chore: move process env to env in modern

[mikeallisonJS]

Summary by CodeRabbit

• Chores
  • Centralized environment variable configuration management across the system for improved consistency and maintainability.
  • Updated infrastructure configuration to streamline service credential and URL handling.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR centralizes environment variable access across the api-journeys-modern module by replacing direct process.env calls with a centralized env module. The env.ts configuration is updated with new environment variables (CLOUDFLARE_UPLOAD_KEY, FACEBOOK_APP_ID/SECRET, FIREBASE_API_KEY, GATEWAY_HMAC_SECRET, GATEWAY_URL, GROWTH_SPACES_URL, INTEROP_TOKEN, JOURNEYS_ADMIN_URL, JOURNEYS_REVALIDATE_ACCESS_TOKEN, JOURNEYS_URL, REDIS_PORT/URL, SERVICE_VERSION) and INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET is re-added. Multiple service files and their corresponding tests are updated to use centralized env access.

Changes

Cohort / File(s)	Summary
Core Environment Configuration apis/api-journeys-modern/src/env.ts	Added 13 new environment variables; replaced/re-added INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET; introduced Redis-related defaults and SERVICE_VERSION
	apis/api-journeys-modern/test/env.mock.ts
	apis/api-journeys-modern/infrastructure/locals.tf
Email Templates & Services apis/api-journeys-modern/src/emails/templates/TeamRemoved/TeamRemoved.tsx	Replaced process.env.JOURNEYS_ADMIN_URL with env.JOURNEYS_ADMIN_URL in ActionButton URL
	apis/api-journeys-modern/src/workers/email/service/service.ts
	apis/api-journeys-modern/src/workers/emailEvents/service/service.ts
Journey & Video Schema apis/api-journeys-modern/src/schema/journey/simple/updateSimpleJourney.ts	Replaced 5 process.env calls with env-based access (GATEWAY_URL, INTEROP_TOKEN, SERVICE_VERSION, CLOUDFLARE_UPLOAD_KEY, FIREBASE_API_KEY)
	apis/api-journeys-modern/src/schema/journey/simple/updateSimpleJourney.spec.ts
	apis/api-journeys-modern/src/schema/block/video/service.ts
	apis/api-journeys-modern/src/schema/block/video/service.spec.ts
Integration & Auth apis/api-journeys-modern/src/schema/integration/growthSpaces/growthSpaces.ts	Replaced process.env access with env module for INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET and GROWTH_SPACES_URL
	apis/api-journeys-modern/src/schema/integration/google/googleCreate.mutation.spec.ts
	apis/api-journeys-modern/src/schema/integration/google/googleUpdate.mutation.spec.ts
	apis/api-journeys-modern/src/lib/google/googleAuth.spec.ts
Worker Services apis/api-journeys-modern/src/workers/lib/connection.ts	Migrated Redis configuration from inline process.env with defaults to centralized env module (REDIS_URL, REDIS_PORT)
	apis/api-journeys-modern/src/workers/revalidate/service/service.ts
	apis/api-journeys-modern/src/workers/revalidate/service/service.spec.ts
	apis/api-journeys-modern/src/workers/shortlinkUpdater/service/service.ts
Yoga Configuration apis/api-journeys-modern/src/yoga.ts	Replaced process.env.GATEWAY_HMAC_SECRET with env.GATEWAY_HMAC_SECRET in HMAC validation plugin

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Areas requiring extra attention:

• env.ts schema changes: Verify all new environment variables have correct validation rules; confirm INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET re-addition doesn't conflict with earlier removal
• test/env.mock.ts alignment: Ensure all new env variables have corresponding test mocks and that hardcoded test values are appropriate for testing
• Test isolation: Review removal of env variable setup/teardown in multiple .spec.ts files to ensure tests remain properly isolated and don't depend on external environment state
• Runtime validation changes: In revalidate/service/service.ts, the removal of precondition checks for missing env values shifts validation to runtime (after fetch); confirm this aligns with intended behavior
• Infrastructure configuration: Verify locals.tf additions provide all required variables for deployment

Possibly related PRs

• feat: add google auth integration to backend  #8310: Introduced the centralized env module that this PR builds upon
• feat: implement Cloudflare image upload functionality in updateSimpleJourney #7229: Related Cloudflare upload changes in updateSimpleJourney that integrate with env-based CLOUDFLARE_UPLOAD_KEY
• refactor: remove prettier render options in email services #5517: Modifies the same email service code with environment centralization changes

Suggested reviewers

• tanflem

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 21.43% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main refactoring: migrating direct process.env usage to a centralized env module across the modern API codebase.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 00-00-MA-chore-replace-process-env-modern

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d457d2d and 2c51c17.

📒 Files selected for processing (1)

• apis/api-journeys-modern/infrastructure/locals.tf (2 hunks)

🧰 Additional context used

🧠 Learnings (7)

📓 Common learnings

Learnt from: mikeallisonJS
Repo: JesusFilm/core PR: 8156
File: apis/api-journeys-modern/src/lib/google/googleAuth.ts:0-0
Timestamp: 2025-11-11T23:22:02.196Z
Learning: In apis/api-journeys-modern, use the validated `env` object from `../../env` instead of accessing `process.env` directly for environment variables that are defined in env.ts (e.g., GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET). This eliminates the need for runtime validation checks since Zod validates them at application startup.

📚 Learning: 2025-11-11T23:22:02.196Z

Learnt from: mikeallisonJS
Repo: JesusFilm/core PR: 8156
File: apis/api-journeys-modern/src/lib/google/googleAuth.ts:0-0
Timestamp: 2025-11-11T23:22:02.196Z
Learning: In apis/api-journeys-modern, use the validated `env` object from `../../env` instead of accessing `process.env` directly for environment variables that are defined in env.ts (e.g., GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET). This eliminates the need for runtime validation checks since Zod validates them at application startup.

Applied to files:

• apis/api-journeys-modern/infrastructure/locals.tf

📚 Learning: 2025-07-22T18:37:46.814Z

Learnt from: CR
Repo: JesusFilm/core PR: 0
File: .cursor/rules/infrastructure.mdc:0-0
Timestamp: 2025-07-22T18:37:46.814Z
Learning: Applies to infrastructure/**/*.{tf,tfvars} : Avoid hardcoding sensitive values (e.g., passwords, API keys); instead, use Vault or environment variables.

