Skip to main content

Installation

Compose

The CodePipeline stack is a composable prepare-lifecycle stack integrated into /ipa-compose. To add it to the composition:

/ipa-compose codepipeline

The compose skill auto-includes codecommit as a transitive dependency and prompts for the CodeCommit repository name and branch. The generated prepare.mk includes prepare-codecommit and prepare-codepipeline targets with all cross-stack wiring.

To deploy the stacks:

/ipa-prepare

Configuration

Project Parameters (from .env)

ParameterTypeDescription
NamespaceStringProject namespace prefix for resource naming.
EnvironmentStringDeployment environment (e.g., dev, staging, prod).
AccountIdString12-digit AWS account ID. Must match the pattern \d{12}.

Cross-Stack Parameters (wired automatically)

ParameterTypeSourceDescription
CodeBuildRoleArnString/ipa-securityCodeBuild execution role ARN provisioned by the security stack.
EcrRepoUriStringECR stack RepositoryUriFull ECR repository URI for container image references.
OidcIssuerStringCognito stack IssuerUrlCognito OIDC issuer URL for JWT validation.
OidcClientIdStringCognito stack UserPoolClientIdCognito app client ID for OIDC audience.
OidcEndSessionEndpointStringCognito stack EndSessionEndpointCognito end-session endpoint URL.

Source Parameters (builder input)

ParameterTypeDefaultDescription
SourceRepoNameString--CodeCommit repository name. Must match an existing repository.
SourceBranchStringmainBranch to monitor for pipeline triggers.

Build Parameters (optional)

ParameterTypeDefaultDescription
BuildImageStringaws/codebuild/standard:7.0CodeBuild Docker image for the build environment.
ComputeTypeStringBUILD_GENERAL1_LARGECodeBuild compute type. Allowed values: BUILD_GENERAL1_SMALL, BUILD_GENERAL1_MEDIUM, BUILD_GENERAL1_LARGE.
KmsKeyArnString(empty)Optional KMS key ARN for artifact encryption at rest. When empty, the artifact bucket uses SSE-S3 (AES256).

Wiring

The CodePipeline stack receives values from multiple upstream stacks. The /ipa-compose skill wires these references automatically in the generated prepare.mk.

CodePipeline ParameterSource StackSource OutputNotes
CodeBuildRoleArnSecurityAPP_CODEBUILD_ROLE_ARNStored in .env by /ipa-security
EcrRepoUriECRRepositoryUriFull ECR URI without tag
OidcIssuerCognitoIssuerUrlOIDC issuer endpoint
OidcClientIdCognitoUserPoolClientIdOIDC client ID
OidcEndSessionEndpointCognitoEndSessionEndpointEnd-session endpoint URL
SourceRepoNameCodeCommitRepositoryNameRepository must exist before pipeline creation

Outputs

OutputDescriptionExport Name
PipelineNameCodePipeline pipeline name{StackName}-PipelineName
PipelineArnCodePipeline pipeline ARN{StackName}-PipelineArn
CodeBuildProjectNameCodeBuild project name{StackName}-CodeBuildProjectName
ArtifactBucketNameS3 bucket name for pipeline artifacts{StackName}-ArtifactBucketName