- Create S3 artifact bucket with encryption and versioning
- Add ECR lifecycle policy to maintain maximum 5 images
- Add OutputArtifacts to build stage for deployment
- Add Deploy stage with ECS provider
- Update CodePipeline artifact store to use ArtifactBucket
- Replace hardcoded bucket names with parameterized references
- Add IAM permissions for ECS task definition and service management
- Add buildspec commands to generate image definitions file
Define ECS cluster with exports, service wired to ALB target group and deployment circuit
breaker, and task definition with IAM role, ARM64 runtime, EFS volumes, ports 3000/2222,
logging, and MinIO/S3 env config.
Add EFS MountTargets (two subnets), an ALB Target Group for Forgejo (port 3000, health
checks), and a Listener Rule for host git.n-daisuke897.com; export the TargetGroup ARN. No
application-level configuration changes.
Introduce dedicated CloudFormation templates for Forgejo networking
(EFS mount targets, ALB target group and listener rule) and S3 storage,
including bucket creation and scoped access policy.
- Rename forgejo.yaml to forgejo-cl.yaml
- Make S3 bucket and IAM ARNs region-agnostic
- Disable CodePipeline S3 polling
- Enable S3 → EventBridge notifications
- Add EventBridge rule and IAM role to trigger pipeline on object creation
- Tighten IAM permissions for CodeBuild and CodePipeline
- Normalize file mode for forgejo-efs.yaml
- Introduce forgejo-efs.yaml defining EFS FileSystem with encryption, lifecycle policies, and backup enabled
- Add dedicated AccessPoints for /forgejo/data and /forgejo/config with POSIX ownership and tags
- Include FileSystemPolicy enforcing mount-target-only access
- Export EFS resource IDs for cross-stack referencing
- Introduce clear directory separation for docker, infra, ci, and config
- Add CloudFormation pipeline for S3 → CodeBuild → ECR
- Implement explicit artifact build script for flat deployment zip
- Provide example runtime configuration and ignore secrets
