ctrlplanedev · jsbroks · Mar 31, 2025 · Mar 30, 2025 · Mar 30, 2025 · Mar 30, 2025
diff --git a/apps/event-worker/src/releases/evaluate/index.ts b/apps/event-worker/src/releases/evaluate/index.ts
@@ -0,0 +1,28 @@
+import type { ReleaseEvaluateEvent } from "@ctrlplane/validators/events";
+import { Worker } from "bullmq";
+import _ from "lodash";
+
+import { db } from "@ctrlplane/db/client";
+import { evaluate } from "@ctrlplane/rule-engine";
+import { createCtx, getApplicablePolicies } from "@ctrlplane/rule-engine/db";
+import { Channel } from "@ctrlplane/validators/events";
+
+export const createReleaseEvaluateWorker = () =>
+  new Worker<ReleaseEvaluateEvent>(Channel.ReleaseEvaluate, async (job) => {
+    job.log(
+      `Evaluating release for deployment ${job.data.deploymentId} and resource ${job.data.resourceId}`,
+    );
+
+    const ctx = await createCtx(db, job.data);
+    if (ctx == null) {
+      job.log(
+        `Resource ${job.data.resourceId} not found for deployment ${job.data.deploymentId} and environment ${job.data.environmentId}`,
+      );
+      return;
+    }
+
+    const { workspaceId } = ctx.resource;
+    const policy = await getApplicablePolicies(db, workspaceId, job.data);
+    const result = await evaluate(policy, [], ctx);
+    console.log(result);
+  });
-export const createReleaseEvaluateWorker = () =>
-  new Worker<ReleaseEvaluateEvent>(Channel.ReleaseEvaluate, async (job) => {
-    job.log(
-      `Evaluating release for deployment ${job.data.deploymentId} and resource ${job.data.resourceId}`,
-    );
-
-    const ctx = await createCtx(db, job.data);
-    if (ctx == null) {
-      job.log(
-        `Resource ${job.data.resourceId} not found for deployment ${job.data.deploymentId} and environment ${job.data.environmentId}`,
-      );
-      return;
-    }
-
-    const { workspaceId } = ctx.resource;
-    const policy = await getApplicablePolicies(db, workspaceId, job.data);
-    const result = await evaluate(policy, [], ctx);
-    console.log(result);
-  });
+export const createReleaseEvaluateWorker = () =>
+  new Worker<ReleaseEvaluateEvent>(Channel.ReleaseEvaluate, async (job) => {
+    job.log(
+      `Evaluating release for deployment ${job.data.deploymentId} and resource ${job.data.resourceId}`,
+    );
+
+    try {
+      const ctx = await createCtx(db, job.data);
+      if (ctx == null) {
+        job.log(
+          `Resource ${job.data.resourceId} not found for deployment ${job.data.deploymentId} and environment ${job.data.environmentId}`,
+        );
+        return;
+      }
+
+      const { workspaceId } = ctx.resource;
+      const policy = await getApplicablePolicies(db, workspaceId, job.data);
+      const result = await evaluate(policy, [], ctx);
+      job.log(`Evaluation result: ${JSON.stringify(result)}`);
+    } catch (error) {
+      job.log(`Error during release evaluation: ${error instanceof Error ? error.message : String(error)}`);
+      throw error; // Rethrow to let BullMQ handle the job failure
+    }
+  });
-export const createReleaseEvaluateWorker = () =>
-  new Worker<ReleaseEvaluateEvent>(Channel.ReleaseEvaluate, async (job) => {
-    job.log(
-      `Evaluating release for deployment ${job.data.deploymentId} and resource ${job.data.resourceId}`,
-    );
-
-    const ctx = await createCtx(db, job.data);
-    if (ctx == null) {
-      job.log(
-        `Resource ${job.data.resourceId} not found for deployment ${job.data.deploymentId} and environment ${job.data.environmentId}`,
-      );
-      return;
-    }
-
-    const { workspaceId } = ctx.resource;
-    const policy = await getApplicablePolicies(db, workspaceId, job.data);
-    const result = await evaluate(policy, [], ctx);
-    console.log(result);
-  });
+export const createReleaseEvaluateWorker = () =>
+  new Worker<ReleaseEvaluateEvent>(Channel.ReleaseEvaluate, async (job) => {
+    job.log(
+      `Evaluating release for deployment ${job.data.deploymentId} and resource ${job.data.resourceId}`,
+    );
+
+    try {
+      const ctx = await createCtx(db, job.data);
+      if (ctx == null) {
+        job.log(
+          `Resource ${job.data.resourceId} not found for deployment ${job.data.deploymentId} and environment ${job.data.environmentId}`,
+        );
+        return;
+      }
+
+      const { workspaceId } = ctx.resource;
+      const policy = await getApplicablePolicies(db, workspaceId, job.data);
+      const result = await evaluate(policy, [], ctx);
+      job.log(`Evaluation result: ${JSON.stringify(result)}`);
+    } catch (error) {
+      job.log(`Error during release evaluation: ${error instanceof Error ? error.message : String(error)}`);
+      throw error; // Rethrow to let BullMQ handle the job failure
+    }
+  });
diff --git a/packages/db/src/common.ts b/packages/db/src/common.ts
@@ -1,6 +1,8 @@
 import type { SQL } from "drizzle-orm";
 import type { PgTable } from "drizzle-orm/pg-core";
-import { getTableColumns, sql } from "drizzle-orm";
+import { eq, getTableColumns, ilike, sql } from "drizzle-orm";
+
+import { ColumnOperator } from "@ctrlplane/validators/conditions";
 