Applied to files:

• apis/api-journeys-modern/infrastructure/locals.tf

📚 Learning: 2025-07-22T18:37:46.814Z

Learnt from: CR
Repo: JesusFilm/core PR: 0
File: .cursor/rules/infrastructure.mdc:0-0
Timestamp: 2025-07-22T18:37:46.814Z
Learning: Applies to infrastructure/**/*.{tf,tfvars} : Avoid hardcoded values; always use variables for flexibility.

Applied to files:

• apis/api-journeys-modern/infrastructure/locals.tf

📚 Learning: 2025-07-22T18:37:46.814Z

Learnt from: CR
Repo: JesusFilm/core PR: 0
File: .cursor/rules/infrastructure.mdc:0-0
Timestamp: 2025-07-22T18:37:46.814Z
Learning: Applies to infrastructure/**/*.{tf} : Use validation rules for variables to prevent incorrect input values.

Applied to files:

• apis/api-journeys-modern/infrastructure/locals.tf

📚 Learning: 2025-07-22T18:37:46.814Z

Learnt from: CR
Repo: JesusFilm/core PR: 0
File: .cursor/rules/infrastructure.mdc:0-0
Timestamp: 2025-07-22T18:37:46.814Z
Learning: Applies to infrastructure/**/*.{tf} : Utilize workspaces for environment separation (e.g., dev, staging, prod).

Applied to files:

• apis/api-journeys-modern/infrastructure/locals.tf

📚 Learning: 2025-11-13T20:28:24.049Z

Learnt from: mikeallisonJS
Repo: JesusFilm/core PR: 8310
File: apis/api-journeys-modern/src/schema/integration/google/googleUpdate.mutation.ts:93-102
Timestamp: 2025-11-13T20:28:24.049Z
Learning: In the Integration model for apis/api-journeys-modern, the fields `accessId` and `accessSecretPart` are specific to the GrowthSpaces integration type and are not used for Google integrations. Google integrations use encrypted OAuth credentials via `accessSecretCipherText`, `accessSecretIv`, `accessSecretTag`, and `accountEmail` fields instead.

Applied to files:

• apis/api-journeys-modern/infrastructure/locals.tf

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: test (22, 2/3)
• GitHub Check: test (22, 1/3)
• GitHub Check: test (22, 3/3)
• GitHub Check: affected (22)
• GitHub Check: Analyze (javascript)
• GitHub Check: lint (22)

🔇 Additional comments (1)

apis/api-journeys-modern/infrastructure/locals.tf (1)

6-8: Environment variables are properly defined and validated in env.ts.

All four environment variables added to locals.tf are correctly defined in apis/api-journeys-modern/src/env.ts with appropriate Zod validation schemas:

• CLOUDFLARE_UPLOAD_KEY (line 12)
• FACEBOOK_APP_ID (line 13)
• FACEBOOK_APP_SECRET (line 14)
• JOURNEYS_REVALIDATE_ACCESS_TOKEN (line 24)

Each uses z.string().trim().min(1), ensuring non-empty string validation at startup. The infrastructure change is complete and consistent with the codebase.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 2c51c17

Command	Status	Duration	Result
nx affected --target=subgraph-check --base=b770...	✅ Succeeded	1s	View ↗
nx affected --target=extract-translations --bas...	✅ Succeeded	<1s	View ↗
nx affected --target=lint --base=b770e495ecd758...	✅ Succeeded	24s	View ↗
nx affected --target=type-check --base=b770e495...	✅ Succeeded	17s	View ↗
nx run-many --target=codegen --all --parallel=3	✅ Succeeded	1s	View ↗
nx run-many --target=prisma-generate --all --pa...	✅ Succeeded	6s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-11-26 23:48:34 UTC

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

apis/api-journeys-modern/src/workers/server.ts (1)

4-4: Unused import.

The env module is imported but not used in this file.

Apply this diff to remove the unused import:

-import { env } from '../env'
-
 import { connection } from './lib/connection'

apis/api-journeys-modern/src/schema/builder.ts (1)

23-23: Unused import.

The env module is imported but not used in this file.

Apply this diff to remove the unused import:

 import { Prisma, prisma } from '@core/prisma/journeys/client'
 
-import { env } from '../env'
-
 import { AuthScopes, Context, authScopes } from './authScopes'

apis/api-journeys-modern/src/workers/cli.ts (1)

4-4: Unused import.

The env module is imported but not used in this file.

Apply this diff to remove the unused import:

-import { env } from '../env'
-
 import { connection } from './lib/connection'

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b770e49 and d457d2d.

📒 Files selected for processing (21)

• apis/api-journeys-modern/src/emails/templates/TeamRemoved/TeamRemoved.tsx (2 hunks)
• apis/api-journeys-modern/src/env.ts (1 hunks)
• apis/api-journeys-modern/src/lib/google/googleAuth.spec.ts (0 hunks)
• apis/api-journeys-modern/src/schema/block/video/service.spec.ts (0 hunks)
• apis/api-journeys-modern/src/schema/block/video/service.ts (3 hunks)
• apis/api-journeys-modern/src/schema/builder.ts (1 hunks)
• apis/api-journeys-modern/src/schema/integration/google/googleCreate.mutation.spec.ts (0 hunks)
• apis/api-journeys-modern/src/schema/integration/google/googleUpdate.mutation.spec.ts (0 hunks)
• apis/api-journeys-modern/src/schema/integration/growthSpaces/growthSpaces.ts (2 hunks)
• apis/api-journeys-modern/src/schema/journey/simple/updateSimpleJourney.spec.ts (0 hunks)
• apis/api-journeys-modern/src/schema/journey/simple/updateSimpleJourney.ts (4 hunks)
• apis/api-journeys-modern/src/workers/cli.ts (1 hunks)
• apis/api-journeys-modern/src/workers/email/service/service.ts (5 hunks)
• apis/api-journeys-modern/src/workers/emailEvents/service/service.ts (2 hunks)
• apis/api-journeys-modern/src/workers/lib/connection.ts (1 hunks)
• apis/api-journeys-modern/src/workers/revalidate/service/service.spec.ts (0 hunks)
• apis/api-journeys-modern/src/workers/revalidate/service/service.ts (3 hunks)
• apis/api-journeys-modern/src/workers/server.ts (1 hunks)
• apis/api-journeys-modern/src/workers/shortlinkUpdater/service/service.ts (3 hunks)
• apis/api-journeys-modern/src/yoga.ts (2 hunks)
• apis/api-journeys-modern/test/env.mock.ts (1 hunks)

💤 Files with no reviewable changes (6)

• apis/api-journeys-modern/src/schema/block/video/service.spec.ts
• apis/api-journeys-modern/src/workers/revalidate/service/service.spec.ts
• apis/api-journeys-modern/src/lib/google/googleAuth.spec.ts
• apis/api-journeys-modern/src/schema/integration/google/googleUpdate.mutation.spec.ts
• apis/api-journeys-modern/src/schema/integration/google/googleCreate.mutation.spec.ts
• apis/api-journeys-modern/src/schema/journey/simple/updateSimpleJourney.spec.ts

🧰 Additional context used

📓 Path-based instructions (2)

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (.cursor/rules/base.mdc)

**/*.{ts,tsx,js,jsx}: Use early returns whenever possible to make the code more readable.
Use descriptive variable and function/const names.
Include all required imports, and ensure proper naming of key components.

