 600; +} + +.dep-status--ok { + color: var(--success-color, #10b981); +} + +.dep-status--missing { + color: var(--warning-color, #f59e0b); +} + +/* Tag name link in table */ +.tag-name-link { + color: var(--accent-primary); + transition: opacity var(--transition-fast); +} + +.tag-name-link:hover { + opacity: 0.8; +} + +.tag-name-link.selected { + text-decoration: underline; +} + +/* Used By (Reverse Dependencies) Section */ +.used-by-section { + margin-top: 32px; + background: var(--bg-secondary); +} + +.used-by-section h3 { + margin-bottom: 16px; + color: var(--text-primary); + font-size: 1rem; + font-weight: 600; +} + +.reverse-dep-item { + display: flex; + align-items: center; + gap: 12px; + flex-wrap: wrap; +} + +.dep-version { + color: var(--accent-primary); + font-family: 'JetBrains Mono', 'Fira Code', 'Consolas', monospace; + font-size: 0.8125rem; + background: rgba(16, 185, 129, 0.1); + padding: 2px 8px; + border-radius: var(--radius-sm); +} + +.dep-requires { + color: var(--text-muted); + font-size: 0.8125rem; + font-family: 'JetBrains Mono', 'Fira Code', 'Consolas', monospace; + margin-left: auto; +} + +.reverse-deps-pagination { + display: flex; + align-items: center; + justify-content: center; + gap: 16px; + margin-top: 16px; + padding-top: 16px; + border-top: 1px solid var(--border-primary); +} + +.pagination-info { + color: var(--text-secondary); + font-size: 0.875rem; +} + +/* Ensure File Modal */ +.modal-overlay { + position: fixed; + top: 0; + left: 0; + right: 0; + bottom: 0; + background: rgba(0, 0, 0, 0.7); + display: flex; + align-items: center; + justify-content: center; + z-index: 1000; + padding: 20px; +} + +.ensure-file-modal { + background: var(--bg-secondary); + border: 1px solid var(--border-primary); + border-radius: var(--radius-lg); + max-width: 700px; + width: 100%; + max-height: 80vh; + display: flex; + flex-direction: column; + box-shadow: 0 20px 50px rgba(0, 0, 0, 0.5); +} + +.ensure-file-header { + display: flex; + align-items: center; + justify-content: space-between; + padding: 16px 20px; + border-bottom: 1px solid var(--border-primary); +} + +.ensure-file-header h3 { + margin: 0; + color: var(--text-primary); + font-size: 1rem; + font-weight: 600; +} + +.ensure-file-actions { + display: flex; + align-items: center; + gap: 8px; +} + +.ensure-file-actions .copy-btn { + opacity: 1; + width: 32px; + height: 32px; +} + +.modal-close { + display: flex; + align-items: center; + justify-content: center; + width: 32px; + height: 32px; + padding: 0; + background: transparent; + border: none; + border-radius: var(--radius-sm); + color: var(--text-muted); + cursor: pointer; + transition: all var(--transition-fast); +} + +.modal-close:hover { + background: var(--bg-hover); + color: var(--text-primary); +} + +.ensure-file-content { + flex: 1; + overflow: auto; + padding: 20px; +} + +.ensure-file-loading { + color: var(--text-muted); + text-align: center; + padding: 40px 20px; +} + +.ensure-file-error { + color: var(--error-color, #ef4444); + padding: 16px; + background: rgba(239, 68, 68, 0.1); + border-radius: var(--radius-md); +} + +.ensure-file-empty { + color: var(--text-muted); + text-align: center; + padding: 40px 20px; + font-style: italic; +} + +.ensure-file-yaml { + margin: 0; + padding: 16px; + background: #0d0d0f; + border: 1px solid var(--border-primary); + border-radius: var(--radius-md); + overflow-x: auto; +} + +.ensure-file-yaml code { + font-family: 'JetBrains Mono', 'Fira Code', 'Consolas', monospace; + font-size: 0.8125rem; + color: #e2e8f0; + white-space: pre; +} + +.ensure-file-footer { + padding: 16px 20px; + border-top: 1px solid var(--border-primary); + background: var(--bg-tertiary); + border-radius: 