Scripts

Learn what each helper script does and how to customize it.

provision-repo.sh

Interactive helper that scaffolds environment-specific assets.

  • Prompts for the GitHub repository slug and environment name (test, staging, or production).
  • Generates .github/workflows/cloudformation-deploy-<environment>.yml with Rain install steps, linters, and the deployment job.
  • Creates parameters/<environment>/oidc-provider.yml seeded with a SubjectClaimFilters placeholder.
  • Safe to re-run when adding new environments; it will overwrite the workflow if it already exists, so commit local tweaks first.

validate-templates.sh

Runs static analysis locally so the CI pipeline mirrors what you see on your machine.

  • Checks for python3 and pip3 and installs dependencies from requirements.txt if needed.
  • Ensures checkov is available and then runs it with .checkov.yml as the configuration file.
  • Extend it with additional tools (for example cfn-guard) by editing the script; each future local run will pick up the change.

deploy-templates.sh

Orchestrates Rain deployments across every template in the repository.

  • Requires -e or --environment to select the parameter folder (parameters/<environment>/).
  • Iterates over templates/*.{yml,yaml,json} and matches each file to a parameter file with the same base name.
  • Builds the Rain command dynamically; if no parameter file exists, it deploys the template with default values.
  • Executes Rain with --yes for non-interactive deploys. Edit the script if you want to add flags such as --changeset or custom stack names.

Customizing scripts

Fork a script into your own repository if you need organization-specific logic (for example, tagging every stack with a compliance identifier). Keep the original around as a reference—scripts are small by design so they are easy to adapt.

Want to see how GitHub Actions stitches everything together? Continue to Workflows.

ParametersWorkflows