Files:

• apis/api-journeys-modern/src/workers/cli.ts
• apis/api-journeys-modern/src/schema/integration/growthSpaces/growthSpaces.ts
• apis/api-journeys-modern/src/workers/emailEvents/service/service.ts
• apis/api-journeys-modern/src/yoga.ts
• apis/api-journeys-modern/src/workers/revalidate/service/service.ts
• apis/api-journeys-modern/src/workers/email/service/service.ts
• apis/api-journeys-modern/src/schema/builder.ts
• apis/api-journeys-modern/src/schema/block/video/service.ts
• apis/api-journeys-modern/src/schema/journey/simple/updateSimpleJourney.ts
• apis/api-journeys-modern/src/workers/shortlinkUpdater/service/service.ts
• apis/api-journeys-modern/src/workers/server.ts
• apis/api-journeys-modern/src/emails/templates/TeamRemoved/TeamRemoved.tsx
• apis/api-journeys-modern/src/workers/lib/connection.ts
• apis/api-journeys-modern/src/env.ts
• apis/api-journeys-modern/test/env.mock.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/base.mdc)

Define a type if possible.

Files:

• apis/api-journeys-modern/src/workers/cli.ts
• apis/api-journeys-modern/src/schema/integration/growthSpaces/growthSpaces.ts
• apis/api-journeys-modern/src/workers/emailEvents/service/service.ts
• apis/api-journeys-modern/src/yoga.ts
• apis/api-journeys-modern/src/workers/revalidate/service/service.ts
• apis/api-journeys-modern/src/workers/email/service/service.ts
• apis/api-journeys-modern/src/schema/builder.ts
• apis/api-journeys-modern/src/schema/block/video/service.ts
• apis/api-journeys-modern/src/schema/journey/simple/updateSimpleJourney.ts
• apis/api-journeys-modern/src/workers/shortlinkUpdater/service/service.ts
• apis/api-journeys-modern/src/workers/server.ts
• apis/api-journeys-modern/src/emails/templates/TeamRemoved/TeamRemoved.tsx
• apis/api-journeys-modern/src/workers/lib/connection.ts
• apis/api-journeys-modern/src/env.ts
• apis/api-journeys-modern/test/env.mock.ts

🧠 Learnings (13)

📓 Common learnings

Learnt from: mikeallisonJS
Repo: JesusFilm/core PR: 8156
File: apis/api-journeys-modern/src/lib/google/googleAuth.ts:0-0
Timestamp: 2025-11-11T23:22:02.196Z
Learning: In apis/api-journeys-modern, use the validated `env` object from `../../env` instead of accessing `process.env` directly for environment variables that are defined in env.ts (e.g., GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET). This eliminates the need for runtime validation checks since Zod validates them at application startup.

📚 Learning: 2025-11-11T23:22:02.196Z

Learnt from: mikeallisonJS
Repo: JesusFilm/core PR: 8156
File: apis/api-journeys-modern/src/lib/google/googleAuth.ts:0-0
Timestamp: 2025-11-11T23:22:02.196Z
Learning: In apis/api-journeys-modern, use the validated `env` object from `../../env` instead of accessing `process.env` directly for environment variables that are defined in env.ts (e.g., GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET). This eliminates the need for runtime validation checks since Zod validates them at application startup.

Applied to files:

• apis/api-journeys-modern/src/workers/cli.ts
• apis/api-journeys-modern/src/schema/integration/growthSpaces/growthSpaces.ts
• apis/api-journeys-modern/src/workers/emailEvents/service/service.ts
• apis/api-journeys-modern/src/yoga.ts
• apis/api-journeys-modern/src/workers/revalidate/service/service.ts
• apis/api-journeys-modern/src/workers/email/service/service.ts
• apis/api-journeys-modern/src/schema/builder.ts
• apis/api-journeys-modern/src/schema/block/video/service.ts
• apis/api-journeys-modern/src/schema/journey/simple/updateSimpleJourney.ts
• apis/api-journeys-modern/src/workers/shortlinkUpdater/service/service.ts
• apis/api-journeys-modern/src/workers/server.ts
• apis/api-journeys-modern/src/emails/templates/TeamRemoved/TeamRemoved.tsx
• apis/api-journeys-modern/src/workers/lib/connection.ts
• apis/api-journeys-modern/src/env.ts
• apis/api-journeys-modern/test/env.mock.ts

📚 Learning: 2025-08-29T01:44:57.096Z

Learnt from: mikeallisonJS
Repo: JesusFilm/core PR: 7560
File: libs/prisma/users/eslint.config.mjs:1-3
Timestamp: 2025-08-29T01:44:57.096Z
Learning: In libs/prisma/users/eslint.config.mjs, the centralized ESLint config doesn't cause import/no-useless-path-segments rule violations for the Prisma import patterns used in this file, so no local rule override is needed when switching to the shared config.

Applied to files:

• apis/api-journeys-modern/src/workers/cli.ts

📚 Learning: 2025-08-29T01:44:56.258Z

Learnt from: mikeallisonJS
Repo: JesusFilm/core PR: 7560
File: libs/prisma/languages/eslint.config.mjs:1-3
Timestamp: 2025-08-29T01:44:56.258Z
Learning: In libs/prisma/languages/eslint.config.mjs, the shared ESLint config's import/no-useless-path-segments rule does not actually trigger false positives for .prisma client imports despite the rule being enabled, so no local override is needed when switching to the shared commonConfig.

