Test: test env | Prod: production env
BuildPipeline is an AWS-backed, fully scripted build → test → deploy pipeline with separate test & production environments. The frontend (React + TypeScript + Webpack) is served from S3 behind CloudFront & Route53. Infrastructure and deployment flow are defined as code in Terraform plus a small set of Bash scripts. CodeBuild + CodePipeline orchestrate builds, tests, artifact packaging and promoted releases. Logs: CloudWatch. Secrets: SSM Parameter Store.
- Push to master → test env pipeline: build, test, synth/apply infra, upload & deploy assets
- Promote: merge master → production branch
- Manual approval gate in CodePipeline
- Production deploy: infra apply (no rebuild/tests) + asset promotion
- Frontend: React, TypeScript, Webpack 5, Rebass v4 (@emotion theme), Redux + Sagas
- Quality: ESLint 9 flat config, TypeScript strict-ish, Prettier (via ESLint)
- Infra: Terraform modules (
/infrastructure+ nested modules), Bash helpers - CI/CD: AWS CodeBuild, CodePipeline, S3, CloudFront, Route53, CloudWatch Logs
- Secrets: SSM Parameter Store (SecureString)
Located under infrastructure/modules/ (e.g. build-pipeline, web-app). Modules encapsulate repeatable infra (pipelines, IAM, hosting). State + buildspec files are per-environment to allow environment‑specific steps.
Naming convention:
- Shared:
/shared/SECRET_NAME - CodeBuild:
/codebuild/PROJECT/SECRET_NAME - App:
/{PROJECT}/SECRET_NAME
Basic CLI examples:
aws ssm put-parameter --region <REGION> --name "/codebuild/PROJECT/SECRET" --value "VALUE" --type SecureString --key-id <KMS_KEY_ID>
aws ssm get-parameters --region <REGION> --name "/codebuild/PROJECT/SECRET" --with-decryption --query 'Parameters[0].Value' --output text- master branch → test automatically
- production branch → prod after manual approval (reduces accidental releases / coordinates timing)
- Separate buildspec + state per environment
- Production skips build & tests: only infra apply + artifact deploy
If building Docker images, enable privileged mode (CodeBuild project or module variable) and start the daemon early in the buildspec:
nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay &
timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"Provide cache_bucket Terraform variable → CodeBuild layer caches (see buildspec-test.yml).
pnpm install
pnpm dev # http://localhost:3001 (hot reload)pnpm install
pnpm build # outputs to /distpnpm install
pnpm prod # serves built assets- Migrated to ESLint 9 flat config; removed legacy TSLint remnants
- Aligned React Router to v6 (was mixed with v7 bits)
- Rebass v4 migration + unified @emotion ThemeProvider
- Added safe runtime env fallbacks (DEPLOY_ENV, APP_VERSION)
- Simplified Home page layout; consistent spacing & typography
- Cross-account production deployment pattern
- Extended build notifications (Lambda → Slack/webhook)
- Additional reusable infra modules
See ./infrastructure for Terraform root modules, helper scripts and environment state layout.
MIT License