Lunker - Gone Fishing!

blog.lukach.io

Amazon Cloud

GitHub Profile

December 13, 2025

ClickOps #7 - Setup CodeBuild for Continuous Deployment

by John Lukach

I want all my stacks to deploy once a month with CodeBuild for Continuous Deployment, triggered by a GitHub Action that uses an OpenID Connect (OIDC) provider.

github oidc

github oidc

Start builds from your repositories

codebuild deployment

Create Build Project

codebuild deployment

codebuild deployment

codebuild deployment

codebuild deployment

codebuild deployment

The GitHub Role ARN deployed by the OIDC stack needs to be an Actions Repository Secret for account assumption.

https://github.com/jblukach/domains/blob/main/domains/domains_stack.py

github action secrets

github action secrets

I am now ready to add a GitHub Action to support my Continuous Deployment goal!

https://github.com/jblukach/domains/blob/main/.github/workflows/domains.yaml

name: domains
on:
  push:
    branches:
      - main
  schedule:
    - cron:  '0 2 1 * *'
jobs:
  deploy:
    runs-on:
      - codebuild-domains-$-$
    permissions:
      id-token: write
      contents: read
    steps:
      - uses: actions/checkout@v5
      - uses: actions/setup-node@v5
        with:
          node-version: '22'
      - uses: aws-actions/configure-aws-credentials@v5
        with:
          role-to-assume: $
          aws-region: us-east-1
      - run: npm install -g aws-cdk
      - run: npm install -g aws-cdk-lib
      - run: python -m pip install --upgrade pip
      - run: pip install -r requirements.txt --upgrade
      - run: cdk deploy --all --require-approval never
tags: aws - cicd - codebuild - github - actions - oidc