Applied to files:

• apis/api-journeys-modern/src/workers/cli.ts

📚 Learning: 2025-07-22T18:37:24.555Z

Learnt from: CR
Repo: JesusFilm/core PR: 0
File: .cursor/rules/base.mdc:0-0
Timestamp: 2025-07-22T18:37:24.555Z
Learning: Applies to **/*.{ts,tsx,js,jsx} : Include all required imports, and ensure proper naming of key components.

Applied to files:

• apis/api-journeys-modern/src/workers/cli.ts

📚 Learning: 2025-11-13T20:28:24.049Z

Learnt from: mikeallisonJS
Repo: JesusFilm/core PR: 8310
File: apis/api-journeys-modern/src/schema/integration/google/googleUpdate.mutation.ts:93-102
Timestamp: 2025-11-13T20:28:24.049Z
Learning: In the Integration model for apis/api-journeys-modern, the fields `accessId` and `accessSecretPart` are specific to the GrowthSpaces integration type and are not used for Google integrations. Google integrations use encrypted OAuth credentials via `accessSecretCipherText`, `accessSecretIv`, `accessSecretTag`, and `accountEmail` fields instead.

Applied to files:

• apis/api-journeys-modern/src/schema/integration/growthSpaces/growthSpaces.ts
• apis/api-journeys-modern/src/env.ts
• apis/api-journeys-modern/test/env.mock.ts

📚 Learning: 2025-08-18T17:23:02.876Z

Learnt from: tanflem
Repo: JesusFilm/core PR: 7464
File: apis/api-media/src/workers/processVideoUploads/service/service.ts:300-303
Timestamp: 2025-08-18T17:23:02.876Z
Learning: In the Video GraphQL schema, the slug field is defined as nullable: false with a resolver that returns slug ?? '', meaning it will never be null but could be an empty string if the underlying data is null/undefined.

Applied to files:

• apis/api-journeys-modern/src/schema/block/video/service.ts

📚 Learning: 2025-09-29T23:03:36.840Z

Learnt from: mikeallisonJS
Repo: JesusFilm/core PR: 7629
File: apis/api-journeys-modern/src/schema/event/utils.ts:43-60
Timestamp: 2025-09-29T23:03:36.840Z
Learning: In the JesusFilm/core repository, do not recommend using Prisma's `upsert` operation for `JourneyVisitor` creation in `apis/api-journeys-modern/src/schema/event/utils.ts` as it is not race condition safe for this use case. The current `findUnique` then `create` pattern is the preferred approach.

Applied to files:

• apis/api-journeys-modern/src/schema/journey/simple/updateSimpleJourney.ts

📚 Learning: 2025-08-20T21:51:25.797Z

Learnt from: mikeallisonJS
Repo: JesusFilm/core PR: 7486
File: apis/api-journeys-modern/schema.graphql:1068-1074
Timestamp: 2025-08-20T21:51:25.797Z
Learning: Before suggesting type changes during API migrations, always verify the existing implementation to ensure consistency is maintained. The migration to api-journeys-modern should preserve the same field types as the original api-journeys schema.

Applied to files:

• apis/api-journeys-modern/src/schema/journey/simple/updateSimpleJourney.ts

📚 Learning: 2025-09-19T18:48:41.906Z

Learnt from: CR
Repo: JesusFilm/core PR: 0
File: apps/watch/AGENTS.md:0-0
Timestamp: 2025-09-19T18:48:41.906Z
Learning: Applies to apps/watch/src/**/*.{tsx} : Navigation: design link-based content discovery through components

Applied to files:

• apis/api-journeys-modern/src/emails/templates/TeamRemoved/TeamRemoved.tsx

📚 Learning: 2025-09-19T18:48:41.906Z

Learnt from: CR
Repo: JesusFilm/core PR: 0
File: apps/watch/AGENTS.md:0-0
Timestamp: 2025-09-19T18:48:41.906Z
Learning: Applies to apps/watch/pages/**/*.{tsx} : Use <Link> for navigation instead of custom click handlers

Applied to files:

• apis/api-journeys-modern/src/emails/templates/TeamRemoved/TeamRemoved.tsx

📚 Learning: 2025-02-25T22:33:13.028Z

Learnt from: tataihono
Repo: JesusFilm/core PR: 5351
File: libs/journeys/ui/src/components/Video/InitAndPlay/getMuxMetadata/getMuxMetadata.ts:58-69
Timestamp: 2025-02-25T22:33:13.028Z
Learning: Sensitive configuration values like API keys, tokens, and environment-specific settings should not be hardcoded in the source code. They should be moved to environment variables or a secure configuration management system.

Applied to files:

• apis/api-journeys-modern/src/env.ts

📚 Learning: 2025-11-16T21:30:53.412Z

Learnt from: Kneesal
Repo: JesusFilm/core PR: 8309
File: apps/journeys-admin/setupTests.tsx:47-51
Timestamp: 2025-11-16T21:30:53.412Z
Learning: In apps/journeys-admin/setupTests.tsx, the `document.clearImmediate` mock is required for tests involving the mux upload provider, as an underlying library uses clearImmediate for timeout management to prevent race conditions and unnecessary polling calls.

Applied to files:

• apis/api-journeys-modern/test/env.mock.ts

🧬 Code graph analysis (10)

apis/api-journeys-modern/src/schema/integration/growthSpaces/growthSpaces.ts (2)

apis/api-journeys-modern/src/env.ts (1)

• env (4-30)

apis/api-journeys-modern/test/env.mock.ts (1)

• env (1-33)

apis/api-journeys-modern/src/workers/emailEvents/service/service.ts (1)

apis/api-journeys-modern/src/env.ts (1)

• env (4-30)

apis/api-journeys-modern/src/yoga.ts (2)

apis/api-journeys-modern/src/env.ts (1)

• env (4-30)

apis/api-journeys-modern/test/env.mock.ts (1)

• env (1-33)

apis/api-journeys-modern/src/workers/revalidate/service/service.ts (1)

apis/api-journeys-modern/src/env.ts (1)

• env (4-30)

apis/api-journeys-modern/src/workers/email/service/service.ts (1)

apis/api-journeys-modern/src/env.ts (1)

• env (4-30)

apis/api-journeys-modern/src/schema/block/video/service.ts (2)

apis/api-journeys-modern/src/env.ts (1)

• env (4-30)

apps/watch-modern/src/env.ts (1)

• env (4-116)

apis/api-journeys-modern/src/schema/journey/simple/updateSimpleJourney.ts (1)

apis/api-journeys-modern/src/env.ts (1)

• env (4-30)

apis/api-journeys-modern/src/workers/shortlinkUpdater/service/service.ts (1)

apis/api-journeys-modern/src/env.ts (1)

• env (4-30)

apis/api-journeys-modern/src/emails/templates/TeamRemoved/TeamRemoved.tsx (1)

apis/api-journeys-modern/src/env.ts (1)

• env (4-30)

apis/api-journeys-modern/src/workers/lib/connection.ts (1)

apis/api-journeys-modern/src/env.ts (1)

• env (4-30)

🔇 Additional comments (12)

apis/api-journeys-modern/test/env.mock.ts (1)

1-33: LGTM!

