- Rename forgejo.yaml to forgejo-cl.yaml
- Make S3 bucket and IAM ARNs region-agnostic
- Disable CodePipeline S3 polling
- Enable S3 → EventBridge notifications
- Add EventBridge rule and IAM role to trigger pipeline on object creation
- Tighten IAM permissions for CodeBuild and CodePipeline
- Normalize file mode for forgejo-efs.yaml
- Introduce forgejo-efs.yaml defining EFS FileSystem with encryption, lifecycle policies, and backup enabled
- Add dedicated AccessPoints for /forgejo/data and /forgejo/config with POSIX ownership and tags
- Include FileSystemPolicy enforcing mount-target-only access
- Export EFS resource IDs for cross-stack referencing
- Introduce clear directory separation for docker, infra, ci, and config
- Add CloudFormation pipeline for S3 → CodeBuild → ECR
- Implement explicit artifact build script for flat deployment zip
- Provide example runtime configuration and ignore secrets
