Show warning when VCS integration is not authorized for auto-deployments

[hmacr]

Towards SER-1129

Summary by CodeRabbit

Release Notes

• New Features

  • Version control system deployments now validate authorization status on page load
  • Warning indicator displays when deployment authorization is missing or invalid, with guidance to resolve connection issues

• Improvements

  • Enhanced deployment cards with additional contextual information for better visibility and management

[appwrite]

Console (appwrite/console)

Project ID: 688b7bf400350cbd60e9

Sites (1)

Site	Status	Logs	Preview	QR
console-stage 688b7cf6003b1842c9dc	Ready	View Logs	Preview URL

Tip

Custom domains work with both CNAME for subdomains and NS records for apex domains

[coderabbitai]

Walkthrough

This pull request extends the deploymentSource component with VCS authorization checks. A new authorization flow is introduced in deploymentSource.svelte that fetches repository authorization status on mount using the SDK store and displays a warning tooltip when authorization fails. The siteCard and deploymentCard components are updated to pass resource, region, and project context to DeploymentSource. The page component passes the site object to siteCard via a new prop, enabling the authorization context to flow through the component tree.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically summarizes the main change: displaying a warning for unauthorized VCS integrations in auto-deployments, which aligns with the core changes across modified files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ser-1129

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

Replaced Alert.Inline banners with compact warning icons next to GitHub links when VCS integration is not authorized for auto-deployments. The authorization check now happens in the deploymentSource component via an API call in onMount.

• Changed from full-width warning banner to subtle warning icon with tooltip
• Added vcs.getRepository API call to check authorization status
• Passed resource (site/function) and route params through component chain

Note: The PR description mentions "parallelizing deployment and repository data fetching" but the current implementation fetches repository data after page load in onMount, not in parallel with initial data loading.

Confidence Score: 4/5

• This PR is safe to merge with minor considerations about UX and performance optimization
• The changes are straightforward and well-contained - adding authorization warnings to deployment sources. The implementation is functional, though it doesn't fully deliver on the claimed performance optimization (parallelization) mentioned in the PR description. The authorization check happens after page load rather than in parallel, which may cause minor UI flickering when the warning icon appears.
• src/lib/components/git/deploymentSource.svelte - contains the API call logic that could be optimized

Important Files Changed

Filename	Overview
src/lib/components/git/deploymentSource.svelte	Added API call in onMount to check repository authorization status and display warning icon when unauthorized
src/routes/(console)/project-[region]-[project]/functions/function-[function]/(components)/deploymentCard.svelte	Passed resource and route params to DeploymentSource component
src/routes/(console)/project-[region]-[project]/sites/(components)/siteCard.svelte	Added site prop and passed it along with route params to DeploymentSource
src/routes/(console)/project-[region]-[project]/sites/site-[site]/+page.svelte	Passed site prop to SiteCard component

Sequence Diagram

sequenceDiagram
    participant User
    participant Page
    participant Loader as +page.ts
    participant Component as deploymentSource.svelte
    participant API as VCS API

    User->>Page: Navigate to site/function
    Page->>Loader: Load page data
    Loader->>API: Fetch deployment data
    API-->>Loader: Return deployment
    Loader-->>Page: Return page data
    Page->>Component: Mount with deployment
    Component->>Component: onMount()
    Component->>API: getRepository(installationId, providerRepositoryId)
    API-->>Component: Return repository.authorized
    Component->>Component: Update authorized state
    Component->>User: Show warning icon if authorized === false

Loading

_{Last reviewed commit: de1ef99}

[greptile-apps]

_{4 files reviewed, 4 comments}

_{Edit Code Review Agent Settings | Greptile}

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

src/routes/(console)/project-[region]-[project]/sites/site-[site]/+page.ts (1)

103-110: Avoid swallowing all fetch errors silently.

At Line 108 and Line 129, returning null for every exception hides operational failures. Consider at least logging unexpected errors so production issues remain debuggable.

