[api] Add endpoint that tells you the current API version

common/src/lib.rs

@@ -69,6 +69,18 @@ pub fn now_db_precision() -> chrono::DateTime<chrono::Utc> {
     ts - std::time::Duration::from_nanos(u64::from(only_nanos))
 }
 
+/// The base release version of the Oxide software.
+///
+/// Under current policy, each new release is a major version bump, and
+/// generally referred to only by the major version (e.g. 8.0.0 is referred
+/// to as "v8", "version 8", or "release 8" to customers). The use of semantic
+/// versioning is mostly to hedge for perhaps wanting something more granular in
+/// the future.
+///
+/// This is used in the releng build process (which appends build metadata to
+/// produce the full version string) and by the system version API endpoint.
+pub const RELEASE_VERSION: semver::Version = semver::Version::new(19, 0, 0);
+
 pub const OMICRON_DPD_TAG: &str = "omicron";
 
 /// A wrapper struct that does nothing other than elide the inner value from

dev-tools/releng/Cargo.toml

@@ -14,6 +14,7 @@ clap.workspace = true
 fs-err = { workspace = true, features = ["tokio"] }
 futures.workspace = true
 hex.workspace = true
+omicron-common.workspace = true
 omicron-pins.workspace = true
 omicron-workspace-hack.workspace = true
 omicron-zone-package.workspace = true

dev-tools/releng/src/main.rs

@@ -25,7 +25,6 @@ use clap::Parser;
 use fs_err::tokio as fs;
 use omicron_zone_package::config::Config;
 use omicron_zone_package::config::PackageName;
-use semver::Version;
 use slog::Drain;
 use slog::Logger;
 use slog::debug;
@@ -38,16 +37,6 @@ use tokio::sync::Semaphore;
 use crate::cmd::Command;
 use crate::job::Jobs;
 
-/// The base version we're currently building. Build information is appended to
-/// this later on.
-///
-/// Under current policy, each new release is a major version bump, and
-/// generally referred to only by the major version (e.g. 8.0.0 is referred
-/// to as "v8", "version 8", or "release 8" to customers). The use of semantic
-/// versioning is mostly to hedge for perhaps wanting something more granular in
-/// the future.
-const BASE_VERSION: Version = Version::new(19, 0, 0);
-
 const RETRY_ATTEMPTS: usize = 3;
 
 #[derive(Debug, Clone, Copy)]
@@ -249,7 +238,7 @@ async fn main() -> Result<()> {
         .trim()
         .to_owned();
 
-    let mut version = BASE_VERSION.clone();
+    let mut version = omicron_common::RELEASE_VERSION.clone();
     // Differentiate between CI and local builds. We use `0.word` as the
     // prerelease field because it comes before `alpha`.
     version.pre =

nexus/external-api/output/nexus_tags.txt

@@ -325,6 +325,7 @@ user_builtin_view                        GET      /v1/system/users-builtin/{user
 API operations found with tag "system/status"
 OPERATION ID                             METHOD   URL PATH
 ping                                     GET      /v1/ping
+system_version                           GET      /v1/system/version
 
 API operations found with tag "system/subnet-pools"
 OPERATION ID                             METHOD   URL PATH

nexus/external-api/src/lib.rs

@@ -79,6 +79,7 @@ api_versions!([
     // |  date-based version should be at the top of the list.
     // v
     // (next_yyyy_mm_dd_nn, IDENT),
+    (2026_04_08_00, SYSTEM_VERSION),
     (2026_03_25_00, SUBNET_POOL_UTILIZATION_REMAINING),
     (2026_03_24_00, ADD_ICMPV6_FIREWALL_SUPPORT),
     (2026_03_23_00, RENAME_PREFIX_LEN),
@@ -397,6 +398,26 @@ pub trait NexusExternalApi {
         }))
     }
 
+    // No auth required: this only returns hard-coded values.
+
+    /// Fetch system version
+    ///
+    /// Returns the current version of the Oxide software running on this
+    /// system.
+    #[endpoint {
+        method = GET,
+        path = "/v1/system/version",
+        tags = ["system/status"],
+        versions = VERSION_SYSTEM_VERSION..,
+    }]
+    async fn system_version(
+        _rqctx: RequestContext<Self::Context>,
+    ) -> Result<HttpResponseOk<latest::system::SystemVersion>, HttpError> {
+        Ok(HttpResponseOk(latest::system::SystemVersion {
+            version: omicron_common::RELEASE_VERSION,
+        }))
+    }
+
     /// Fetch top-level IAM policy
     #[endpoint {
         method = GET,

