feat(ecs): split queue and scheduler from web

[leek]

Fixes #3

This pull request introduces several improvements to the GitHub Actions workflows and deployment configuration, focusing on increased flexibility, better diagnostics, and improved automation for changelog updates. The most significant changes include enhanced ECS deployment logic, improved error notifications, a more robust changelog update workflow, and additional configuration options for the deployment process.

Deployment Workflow Improvements:

• Refactored .github/workflows/deploy.yml.example to support deploying multiple ECS services, configurable via the new ECS_SERVICES and APP_NAME environment variables, and generalized Docker image/tag handling for improved flexibility. [1] [2]
• Enhanced ECS stabilization and diagnostics: The workflow now waits for all configured services to stabilize, provides detailed diagnostics only for failed tasks, and includes improved log gathering and output formatting. [1] [2] [3]
• Added a Microsoft Teams notification step to alert on deployment failures, improving visibility for the team.

Changelog Automation:

• Overhauled .github/workflows/update-changelog.yml.example to trigger on successful deployments or manual dispatch, resolve releases by tag or latest, and create a pull request for changelog updates instead of pushing directly to production. This workflow also ensures CHANGELOG.md exists and merges unreleased and release note content more robustly. [1] [2]

Dockerfile Enhancements:

• Added supervisor configuration files for web, queue worker, and scheduler processes to docker/Dockerfile, supporting multi-service deployments.

Other Workflow Tweaks:

• Improved code style workflow (.github/workflows/fix-code-style.yml.example) by using full fetch depth for checkouts and specifying the branch for auto-commits. [1] [2]

New Example Workflow:

• Added .github/workflows/copilot-setup-steps.yml.example to demonstrate Copilot setup steps validation and manual testing.

Summary by CodeRabbit

• New Features

  • Configurable queue-worker and scheduler background services with new Terraform flags and outputs; deployment now manages multiple services.

• Documentation

  • Expanded Docker/run docs for distinct container roles and local environment helper (.envrc) guidance.

• Chores

  • Updated CI workflow examples, changelog workflow, and ignore rules; renamed some deployment/resource naming for clarity.

[gemini-code-assist]

Summary of Changes

Hello @leek, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a significant architectural enhancement by decoupling the web, queue worker, and scheduler components into separate AWS ECS services. This separation improves the application's scalability, resilience, and resource isolation. Alongside this core change, the PR introduces more flexible and diagnostic-rich GitHub Actions deployment workflows, automates changelog updates via pull requests, and refines Docker and Terraform configurations to support the new multi-service deployment model.

Highlights

• Architectural Separation: The core web application, queue workers, and scheduled tasks are now deployed as distinct ECS services, enabling independent scaling and resource management.
• Enhanced Deployment Workflows: The deploy.yml.example workflow has been updated to support multi-service deployments, include robust stabilization checks, detailed diagnostics for failures, and integrate Microsoft Teams notifications.
• Automated Changelog Management: The update-changelog.yml.example workflow is revamped to create pull requests for changelog updates, triggered by successful deployments or manual dispatch, ensuring a more controlled release process.
• Docker Configuration for Roles: Dockerfile and associated supervisord configurations (supervisord-web.conf, supervisord-queue-worker.conf, supervisord-scheduler.conf) have been introduced to define and manage these separate container roles.
• Terraform Infrastructure Updates: Terraform modules (compute, outputs, variables) are updated to provision and manage the new ECS worker services (queue-worker and scheduler) and centralize environment/secret configurations.

Ignored Files

• Ignored by pattern: .github/workflows/** (4)
  • .github/workflows/copilot-setup-steps.yml.example
  • .github/workflows/deploy.yml.example
  • .github/workflows/fix-code-style.yml.example
  • .github/workflows/update-changelog.yml.example

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[Copilot]

Pull Request Overview

This PR restructures the ECS deployment to split the web, queue worker, and scheduler services into separate ECS services, improving scalability and isolation. It also enhances the deployment workflow with better diagnostics, multi-service support, and improved changelog automation.