Suggested pattern

 async function loadDeployment({
@@
 }): Promise<Models.Deployment | null> {
     try {
         return await sdk.forProject(region, project).sites.getDeployment({
             siteId,
             deploymentId
         });
     } catch (error) {
+        console.error('Failed to load site deployment', { siteId, deploymentId, error });
         return null;
     }
 }
@@
 }): Promise<Models.ProviderRepository | null> {
     try {
         return await sdk.forProject(region, project).vcs.getRepository({
             installationId,
             providerRepositoryId
         });
     } catch (error) {
+        console.error('Failed to load site repository', {
+            installationId,
+            providerRepositoryId,
+            error
+        });
         return null;
     }
 }

Also applies to: 124-131

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/routes/`(console)/project-[region]-[project]/sites/site-[site]/+page.ts
around lines 103 - 110, The catch block that wraps
sdk.forProject(...).sites.getDeployment currently swallows all errors and
returns null; change it to detect and handle expected "not found" responses
(e.g., check error.status === 404 or SDK-specific NotFound error) returning null
only in that case, but for all other exceptions log the error with context
(include region, project, siteId, deploymentId) using the project's logger (or
console.error if no logger available) and rethrow or return a meaningful error;
update the catch around sdk.forProject(...).sites.getDeployment (and the similar
block calling the same method) accordingly so operational failures are not
silently hidden.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@src/routes/`(console)/project-[region]-[project]/functions/function-[function]/+page.ts:
- Around line 69-70: The load function currently mutates the module-scoped
queries store by calling queries.set(parsedQueries) after computing
parsedQueries with queryParamToMap(query || '[]'); remove that mutation from the
load function and instead return parsedQueries as part of the load data payload
(e.g., return { parsedQueries }). Then initialize the queries store on the
client: subscribe/ set it inside a client-only context such as a +page.svelte
onMount or a script tag with context="module" avoided—use onMount to call
queries.set(data.parsedQueries) or otherwise subscribe to load data; update the
+page.svelte to read the returned parsedQueries and set the queries store there
so SSR does not mutate shared module state.

In
`@src/routes/`(console)/project-[region]-[project]/sites/site-[site]/+page.svelte:
- Around line 39-44: Replace the generic link text "here" in the Link component
with descriptive copy that conveys the destination (e.g., "Manage GitHub App
installation" or "View GitHub installation settings") and update the Link
(component named Link, href constructed with
data.repository.providerInstallationId) to include an accessible label if
additional context is needed (aria-label) so screen readers see the destination
out of context; ensure the text mentions GitHub and installation/settings to
match the URL.

---

Nitpick comments:
In `@src/routes/`(console)/project-[region]-[project]/sites/site-[site]/+page.ts:
- Around line 103-110: The catch block that wraps
sdk.forProject(...).sites.getDeployment currently swallows all errors and
returns null; change it to detect and handle expected "not found" responses
(e.g., check error.status === 404 or SDK-specific NotFound error) returning null
only in that case, but for all other exceptions log the error with context
(include region, project, siteId, deploymentId) using the project's logger (or
console.error if no logger available) and rethrow or return a meaningful error;
update the catch around sdk.forProject(...).sites.getDeployment (and the similar
block calling the same method) accordingly so operational failures are not
silently hidden.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6965800 and 1e3b03a.

📒 Files selected for processing (4)

• src/routes/(console)/project-[region]-[project]/functions/function-[function]/+page.svelte
• src/routes/(console)/project-[region]-[project]/functions/function-[function]/+page.ts
• src/routes/(console)/project-[region]-[project]/sites/site-[site]/+page.svelte
• src/routes/(console)/project-[region]-[project]/sites/site-[site]/+page.ts

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== filters store definition =="
fd 'store.ts' src/lib/components/filters --exec sed -n '1,160p' {}

echo
echo "== route loaders mutating queries store =="
rg -n -C3 "queries\.set\(" --type ts src/routes

Repository: appwrite/console

Length of output: 17142

---

Move store mutation to client-only context; SSR load functions mutate shared module state.