0 0 var(--radius-lg) var(--radius-lg); +} + +.ensure-file-hint { + margin: 0; + color: var(--text-muted); + font-size: 0.8125rem; +} + +.ensure-file-hint code { + background: rgba(0, 0, 0, 0.2); + padding: 2px 6px; + border-radius: var(--radius-sm); + font-family: 'JetBrains Mono', 'Fira Code', 'Consolas', monospace; + color: var(--accent-primary); +} + /* Responsive adjustments */ @media (max-width: 768px) { .upload-form { @@ -439,4 +779,18 @@ tr:hover .copy-btn { flex-wrap: wrap; gap: 12px; } + + .dependencies-header { + flex-direction: column; + align-items: flex-start; + gap: 12px; + } + + .tag-selector { + width: 100%; + } + + .ensure-file-modal { + max-height: 90vh; + } } diff --git a/frontend/src/pages/PackagePage.tsx b/frontend/src/pages/PackagePage.tsx index 740cc66..30db759 100644 --- a/frontend/src/pages/PackagePage.tsx +++ b/frontend/src/pages/PackagePage.tsx @@ -1,7 +1,7 @@ import { useState, useEffect, useCallback } from 'react'; -import { useParams, useSearchParams, useNavigate, useLocation } from 'react-router-dom'; -import { TagDetail, Package, PaginatedResponse, AccessLevel } from '../types'; -import { listTags, getDownloadUrl, getPackage, getMyProjectAccess, createTag, UnauthorizedError, ForbiddenError } from '../api'; +import { useParams, useSearchParams, useNavigate, useLocation, Link } from 'react-router-dom'; +import { TagDetail, Package, PaginatedResponse, AccessLevel, Dependency, DependentInfo } from '../types'; +import { listTags, getDownloadUrl, getPackage, getMyProjectAccess, createTag, getArtifactDependencies, getReverseDependencies, getEnsureFile, UnauthorizedError, ForbiddenError } from '../api'; import { Breadcrumb } from '../components/Breadcrumb'; import { Badge } from '../components/Badge'; import { SearchInput } from '../components/SearchInput'; @@ -10,6 +10,7 @@ import { DataTable } from '../components/DataTable'; import { Pagination } from '../components/Pagination'; import { DragDropUpload, UploadResult } from '../components/DragDropUpload'; import { useAuth } from '../contexts/AuthContext'; +import DependencyGraph from '../components/DependencyGraph'; import './Home.css'; import './PackagePage.css'; @@ -68,6 +69,30 @@ function PackagePage() { const [createTagArtifactId, setCreateTagArtifactId] = useState(''); const [createTagLoading, setCreateTagLoading] = useState(false); + // Dependencies state + const [selectedTag, setSelectedTag] = useState(null); + const [dependencies, setDependencies] = useState([]); + const [depsLoading, setDepsLoading] = useState(false); + const [depsError, setDepsError] = useState(null); + + // Reverse dependencies state + const [reverseDeps, setReverseDeps] = useState([]); + const [reverseDepsLoading, setReverseDepsLoading] = useState(false); + const [reverseDepsError, setReverseDepsError] = useState(null); + const [reverseDepsPage, setReverseDepsPage] = useState(1); + const [reverseDepsTotal, setReverseDepsTotal] = useState(0); + const [reverseDepsHasMore, setReverseDepsHasMore] = useState(false); + + // Dependency graph modal state + const [showGraph, setShowGraph] = useState(false); + + // Ensure file modal state + const [showEnsureFile, setShowEnsureFile] = useState(false); + const [ensureFileContent, setEnsureFileContent] = useState(null); + const [ensureFileLoading, setEnsureFileLoading] = useState(false); + const [ensureFileError, setEnsureFileError] = useState(null); + const [ensureFileTagName, setEnsureFileTagName] = useState(null); + // Derived permissions const canWrite = accessLevel === 'write' || accessLevel === 'admin'; @@ -128,6 +153,98 @@ function PackagePage() { loadData(); }, [loadData]); + // Auto-select tag when tags are loaded (prefer