 import type { db } from "./client";
 
@@ -19,9 +21,15 @@ export const takeFirstOrNull = <T extends any[]>(
 
 export type Tx = Omit<typeof db, "$client">;
 
+type ColumnKey<T extends PgTable> = keyof T["_"]["columns"];
+type ColumnType<
+  T extends PgTable,
+  Q extends ColumnKey<T>,
+> = T["_"]["columns"][Q];
+
 export const buildConflictUpdateColumns = <
   T extends PgTable,
-  Q extends keyof T["_"]["columns"],
+  Q extends ColumnKey<T>,
 >(
   table: T,
   columns: Q[],
@@ -42,3 +50,16 @@ export function enumToPgEnum<T extends Record<string, any>>(
 ): [T[keyof T], ...T[keyof T][]] {
   return Object.values(myEnum).map((value: any) => `${value}`) as any;
 }
+
+export const ColumnOperatorFn: Record<
+  ColumnOperator,
+  <T extends PgTable, Q extends ColumnKey<T>>(
+    column: ColumnType<T, Q>,
+    value: string,
+  ) => SQL<unknown>
+> = {
+  [ColumnOperator.Equals]: (column, value) => eq(column, value),
+  [ColumnOperator.StartsWith]: (column, value) => ilike(column, `${value}%`),
+  [ColumnOperator.EndsWith]: (column, value) => ilike(column, `%${value}`),
+  [ColumnOperator.Contains]: (column, value) => ilike(column, `%${value}%`),
+};
diff --git a/packages/db/src/schema/deployment.ts b/packages/db/src/schema/deployment.ts
@@ -1,7 +1,7 @@
-import type { DeploymentCondition } from "@ctrlplane/validators/jobs";
+import type { DeploymentCondition } from "@ctrlplane/validators/deployments";
 import type { ResourceCondition } from "@ctrlplane/validators/resources";
 import type { InferSelectModel, SQL } from "drizzle-orm";
-import { relations, sql } from "drizzle-orm";
+import { and, eq, not, or, relations, sql } from "drizzle-orm";
 import {
   integer,
   jsonb,
@@ -13,12 +13,13 @@ import {
 import { createInsertSchema } from "drizzle-zod";
 import { z } from "zod";
 
+import { ComparisonOperator } from "@ctrlplane/validators/conditions";
 import {
   isValidResourceCondition,
   resourceCondition,
 } from "@ctrlplane/validators/resources";
 
-import type { Tx } from "../common.js";
+import { ColumnOperatorFn } from "../common.js";
 import { jobAgent } from "./job-agent.js";
 import { system } from "./system.js";
 
@@ -117,11 +118,25 @@ export const deploymentDependency = pgTable(
   (t) => ({ uniq: uniqueIndex().on(t.dependsOnId, t.deploymentId) }),
 );
 
