CI/CD Overview
Deployment Strategy
All repos are hosted in AWS CodeCommit with CodeBuild projects triggered on push to main.
Local deployment is faster + free
Deploy locally for speed, push to main to true everything up. For Docker builds, use Colima (lightweight Docker daemon): colima start --cpu 2 --memory 4
CodeBuild Projects
| Project | Repo | Trigger | Buildspec |
|---|---|---|---|
statux-prod-codebuild-api-statuspages | statux-api | Push to main (apps/statuspages/, libs/) | buildspec-statuspages.yml |
statux-prod-codebuild-api-alerting | statux-api | Push to main (apps/alerting/, libs/) | buildspec-alerting.yml |
statux-prod-codebuild-api-synthetics | statux-api | Push to main (apps/synthetics/, libs/) | buildspec-synthetics.yml |
statux-prod-codebuild-api-insights | statux-api | Push to main (apps/insights/, libs/) | buildspec-insights.yml |
statux-prod-codebuild-api-platform | statux-api | Push to main (apps/platform/, libs/) | buildspec-platform.yml |
statux-prod-codebuild-web | statux-web | Push to main | buildspec.yml |
statux-prod-codebuild-infra-plan | statux-infra | Push to main | buildspec-plan.yml |
statux-prod-codebuild-infra-apply | statux-infra | Manual trigger only | buildspec-apply.yml |
statux-prod-codebuild-docs | statux-docs | Push to main | buildspec.yml |
statux-prod-codebuild-relay | statux-relay | Push to main | buildspec.yml |
statux-prod-codebuild-app | statux-app | Push to main | buildspec.yml |
API Pipeline Steps
Each API CodeBuild project follows the same pipeline:
- Install dependencies (
npm ci) - Run tests (
npm run test:<app>) - Build application (
npm run build:<app>) - Build Docker image
- Push to ECR (with git SHA and
latesttags) - Trigger ASG instance refresh
Local Deployment Commands
API
cd statux-api
colima start --cpu 2 --memory 4
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 255982108053.dkr.ecr.us-east-1.amazonaws.com
docker build -f Dockerfile.statuspages -t 255982108053.dkr.ecr.us-east-1.amazonaws.com/statux-api:latest .
docker push 255982108053.dkr.ecr.us-east-1.amazonaws.com/statux-api:latest
aws autoscaling start-instance-refresh --auto-scaling-group-name statux-prod-asg-pages-api \
--preferences '{"MinHealthyPercentage":50,"InstanceWarmup":120}'
See API Deployment for all 5 apps.
Web
cd statux-web
aws s3 sync landing/ s3://statux-landing-prod --delete --exclude "shared/*" --exclude "docs/*"
aws s3 sync shared/ s3://statux-landing-prod/shared/
aws cloudfront create-invalidation --distribution-id EVHSVR55HETJY --paths "/*"
# Repeat for other products...
Docs
cd statux-docs
npm run build
aws s3 sync build/ s3://statux-landing-prod/docs/ --delete
aws cloudfront create-invalidation --distribution-id EVHSVR55HETJY --paths "/docs/*"
Infrastructure
cd statux-infra/environments/prod
terraform plan
terraform apply
Security Scanning
Security scanning is integrated into each CodeBuild pipeline:
| Repo Type | Scans |
|---|---|
| API builds | Trivy (Docker image scan), Gitleaks (secret detection), npm audit |
| Web builds | Gitleaks, HTML validation |
| Infra builds | tfsec, Checkov, Gitleaks |
| Relay/App builds | Gitleaks |