version from URL, then first tag) + // Re-run when package changes to pick up new tags + useEffect(() => { + if (tagsData?.items && tagsData.items.length > 0) { + const versionParam = searchParams.get('version'); + if (versionParam) { + // Find tag matching the version parameter + const matchingTag = tagsData.items.find(t => t.version === versionParam); + if (matchingTag) { + setSelectedTag(matchingTag); + setDependencies([]); + return; + } + } + // Fall back to first tag + setSelectedTag(tagsData.items[0]); + setDependencies([]); + } + }, [tagsData, searchParams, projectName, packageName]); + + // Fetch dependencies when selected tag changes + const fetchDependencies = useCallback(async (artifactId: string) => { + setDepsLoading(true); + setDepsError(null); + try { + const result = await getArtifactDependencies(artifactId); + setDependencies(result.dependencies); + } catch (err) { + setDepsError(err instanceof Error ? err.message : 'Failed to load dependencies'); + setDependencies([]); + } finally { + setDepsLoading(false); + } + }, []); + + useEffect(() => { + if (selectedTag) { + fetchDependencies(selectedTag.artifact_id); + } + }, [selectedTag, fetchDependencies]); + + // Fetch reverse dependencies + const fetchReverseDeps = useCallback(async (pageNum: number = 1) => { + if (!projectName || !packageName) return; + + setReverseDepsLoading(true); + setReverseDepsError(null); + try { + const result = await getReverseDependencies(projectName, packageName, { page: pageNum, limit: 10 }); + setReverseDeps(result.dependents); + setReverseDepsTotal(result.pagination.total); + setReverseDepsHasMore(result.pagination.has_more); + setReverseDepsPage(pageNum); + } catch (err) { + setReverseDepsError(err instanceof Error ? err.message : 'Failed to load reverse dependencies'); + setReverseDeps([]); + } finally { + setReverseDepsLoading(false); + } + }, [projectName, packageName]); + + useEffect(() => { + if (projectName && packageName && !loading) { + fetchReverseDeps(1); + } + }, [projectName, packageName, loading, fetchReverseDeps]); + + // Fetch ensure file for a specific tag + const fetchEnsureFileForTag = useCallback(async (tagName: string) => { + if (!projectName || !packageName) return; + + setEnsureFileTagName(tagName); + setEnsureFileLoading(true); + setEnsureFileError(null); + try { + const content = await getEnsureFile(projectName, packageName, tagName); + setEnsureFileContent(content); + setShowEnsureFile(true); + } catch (err) { + setEnsureFileError(err instanceof Error ? err.message : 'Failed to load ensure file'); + setShowEnsureFile(true); + } finally { + setEnsureFileLoading(false); + } + }, [projectName, packageName]); + + // Fetch ensure file for selected tag + const fetchEnsureFile = useCallback(async () => { + if (!selectedTag) return; + fetchEnsureFileForTag(selectedTag.name); + }, [selectedTag, fetchEnsureFileForTag]); + // Keyboard navigation - go back with backspace useEffect(() => { const handleKeyDown = (e: KeyboardEvent) => { @@ -202,12 +319,24 @@ function PackagePage() { const tags = tagsData?.items || []; const pagination = tagsData?.pagination; + const handleTagSelect = (tag: TagDetail) => { + setSelectedTag(tag); + }; + const columns = [ { key: 'name', header: 'Tag', sortable: true, - render: (t: TagDetail) => {t.name}, + render: (t: TagDetail) => ( + handleTagSelect(t)} + style={{ cursor: 'pointer' }} + > + {t.name} + + ), }, { key: 'version', @@ -261,13 +390,22 @@ function PackagePage() { key: 'actions', header: 'Actions', render: (t: TagDetail) => ( - - Download - +
+ + + Download + +
), }, ]; @@ -439,6 +577,166 @@ function PackagePage() { /> )} + {/* Dependencies Section */} + {tags.length > 0 && ( +
+
+

