feat(build): hard-fail the build when laravel/octane is not installed#94
Merged
Conversation
The web role runs `octane:start`, which only exists when laravel/octane is installed. Without it the container crash-loops on boot and the deploy circuit breaker rolls back ~20min later. Add a CheckOctaneInstalledStep build preflight (first in BuildCommand's Fargate steps, ahead of ECR login and the image build) that hard-fails when laravel/octane is absent from composer.lock's production `packages` set. Reading the lock's production set — not a composer.json `require` scan — catches octane sitting in require-dev, which a naive scan passes but the `--no-dev` image install strips. It also makes no assumption about where composer install runs, so an app-owned Dockerfile that installs vendor itself isn't false-failed. Unlike the sibling SSR runtime check this is a clean hard-fail, not warn-and-confirm: the lock is authoritative, so a missing octane is a certainty, and a missing web server is fatal where missing SSR merely degrades to CSR. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hey, I made a thing! 🥳
What problems are you solving?
php artisan octane:start(seeProcessCommands::octane()), which only exists whenlaravel/octaneis installed. There was no check — an app reaching deploy without octane crash-loops the web container on boot, and the ECS deployment circuit breaker only rolls it back ~20 minutes later. Expensive, late, easy to miss.CheckOctaneInstalledStepbuild preflight, slotted first inBuildCommand::$fargateSteps(ahead ofCheckSsrRuntimeStep, ECR login, and the image build/push), so a missing octane fails in milliseconds instead of after a full push + rollout. It gates ontasks.web(a worker-only app never runs octane →SKIPPED).Is there anything the reviewer needs to know to deploy this?
octane:start, so octane is in theircomposer.lock— the gate passes silently. It only fires on a genuinely-missing-octane misconfig (a new app, or octane demoted torequire-dev).composer.lockfrom the repo root — no API calls, nothing provisioned. Rollback is a plain revert.composer require laravel/octane.The one decision worth flagging: check
composer.lock, notcomposer.jsonThe production image installs with
--no-dev, socomposer.lock'spackagesarray (the prod set) is exactly what ships. Checking it instead ofcomposer.json'srequire:requirerequire-devcomposer.jsonrequirecomposer.lockpackages[]Reading the lock also makes no assumption about where
composer installruns — the committed lock is in the repo root whether the manifest builds host-side or an app-owned Dockerfile installsvendor/itself. (That's why I didn't inspect the build dir'svendor/laravel/octane: ground truth for a host-side build, but it would false-fail a legitimate Docker-side install.)Hard-fail, not warn-and-confirm
Unlike the sibling
CheckSsrRuntimeStep(a Dockerfile-regex heuristic that can false-negative, so it warns + confirms), the lock is authoritative — a missing octane is a certainty. And a missing web server is fatal, where missing SSR merely degrades to client-side rendering.Tests & checks
5 new (
CheckOctaneInstalledStepTest): skip for worker-only, pass when present, hard-fail when absent, hard-fail when only a dev dependency (the footgun), and hard-fail whencomposer.lockis missing../vendor/bin/pest— 625 passed (+5)./vendor/bin/phpstan analyse— no errors./vendor/bin/pint— passdocs/guide/building-and-deploying.mdupdated🤖 Generated with Claude Code