Key Changes:

• Split queue worker and scheduler into dedicated ECS services with separate task definitions and supervisor configurations
• Enhanced deployment workflow to support multiple ECS services with improved stabilization checks and diagnostics
• Overhauled changelog update workflow to create PRs instead of direct commits, with better release note handling

Reviewed Changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
terraform/modules/security/main.tf	Fixed duplicate variable name in IAM user naming
terraform/modules/compute/variables.tf	Added feature flags for enabling/disabling queue worker and scheduler services
terraform/modules/compute/outputs.tf	Added outputs for new worker service names
terraform/modules/compute/main.tf	Refactored to create separate ECS services for web, queue-worker, and scheduler with shared configuration
docker/supervisord.conf	Removed queue worker and scheduler configurations (moved to dedicated files)
docker/supervisord-web.conf	New supervisor config for web service only (nginx + php-fpm)
docker/supervisord-scheduler.conf	New supervisor config dedicated to Laravel scheduler
docker/supervisord-queue-worker.conf	New supervisor config dedicated to queue workers
docker/README.md	Updated documentation to reflect multi-service architecture and container roles
docker/Dockerfile	Added new supervisor configuration files for each service role
.github/workflows/update-changelog.yml.example	Refactored to trigger on deployment completion, create PRs, and handle releases more robustly
.github/workflows/fix-code-style.yml.example	Improved checkout configuration and added explicit branch specification
.github/workflows/deploy.yml.example	Enhanced to deploy multiple ECS services with improved diagnostics and Teams notifications
.github/workflows/copilot-setup-steps.yml.example	New workflow demonstrating Copilot setup step validation

Comments suppressed due to low confidence (1)

terraform/modules/compute/main.tf:1

• Operator precedence issue in bash condition. The || will bind more loosely than &&, causing unexpected evaluation. Wrap the first condition in parentheses: ([ "$EXIT_CODE" != "0" ] && [ "$EXIT_CODE" != "N/A" ]) || [ "$STOP_CODE" = "TaskFailedToStart" ]

# ========================================

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[gemini-code-assist]

Code Review

This pull request introduces significant changes to the Docker configuration, ECS deployment, and related workflows. The changes include splitting the queue and scheduler from the web service, enhancing the Dockerfile to support multiple container roles, and updating the Terraform configuration to manage the new ECS services. The addition of supervisor configurations for web, queue worker, and scheduler processes in the Dockerfile, along with corresponding updates in the Terraform modules, enables a more modular and scalable deployment architecture. The changes to the README.md provide clear instructions on how to use the new container roles and services.

[leek]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

Decouples web, queue-worker, and scheduler into separate Docker supervisor configs and ECS tasks/services; updates Dockerfile, docs, GitHub Actions examples for multi-service deploys; refactors Terraform compute module to add worker task/service resources, outputs, and toggles; minor .gitignore/.dockerignore and IAM naming changes.