Dependencies

+
+ {selectedTag && ( + <> + + + + )} +
+
+
+ {selectedTag && ( + + )} +
+ + {depsLoading ? ( +
Loading dependencies...
+ ) : depsError ? ( +
{depsError}
+ ) : dependencies.length === 0 ? ( +
+ {selectedTag ? ( + {selectedTag.name} has no dependencies + ) : ( + No dependencies + )} +
+ ) : ( +
+
+ {selectedTag?.name} has {dependencies.length} {dependencies.length === 1 ? 'dependency' : 'dependencies'}: +
+
    + {dependencies.map((dep) => ( +
  • + + {dep.project}/{dep.package} + + + @ {dep.version || dep.tag} + + + ✓ + +
    • + ))} +
+
+ )} +
+ )} + + {/* Used By (Reverse Dependencies) Section */} +
+

Used By

+ + {reverseDepsLoading ? ( +
Loading reverse dependencies...
+ ) : reverseDepsError ? ( +
{reverseDepsError}
+ ) : reverseDeps.length === 0 ? ( +
No packages depend on this package
+ ) : ( +
+
+ {reverseDepsTotal} {reverseDepsTotal === 1 ? 'package depends' : 'packages depend'} on this: +
+
    + {reverseDeps.map((dep) => ( +
  • + + {dep.project}/{dep.package} + {dep.version && ( + v{dep.version} + )} + + + requires @ {dep.constraint_value} + +
    • + ))} +
+ {(reverseDepsHasMore || reverseDepsPage > 1) && ( +
+ + Page {reverseDepsPage} + +
+ )} +
+ )} +
+

Download by Artifact ID

@@ -522,6 +820,58 @@ function PackagePage() { curl -O {window.location.origin}/api/v1/project/{projectName}/{packageName}/+/v1.0.0
+ + {/* Dependency Graph Modal */} + {showGraph && selectedTag && ( + setShowGraph(false)} + /> + )} + + {/* Ensure File Modal */} + {showEnsureFile && ( +
setShowEnsureFile(false)}> +
e.stopPropagation()}> +
+

orchard.ensure for {ensureFileTagName}

+
+ {ensureFileContent && ( + + )} + +
+
+
+ {ensureFileLoading ? ( +
Loading...
+ ) : ensureFileError ? ( +
{ensureFileError}
+ ) : ensureFileContent ? ( + 
{ensureFileContent}
+ ) : ( +
No dependencies defined for this artifact.
+ )} +
+
+

