Skip to content

CI/CD Pipeline

The CI/CD pipeline is defined in .github/workflows/deploy.yml.

Triggers

Event Jobs Run
Pull Request to main test, terraform-plan
Push to main test, ensure-ecr, build-and-push, deploy
Manual (workflow_dispatch) All jobs

Pipeline Jobs

CI/CD Pipeline

test

Runs on every PR and push to main.

steps:
  - npm ci
  - npm run lint
  - npm run type-check
  - npm run test
  - npm run build

terraform-plan (PR only)

Shows infrastructure changes without applying them.

  • Runs terraform plan
  • Posts plan output as PR comment
  • Helps review infrastructure changes

ensure-ecr (main only)

Ensures ECR repository exists before pushing images.

build-and-push (main only)

Builds and pushes Docker image to ECR.

  • Platform: linux/amd64
  • Tag: sha-{commit}-run-{run_number}
  • Uses Docker layer caching

deploy (main only)

Deploys to App Runner.

steps:
  - terraform init
  - terraform apply
  - Wait for deployment (up to 5 minutes)
  - Health check (up to 15 retries)

Required Secrets

Secret Purpose
AWS_CI_ROLE_ARN GitHub OIDC role for AWS
DB_PASSWORD RDS database password
CLOUDFLARE_API_TOKEN Cloudflare API access
CLOUDFLARE_ZONE_ID luminarium.ai zone ID
CLOUDFLARE_ACCOUNT_ID Cloudflare account

Deployment Process

  1. Quality gates pass - lint, type-check, test, build
  2. ECR repository ready - Created if needed
  3. Docker image built - Multi-stage build, pushed to ECR
  4. Terraform apply - Infrastructure updated
  5. Wait for deployment - App Runner updates service
  6. Health check - Verifies /api/health returns 200

Viewing Pipeline Status

GitHub Actions UI

  1. Go to repository → Actions tab
  2. Click on workflow run
  3. View job logs

PR Comments

Terraform plan output is posted as a PR comment:

## Terraform Plan ✅ Plan Succeeded

<details>
<summary>Click to expand</summary>

... plan output ...

</details>

Troubleshooting

Build Failures

Lint errors: 

npm run lint
# Fix reported issues

Type errors: 

npm run type-check
# Fix reported issues

Build errors: 

npm run build
# Check for missing dependencies or configuration issues

Deployment Failures

Terraform errors: - Check Terraform plan in PR comments - Verify secrets are set correctly - Check AWS permissions

Health check failures: - Check App Runner logs in AWS Console - Verify DATABASE_URL is correct - Check application logs

Manual Deployment

In emergencies, you can trigger a manual deployment:

  1. Go to Actions → "Luminarium Proof CI/CD"
  2. Click "Run workflow"
  3. Select main branch
  4. Click "Run workflow"

Infrastructure Changes

Only infrastructure owners should modify the CI/CD pipeline.