This document provides comprehensive information about the projen-pipelines library to assist LLMs in generating code and providing accurate guidance.
Projen Pipelines is an open-source project that automates CI/CD pipeline generation using Projen (a project configuration tool created by the inventor of AWS CDK). It provides high-level abstractions for defining continuous delivery pipelines with a focus on AWS CDK applications.
The library supports multiple CI/CD platforms (currently GitHub Actions, GitLab CI, and bash scripts) and allows users to easily switch between them without rewriting pipeline configurations.
- Automated pipeline code generation: Generate CI/CD configuration files without manual writing
- Multi-platform support: Deploy to GitHub Actions, GitLab CI, or bash scripts
- Baked-in proven defaults: Optimized pipeline configurations
- Compliance-as-code integration: Integrate compliance requirements directly into pipelines
- Platform migration support: Switch CI/CD platforms with minimal code changes
- Complex deployment scenarios: Handle multi-stage, multi-account deployments
- AWS infrastructure management: Streamlined deployment to AWS environments
Projen-pipelines is built on these architectural components:
- Pipeline Engines: Abstract interfaces with concrete implementations for each CI/CD platform
- Pipeline Steps: Modular, composable actions that make up pipeline workflows
- CDK Integration: Specialized components for AWS CDK applications
- Configuration Generation: Automated creation of platform-specific configuration files
Steps are the fundamental building blocks. Key step types include:
PipelineStep(abstract base class)SimpleCommandStep(execute shell commands)ProjenScriptStep(run projen scripts)StepSequence(combine multiple steps)AwsAssumeRoleStep(assume AWS IAM roles)AmplifyDeployStep(deploy to AWS Amplify Hosting)- Various artifact management steps
For AWS CDK applications, the library provides:
CDKPipeline(abstract base class)- Platform-specific implementations (e.g.,
GithubCDKPipeline) - Support for multi-stage deployments (dev, prod, personal, feature)
- Asset publishing and versioning
- Automated CloudFormation deployment
- Feature branch deployments with automatic lifecycle management
import { awscdk } from 'projen';
import { GithubCDKPipeline } from 'projen-pipelines';
// Define your AWS CDK TypeScript App
const app = new awscdk.AwsCdkTypeScriptApp({
cdkVersion: '2.150.0',
name: 'my-awesome-app',
defaultReleaseBranch: 'main',
devDeps: [
'projen-pipelines',
],
});
// Create the pipeline
new GithubCDKPipeline(app, {
stackPrefix: 'MyApp',
iamRoleArns: {
default: 'arn:aws:iam::123456789012:role/GithubDeploymentRole',
},
useGithubEnvironments: true,
stages: [
{
name: 'dev',
env: { account: '123456789013', region: 'eu-central-1' },
}, {
name: 'prod',
manualApproval: true,
env: { account: '123456789014', region: 'eu-central-1' },
}],
});After running npx projen, a specialized app.ts file is created for your CDK application.
Use it in your main.ts:
import { PipelineApp } from './app';
import { BackendStack } from './stack';
const app = new PipelineApp({
provideDevStack: (scope, id, props) => {
return new BackendStack(scope, id, {
...props,
apiHostname: 'api-dev',
myConfigSetting: 'value-for-dev',
});
},
provideProdStack: (scope, id, props) => {
return new BackendStack(scope, id, {
...props,
apiHostname: 'api',
myConfigSetting: 'value-for-prod',
});
},
providePersonalStack: (scope, id, props) => {
return new BackendStack(scope, id, {
...props,
apiHostname: `api-${props.stageName}`,
myConfigSetting: 'value-for-personal-stage',
});
},
});
app.synth();When creating a CDK pipeline, these are key configuration options:
| Option | Description |
|---|---|
stackPrefix |
Prefix for CloudFormation stack names |
iamRoleArns |
IAM roles for AWS access during deployment |
pkgNamespace |
Namespace for published packages |
stages |
Array of deployment stages with environment settings |
useGithubPackagesForAssembly |
Use GitHub Packages for assembly storage |
featureStages |
Configuration for feature branch deployments |
Each stage can have these properties:
| Property | Description |
|---|---|
name |
Stage name (e.g., 'dev', 'prod') |
env |
AWS environment (account ID and region) |
manualApproval |
Require manual approval before deployment |
For multi-account deployments, trust relationships are needed between accounts:
-
Bootstrap each account with CDK:
cdk bootstrap --trust <deployment_account_id> --cloudformation-execution-policies "arn:aws:iam::aws:policy/AdministratorAccess"