+ Save this as orchard.ensure in your project root to declare dependencies. +

+
+
+
+ )}
); } diff --git a/frontend/src/pages/ProjectPage.tsx b/frontend/src/pages/ProjectPage.tsx index ca118bd..163957d 100644 --- a/frontend/src/pages/ProjectPage.tsx +++ b/frontend/src/pages/ProjectPage.tsx @@ -8,7 +8,6 @@ import { DataTable } from '../components/DataTable'; import { SearchInput } from '../components/SearchInput'; import { FilterChip, FilterChipGroup } from '../components/FilterChip'; import { Pagination } from '../components/Pagination'; -import { AccessManagement } from '../components/AccessManagement'; import { useAuth } from '../contexts/AuthContext'; import './Home.css'; @@ -211,15 +210,30 @@ function ProjectPage() { by {project.created_by} - {canWrite ? ( - - ) : user ? ( - - Read-only access - - ) : null} +
+ {canAdmin && ( + + )} + {canWrite ? ( + + ) : user ? ( + + Read-only access + + ) : null} +
{error &&
{error}
} @@ -371,10 +385,6 @@ function ProjectPage() { onPageChange={handlePageChange} /> )} - - {canAdmin && projectName && ( - - )} ); } diff --git a/frontend/src/pages/ProjectSettingsPage.css b/frontend/src/pages/ProjectSettingsPage.css new file mode 100644 index 0000000..4e985db --- /dev/null +++ b/frontend/src/pages/ProjectSettingsPage.css @@ -0,0 +1,476 @@ +.project-settings-page { + max-width: 900px; + margin: 0 auto; +} + +.project-settings-header { + margin-bottom: 32px; +} + +.project-settings-header h1 { + font-size: 1.75rem; + font-weight: 600; + color: var(--text-primary); + margin-bottom: 8px; + letter-spacing: -0.02em; +} + +.project-settings-subtitle { + color: var(--text-tertiary); + font-size: 0.9375rem; +} + +.project-settings-loading { + display: flex; + align-items: center; + justify-content: center; + gap: 12px; + padding: 64px 24px; + color: var(--text-tertiary); + font-size: 0.9375rem; +} + +.project-settings-spinner { + width: 20px; + height: 20px; + border: 2px solid var(--border-secondary); + border-top-color: var(--accent-primary); + border-radius: 50%; + animation: project-settings-spin 0.6s linear infinite; +} + +@keyframes project-settings-spin { + to { + transform: rotate(360deg); + } +} + +.project-settings-error { + display: flex; + align-items: center; + gap: 10px; + background: var(--error-bg); + border: 1px solid rgba(239, 68, 68, 0.2); + color: var(--error); + padding: 12px 16px; + border-radius: var(--radius-md); + margin-bottom: 24px; + font-size: 0.875rem; +} + +.project-settings-success { + display: flex; + align-items: center; + gap: 10px; + background: var(--success-bg); + border: 1px solid rgba(34, 197, 94, 0.2); + color: var(--success); + padding: 12px 16px; + border-radius: var(--radius-md); + margin-bottom: 24px; + font-size: 0.875rem; + animation: project-settings-fade-in 0.2s ease; +} + +@keyframes project-settings-fade-in { + from { + opacity: 0; + transform: translateY(-8px); + } + to { + opacity: 1; + transform: translateY(0); + } +} + +.project-settings-section { + background: var(--bg-secondary); + border: 1px solid var(--border-primary); + border-radius: var(--radius-lg); + padding: 24px; + margin-bottom: 24px; +} + +.project-settings-section h2 { + font-size: 1.125rem; + font-weight: 600; + color: var(--text-primary); + margin-bottom: 20px; + padding-bottom: 16px; + border-bottom: 1px solid var(--border-primary); +} + +.project-settings-form { + display: flex; + flex-direction: column; + gap: 16px; +} + +.project-settings-form-group { + display: flex; + flex-direction: column; + gap: 6px; +} + +.project-settings-form-group label { + font-size: 0.8125rem; + font-weight: 500; + color: var(--text-secondary); +} + +.project-settings-form-group textarea, +.project-settings-form-group input[type="text"] { + padding: 12px 14px; + background: var(--bg-tertiary); + border: 1px solid var(--border-primary); + border-radius: var(--radius-md); + font-size: 0.875rem; + color: var(--text-primary); + transition: all var(--transition-fast); + font-family: inherit; + resize: vertical; +} + +.project-settings-form-group textarea { + min-height: 100px; +} + +.project-settings-form-group textarea::placeholder, +.project-settings-form-group input::placeholder { + color: var(--text-muted); +} + +.project-settings-form-group textarea:hover:not(:disabled), +.project-settings-form-group input:hover:not(:disabled) { + border-color: var(--border-secondary); + background: var(--bg-elevated); +} + +.project-settings-form-group textarea:focus, +.project-settings-form-group input:focus { + outline: none; + border-color: var(--accent-primary); + box-shadow: 0 0 0 3px rgba(16, 185, 129, 0.15); + background: var(--bg-elevated); +} + +.project-settings-form-group textarea:disabled, +.project-settings-form-group input:disabled { + opacity: 0.6; + cursor: not-allowed; +} + +.project-settings-checkbox-group { + flex-direction: row; + align-items: center; +} + +.project-settings-checkbox-label { + display: flex; + align-items: center; + gap: 10px; + cursor: pointer; + font-size: 0.875rem; + font-weight: 400; + color: var(--text-secondary); + user-select: none; +} + +.project-settings-checkbox-label input[type="checkbox"] { + position: absolute; + opacity: 0; + width: 0; + height: 0; +} + +.project-settings-checkbox-custom { + width: 18px; + height: 18px; + background: var(--bg-tertiary); + border: 1px solid var(--border-secondary); + border-radius: var(--radius-sm); + transition: all var(--transition-fast); + position: relative; + flex-shrink: 0; +} + +.project-settings-checkbox-label input[type="checkbox"]:checked + .project-settings-checkbox-custom { + background: var(--accent-primary); + border-color: var(--accent-primary); +} + +.project-settings-checkbox-label input[type="checkbox"]:checked + .project-settings-checkbox-custom::after { + content: ''; + position: absolute; + left: 5px; + top: 2px; + width: 5px; + height: 9px; + border: solid white; + border-width: 0 2px 2px 0; + transform: rotate(45deg); +} + +.project-settings-checkbox-label input[type="checkbox"]:focus + .project-settings-checkbox-custom { + box-shadow: 0 0 0 3px rgba(16, 185, 129, 0.15); +} + +.project-settings-checkbox-label:hover .project-settings-checkbox-custom { + border-color: var(--accent-primary); +} + +.project-settings-form-actions { + display: flex; + justify-content: flex-end; + gap: 12px; + margin-top: 8px; +} + +.project-settings-save-button { + display: flex; + align-items: center; + justify-content: center; + gap: 8px; + padding: 10px 18px; + background: var(--accent-gradient); + border: none; + border-radius: var(--radius-md); + font-size: 0.875rem; + font-weight: 500; + color: white; + cursor: pointer; + transition: all var(--transition-fast); + min-width: 120px; +} + +.project-settings-save-button:hover:not(:disabled) { + transform: translateY(-1px); + box-shadow: var(--shadow-sm), 0 0 20px rgba(16, 185, 129, 0.2); +} + +.project-settings-save-button:disabled { + opacity: 0.5; + cursor: not-allowed; + transform: none; +} + +.project-settings-button-spinner { + width: 14px; + height: 14px; + border: 2px solid rgba(255, 255, 255, 0.3); + border-top-color: white; + border-radius: 50%; + animation: project-settings-spin 0.6s linear infinite; +} + +/* Danger Zone */ +.project-settings-danger-zone { + background: var(--bg-secondary); + border: 1px solid rgba(239, 68, 68, 0.3); + border-radius: var(--radius-lg); + padding: 24px; + margin-bottom: 24px; +} + +.project-settings-danger-zone h2 { + font-size: 1.125rem; + font-weight: 600; + color: var(--error); + margin-bottom: 20px; + padding-bottom: 16px; + border-bottom: 1px solid rgba(239, 68, 68, 0.2); +} + +.project-settings-danger-item { + display: flex; + justify-content: space-between; + align-items: flex-start; + gap: 24px; +} + +.project-settings-danger-info h3 { + font-size: 0.9375rem; + font-weight: 600; + color: var(--text-primary); + margin-bottom: 4px; +} + +.project-settings-danger-info p { + color: var(--text-tertiary); + font-size: 0.8125rem; + max-width: 