nexus/tests/integration_tests/basic.rs

@@ -557,3 +557,13 @@ async fn test_ping(cptestctx: &ControlPlaneTestContext) {
         .await;
     assert_eq!(health.status, system::PingStatus::Ok);
 }
+
+#[nexus_test]
+async fn test_system_version(cptestctx: &ControlPlaneTestContext) {
+    let client = &cptestctx.external_client;
+
+    let version = NexusRequest::object_get(client, "/v1/system/version")
+        .execute_and_parse_unwrap::<system::SystemVersion>()
+        .await;
+    assert_eq!(version.version, omicron_common::RELEASE_VERSION);
+}

nexus/tests/output/uncovered-authz-endpoints.txt

@@ -16,6 +16,7 @@ console_settings_page                    (get    "/settings/{path}")
 console_system_page                      (get    "/system/{path}")
 console_silo_utilization                 (get    "/utilization")
 ping                                     (get    "/v1/ping")
+system_version                           (get    "/v1/system/version")
 device_auth_request                      (post   "/device/auth")
 device_auth_confirm                      (post   "/device/confirm")
 device_access_token                      (post   "/device/token")

nexus/types/versions/src/latest.rs

@@ -388,6 +388,7 @@ pub mod system {
     pub use crate::v2025_11_20_00::system::AllowListUpdate;
     pub use crate::v2025_11_20_00::system::Ping;
     pub use crate::v2025_11_20_00::system::PingStatus;
+    pub use crate::v2026_04_05_00::system::SystemVersion;
 }
 
 pub mod timeseries {

nexus/types/versions/src/lib.rs

@@ -77,3 +77,5 @@ pub mod v2026_03_14_00;
 pub mod v2026_03_23_00;
 #[path = "subnet_pool_utilization_remaining/mod.rs"]
 pub mod v2026_03_25_00;
+#[path = "system_version/mod.rs"]
+pub mod v2026_04_05_00;

nexus/types/versions/src/system_version/mod.rs

@@ -0,0 +1,9 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+//! Version `SYSTEM_VERSION` of the Nexus external API.
+//!
+//! Adds the `SystemVersion` type for the new `/v1/system/version` endpoint.
+
+pub mod system;

nexus/types/versions/src/system_version/system.rs

@@ -0,0 +1,15 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+//! System types for version `SYSTEM_VERSION`.
+
+use schemars::JsonSchema;
+use serde::{Deserialize, Serialize};
+
+/// The version of the Oxide software running on this system.
+#[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize, JsonSchema)]
+pub struct SystemVersion {
+    /// The current system software version
+    pub version: semver::Version,
+}

openapi/nexus/nexus-2026032500.0.0-cf1221.json.gitstub

@@ -0,0 +1 @@
+254a0c51bc0beecb79c8a9dfccce8e7bc35b5ca4:openapi/nexus/nexus-2026032500.0.0-cf1221.json

openapi/nexus/nexus-2026032500.0.0-cf1221.json → openapi/nexus/nexus-2026040800.0.0-37972f.json

@@ -7,7 +7,7 @@
       "url": "https://oxide.computer",
       "email": "api@oxide.computer"
     },
-    "version": "2026032500.0.0"
+    "version": "2026040800.0.0"
   },
   "paths": {
     "/device/auth": {
@@ -13418,6 +13418,34 @@
         }
       }
     },
+    "/v1/system/version": {
+      "get": {
+        "tags": [
+          "system/status"
+        ],
+        "summary": "Fetch system version",
+        "description": "Returns the current version of the Oxide software running on this system.",
+        "operationId": "system_version",
+        "responses": {
+          "200": {
+            "description": "successful operation",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "$ref": "#/components/schemas/SystemVersion"
+                }
+              }
+            }
+          },
+          "4XX": {
+            "$ref": "#/components/responses/Error"
+          },
+          "5XX": {
+            "$ref": "#/components/responses/Error"
+          }
+        }
+      }
+    },
     "/v1/timeseries/query": {
       "post": {
         "tags": [
@@ -29361,6 +29389,20 @@
           "vlan_id"
         ]
       },
+      "SystemVersion": {
+        "description": "The version of the Oxide software running on this system.",
+        "type": "object",
+        "properties": {
+          "version": {
+            "description": "The current system software version",
+            "type": "string",
+            "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)\\.(0|[1-9]\\d*)(?:-((?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\\.(?:0|[1-9]\\d*|\\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\\+([0-9a-zA-Z-]+(?:\\.[0-9a-zA-Z-]+)*))?$"
+          }
+        },
+        "required": [
+          "version"
+        ]
+      },
       "TargetRelease": {
         "description": "View of a system software target release",
         "type": "object",

openapi/nexus/nexus-latest.json

@@ -1 +1 @@
-nexus-2026032500.0.0-cf1221.json
+nexus-2026040800.0.0-37972f.json