Changes

Cohort / File(s)	Summary
Dockerfile & Supervisor copies docker/Dockerfile	Adds COPY instructions to include role-specific supervisord configs (supervisord-web.conf, supervisord-queue-worker.conf, supervisord-scheduler.conf) into the image.
Supervisor role configs docker/supervisord-web.conf, docker/supervisord-queue-worker.conf, docker/supervisord-scheduler.conf	Adds three new supervisor config files: web (nginx, php-fpm), queue-worker (artisan queue:work with 2 processes), scheduler (artisan schedule:run loop).
Supervisor base config docker/supervisord.conf	Removes embedded program definitions for nginx, php-fpm, queue-worker, and scheduler, delegating them to role-specific config files.
Docker docs & ignore docker/README.md, .dockerignore	Documents CONTAINER_ROLE usage and run commands for each role; narrows .dockerignore from *.md to an explicit list of Markdown files (adds README.md, swaps CHANGELOG.md → RELEASE.md).
Git ignore updates .gitignore, terraform/.gitignore	Adds /VERSION and Laravel Boost ignores; removes vendor-src and .claude; flips Terraform lockfile handling to track !.terraform.lock.hcl.
GitHub Actions examples .github/workflows/deploy.yml.example, .github/workflows/fix-code-style.yml.example, .github/workflows/update-changelog.yml.example, .github/workflows/copilot-setup-steps.yml.example	Updates deploy example to use APP_NAME/DOCKERFILE_PATH/ECS_SERVICES, multi-service loop deploy, custom stabilization polling/diagnostics, Teams failure notification; fix-code-style: full clone and dynamic commit branch; update-changelog: workflow_run trigger, release resolution, conditional PR creation; adds Copilot setup example for PHP/Composer install.
Env helper .envrc	Adds direnv example for AWS_PROFILE guidance and notes.
Terraform — compute module terraform/modules/compute/main.tf	Introduces locals for common environment/secrets, worker_services map, enabled_worker_services filtering; adds aws_ecs_task_definition.worker and aws_ecs_service.worker (for_each), updates main task to reference common locals, increases deployment_maximum_percent to 200, and adds circuit breaker support for workers.
Terraform — compute outputs & vars terraform/modules/compute/outputs.tf, terraform/modules/compute/variables.tf	Adds outputs: queue_worker_service_name, scheduler_service_name, worker_services; adds variables: enable_queue_worker (bool, default true), enable_scheduler (bool, default true).
Terraform — security IAM naming terraform/modules/security/main.tf	Renames IAM user/policy name attributes and Name tag suffixes to -laravel-user and -laravel-user-policy (string changes to resource name attributes).

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant GH as GitHub Actions
    participant ECR as ECR
    participant ECS as ECS Cluster
    participant TF as Terraform

    rect rgba(120,180,240,0.12)
    Note over GH,ECR: Build & push single image (APP_NAME-ENV)
    GH->>ECR: Build & Push image
    end

    rect rgba(160,220,160,0.12)
    Note over GH,ECS: Multi-service Deploy Flow
    GH->>ECS: For each service in ECS_SERVICES -> Update service (main, queue-worker, scheduler)
    GH->>ECS: Poll for stabilization (max attempts / interval)
    alt stabilized
        GH->>ECS: Confirm health checks
    else failed
        GH->>ECS: Fetch service status & stopped tasks
        GH->>ECS: Fetch CloudWatch logs -> Diagnostics
        GH->>GH: Send Teams failure notification
    end
    end

    rect rgba(240,220,140,0.12)
    Note over TF,ECS: Infra provisioning for workers
    TF->>ECS: Create aws_ecs_task_definition.worker (for_each enabled services)
    TF->>ECS: Create aws_ecs_service.worker (for_each enabled services)
    end

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat(misc): random updates and improvements #2 — Modifies the same Terraform IAM resources in terraform/modules/security/main.tf (IAM user/policy naming changes).
• feat: adding example github workflows #1 — Overlaps on GitHub Actions example workflows (deploy, fix-code-style, update-changelog) and related CI/CD example updates.

