docs: Environment Managment Guide

[tjholm]

Not sure what else to include with this one without creating too much redundant documentation, or making this guide very long.

Fixes: NIT-184

[coderabbitai]

Walkthrough

Adds a top-level Makefile target docs-dev (phony) that runs $(MAKE) -C docs dev. Introduces docs/Makefile with a phony dev target executing npx mint dev. Updates docs/docs.json to append guides/aws/environment-management to the Guides navigation group. Adds docs/guides/aws/environment-management.mdx detailing AWS multi-environment management using Terraform workspaces, including sections for overview, prerequisites, architecture (with mermaid diagram), provider/workspace configuration examples, workspace commands, CI/CD workflow, and references. No other files modified.

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
		  - name: "Undocumented Breaking Changes"
			  mode: "warning"
			  instructions: |
				  Flag potential breaking changes that are not documented:
				  1. Identify changes to public APIs/exports, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints (including removed/renamed items and changes to types, required params, return values, defaults, or behavior).
				  2. Ignore purely internal/private changes (e.g., code not exported from package entry points or marked internal).
				  3. Verify documentation exists: a "Breaking Change" section in the PR description and updates to CHANGELOG.md.

Please share your feedback with us on this Discord post.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2983fad and 78de518.

📒 Files selected for processing (2)

• docs/docs.json (1 hunks)
• docs/guides/aws/environment-management.mdx (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (2)

• docs/guides/aws/environment-management.mdx
• docs/docs.json

Pre-merge checks (1 passed, 1 warning, 1 inconclusive)

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Title Check	⚠️ Warning	The title “docs: Environment Managment Guide” does reference the addition of a documentation guide, but it contains a typo in “Managment” and lacks the specificity that this is an AWS environment management guide. The misspelling undermines readability and may confuse teammates reviewing the history. A clear, accurate title is essential for quick understanding of the change’s purpose.	Rename the title to correct the typo and improve specificity, for example “docs: AWS Environment Management Guide” or at minimum fix to “docs: Environment Management Guide” so that it accurately reflects the content.
Description Check	❓ Inconclusive	The current description notes uncertainty about content length and references Fixes: NIT-184, but it does not summarize what was added or describe the scope of the new guide. As written, it is too generic to give reviewers meaningful context on the changes. Without a brief overview of the guide’s content, reviewers may need extra time to understand the PR’s intent.	Enhance the description by outlining the key sections and changes—such as adding a Terraform workspace guide, multi-account architecture diagram, and CI/CD integration workflow—to provide clear context and streamline the review process.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (7)

docs/Makefile (1)

1-4: Optional: pin CLI version and add a basic help target.

Pinning avoids surprise breakages; a help target improves DX.

Example:

 .PHONY: dev
+DEFAULT_GOAL := dev
+
 dev:
-	npx mint dev
+	npx -y mintlify@^4 dev

Makefile (1)

1-4: Optional: forward args and add a help description.

Forwarding lets devs pass flags (e.g., --open).

 .PHONY: docs-dev
 
 docs-dev:
-	$(MAKE) -C docs dev
+	$(MAKE) -C docs dev ARGS="$(ARGS)"

And in docs/Makefile, reference ARGS in the command if adopted.

docs/guides/environment-management.mdx (5)

13-16: Fix typos in prerequisites.

Grammar issues reduce polish.

-This guide assumed you've have the following:
+This guide assumes you have the following:
@@
-That you've build your Terraform configuration using `suga build`.
+That you've built your Terraform configuration using `suga build`.

---

63-71: Add type and description for workspace_iam_roles.

Improves validation and editor hints.

-variable "workspace_iam_roles" {
+variable "workspace_iam_roles" {
+  description = "Mapping of Terraform workspace -> AWS IAM role ARN to assume"
+  type        = map(string)
   default = {

---

73-79: Consider fail-fast instead of silent fallback to dev.

Typos or unexpected workspace names could deploy to dev unintentionally. Prefer explicit allowlist + error.

 provider "aws" {
   assume_role {
-    # Falls back to dev account if workspace doesn't exist (useful for PR previews)
-    role_arn = lookup(var.workspace_iam_roles, terraform.workspace, var.workspace_iam_roles["dev"])
+    # Enforce known workspaces; error if unmapped
+    role_arn = var.workspace_iam_roles[terraform.workspace]
   }
 }

If PR previews are needed, add an explicit mapping (e.g., “pr”) in the variable and derive it in CI.

---

73-79: Optional: include region and provider version for completeness.

Prevents implicit-region surprises and pins provider.

Add to the example (either here or in versions.tf):

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = var.aws_region
  assume_role {
    role_arn = var.workspace_iam_roles[terraform.workspace]
  }
}

variable "aws_region" {
  type        = string
  description = "AWS region to deploy to"
  default     = "us-east-1"
}

---

109-136: Production safety: avoid blind auto-apply.

Recommend plan + manual approval for production; auto-apply is fine for staging.

-      - name: Terraform Init & Apply
+      - name: Terraform Init & Plan
         run: |
           cd terraform/stacks/<stack_name>
           terraform init
           terraform workspace select ${{ steps.env.outputs.environment }} || \
             terraform workspace new ${{ steps.env.outputs.environment }}
-          terraform apply -auto-approve
+          terraform plan -out tfplan
+
+      - name: Manual Approval (production)
+        if: ${{ github.ref_name == 'production' }}
+        uses: trstringer/manual-approval@v1
+        with:
+          secret: ${{ secrets.GITHUB_TOKEN }}
+          approvers: your-team
+
+      - name: Terraform Apply
+        if: ${{ github.ref_name != 'production' || steps.manual-approval.outcome == 'success' }}
+        run: |
+          cd terraform/stacks/<stack_name>
+          terraform apply -auto-approve tfplan

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4bf475c and b474689.