The queries store is module-scoped (defined once in src/lib/components/filters/store.ts). Calling queries.set() in load functions executes on the server during SSR, where module state persists across concurrent requests. This causes filter state from one request/user to leak into subsequent requests.

Move the mutation outside the load function:

• Return the parsed queries as data from the load function instead of mutating the store
• Subscribe and initialize the store on the client side only
• Or wrap the mutation in a +page.svelte lifecycle hook that runs client-only

This pattern is repeated across multiple routes (domains, messaging, functions, executions, etc.) and should be addressed consistently.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@src/routes/`(console)/project-[region]-[project]/functions/function-[function]/+page.ts
around lines 69 - 70, The load function currently mutates the module-scoped
queries store by calling queries.set(parsedQueries) after computing
parsedQueries with queryParamToMap(query || '[]'); remove that mutation from the
load function and instead return parsedQueries as part of the load data payload
(e.g., return { parsedQueries }). Then initialize the queries store on the
client: subscribe/ set it inside a client-only context such as a +page.svelte
onMount or a script tag with context="module" avoided—use onMount to call
queries.set(data.parsedQueries) or otherwise subscribe to load data; update the
+page.svelte to read the returned parsedQueries and set the queries store there
so SSR does not mutate shared module state.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use descriptive link text instead of “here”.

At Line 43, replace generic link text with destination-specific text so users (and assistive tech) can understand it out of context.

Proposed tweak

-                    here
+                    GitHub installation settings

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@src/routes/`(console)/project-[region]-[project]/sites/site-[site]/+page.svelte
around lines 39 - 44, Replace the generic link text "here" in the Link component
with descriptive copy that conveys the destination (e.g., "Manage GitHub App
installation" or "View GitHub installation settings") and update the Link
(component named Link, href constructed with
data.repository.providerInstallationId) to include an accessible label if
additional context is needed (aria-label) so screen readers see the destination
out of context; ensure the text mentions GitHub and installation/settings to
match the URL.

[greptile-apps]

warning icon could flash in after page loads since authorized starts as null and updates asynchronously

Suggested change

	let authorized = $state(null);
	let authorized = $state<boolean | null>(null);

[greptile-apps]

fetching repository data in onMount happens after page load, not in parallel with initial data loading - consider moving this to the page loaders (+page.ts) using Promise.all for true parallelization as mentioned in the PR description

[coderabbitai]

🧹 Nitpick comments (1)

src/lib/components/git/deploymentSource.svelte (1)

29-41: Optional: Add explicit type to authorized for consistency.

TypeScript strict null checks are currently disabled in this project, so the current declaration works without issues. However, for consistency with similar state declarations elsewhere (e.g., multiSelectTable.svelte), consider explicitly typing the state:

♻️ Proposed fix

-    let authorized = $state(null);
+    let authorized = $state<boolean | null>(null);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/lib/components/git/deploymentSource.svelte` around lines 29 - 41, The
local state variable authorized is declared without an explicit type; update the
declaration of authorized to include an explicit type (matching other components
like multiSelectTable.svelte) such as boolean | null (or the specific
Writable/State type you use) so its intended shape is clear and consistent,
leaving the existing initializer ($state(null)) and keeping loadAuthorized and
its assignment (authorized = repository.authorized) unchanged.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@src/lib/components/git/deploymentSource.svelte`:
- Around line 29-41: The local state variable authorized is declared without an
explicit type; update the declaration of authorized to include an explicit type
(matching other components like multiSelectTable.svelte) such as boolean | null
(or the specific Writable/State type you use) so its intended shape is clear and
consistent, leaving the existing initializer ($state(null)) and keeping
loadAuthorized and its assignment (authorized = repository.authorized)
unchanged.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1e3b03a and de1ef99.

📒 Files selected for processing (4)

• src/lib/components/git/deploymentSource.svelte
• src/routes/(console)/project-[region]-[project]/functions/function-[function]/(components)/deploymentCard.svelte
• src/routes/(console)/project-[region]-[project]/sites/(components)/siteCard.svelte
• src/routes/(console)/project-[region]-[project]/sites/site-[site]/+page.svelte