The test mock provides appropriate test values for all environment variables, ensuring tests can run without requiring real environment configuration.

apis/api-journeys-modern/src/yoga.ts (1)

20-20: LGTM!

The migration from process.env.GATEWAY_HMAC_SECRET to env.GATEWAY_HMAC_SECRET is correct and aligns with the centralized environment configuration pattern. This eliminates the need for runtime validation since Zod validates the variable at application startup.

Based on learnings from previous reviews.

Also applies to: 72-72

apis/api-journeys-modern/src/workers/lib/connection.ts (1)

1-6: LGTM!

The migration to centralized environment configuration is clean and correct. The env module now handles the defaults (6379 for REDIS_PORT, 'redis' for REDIS_URL) and type coercion, eliminating the need for inline fallback logic.

Based on learnings from previous reviews.

apis/api-journeys-modern/src/emails/templates/TeamRemoved/TeamRemoved.tsx (1)

24-24: LGTM!

The migration from process.env.JOURNEYS_ADMIN_URL to env.JOURNEYS_ADMIN_URL is correct and ensures the URL is validated at startup through the centralized environment configuration.

Based on learnings from previous reviews.

Also applies to: 66-66

apis/api-journeys-modern/src/schema/integration/growthSpaces/growthSpaces.ts (1)

7-7: LGTM!

The migration of INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET and GROWTH_SPACES_URL to the centralized env module is correct. This ensures both values are validated at application startup and eliminates the need for runtime validation checks.

Based on learnings from previous reviews.

Also applies to: 51-51, 56-56

apis/api-journeys-modern/src/workers/emailEvents/service/service.ts (1)

14-14: LGTM! Clean migration to centralized environment configuration.

The import of the centralized env module and replacement of direct process.env accesses follows the established pattern. All referenced environment variables (GATEWAY_URL, INTEROP_TOKEN, SERVICE_VERSION, JOURNEYS_ADMIN_URL) are properly validated in env.ts with Zod schemas, eliminating the need for runtime validation checks.

Based on learnings, this approach provides type safety and startup validation for environment variables.

Also applies to: 20-25, 73-78

apis/api-journeys-modern/src/schema/block/video/service.ts (1)

7-7: LGTM! Consistent environment variable migration.

The centralized env import and updated references properly replace direct process.env usage. All environment variables used here (GATEWAY_URL, SERVICE_VERSION, FIREBASE_API_KEY) are validated at application startup via the env.ts Zod schemas.

Based on learnings, this eliminates the need for runtime validation checks.

Also applies to: 70-76, 112-116

apis/api-journeys-modern/src/workers/email/service/service.ts (1)

20-20: LGTM! Comprehensive migration to centralized env module.

All direct process.env accesses have been properly replaced with the validated env object. The URL constructions for team invites and journey sharing now consistently use env.JOURNEYS_ADMIN_URL, ensuring the value is validated at startup.

Based on learnings, this pattern provides type safety and eliminates runtime validation needs.

Also applies to: 32-38, 138-138, 217-217, 414-414

apis/api-journeys-modern/src/schema/journey/simple/updateSimpleJourney.ts (1)

11-11: LGTM! Consistent centralized environment access.

The migration replaces direct process.env usage across HTTP client configuration, Cloudflare image URL construction, and YouTube API calls. All referenced environment variables (GATEWAY_URL, INTEROP_TOKEN, SERVICE_VERSION, CLOUDFLARE_UPLOAD_KEY, FIREBASE_API_KEY) are properly validated in env.ts.

Based on learnings, this approach ensures environment variables are validated at application startup.

Also applies to: 43-49, 81-81, 129-134

apis/api-journeys-modern/src/workers/revalidate/service/service.ts (1)

6-6: LGTM! Streamlined environment access with startup validation.

The migration to the centralized env module properly replaces all direct process.env accesses for FACEBOOK_APP_ID, FACEBOOK_APP_SECRET, JOURNEYS_URL, and JOURNEYS_REVALIDATE_ACCESS_TOKEN. The Zod validation in env.ts ensures these values are present and valid at application startup, eliminating the need for runtime precondition checks.

Based on learnings, this pattern provides validated environment access.

Also applies to: 16-30, 43-63

apis/api-journeys-modern/src/workers/shortlinkUpdater/service/service.ts (1)

8-8: LGTM! Consistent environment variable centralization.

The migration properly replaces all direct process.env accesses with the validated env object. The Apollo client configuration and journey URL building now use validated environment variables (GATEWAY_URL, INTEROP_TOKEN, SERVICE_VERSION, JOURNEYS_URL), with startup validation replacing the need for runtime configuration checks.

Based on learnings, this ensures type-safe access to validated environment variables.

Also applies to: 51-65, 70-76

apis/api-journeys-modern/src/env.ts (1)

4-30: LGTM! Well-structured centralized environment configuration with verified dependencies.

The environment configuration properly validates all server-side variables at application startup using Zod schemas:

• Required variables use z.string().trim().min(1) ensuring non-empty values
• Sensible defaults for optional variables (REDIS_PORT: 6379, REDIS_URL: 'redis', SERVICE_VERSION: '')
• Proper error handling that prevents app startup with invalid configuration
• Skip validation flag for testing/CI environments

The use of .trim() before .min(1) ensures whitespace-only values are rejected. The SERVICE_VERSION default of empty string is appropriate for an optional version header.

Verification complete: @t3-oss/env-core version 0.13.8 is the latest published version (as of June 2025), and there are no known security advisories or vulnerabilities in public vulnerability databases (Snyk).

[stage-branch-merger]

I see you added the "on stage" label, I'll get this merged to the stage branch!

