CI/CD Overview
Deployment Strategy
All repos have CodeBuild projects triggered by GitHub webhooks on push to main.
Local deployment is faster + free
Deploy locally for speed, push to main to true everything up. For Docker builds, use Colima (lightweight Docker daemon).
API Deployment (CodeBuild)
Push to main triggers AWS CodeBuild:
| App | CodeBuild Project | Trigger Path |
|---|---|---|
| Statux Pages | statux-prod-codebuild-api-statuspages | apps/statuspages/**, libs/** |
| Alerting | statux-prod-codebuild-api-alerting | apps/alerting/**, libs/** |
| Synthetics | statux-prod-codebuild-api-synthetics | apps/synthetics/**, libs/** |
Pipeline Steps
- Install dependencies (
npm ci) - Run tests (
npm run test:<app>) - Build application (
npm run build:<app>) - Build Docker image
- Push to ECR (with git SHA and
latesttags) - Trigger ASG instance refresh
Local Deployment Commands
Web
cd statux-web
aws s3 sync landing/ s3://statux-landing-prod --delete --exclude "shared/*" --exclude "docs/*"
aws s3 sync shared/ s3://statux-landing-prod/shared/
aws cloudfront create-invalidation --distribution-id EVHSVR55HETJY --paths "/*"
# Repeat for other products...
Docs
cd statux-docs
npm run build
aws s3 sync build/ s3://statux-landing-prod/docs/ --delete
aws cloudfront create-invalidation --distribution-id EVHSVR55HETJY --paths "/docs/*"
Infrastructure
cd statux-infra/environments/prod
terraform plan
terraform apply
Security Scanning
Security scans (Trivy, Gitleaks) remain in GitHub Actions and run on every push/PR:
- File system vulnerability scanning
- Secret detection in code history
- HTML validation (web only)