📒 Files selected for processing (4)

• Makefile (1 hunks)
• docs/Makefile (1 hunks)
• docs/docs.json (1 hunks)
• docs/guides/environment-management.mdx (1 hunks)

🧰 Additional context used

🪛 checkmake (0.2.2)

Makefile

[warning] 1-1: Missing required phony target "all"

(minphony)

---

[warning] 1-1: Missing required phony target "clean"

(minphony)

---

[warning] 1-1: Missing required phony target "test"

(minphony)

docs/Makefile

[warning] 1-1: Missing required phony target "all"

(minphony)

---

[warning] 1-1: Missing required phony target "clean"

(minphony)

---

[warning] 1-1: Missing required phony target "test"

(minphony)

🔇 Additional comments (5)

docs/Makefile (1)

3-4: Retain npx mint dev – Mintlify’s official CLI docs specify the one-off install invocation as npx mint dev (and globally as mint dev) (mintlify.com)

Likely an incorrect or invalid review comment.

Makefile (1)

3-4: Looks good; simple and clear.

Recursive make into docs is correct.

docs/docs.json (2)

44-46: Navigation entry looks correct.

Path aligns with the new MDX file.

---

132-135: Verify PostHog key is intended to be public.

phc_... keys are typically client/public, but please confirm it’s safe to commit and scoped to docs only.

docs/guides/environment-management.mdx (1)

60-79: Path and workspace naming caveat.

Please confirm the stack path (terraform/stacks/<stack_name>) matches Suga’s output. Also note: workspace names are [0-9A-Za-z_-]+; avoid slashes if deriving from branches.

[raksiv]

Looks great, as per the explaination of the configuration, the workflow could use a little more info, I've added a suggestion for review.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

docs/Makefile (1)

1-4: Pin Mintlify CLI for reproducible builds

Avoid floating npx installs; pin the CLI version and make it overridable.

 .PHONY: dev
+MINT_VERSION ?= 1.0.0
-
-dev:
-	npx mint dev
+dev:
+	npx -y mint@$(MINT_VERSION) dev

Makefile (1)

3-4: Allow passing extra args to docs dev (optional)

Forward optional args (e.g., port) without hardcoding; harmless if unused.

 docs-dev:
-	$(MAKE) -C docs dev
+	$(MAKE) -C docs dev $(DOCS_ARGS)

Usage: make docs-dev DOCS_ARGS="PORT=4000".

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b474689 and 906ef33.

📒 Files selected for processing (4)

• Makefile (1 hunks)
• docs/Makefile (1 hunks)
• docs/docs.json (1 hunks)
• docs/guides/environment-management.mdx (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• docs/guides/environment-management.mdx

🧰 Additional context used

🪛 checkmake (0.2.2)

Makefile

[warning] 1-1: Missing required phony target "all"

(minphony)

---

[warning] 1-1: Missing required phony target "clean"

(minphony)

---

[warning] 1-1: Missing required phony target "test"

(minphony)

docs/Makefile

[warning] 1-1: Missing required phony target "all"

(minphony)

---

[warning] 1-1: Missing required phony target "clean"

(minphony)

---

[warning] 1-1: Missing required phony target "test"

(minphony)

🔇 Additional comments (2)

docs/Makefile (1)

1-4: LGTM on minimal docs dev target

Phony + simple dev command is clear.

Makefile (1)

3-4: LGTM: convenient wrapper

The recursive make into docs is straightforward and works as expected.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

docs/Makefile (1)

1-4: Pin Mint CLI version and allow arg pass-through for reproducibility.

Unpinned npx mint dev is non-deterministic. Pin a version and forward optional args.

-.PHONY: dev
-
-dev:
-	npx mint dev
+.PHONY: dev
+MINT_VERSION ?= 1.0.x
+
+dev:
+	npx --yes mint@$(MINT_VERSION) dev $(ARGS)

Makefile (1)

1-4: Optional: Pass ARGS through and add a docs-build target.

Improves ergonomics without changing behavior.

-.PHONY: docs-dev
+.PHONY: docs-dev docs-build
 
 docs-dev:
-	$(MAKE) -C docs dev
+	$(MAKE) -C docs dev ARGS="$(ARGS)"
+
+docs-build:
+	$(MAKE) -C docs build ARGS="$(ARGS)"

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 906ef33 and 2983fad.

📒 Files selected for processing (4)

• Makefile (1 hunks)
• docs/Makefile (1 hunks)
• docs/docs.json (1 hunks)
• docs/guides/aws/environment-management.mdx (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• docs/guides/aws/environment-management.mdx

🚧 Files skipped from review as they are similar to previous changes (1)

• docs/docs.json

🧰 Additional context used

🪛 checkmake (0.2.2)

Makefile

[warning] 1-1: Missing required phony target "all"

(minphony)

---

[warning] 1-1: Missing required phony target "clean"

(minphony)

---

[warning] 1-1: Missing required phony target "test"

(minphony)

docs/Makefile

[warning] 1-1: Missing required phony target "all"

(minphony)

---

[warning] 1-1: Missing required phony target "clean"

(minphony)

---

[warning] 1-1: Missing required phony target "test"

(minphony)

🔇 Additional comments (2)

docs/Makefile (1)

1-4: Optional: Add all/build targets (convenience + appease linters)

 .PHONY: dev
+.PHONY: all build

 dev:
 	npx mint dev

+all: dev
+
+build:
+	npx mint build $(ARGS)

No package.json found to pin MINT_VERSION—verify your version fallback or explicitly define MINT_VERSION to avoid surprises.

Makefile (1)

1-4: LGTM: simple trampoline to docs dev.

Works as intended.

[nitric-bot]

🎉 This PR is included in version 0.0.5 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