-export function deploymentMatchSelector(
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  tx: Tx,
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  metadata?: DeploymentCondition | null,
-): SQL<unknown> | undefined {
-  throw new Error("Not implemented");
-}
+const buildCondition = (cond: DeploymentCondition): SQL<unknown> => {
+  if (cond.type === "name")
+    return ColumnOperatorFn[cond.operator](deployment.name, cond.value);
+  if (cond.type === "slug")
+    return ColumnOperatorFn[cond.operator](deployment.slug, cond.value);
+  if (cond.type === "system") return eq(deployment.systemId, cond.value);
+  if (cond.type === "id") return eq(deployment.id, cond.value);
+
+  if (cond.conditions.length === 0) return sql`FALSE`;
+
+  const subCon = cond.conditions.map((c) => buildCondition(c));
+  const con =
+    cond.operator === ComparisonOperator.And ? and(...subCon)! : or(...subCon)!;
+  return cond.not ? not(con) : con;
+};
+
+export const deploymentMatchSelector = (
+  condition?: DeploymentCondition | null,
+): SQL<unknown> | undefined =>
+  condition == null || Object.keys(condition).length === 0
+    ? undefined
+    : buildCondition(condition);
diff --git a/packages/db/src/schema/environment.ts b/packages/db/src/schema/environment.ts
@@ -1,8 +1,9 @@
-import type { EnvironmentCondition } from "@ctrlplane/validators/jobs";
+import type { MetadataCondition } from "@ctrlplane/validators/conditions";
+import type { EnvironmentCondition } from "@ctrlplane/validators/environments";
 import type { ResourceCondition } from "@ctrlplane/validators/resources";
 import type { InferSelectModel, SQL } from "drizzle-orm";
 import type { AnyPgColumn, ColumnsWithTable } from "drizzle-orm/pg-core";
-import { sql } from "drizzle-orm";
+import { and, eq, exists, ilike, not, notExists, or, sql } from "drizzle-orm";
 import {
   bigint,
   foreignKey,
@@ -18,12 +19,17 @@ import {
 import { createInsertSchema } from "drizzle-zod";
 import { z } from "zod";
 
+import {
+  ComparisonOperator,
+  MetadataOperator,
+} from "@ctrlplane/validators/conditions";
 import {
   isValidResourceCondition,
   resourceCondition,
 } from "@ctrlplane/validators/resources";
 
 import type { Tx } from "../common.js";
+import { ColumnOperatorFn } from "../common.js";
 import { user } from "./auth.js";
 import { deploymentVersion } from "./deployment-version.js";
 import { system } from "./system.js";
@@ -280,11 +286,114 @@ export type EnvironmentPolicyApproval = InferSelectModel<
   typeof environmentPolicyApproval
 >;
 
