Align monorepo release metadata and settlement read boundaries#4
Merged
Align monorepo release metadata and settlement read boundaries#4
Conversation
Every Dockerfile-backed development slice now carries local workload metadata, so the runtime release resolver does not depend on ad hoc GitHub metadata fetches when composing a monorepo release set. Constraint: runtime-prod-release fails without local metadata when GITHUB_TOKEN is unavailable. Rejected: Keep missing metadata as implicit neutral defaults | the resolver only defaults after a GitHub 404 path, not for local offline runs. Confidence: high Scope-risk: moderate Tested: python metadata audit confirmed 27 buildable slices and 0 missing metadata; JSON parsing succeeded for all workload-metadata files. Not-tested: live production release dispatch.
The missing service modules are kept because existing routes already point at them, but the implementation preserves the payroll -> settlement-ops -> driver-ops chain instead of letting a facade or PR patch recalculate settlement truth. Constraint: driver app needs a session-based calendar surface while settlement amount truth remains payroll-owned. Rejected: Merge PR #3 as-is | it restored module names but ignored the current price, attendance, exception, and snapshot-reference contracts. Rejected: Put inquiry write state into operations-view services | Track B requires a separate persistent owner. Confidence: high Scope-risk: moderate Directive: Do not move daily amount calculation out of service-settlement-payroll without revisiting docs/contracts/22-driver-app-settlement-read-contract.md. Tested: service-settlement-payroll 23 selected tests with config.test_settings; service-settlement-operations-view 21 selected tests; service-driver-operations-view 6 selected tests; service-account-access Cheonha signup tests; service-organization-registry seed command test. Not-tested: live cross-service HTTP fan-out against production dependencies.
The docs now split Track A settlement read from Track B inquiry write, locking the API edge relationship as payroll amount truth, settlement-ops external read, and driver-ops session facade. Constraint: the driver app UI needs settlement values, but work-logs is not a settlement endpoint. Rejected: Treat MSA as adding one more service surface | the contracts need role ownership and API-edge joins rather than table/meaning leakage. Confidence: high Scope-risk: narrow Directive: Keep inquiry thread/message persistence out of operations-view until a dedicated write owner is chosen. Tested: documentation links and backend tests listed in the adjacent settlement-read commit. Not-tested: rendered documentation site build.
The front-driver-app slice is kept as the Expo/React Native app shell for login, signup, work-log calendar, MY, admin-empty, and settlement inquiry/date-picker surfaces so the driver flow can be verified from the monorepo. Constraint: phase 1 targets native Expo rather than a web surface. Rejected: Keep brainstorm HTML mockups as source | the executable Expo app and tests are the maintainable source, while .superpowers artifacts were local throwaways. Confidence: high Scope-risk: moderate Directive: Replace temporary settlement overlay data with the Track A backend contract when the app API integration is wired end-to-end. Tested: npm ci; npm test 27/27 pass; npm run typecheck exit 0. Not-tested: iOS/Android simulator runtime.
The rollout-order test now stubs image digest resolution like the adjacent resolver tests, so verifying release ordering does not require GitHub or AWS credentials. Constraint: local branch verification must run without production cloud credentials. Rejected: Require GITHUB_TOKEN/AWS credentials for a pure ordering test | that would make cleanup verification dependent on external state. Confidence: high Scope-risk: narrow Tested: uv run --python 3.12 --with pytest python -m pytest release/tests/test_release_resolution.py -q -> 12 passed. Not-tested: live AWS/GitHub digest resolution.
The first deployment test proved the branch reaches the image-build workflow, but every slice waited for AWS credentials because the repository has no ECR_BUILD_AWS_ROLE_ARN variable. Validate that required build role once in detect so monorepo umbrella deployment tests fail fast with a precise repository-configuration error instead of spawning 27 identical two-minute timeouts.\n\nConstraint: GitHub Actions cannot infer an AWS OIDC role when vars.ECR_BUILD_AWS_ROLE_ARN is unset.\nRejected: Guess an IAM role ARN from account id | repo docs intentionally keep the role ARN out of source and local AWS credentials are unavailable.\nConfidence: high\nScope-risk: narrow\nDirective: Keep build and deploy roles separate; do not replace ECR_BUILD_AWS_ROLE_ARN with a production deploy secret.\nTested: ruby YAML parse for .github/workflows/build-development-images.yml; python3 -m unittest scripts.github.tests.test_resolve_image_build_matrix; git diff --check.\nNot-tested: Successful ECR push, blocked by missing repository or organization variable ECR_BUILD_AWS_ROLE_ARN.
Contributor
Author
|
Deployment test update:
Remaining blocker before merging/deploying: set repository or organization variable |
Contributor
Author
|
Deployment test passed after wiring the repo configuration:
Proceeding to merge this PR into |
Contributor
Author
|
Final deployment/merge status:
|
Contributor
Author
|
Runtime release completed after restoring the AWS runtime host. Restored / checked:
Released workloads:
SSM commands:
Release evidence:
Follow-up note:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
detectinstead of fanning out 27 identical AWS credential timeouts.Deployment test focus
Build development imageson this branch for all Dockerfile-backed slices.GitHub Actions deployment test result
Configure AWS credentialsbecausevars.ECR_BUILD_AWS_ROLE_ARNis empty for this repo/org.detectwithMissing ECR build roleand skips the matrix, confirming the remaining blocker is repository configuration rather than application code.ECR_BUILD_AWS_ROLE_ARNto the ECR build IAM role ARN for AWS account902837199612.Validation
git diff --checkruby -e 'require "yaml"; YAML.load_file(".github/workflows/build-development-images.yml")'scripts/verify/verify-monorepo-umbrella.shpython3 -m unittest scripts.github.tests.test_resolve_image_build_matrixuv run --python 3.12 --with pytest python -m pytest release/tests/test_release_resolution.py -qnpm testandnpm run typecheckOKNotes
mainbecause the deployment build test is currently blocked by the missingECR_BUILD_AWS_ROLE_ARNrepo/org variable.