Run 1: Infrastructure — Changelog
Changes Made
Section titled “Changes Made”infrastructure repository (PR1: #425)
Section titled “infrastructure repository (PR1: #425)”Branch: jmpicnic/frontend-pipeline/infrastructure-changes → main
| File | Change |
|---|---|
src/main/cfn/amplifyBranch.cfn.yaml | Added EnableAutoBuild parameter (String, default "true") with Conditions section and !If for boolean conversion. Added AmplifyBranchName CloudFormation export. |
src/main/cfn/amplifyExports.cfn.yaml | New file — lightweight export template with WaitConditionHandle placeholder resource. Parameters: Infrastructure, Partition, AmplifyAppId, AmplifyBranchName. |
amm.sh | Added 4 mapping constants (AMPLIFY_DEPLOY_TARGETS, AMPLIFY_BRANCH_NAMES, AMPLIFY_APP_REPOS, AMPLIFY_REGION_OVERRIDES). Replaced infrastructure-level gate with target list check. Parameterized Repo/AppName/Branch. Added branch_name validation. Passes EnableAutoBuild=false for demo. |
.github/workflows/amm.yml | Changed ARDA_API_KEY from secrets.ARDA_API_KEY_KYLE to secrets[format('ARDA_API_KEY_{0}', steps.partition.outputs.partition)]. |
src/main/cdk/constructs/oam/gh-oidc-provider.ts | Added frontendDeploymentRole() method. New role: ${prefix}-API-GitHubActionFrontEnd with Amplify and CloudFormation ListExports permissions. OIDC scoped to arda-frontend-app on main, patch, demo branches. Exposed via GhOidcProviderBuilt interface. |
CHANGELOG.md | Added v2.23.0 entry. |
arda-frontend-app repository
Section titled “arda-frontend-app repository”| Change | Branch |
|---|---|
Created demo branch off main at 30f4e73 | demo |
Added test-oidc.yaml (temporary) | demo |
AWS (Alpha001, us-east-1)
Section titled “AWS (Alpha001, us-east-1)”| Resource | Type | Status |
|---|---|---|
Alpha001-demo-Amplify | CloudFormation stack | Created |
Alpha001-demo-AmplifyBranch | CloudFormation stack | Created |
Alpha001-API-GitHubActionFrontEnd | IAM role | Created (via CDK) |
d2jmcx9om9gokx | Amplify App | Created, build succeeded |
GITHUB_TOKEN env var on demo app | Manual workaround | Applied (not in CFn template) |
AWS (Alpha002, us-east-1)
Section titled “AWS (Alpha002, us-east-1)”| Resource | Type | Status |
|---|---|---|
Alpha002-API-GitHubActionFrontEnd | IAM role | Created (via CDK, deployed with Alpha002/dev) |
Tickets Created
Section titled “Tickets Created”| Ticket | Description |
|---|---|
| infrastructure#426 | amm.sh: partition-aware 1Password secret lookup for local runs |
| infrastructure#427 | amplify.cfn.yaml: add GITHUB_TOKEN env var for GitHub Packages auth |
Review Comments Addressed (PR1)
Section titled “Review Comments Addressed (PR1)”| # | Issue | Resolution |
|---|---|---|
| 1 | EnableAutoBuild String→boolean | Added Conditions + !If for proper boolean conversion |
| 2 | AMPLIFY_REGION_OVERRIDES unused in script | Clarified comment — consumed by GHA workflows, not amm.sh |
| 3 | branch_name not validated | Added empty-check with error exit |
| 4 | Secret case sensitivity concern | No change — same pattern used in operations repo; GHA secrets are case-insensitive |
| 5 | Missing Resources section in export template | Added WaitConditionHandle placeholder |
Copyright: © Arda Systems 2025-2026, All rights reserved