Scripts

provision-repo.sh

Interactive helper that scaffolds environment-specific assets.

What it does:

Step	Description
1. Prompts	Asks for GitHub repository slug and environment name (`test`, `staging`, or `production`)
2. Generates workflow	Creates `.github/workflows/cloudformation-deploy-<environment>.yml` with Rain install steps, linters, and deployment job
3. Creates parameters	Generates `parameters/<environment>/oidc-provider.yml` seeded with `SubjectClaimFilters` placeholder
4. Safe re-run	Can be re-run when adding new environments; overwrites workflow if it exists (commit local tweaks first)

validate-templates.sh

Runs static analysis locally so the CI pipeline mirrors what you see on your machine.

What it does:

Step	Description
1. Checks dependencies	Verifies `python3` and `pip3` are installed
2. Installs requirements	Installs dependencies from `requirements.txt` if needed
3. Runs Checkov	Ensures `checkov` is available and runs it with `.checkov.yml` configuration
4. Extensible	Extend with additional tools (e.g., `cfn-guard`) by editing the script

deploy-templates.sh

Orchestrates Rain deployments across every template in the repository.

What it does:

Step	Description
1. Environment selection	Requires `-e` or `--environment` to select parameter folder (`parameters/<environment>/`)
2. Template iteration	Iterates over `templates/*.{yml,yaml,json}` and matches each file to a parameter file
3. Dynamic command building	Builds Rain command dynamically; deploys with defaults if no parameter file exists
4. Non-interactive execution	Executes Rain with `--yes` flag; edit script to add flags like `--changeset`

Customizing scripts

Fork a script into your own repository if you need organization-specific logic (for example, tagging every stack with a compliance identifier). Keep the original around as a reference—scripts are small by design so they are easy to adapt.

Want to see how GitHub Actions stitches everything together? Continue to the CI/CD Workflows documentation.