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title "feat(ecs): split queue and scheduler from web" accurately and specifically describes the main architectural change in this changeset. The title directly reflects the core objective of separating queue worker and scheduler services from the main web service into dedicated ECS tasks, as evidenced by the new Terraform resources for worker services, the split supervisor configuration files, and the deployment workflow refactoring to support multiple ECS services.
Linked Issues Check	✅ Passed	The pull request successfully addresses the core requirements of issue #3 ("Move Queue Runner to its own ECS Task"). The changes include creating new ECS task definitions for worker services via the aws_ecs_task_definition.worker resource, updating the Terraform configuration with new aws_ecs_service.worker resources, introducing centralized environment variables and secrets management through local.common_environment_variables and local.common_secrets, and updating deployment documentation in docker/README.md and .github/workflows/deploy.yml.example. All acceptance criteria are met: the queue runner runs independently in its own ECS task, existing application functionality is preserved with the main service remaining separate, and documentation has been updated accordingly. Additionally, the PR extends this pattern to include the scheduler service as a natural parallel implementation.
Out of Scope Changes Check	✅ Passed	The vast majority of changes are directly related to the core objective of splitting queue and scheduler services from the web container. The Terraform infrastructure changes (new task definitions, services, variables, outputs, and IAM naming), Docker configuration changes (supervisor config files and Dockerfile updates), and deployment workflow refactoring are all essential to implementing the architecture change. Supporting improvements such as the changelog automation workflow update and code style workflow tweaks are reasonable infrastructure enhancements that logically accompany this architectural shift. Peripheral configuration changes like .envrc, .dockerignore, and .gitignore modifications are minor maintenance items that don't distract from the primary objective.
Description Check	✅ Passed	The pull request description is substantially complete and provides detailed information about the changes across multiple areas including deployment workflows, changelog automation, Docker configuration, and other improvements. While some template sections such as the Type of Change checkboxes, Testing verification checkboxes, and the full Checklist are not formally marked, the description does contain comprehensive details about what was changed and why. The description includes specific references to code changes and clearly links the work to issue #3, meeting the core requirement of communicating the purpose and scope of the changes.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eebfa3a and aef970f.

📒 Files selected for processing (6)

• .github/workflows/update-changelog.yml.example (2 hunks)
• docker/supervisord-queue-worker.conf (1 hunks)
• docker/supervisord-scheduler.conf (1 hunks)
• docker/supervisord-web.conf (1 hunks)
• docker/supervisord.conf (0 hunks)
• terraform/.gitignore (1 hunks)

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 13

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (8)

terraform/modules/compute/main.tf (1)

255-264: Deployment strategy improvements support better rolling updates for low task counts.

Increasing deployment_maximum_percent from 100 to 200 (line 259) with deployment_circuit_breaker enabled allows proper rolling deploys when desired count is low (1–2 tasks), preventing deployment hangs due to ENI constraints. The 50% minimum healthy percent balances cost and resilience. Well documented in the preceding comments.

However, note that deployment_maximum_percent is now a hardcoded value. If future deployments require tuning this strategy per environment, consider extracting it as a variable.

.github/workflows/fix-code-style.yml.example (1)

41-41: Upgrade setup-node to v4 and enable caching.
Use latest action and cache npm to speed runs.

-      - name: Setup NodeJS
-        uses: actions/setup-node@v2
+      - name: Setup NodeJS
+        uses: actions/setup-node@v4
+        with:
+          cache: npm
+          # optionally pin a version or use .nvmrc:
+          # node-version-file: .nvmrc

.dockerignore (1)

17-21: Ignore vendor/ to shrink build context.
Composer installs in-image; excluding vendor/ avoids large uploads.

 # Development files
 .env*
 !.env.example
 *.log
 npm-debug.log
 yarn-error.log
 .phpunit.result.cache
 Homestead.json
 Homestead.yaml
 .claude
 .husky
+vendor/

.github/workflows/update-changelog.yml.example (1)

61-97: Guard parsing when release notes are empty.
Short-circuit to avoid creating empty sections.

       - name: Update CHANGELOG.md
         env:
           VERSION: ${{ steps.rel.outputs.tag }}
           RELEASE_NOTES: ${{ steps.rel.outputs.body }}
         run: |
           set -e
+          if [ -z "${VERSION}" ]; then
+            echo "No version resolved; exiting."
+            exit 0
+          fi

.github/workflows/deploy.yml.example (4)

43-51: Map the 'uat' branch explicitly.

on.push.branches includes uat, but the env step maps anything not production/staging to staging. Add a uat case to avoid mislabeling.