[jesus-film-bot]

Ran Plan for dir: infrastructure workspace: default

Show Output

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # module.prod.module.postgresql.aws_rds_cluster.default has changed
~ resource "aws_rds_cluster" "default" {
      ~ engine_version                        = "13.18" -> "13.20"
      ~ engine_version_actual                 = "13.18" -> "13.20"
        id                                    = "jfp-core-prod"
        tags                                  = {}
        # (58 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.stage.module.postgresql.aws_rds_cluster.default has changed
~ resource "aws_rds_cluster" "default" {
      ~ engine_version                        = "13.18" -> "13.20"
      ~ engine_version_actual                 = "13.18" -> "13.20"
        id                                    = "jfp-core-stage"
        tags                                  = {}
        # (58 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
~ update in-place
+/- create replacement and then destroy

Terraform will perform the following actions:

  # module.prod.module.postgresql.aws_rds_cluster.default will be updated in-place
~ resource "aws_rds_cluster" "default" {
      + enable_local_write_forwarding         = false
      ~ engine_version                        = "13.20" -> "13.18"
        id                                    = "jfp-core-prod"
        tags                                  = {}
        # (59 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.prod.module.postgresql.aws_rds_cluster_instance.default will be updated in-place
~ resource "aws_rds_cluster_instance" "default" {
      ~ engine_version                        = "13.20" -> "13.18"
      + force_destroy                         = false
        id                                    = "tf-20240604195536182300000003"
        tags                                  = {}
        # (32 unchanged attributes hidden)
    }

  # module.stage.module.postgresql.aws_rds_cluster.default will be updated in-place
~ resource "aws_rds_cluster" "default" {
      + enable_local_write_forwarding         = false
      ~ engine_version                        = "13.20" -> "13.18"
        id                                    = "jfp-core-stage"
        tags                                  = {}
        # (59 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

  # module.stage.module.postgresql.aws_rds_cluster_instance.default will be updated in-place
~ resource "aws_rds_cluster_instance" "default" {
      ~ engine_version                        = "13.20" -> "13.18"
      + force_destroy                         = false
        id                                    = "tf-20240618004835876400000003"
        tags                                  = {}
        # (32 unchanged attributes hidden)
    }

  # module.prod.module.api-journeys-modern.module.ecs-task.aws_ecs_service.ecs_service will be updated in-place
~ resource "aws_ecs_service" "ecs_service" {
        id                                 = "arn:aws:ecs:us-east-2:410965620680:service/jfp-ecs-cluster-prod/api-journeys-modern-prod-service"
        name                               = "api-journeys-modern-prod-service"
        tags                               = {}
      ~ task_definition                    = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-journeys-modern-prod:16" -> (known after apply)
        # (18 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

