Sync Synapse custom modules to staging/prod

[FadhlanR]

What

Extends the Synapse asset-sync workflow to ship the custom Python modules under packages/matrix/support/synapse/modules (the OIDC user_mapping_provider added in #5300) to staging/prod Synapse, alongside the existing email-template sync.

• Renames sync-synapse-templates.yml → sync-synapse-assets.yml — the workflow is no longer template-only.
• Triggers on modules/** in addition to templates/**.
• Adds a second aws s3 sync step pushing modules → s3://$BUCKET/modules, excluding test files (--exclude "test_*").
• The existing aws ecs update-service --force-new-deployment step already restarts Synapse and picks up both synced directories.

Why

Part of provisioning Google sign-in on staging. The dev mapping provider currently only runs locally; this carries it to the deployed Synapse. The matching cardstack/infra PR mounts s3://$BUCKET/modules into the container at /data/modules and sets PYTHONPATH so Synapse can import it.

Sequencing

This is one of three PRs. It is safe to merge independently — it only makes the module available in S3. The host feature-flag flip (a separate PR) lands last, after the infra OIDC config is deployed and verified.

Testing

After merge, the Sync Matrix Synapse Assets workflow run should push boxel_oidc_mapping_provider.py to s3://cardstack-matrix-synapse-staging/modules and restart synapse-staging.

🤖 Generated with Claude Code

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: a8ddefd18a

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Include workflow edits in the push paths

When this PR lands by itself, the push.paths filter is evaluated against the files changed by that push; GitHub's workflow syntax docs state, “If at least one path matches,” the workflow runs. This commit only renames/edits .github/workflows/sync-synapse-assets.yml, so neither listed path matches and the promised automatic staging sync/restart will not happen; the module added earlier remains absent from S3 until someone manually dispatches the workflow or a later templates/modules change occurs. Include the workflow file in the path filter for this bootstrap case or otherwise make the initial sync explicit.

Useful? React with 👍 / 👎.

[Copilot]

Pull request overview

Extends the GitHub Actions workflow that syncs Synapse assets to S3 so it ships both Synapse email templates and custom Synapse Python modules (for the OIDC user mapping provider), and restarts the target ECS service to pick up the updated assets.

Changes:

• Rename/re-scope the workflow from “templates-only” to “assets” and broaden the push trigger to include modules/**.
• Add an aws s3 sync step to publish packages/matrix/support/synapse/modules into s3://$BUCKET/modules, excluding test files.
• Update the concurrency group name to reflect the broader workflow purpose.

Comments suppressed due to low confidence (1)

.github/workflows/sync-synapse-assets.yml:24

• To reliably honor the workflow_dispatch environment input, prefer the same fallback pattern used elsewhere in the repo (e.g. manual-deploy.yml), since inputs.* can be unavailable in some workflow expression contexts. Without the fallback, manual runs may incorrectly default into the staging concurrency group.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.