-          if [[ ${{ github.ref }} == 'refs/heads/production' ]]; then
+          if [[ ${{ github.ref }} == 'refs/heads/production' ]]; then
             echo "environment=production" >> $GITHUB_OUTPUT
           elif [[ ${{ github.ref }} == 'refs/heads/staging' ]]; then
             echo "environment=staging" >> $GITHUB_OUTPUT
+          elif [[ ${{ github.ref }} == 'refs/heads/uat' ]]; then
+            echo "environment=uat" >> $GITHUB_OUTPUT
           else
             echo "environment=staging" >> $GITHUB_OUTPUT
           fi

---

184-205: Diagnostics only target the web service. Include all services.

If stabilization fails, you gather details for ${APP_NAME}-${ENVIRONMENT}-service only. Extend diagnostics to iterate over all configured services so worker/scheduler failures are visible.

IFS=',' read -ra SERVICE_SUFFIXES <<< "${{ env.ECS_SERVICES }}"
for SUFFIX in "${SERVICE_SUFFIXES[@]}"; do
  SVC="${{ env.APP_NAME }}-${ENVIRONMENT}-${SUFFIX}"
  echo "📊 Service Status: $SVC"
  aws ecs describe-services --cluster "${{ env.APP_NAME }}-${ENVIRONMENT}" --services "$SVC" \
    --query 'services[0].{Status:status,Running:runningCount,Desired:desiredCount,Pending:pendingCount,Deployments:deployments[*].{Status:rolloutState,Running:runningCount,Desired:desiredCount}}' \
    --output table
done

---

316-333: Container selection and down/up semantics.

• Picking the first container may target a sidecar. Allow override:

-CONTAINER_NAME=$(echo "$TD_JSON" | jq -r '.taskDefinition.containerDefinitions[0].name')
+CONTAINER_NAME="${ECS_CONTAINER_NAME:-$(echo "$TD_JSON" | jq -r '.taskDefinition.containerDefinitions[0].name')}"

• Verify that php artisan down/up acts on shared storage (e.g., EFS). If web tasks use ephemeral storage, maintenance mode won’t affect live traffic and can be removed.

---

336-347: Tag the one-off task with startedBy for traceability.

Add --started-by "github-actions-post-deploy" to aws ecs run-task so it’s easy to trace in ECS.

♻️ Duplicate comments (6)

terraform/modules/compute/main.tf (1)

349-354: CONTAINER_ROLE concatenation is safe but verify it won't conflict with additional variables.

The CONTAINER_ROLE environment variable is prepended to local.common_environment_variables (which does not currently define CONTAINER_ROLE). However, if CONTAINER_ROLE is ever added to var.additional_environment_variables, there will be a duplicate. Consider filtering it explicitly as suggested in prior feedback, or document the constraint.

environment = concat([
  {
    name  = "CONTAINER_ROLE"
    value = each.value.container_role
  }
], [for env in local.common_environment_variables : env if env.name != "CONTAINER_ROLE"])

Alternatively, verify that CONTAINER_ROLE is always managed centrally and never included in additional_environment_variables.

.github/workflows/fix-code-style.yml.example (1)

56-56: Resolved: dynamic target branch.
This addresses the prior concern about hardcoding to main. Good improvement.

docker/supervisord-queue-worker.conf (1)

9-20: Parameterize worker flags via environment; avoid hardcoded SQS options.
Makes tuning possible without image rebuilds and matches infra-as-config goals.

 [program:queue-worker]
 process_name=%(program_name)s_%(process_num)02d
-command=php /var/www/html/artisan queue:work sqs --sleep=3 --tries=3 --max-time=3600 --timeout=90
+; Defaults can be overridden by container env
+environment=QUEUE_CONNECTION="sqs",QUEUE_SLEEP="3",QUEUE_TRIES="3",QUEUE_MAX_TIME="3600",QUEUE_TIMEOUT="90"
+command=php /var/www/html/artisan queue:work %(ENV_QUEUE_CONNECTION)s --sleep=%(ENV_QUEUE_SLEEP)s --tries=%(ENV_QUEUE_TRIES)s --max-time=%(ENV_QUEUE_MAX_TIME)s --timeout=%(ENV_QUEUE_TIMEOUT)s
 user=www-data
 numprocs=2
 autostart=true
 autorestart=true
 startretries=3
+startsecs=5
+stopwaitsecs=30
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 stopasgroup=true
 killasgroup=true

Optional: expose numprocs via build-time templating or envsubst at entrypoint.