-
Create an IAM role in the deployment account that can assume roles in target accounts:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": [ "arn:aws:iam::123456789013:role/cdk-*-123456789013-*", "arn:aws:iam::123456789014:role/cdk-*-123456789014-*" ] } ] } -
Configure OIDC trust for GitHub Actions (see GitHub documentation)
The CDK pipeline adds these tasks to your projen project:
| Task | Description |
|---|---|
deploy:personal |
Deploy personal development environment |
watch:personal |
Deploy personal environment in watch mode |
diff:personal |
Compare personal environment with code |
destroy:personal |
Remove personal environment |
deploy:feature |
Deploy feature branch environment |
diff:feature |
Compare feature environment with code |
destroy:feature |
Remove feature environment |
deploy:<stageName> |
Deploy a specific stage |
diff:<stageName> |
Compare stage with code |
publish:assets |
Publish CDK assets to all accounts |
bump |
Bump version based on git tags |
release:push-assembly |
Publish cloud assembly to registry |
When featureStages is configured, the library creates automated workflows for feature branch lifecycle management:
- deploy-feature workflow: Triggered when a PR is labeled with 'feature-deployment'
- destroy-feature workflow: Triggered when PR is closed or 'feature-deployment' label is removed
- Uses branch name in stack naming for isolation
{
featureStages: {
env: { account: '123456789013', region: 'eu-central-1' }
}
}The library provides the AmplifyDeployStep for deploying static websites and single-page applications to AWS Amplify Hosting.
import { AmplifyDeployStep } from 'projen-pipelines';
// Static app ID configuration
const deployStep = new AmplifyDeployStep(project, {
appId: 'd123gtgt770s1x',
artifactFile: 'dist.zip',
branchName: 'main', // optional, defaults to 'main'
region: 'us-east-1', // optional, defaults to 'eu-central-1'
});
// Dynamic app ID extraction from CDK outputs
const deployStep = new AmplifyDeployStep(project, {
appIdCommand: 'jq -r \'.MyStack.AmplifyAppId\' cdk-outputs.json',
artifactFile: 'build.zip',
environment: 'production', // optional, for environment tagging
});export interface AmplifyDeployStepConfig {
/** The Amplify app ID (static value) */
readonly appId?: string;
/** Command to retrieve the Amplify app ID dynamically */
readonly appIdCommand?: string;
/** The artifact file to deploy (zip file containing the build) */
readonly artifactFile: string;
/** The branch name to deploy to (defaults to 'main') */
readonly branchName?: string;
/** The AWS region (defaults to 'eu-central-1') */
readonly region?: string;
/** Environment name for context */
readonly environment?: string;
}| Platform | Support | Implementation Details |
|---|---|---|
| GitHub Actions | ✅ Full | Multi-step workflow with environment variables |
| GitLab CI | ✅ Full | Integrated job configuration |
| Bash | ✅ Full | Uses deployment commands |
- Pending Job Cancellation: Checks for and cancels any pending Amplify deployments
- Deployment Creation: Creates a new deployment via AWS Amplify API
- Artifact Upload: Uploads the zip file to Amplify's S3 bucket
- Deployment Start: Initiates the deployment process
- Status Monitoring: Polls deployment status until completion
- Validation: Ensures deployment succeeded or fails the pipeline
- Either
appIdorappIdCommandmust be provided (but not both) - The artifact file must be a zip file containing the static website assets
- The deployment monitors status with 10-second polling intervals
- Failed deployments will cause the pipeline to fail
- IAM Role Setup: Create minimal permission IAM roles for deployment
- Account Bootstrapping: Bootstrap all accounts with appropriate trust relationships
- Testing Locally: Use the
deploy:personaltask for testing changes locally - Environment Variables: For GitHub token issues, run
GITHUB_TOKEN= npx projen - Security: Never use
AdministratorAccessin production; use custom IAM policies
Projen-Pipelines is currently in version 0.x, awaiting Projen's 1.0 release. Despite being pre-1.0, it's being used in production environments.
The library is designed for extension via:
- Creating custom pipeline steps
- Implementing new engine adapters
- Adding support for new application types
- Contributing new deployment patterns
- GitHub Repository: https://github.com/open-constructs/projen-pipelines
- API Documentation: See the API.md file
- Examples: See the README.md for usage examples