GitHub Actions and CodePipeline

excavator beside large pipes

Here is the basic blueprint:

  • Create AWS IAM user credentials and grant this user access to CloudFormation (update-stack) and CodePipeline (start-pipeline-execution). You can narrow it down to a single stack/pipeline or to multiple, depending on the goal.

  • Add the above user credentials as secrets to your CodePipeline source GitHub repo. For multiple environments (i.e. prod, stage, dev), add a separate set of credentials per environment. Something like STAGE_AWS_ACCESS_KEY_ID and STAGE_AWS_SECRET_ACCESS_KEY for staging, for example.

  • Add CurrentBranch (or any name you like) parameter to your CloudFormation stack.

Then, in GitHub action:

  • Set desired branch pattern in on:push:branches: (i.e. GitFlow pattern release/** for release candidate).

  • In jobs:build:steps:, load AWS IAM user credentials with credentials helper aws-actions/configure-aws-credentials@v1 (AWS CLI is installed in GitHub build box by default).

  • Define current GitHub branch with something like echo "CURRENT_BRANCH=$(echo $GITHUB_REF | sed 's!refs/heads/!!')" >> $GITHUB_ENV.

  • Set CurrentBranch parameter in CloudFormation stack to the $CURRENT_BRANCH with something like aws cloudformation update-stack --stack-name MY_CF_STACK_NAME --parameters ParameterKey=CurrentBranch,ParameterValue=$CURRENT_BRANCH --use-previous-template. You might also want add continue-on-error: true to continue execution since the above command will error out if the current branch is the same as already set in the CloudFormation stack parameter.

  • Execute your CodePipeline pipeline with aws codepipeline start-pipeline-execution --name MY_PIPELINE_NAME.