.github/workflows/deploy.yml.example (1)

82-85: Comment clarity: force new deployments across all services.

Consider noting that these commands force new deployments for web, queue worker, and scheduler services, to align with reader expectations.

docker/Dockerfile (1)

130-132: Add brief inline comments for each COPY.

Document each per‑role config’s purpose to aid maintainers (web, queue‑worker, scheduler).

docker/supervisord-scheduler.conf (1)

8-16: Make interval configurable and prefer schedule:work to avoid overlaps.

• Parameterize the sleep: sleep ${SCHEDULER_SLEEP:-60}.
• Consider replacing the loop with Laravel’s built‑in worker: php /var/www/html/artisan schedule:work --verbose --no-interaction. It handles timing and avoids running a new process every cycle.

-command=/bin/sh -c "while true; do php /var/www/html/artisan schedule:run --verbose --no-interaction; sleep 60; done"
+command=/bin/sh -c "php /var/www/html/artisan schedule:work --verbose --no-interaction --no-ansi"

If you keep the loop:

-command=/bin/sh -c "while true; do php /var/www/html/artisan schedule:run --verbose --no-interaction; sleep 60; done"
+command=/bin/sh -c "while true; do php /var/www/html/artisan schedule:run --verbose --no-interaction; sleep ${SCHEDULER_SLEEP:-60}; done"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9f1131b and dfde997.

📒 Files selected for processing (18)

• .dockerignore (1 hunks)
• .envrc (1 hunks)
• .github/workflows/copilot-setup-steps.yml.example (1 hunks)
• .github/workflows/deploy.yml.example (6 hunks)
• .github/workflows/fix-code-style.yml.example (2 hunks)
• .github/workflows/update-changelog.yml.example (2 hunks)
• .gitignore (1 hunks)
• docker/Dockerfile (1 hunks)
• docker/README.md (3 hunks)
• docker/supervisord-queue-worker.conf (1 hunks)
• docker/supervisord-scheduler.conf (1 hunks)
• docker/supervisord-web.conf (1 hunks)
• docker/supervisord.conf (0 hunks)
• terraform/.gitignore (1 hunks)
• terraform/modules/compute/main.tf (4 hunks)
• terraform/modules/compute/outputs.tf (1 hunks)
• terraform/modules/compute/variables.tf (1 hunks)
• terraform/modules/security/main.tf (2 hunks)

💤 Files with no reviewable changes (1)

• docker/supervisord.conf

🧰 Additional context used

🪛 LanguageTool

docker/README.md

[style] ~18-~18: ‘compete with each other’ might be wordy. Consider a shorter alternative.
Context: ...paration ensures: - Queue workers don't compete with each other (no duplicate job processing) - Only on...

(EN_WORDINESS_PREMIUM_COMPETE_WITH_EACH_OTHER)

🔇 Additional comments (12)

.gitignore (1)

78-79: Deployment and Laravel Boost artifacts are now properly ignored.

The additions of /VERSION (deployment-generated version file) and Laravel Boost configuration artifacts (.mcp.json, .junie/, .claude/settings.local.json) align with the enhanced deployment workflow and local development tooling. No concerns.

Also applies to: 91-94

terraform/modules/security/main.tf (1)

419-419: IAM resource naming is now Laravel-specific and consistent.

Renaming from generic "-user" to "-laravel-user" and "-laravel-user-policy" improves clarity and aligns with the broader module naming convention. Resource identifiers and tags are consistently updated.

Also applies to: 422-422, 433-433

terraform/modules/compute/outputs.tf (1)

32-45: New worker service outputs are correctly conditioned and map-aware.