+const buildMetadataCondition = (tx: Tx, cond: MetadataCondition): SQL => {
+  if (cond.operator === MetadataOperator.Null)
+    return notExists(
+      tx
+        .select({ value: sql<number>`1` })
+        .from(environmentMetadata)
+        .where(
+          and(
+            eq(environmentMetadata.environmentId, environment.id),
+            eq(environmentMetadata.key, cond.key),
+          ),
+        ),
+    );
+
+  if (cond.operator === MetadataOperator.StartsWith)
+    return exists(
+      tx
+        .select({ value: sql<number>`1` })
+        .from(environmentMetadata)
+        .where(
+          and(
+            eq(environmentMetadata.environmentId, environment.id),
+            eq(environmentMetadata.key, cond.key),
+            ilike(environmentMetadata.value, `${cond.value}%`),
+          ),
+        ),
+    );
+
+  if (cond.operator === MetadataOperator.EndsWith)
+    return exists(
+      tx
+        .select({ value: sql<number>`1` })
+        .from(environmentMetadata)
+        .where(
+          and(
+            eq(environmentMetadata.environmentId, environment.id),
+            eq(environmentMetadata.key, cond.key),
+            ilike(environmentMetadata.value, `%${cond.value}`),
+          ),
+        ),
+    );
+
+  if (cond.operator === MetadataOperator.Contains)
+    return exists(
+      tx
+        .select({ value: sql<number>`1` })
+        .from(environmentMetadata)
+        .where(
+          and(
+            eq(environmentMetadata.environmentId, environment.id),
+            eq(environmentMetadata.key, cond.key),
+            ilike(environmentMetadata.value, `%${cond.value}%`),
+          ),
+        ),
+    );
+
+  if ("value" in cond)
+    return exists(
+      tx
+        .select({ value: sql<number>`1` })
+        .from(environmentMetadata)
+        .where(
+          and(
+            eq(environmentMetadata.environmentId, environment.id),
+            eq(environmentMetadata.key, cond.key),
+            eq(environmentMetadata.value, cond.value),
+          ),
+        ),
+    );
+
+  throw Error("invalid metadata conditions");
+};
+
+const buildCondition = (
+  tx: Tx,
+  condition: EnvironmentCondition,
+): SQL<unknown> => {
+  if (condition.type === "name")
+    return ColumnOperatorFn[condition.operator](
+      environment.name,
+      condition.value,
+    );
+  if (condition.type === "directory")
+    return ColumnOperatorFn[condition.operator](
+      environment.directory,
+      condition.value,
+    );
+  if (condition.type === "system")
+    return eq(environment.systemId, condition.value);
+  if (condition.type === "id") return eq(environment.id, condition.value);
+  if (condition.type === "metadata")
+    return buildMetadataCondition(tx, condition);
+
+  if (condition.conditions.length === 0) return sql`FALSE`;
+
+  const subCon = condition.conditions.map((c) => buildCondition(tx, c));
+  const con =
+    condition.operator === ComparisonOperator.And
+      ? and(...subCon)!
+      : or(...subCon)!;
+  return condition.not ? not(con) : con;
+};
+
 export function environmentMatchSelector(
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
   tx: Tx,
-  // eslint-disable-next-line @typescript-eslint/no-unused-vars
-  metadata?: EnvironmentCondition | null,
+  condition?: EnvironmentCondition | null,
 ): SQL<unknown> | undefined {
-  throw new Error("Not implemented");
+  return condition == null || Object.keys(condition).length === 0
+    ? undefined
+    : buildCondition(tx, condition);
 }
diff --git a/packages/db/src/schema/policy.ts b/packages/db/src/schema/policy.ts
@@ -1,3 +1,5 @@
+import type { DeploymentCondition } from "@ctrlplane/validators/deployments";
+import type { EnvironmentCondition } from "@ctrlplane/validators/environments";
 import type { InferSelectModel } from "drizzle-orm";
 import type { Options } from "rrule";
 import { sql } from "drizzle-orm";
@@ -13,6 +15,9 @@ import {
 import { createInsertSchema } from "drizzle-zod";
 import { z } from "zod";
 
+import { deploymentCondition } from "@ctrlplane/validators/deployments";
+import { environmentCondition } from "@ctrlplane/validators/environments";
+
 import { workspace } from "./workspace.js";
 
 export const policy = pgTable("policy", {
@@ -38,8 +43,12 @@ export const policyTarget = pgTable("policy_target", {
   policyId: uuid("policy_id")
     .notNull()
     .references(() => policy.id, { onDelete: "cascade" }),
-  deploymentSelector: jsonb("deployment_selector").default(sql`NULL`),
-  environmentSelector: jsonb("environment_selector").default(sql`NULL`),
+  deploymentSelector: jsonb("deployment_selector")
+    .default(sql`NULL`)
+    .$type<DeploymentCondition | null>(),
+  environmentSelector: jsonb("environment_selector")
+    .default(sql`NULL`)
+    .$type<EnvironmentCondition | null>(),
 });
 
 export const policyRuleDenyWindow = pgTable("policy_rule_deny_window", {
@@ -74,8 +83,8 @@ const policyInsertSchema = createInsertSchema(policy, {
 
 const policyTargetInsertSchema = createInsertSchema(policyTarget, {
   policyId: z.string().uuid(),
-  deploymentSelector: z.record(z.any()).optional(),
-  environmentSelector: z.record(z.any()).optional(),
+  deploymentSelector: deploymentCondition.nullable(),
+  environmentSelector: environmentCondition.nullable(),
 }).omit({ id: true });
 
 // Define the structure of RRule Options for Zod validation

diff --git a/packages/rule-engine/package.json b/packages/rule-engine/package.json
@@ -30,6 +30,7 @@
     "date-fns": "^4.1.0",
     "lodash": "catalog:",
     "rrule": "^2.8.1",
+    "ts-is-present": "catalog:",
     "zod": "catalog:"
   },
   "devDependencies": {