  # module.prod.module.api-journeys-modern.module.ecs-task.aws_ecs_task_definition.ecs_task_definition must be replaced
+/- resource "aws_ecs_task_definition" "ecs_task_definition" {
      ~ arn                      = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-journeys-modern-prod:16" -> (known after apply)
      ~ arn_without_revision     = "arn:aws:ecs:us-east-2:410965620680:task-definition/jfp-api-journeys-modern-prod" -> (known after apply)
      ~ container_definitions    = jsonencode(
            [
              - {
                  - cpu              = 1024
                  - environment      = [
                      - {
                          - name  = "NODE_ENV"
                          - value = "production"
                        },
                      - {
                          - name  = "SERVICE_ENV"
                          - value = "prod"
                        },
                      - {
                          - name  = "SERVICE_NAME"
                          - value = "api-journeys-modern"
                        },
                    ]
                  - essential        = true
                  - image            = "410965620680.dkr.ecr.us-east-2.amazonaws.com/jfp-api-journeys-modern-prod:latest"
                  - logConfiguration = {
                      - logDriver     = "awsfirelens"
                      - options       = {
                          - Host        = "http-intake.logs.datadoghq.com"
                          - Name        = "datadog"
                          - TLS         = "on"
                          - compress    = "gzip"
                          - dd_service  = "api-journeys-modern"
                          - dd_source   = "graphql-yoga"
                          - dd_tags     = "env:prod"
                          - provider    = "ecs"
                          - retry_limit = "2"
                        }
                      - secretOptions = [
                          - {
                              - name      = "apikey"
                              - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY"
                            },
                        ]
                    }
                  - memory           = 2048
                  - mountPoints      = []
                  - name             = "jfp-api-journeys-modern-prod-app"
                  - portMappings     = [
                      - {
                          - containerPort = 4004
                          - hostPort      = 4004
                          - protocol      = "tcp"
                        },
                    ]
                  - secrets          = [
                      - {
                          - name      = "AWS_ACCESS_KEY_ID"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/AWS_ACCESS_KEY_ID"
                        },
                      - {
                          - name      = "AWS_SECRET_ACCESS_KEY"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/AWS_SECRET_ACCESS_KEY"
                        },
                      - {
                          - name      = "DD_API_KEY"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY"
                        },
                      - {
                          - name      = "FIREBASE_API_KEY"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/FIREBASE_API_KEY"
                        },
                      - {
                          - name      = "GATEWAY_HMAC_SECRET"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/GATEWAY_HMAC_SECRET"
                        },
                      - {
                          - name      = "GATEWAY_URL"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/GATEWAY_URL"
                        },
                      - {
                          - name      = "GIT_BRANCH"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/GIT_BRANCH"
                        },
                      - {
                          - name      = "GOOGLE_APPLICATION_JSON"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/GOOGLE_APPLICATION_JSON"
                        },
                      - {
                          - name      = "GOOGLE_CLIENT_ID"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/GOOGLE_CLIENT_ID"
                        },
                      - {
                          - name      = "GOOGLE_CLIENT_SECRET"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/GOOGLE_CLIENT_SECRET"
                        },
                      - {
                          - name      = "GOOGLE_GENERATIVE_AI_API_KEY"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/GOOGLE_GENERATIVE_AI_API_KEY"
                        },
                      - {
                          - name      = "GROWTH_SPACES_URL"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/GROWTH_SPACES_URL"
                        },
                      - {
                          - name      = "INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/INTEGRATION_ACCESS_KEY_ENCRYPTION_SECRET"
                        },
                      - {
                          - name      = "INTEROP_TOKEN"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/INTEROP_TOKEN"
                        },
                      - {
                          - name      = "JOURNEYS_ADMIN_URL"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/JOURNEYS_ADMIN_URL"
                        },
                      - {
                          - name      = "JOURNEYS_SHORTLINK_DOMAIN"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/JOURNEYS_SHORTLINK_DOMAIN"
                        },
                      - {
                          - name      = "JOURNEYS_URL"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/JOURNEYS_URL"
                        },
                      - {
                          - name      = "MAILCHIMP_AUDIENCE_ID"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/MAILCHIMP_AUDIENCE_ID"
                        },
                      - {
                          - name      = "MAILCHIMP_MARKETING_API_KEY"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/MAILCHIMP_MARKETING_API_KEY"
                        },
                      - {
                          - name      = "MAILCHIMP_MARKETING_API_SERVER_PREFIX"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/MAILCHIMP_MARKETING_API_SERVER_PREFIX"
                        },
                      - {
                          - name      = "NAT_ADDRESSES"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/NAT_ADDRESSES"
                        },
                      - {
                          - name      = "OPEN_AI_API_KEY"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/OPEN_AI_API_KEY"
                        },
                      - {
                          - name      = "PG_DATABASE_URL_JOURNEYS"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/PG_DATABASE_URL_JOURNEYS"
                        },
                      - {
                          - name      = "PLAUSIBLE_API_KEY"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/PLAUSIBLE_API_KEY"
                        },
                      - {
                          - name      = "PLAUSIBLE_URL"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/PLAUSIBLE_URL"
                        },
                      - {
                          - name      = "PLAYWRIGHT_USER_ID"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/PLAYWRIGHT_USER_ID"
                        },
                      - {
                          - name      = "PLAYWRIGHT_USER_ID_2"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/PLAYWRIGHT_USER_ID_2"
                        },
                      - {
                          - name      = "PLAYWRIGHT_USER_ID_3"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/PLAYWRIGHT_USER_ID_3"
                        },
                      - {
                          - name      = "PLAYWRIGHT_USER_ID_4"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/PLAYWRIGHT_USER_ID_4"
                        },
                      - {
                          - name      = "PLAYWRIGHT_USER_ID_5"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/PLAYWRIGHT_USER_ID_5"
                        },
                      - {
                          - name      = "PLAYWRIGHT_USER_ID_6"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/PLAYWRIGHT_USER_ID_6"
                        },
                      - {
                          - name      = "POWER_BI_CLIENT_ID"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/POWER_BI_CLIENT_ID"
                        },
                      - {
                          - name      = "POWER_BI_CLIENT_SECRET"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/POWER_BI_CLIENT_SECRET"
                        },
                      - {
                          - name      = "POWER_BI_JOURNEYS_MULTIPLE_FULL_REPORT_ID"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/POWER_BI_JOURNEYS_MULTIPLE_FULL_REPORT_ID"
                        },
                      - {
                          - name      = "POWER_BI_JOURNEYS_MULTIPLE_SUMMARY_REPORT_ID"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/POWER_BI_JOURNEYS_MULTIPLE_SUMMARY_REPORT_ID"
                        },
                      - {
                          - name      = "POWER_BI_JOURNEYS_SINGLE_FULL_REPORT_ID"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/POWER_BI_JOURNEYS_SINGLE_FULL_REPORT_ID"
                        },
                      - {
                          - name      = "POWER_BI_JOURNEYS_SINGLE_SUMMARY_REPORT_ID"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/POWER_BI_JOURNEYS_SINGLE_SUMMARY_REPORT_ID"
                        },
                      - {
                          - name      = "POWER_BI_TENANT_ID"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/POWER_BI_TENANT_ID"
                        },
                      - {
                          - name      = "POWER_BI_WORKSPACE_ID"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/POWER_BI_WORKSPACE_ID"
                        },
                      - {
                          - name      = "REDIS_PORT"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/REDIS_PORT"
                        },
                      - {
                          - name      = "REDIS_URL"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/REDIS_URL"
                        },
                      - {
                          - name      = "SMTP_URL"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/SMTP_URL"
                        },
                      - {
                          - name      = "VERCEL_JOURNEYS_PROJECT_ID"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/VERCEL_JOURNEYS_PROJECT_ID"
                        },
                      - {
                          - name      = "VERCEL_TEAM_ID"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/VERCEL_TEAM_ID"
                        },
                      - {
                          - name      = "VERCEL_TOKEN"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/ecs/api-journeys/prod/VERCEL_TOKEN"
                        },
                    ]
                  - systemControls   = []
                  - volumesFrom      = []
                },
              - {
                  - environment       = [
                      - {
                          - name  = "DD_APM_ENABLED"
                          - value = "true"
                        },
                      - {
                          - name  = "DD_APM_NON_LOCAL_TRAFFIC"
                          - value = "true"
                        },
                      - {
                          - name  = "DD_DOGSTATSD_NON_LOCAL_TRAFFIC"
                          - value = "true"
                        },
                      - {
                          - name  = "DD_LOGS_INJECTION"
                          - value = "true"
                        },
                      - {
                          - name  = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_GRPC_ENDPOINT"
                          - value = "0.0.0.0:4317"
                        },
                      - {
                          - name  = "DD_OTLP_CONFIG_RECEIVER_PROTOCOLS_HTTP_ENDPOINT"
                          - value = "0.0.0.0:4318"
                        },
                      - {
                          - name  = "DD_PROCESS_AGENT_ENABLED"
                          - value = "true"
                        },
                      - {
                          - name  = "DD_PROFILING_ENABLED"
                          - value = "true"
                        },
                      - {
                          - name  = "DD_RUNTIME_METRICS_ENABLED"
                          - value = "true"
                        },
                      - {
                          - name  = "DD_TAGS"
                          - value = "env:prod app:api-journeys-modern"
                        },
                      - {
                          - name  = "DD_TRACE_ANALYTICS_ENABLED"
                          - value = "true"
                        },
                      - {
                          - name  = "ECS_FARGATE"
                          - value = "true"
                        },
                    ]
                  - essential         = true
                  - image             = "public.ecr.aws/datadog/agent:latest"
                  - logConfiguration  = {
                      - logDriver = "awslogs"
                      - options   = {
                          - awslogs-group         = "api-journeys-modern-prod-logs"
                          - awslogs-region        = "us-east-2"
                          - awslogs-stream-prefix = "core"
                        }
                    }
                  - memoryReservation = 128
                  - mountPoints       = []
                  - name              = "jfp-api-journeys-modern-prod-datadog-agent"
                  - portMappings      = [
                      - {
                          - containerPort = 4317
                          - hostPort      = 4317
                          - protocol      = "tcp"
                        },
                      - {
                          - containerPort = 4318
                          - hostPort      = 4318
                          - protocol      = "tcp"
                        },
                      - {
                          - containerPort = 8125
                          - hostPort      = 8125
                          - protocol      = "udp"
                        },
                    ]
                  - secrets           = [
                      - {
                          - name      = "DD_API_KEY"
                          - valueFrom = "arn:aws:ssm:us-east-2:410965620680:parameter/terraform/prd/DATADOG_API_KEY"
                        },
                    ]
                  - systemControls    = []
                  - volumesFrom       = []
                },
              - {
                  - environment           = []
                  - essential             = true
                  - firelensConfiguration = {
                      - options = {
                          - config-file-type        = "file"
                          - config-file-value       = "/fluent-bit/configs/parse-json.conf"
                          - enable-ecs-log-metadata = "true"
                        }
                      - type    = "fluentbit"
                    }
                  - image                 = "amazon/aws-for-fluent-bit:stable"
                  - logConfiguration      = {
                      - logDriver = "awslogs"
                      - options   = {
                          - awslogs-group         = "api-journeys-modern-prod-logs"
                          - awslogs-region        = "us-east-2"
                          - awslogs-stream-prefix = "core"
                        }
                    }
                  - memoryReservation     = 100
                  - mountPoints           = []
                  - name                  = "jfp-api-journeys-modern-prod-log-router"
                  - portMappings          = []
                  - systemControls        = []
                  - user                  = "0"
                  - volumesFrom           = []
                },
            ]
        ) -> (known after apply) # forces replacement
      ~ enable_fault_injection   = false -> (known after apply)
      ~ id                       = "jfp-api-journeys-modern-prod" -> (known after apply)
      ~ revision                 = 16 -> (known after apply)
      - tags                     = {} -> null
      ~ tags_all                 = {} -> (known after apply)
        # (12 unchanged attributes hidden)
    }