400px; +} + +.project-settings-delete-button { + padding: 10px 18px; + background: transparent; + border: 1px solid rgba(239, 68, 68, 0.3); + border-radius: var(--radius-md); + font-size: 0.875rem; + font-weight: 500; + color: var(--error); + cursor: pointer; + transition: all var(--transition-fast); + flex-shrink: 0; +} + +.project-settings-delete-button:hover:not(:disabled) { + background: var(--error-bg); + border-color: rgba(239, 68, 68, 0.5); +} + +.project-settings-delete-button:disabled { + opacity: 0.5; + cursor: not-allowed; +} + +/* Delete Confirmation */ +.project-settings-delete-confirm { + margin-top: 20px; + padding-top: 20px; + border-top: 1px solid rgba(239, 68, 68, 0.2); + animation: project-settings-fade-in 0.2s ease; +} + +.project-settings-delete-confirm p { + color: var(--text-secondary); + font-size: 0.875rem; + margin-bottom: 12px; +} + +.project-settings-delete-confirm strong { + color: var(--text-primary); + font-family: 'JetBrains Mono', 'Fira Code', 'SF Mono', Monaco, monospace; + background: var(--bg-tertiary); + padding: 2px 6px; + border-radius: var(--radius-sm); +} + +.project-settings-delete-confirm-input { + width: 100%; + padding: 12px 14px; + background: var(--bg-tertiary); + border: 1px solid var(--border-primary); + border-radius: var(--radius-md); + font-size: 0.875rem; + color: var(--text-primary); + transition: all var(--transition-fast); + margin-bottom: 16px; +} + +.project-settings-delete-confirm-input:focus { + outline: none; + border-color: var(--error); + box-shadow: 0 0 0 3px rgba(239, 68, 68, 0.15); +} + +.project-settings-delete-confirm-input::placeholder { + color: var(--text-muted); +} + +.project-settings-delete-confirm-actions { + display: flex; + gap: 12px; +} + +.project-settings-confirm-delete-button { + display: flex; + align-items: center; + justify-content: center; + gap: 8px; + padding: 10px 18px; + background: var(--error); + border: none; + border-radius: var(--radius-md); + font-size: 0.875rem; + font-weight: 500; + color: white; + cursor: pointer; + transition: all var(--transition-fast); + min-width: 120px; +} + +.project-settings-confirm-delete-button:hover:not(:disabled) { + opacity: 0.9; +} + +.project-settings-confirm-delete-button:disabled { + opacity: 0.5; + cursor: not-allowed; +} + +.project-settings-cancel-button { + padding: 10px 18px; + background: transparent; + border: 1px solid var(--border-primary); + border-radius: var(--radius-md); + font-size: 0.875rem; + font-weight: 500; + color: var(--text-secondary); + cursor: pointer; + transition: all var(--transition-fast); +} + +.project-settings-cancel-button:hover:not(:disabled) { + background: var(--bg-hover); + border-color: var(--border-secondary); + color: var(--text-primary); +} + +.project-settings-cancel-button:disabled { + opacity: 0.5; + cursor: not-allowed; +} + +.project-settings-delete-spinner { + width: 14px; + height: 14px; + border: 2px solid rgba(255, 255, 255, 0.3); + border-top-color: white; + border-radius: 50%; + animation: project-settings-spin 0.6s linear infinite; +} + +/* Access denied */ +.project-settings-access-denied { + display: flex; + flex-direction: column; + align-items: center; + justify-content: center; + padding: 80px 24px; + text-align: center; +} + +.project-settings-access-denied h2 { + font-size: 1.5rem; + font-weight: 600; + color: var(--text-primary); + margin-bottom: 12px; +} + +.project-settings-access-denied p { + color: var(--text-tertiary); + font-size: 0.9375rem; + max-width: 400px; +} + +/* Responsive */ +@media (max-width: 768px) { + .project-settings-danger-item { + flex-direction: column; + gap: 16px; + } + + .project-settings-delete-button { + align-self: flex-start; + } + + .project-settings-delete-confirm-actions { + flex-direction: column; + } + + .project-settings-confirm-delete-button, + .project-settings-cancel-button { + width: 100%; + } +} diff --git a/frontend/src/pages/ProjectSettingsPage.tsx b/frontend/src/pages/ProjectSettingsPage.tsx