The outputs queue_worker_service_name and scheduler_service_name properly use ternary operators to return null when disabled, and worker_services exposes the full map for downstream reference. Map key access (queue-worker, scheduler) aligns with the local.worker_services configuration in main.tf.

Please confirm that the map keys ("queue-worker", "scheduler") in the worker services outputs match the keys defined in terraform/modules/compute/main.tf lines 119–142, and that no downstream consumers of these outputs depend on a specific key naming convention.

terraform/modules/compute/variables.tf (1)

141-151: New worker service enable variables are well-defined and backward-compatible.

The enable_queue_worker and enable_scheduler variables have clear descriptions and sensible defaults (both true), which maintains backward compatibility while allowing optional opt-out. Naming and type are consistent with project conventions.

terraform/modules/compute/main.tf (3)

5-148: Locals refactoring improves configuration reusability and clarity.

Centralizing common_environment_variables, common_secrets, and worker_services into a locals block reduces duplication and makes the module easier to maintain. The enabled_worker_services filter elegantly gates which worker services are instantiated based on the new enable flags. Well structured.

---

212-213: Main task definition correctly uses centralized environment and secret locals.

The main ECS task now references local.common_environment_variables and local.common_secrets, ensuring consistency with worker services and reducing duplication. Clean refactor.

---

325-412: Worker services are well-structured with flexible, scalable configuration.

The new aws_ecs_task_definition.worker and aws_ecs_service.worker resources use for_each over local.enabled_worker_services, enabling both queue-worker and scheduler with independent configuration (CPU, memory, desired count, logging prefix). The reuse of local.common_environment_variables and local.common_secrets ensures consistency. ECS Exec is enabled for debugging, and the optional deployment_circuit_breaker (lines 401–407) is properly guarded.

Note: The current worker_services map specifies deployment_config = {} (empty), so the circuit breaker is not enabled for these services. This is acceptable, but if circuit breaker is needed later, update the config inline or extract as variables.

Please verify that:

1. The for_each keys match outputs in terraform/modules/compute/outputs.tf (confirmed: "queue-worker" and "scheduler").
2. Worker services do not need load_balancer blocks (queue and scheduler are not fronted by ALB, correct).
3. ECS Exec is sufficient for debugging; no additional logging or monitoring changes are needed.

.github/workflows/fix-code-style.yml.example (1)

25-25: LGTM: full history is appropriate for formatting-only commits.

.github/workflows/copilot-setup-steps.yml.example (1)

8-12: Paths filter targets the non-example file. Confirm intent.
This example won’t trigger on changes to itself. Ensure a real .github/workflows/copilot-setup-steps.yml exists or adjust filters.

.github/workflows/update-changelog.yml.example (2)

20-25: Branch gate hardcoded to 'production'. Verify branch names.
Deploy workflow must run on production for this to trigger; checkout targets main. Confirm this matches your release flow.

---

141-152: Expose a changed output even when file unchanged; add no-op path.
Prevents later steps from failing on missing outputs.

       - name: Commit changes locally (if any)
         id: commit
         run: |
           git config user.name "github-actions[bot]"
           git config user.email "github-actions[bot]@users.noreply.github.com"
           if git diff --quiet CHANGELOG.md; then
             echo "changed=false" >> $GITHUB_OUTPUT
           else
             git add CHANGELOG.md
             git commit -m "chore(changelog): update for release ${{ steps.rel.outputs.tag }}"
             echo "changed=true" >> $GITHUB_OUTPUT
           fi
+        shell: bash

Likely an incorrect or invalid review comment.

.github/workflows/deploy.yml.example (1)

108-124: Cluster and service naming confirmed as correct.

Verification of Terraform configuration confirms the deploy.yml naming assumptions are accurate. Terraform defines cluster as "${var.app_name}-${var.environment}" (line 159, terraform/modules/compute/main.tf), main service as "${var.app_name}-${var.environment}-service" (line 241), and worker services as "${var.app_name}-${var.environment}-${each.key}" (line 381). These patterns align exactly with the script's resource references.