  # module.prod.module.api-journeys-modern.module.ecs-task.aws_ssm_parameter.parameters["CLOUDFLARE_UPLOAD_KEY"] will be created
+ resource "aws_ssm_parameter" "parameters" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/ecs/api-journeys/prod/CLOUDFLARE_UPLOAD_KEY"
      + overwrite      = true
      + region         = "us-east-2"
      + tags           = {
          + "name" = "CLOUDFLARE_UPLOAD_KEY"
        }
      + tags_all       = {
          + "name" = "CLOUDFLARE_UPLOAD_KEY"
        }
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + value_wo       = (write-only attribute)
      + version        = (known after apply)
    }

  # module.prod.module.api-journeys-modern.module.ecs-task.aws_ssm_parameter.parameters["FACEBOOK_APP_ID"] will be created
+ resource "aws_ssm_parameter" "parameters" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/ecs/api-journeys/prod/FACEBOOK_APP_ID"
      + overwrite      = true
      + region         = "us-east-2"
      + tags           = {
          + "name" = "FACEBOOK_APP_ID"
        }
      + tags_all       = {
          + "name" = "FACEBOOK_APP_ID"
        }
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + value_wo       = (write-only attribute)
      + version        = (known after apply)
    }

  # module.prod.module.api-journeys-modern.module.ecs-task.aws_ssm_parameter.parameters["FACEBOOK_APP_SECRET"] will be created
+ resource "aws_ssm_parameter" "parameters" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/ecs/api-journeys/prod/FACEBOOK_APP_SECRET"
      + overwrite      = true
      + region         = "us-east-2"
      + tags           = {
          + "name" = "FACEBOOK_APP_SECRET"
        }
      + tags_all       = {
          + "name" = "FACEBOOK_APP_SECRET"
        }
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + value_wo       = (write-only attribute)
      + version        = (known after apply)
    }

  # module.prod.module.api-journeys-modern.module.ecs-task.aws_ssm_parameter.parameters["JOURNEYS_REVALIDATE_ACCESS_TOKEN"] will be created
+ resource "aws_ssm_parameter" "parameters" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/ecs/api-journeys/prod/JOURNEYS_REVALIDATE_ACCESS_TOKEN"
      + overwrite      = true
      + region         = "us-east-2"
      + tags           = {
          + "name" = "JOURNEYS_REVALIDATE_ACCESS_TOKEN"
        }
      + tags_all       = {
          + "name" = "JOURNEYS_REVALIDATE_ACCESS_TOKEN"
        }
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + value_wo       = (write-only attribute)
      + version        = (known after apply)
    }

  # module.prod.module.arclight.module.ecs-task.aws_ecs_service.ecs_service will be updated in-place
~ resource "aws_ecs_service" "ecs_service" {
      ~ desired_count                      = 4 -> 1
        id                                 = "arn:aws:ecs:us-east-2:410965620680:service/jfp-ecs-cluster-prod/arclight-prod-service"
        name                               = "arclight-prod-service"
        tags                               = {}
        # (18 unchanged attributes hidden)

        # (4 unchanged blocks hidden)
    }

Plan: 5 to add, 6 to change, 1 to destroy.
╷
│ Warning: Deprecated Resource
│ 
│   with module.datadog.datadog_integration_aws.sandbox,
│   on modules/aws/datadog/main.tf line 118, in resource "datadog_integration_aws" "sandbox":
│  118: resource "datadog_integration_aws" "sandbox" {
│ 
│ **This resource is deprecated - use the `datadog_integration_aws_account`
│ resource instead**:
│ https://registry.terraform.io/providers/DataDog/datadog/latest/docs/resources/integration_aws_account
╵
╷
│ Warning: Deprecated attribute
│ 
│   on .terraform/modules/datadog.datadog_log_forwarder/modules/log_forwarder/main.tf line 2, in locals:
│    2:   bucket_name = var.bucket_name != "" ? var.bucket_name : "datadog-forwarder-${data.aws_caller_identity.current.account_id}-${data.aws_region.current.name}"
│ 
│ The attribute "name" is deprecated. Refer to the provider documentation for
│ details.
│ 
│ (and 2 more similar warnings elsewhere)
╵

• ▶️ To apply this plan, comment:

  atlantis apply -d infrastructure

• 🚮 To delete this plan and lock, click here
• 🔁 To plan this project again, comment:

  atlantis plan -d infrastructure

Note: Objects have changed outside of Terraform
Plan: 5 to add, 6 to change, 1 to destroy.

---

• ⏩ To apply all unapplied plans from this Pull Request, comment:

  atlantis apply

• 🚮 To delete all plans and locks from this Pull Request, comment:

  atlantis unlock

[jesus-film-bot]

Locks and plans deleted for the projects and workspaces modified in this pull request:

• dir: infrastructure workspace: default