new file mode 100644 index 0000000..9acc3cf --- /dev/null +++ b/frontend/src/pages/ProjectSettingsPage.tsx @@ -0,0 +1,308 @@ +import { useState, useEffect, useCallback } from 'react'; +import { useParams, useNavigate } from 'react-router-dom'; +import { Project } from '../types'; +import { + getProject, + updateProject, + deleteProject, + getMyProjectAccess, + UnauthorizedError, + ForbiddenError, +} from '../api'; +import { Breadcrumb } from '../components/Breadcrumb'; +import { AccessManagement } from '../components/AccessManagement'; +import { useAuth } from '../contexts/AuthContext'; +import './ProjectSettingsPage.css'; + +function ProjectSettingsPage() { + const { projectName } = useParams<{ projectName: string }>(); + const navigate = useNavigate(); + const { user } = useAuth(); + + const [project, setProject] = useState(null); + const [loading, setLoading] = useState(true); + const [error, setError] = useState(null); + const [success, setSuccess] = useState(null); + const [accessDenied, setAccessDenied] = useState(false); + const [canAdmin, setCanAdmin] = useState(false); + + // General settings form state + const [description, setDescription] = useState(''); + const [isPublic, setIsPublic] = useState(false); + const [saving, setSaving] = useState(false); + + // Delete confirmation state + const [showDeleteConfirm, setShowDeleteConfirm] = useState(false); + const [deleteConfirmText, setDeleteConfirmText] = useState(''); + const [deleting, setDeleting] = useState(false); + + const loadData = useCallback(async () => { + if (!projectName) return; + + try { + setLoading(true); + setAccessDenied(false); + const [projectData, accessResult] = await Promise.all([ + getProject(projectName), + getMyProjectAccess(projectName), + ]); + setProject(projectData); + setDescription(projectData.description || ''); + setIsPublic(projectData.is_public); + + const hasAdminAccess = accessResult.access_level === 'admin'; + setCanAdmin(hasAdminAccess); + + if (!hasAdminAccess) { + setAccessDenied(true); + } + + setError(null); + } catch (err) { + if (err instanceof UnauthorizedError) { + navigate('/login', { state: { from: `/project/${projectName}/settings` } }); + return; + } + if (err instanceof ForbiddenError) { + setAccessDenied(true); + setLoading(false); + return; + } + setError(err instanceof Error ? err.message : 'Failed to load project'); + } finally { + setLoading(false); + } + }, [projectName, navigate]); + + useEffect(() => { + loadData(); + }, [loadData]); + + const handleSaveSettings = async (e: React.FormEvent) => { + e.preventDefault(); + if (!projectName) return; + + try { + setSaving(true); + setError(null); + const updatedProject = await updateProject(projectName, { + description: description || undefined, + is_public: isPublic, + }); + setProject(updatedProject); + setSuccess('Settings saved successfully'); + setTimeout(() => setSuccess(null), 3000); + } catch (err) { + setError(err instanceof Error ? err.message : 'Failed to save settings'); + } finally { + setSaving(false); + } + }; + + const handleDeleteProject = async () => { + if (!projectName || deleteConfirmText !== projectName) return; + + try { + setDeleting(true); + setError(null); + await deleteProject(projectName); + navigate('/'); + } catch (err) { + setError(err instanceof Error ? err.message : 'Failed to delete project'); + setDeleting(false); + } + }; + + const handleCancelDelete = () => { + setShowDeleteConfirm(false); + setDeleteConfirmText(''); + }; + + if (loading) { + return ( +
+ +
+
+ Loading... +
+
+ ); + } + + if (accessDenied || !canAdmin) { + return ( +
+ +
+

Access Denied

+

You must be a project admin to access settings.

+ {!user && ( +

+ + Sign in + +

+ )} +
+
+ ); + } + + if (!project) { + return ( +
+ +
Project not found
+
+ ); + } + + return ( +
+ + +
+

Project Settings

+

Manage settings for {project.name}

+
+ + {error &&
{error}
} + {success &&
{success}
} + + {/* General Settings Section */} +
+

General

+
+
+ +