Claude-skill-registry deploy-to-github
Set up GitHub Actions to deploy this repository via AWS Deployer - creates workflow, updates CloudFormation template with required parameters, and generates parameter files.
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/deploy-to-github" ~/.claude/skills/majiayu000-claude-skill-registry-deploy-to-github && rm -rf "$T"
manifest:
skills/data/deploy-to-github/SKILL.mdsource content
Set Up GitHub Actions Deployment for AWS Deployer
This skill automatically configures a GitHub repository to deploy via AWS Deployer (github.com/savaki/aws-deployer).
Prerequisites
- AWS Deployer infrastructure is already set up (use
skill if not)setup-deployer - Working directory is a Git repository with a GitHub remote
- Repository has a
file (will be created if missing)cloudformation.template - Optional:
environment variable set to your artifacts bucketS3_ARTIFACT_BUCKET - Optional:
environment variable set to your AWS regionAWS_REGION
Your Task
When this skill is invoked, you will configure the repository for GitHub Actions deployment by:
- Detecting repository information - Extract repo name from
.git/config - Getting configuration - Check environment variables (
,S3_ARTIFACT_BUCKET
) first, ask only if not setAWS_REGION - Detecting build system - Identify build command from project files
- Creating/updating GitHub workflow - Generate
.github/workflows/deploy.yml - Updating CloudFormation template - Ensure required parameters exist
- Creating parameter files - Generate base and environment-specific templates
- Explaining OIDC setup - Provide instructions for running
and configuring GitHub secretsaws-deployer setup-github
Important:
- Check environment variables first:
andS3_ARTIFACT_BUCKETAWS_REGION - Only ask for values if environment variables are not set
- Default AWS region to
if not setus-west-2 - Do NOT run the
command. Explain to the user how to run it.aws-deployer setup-github - Explain that THREE GitHub secrets are required:
,AWS_ROLE_ARN
, andS3_ARTIFACT_BUCKET
.AWS_REGION
Step 1: Detect Repository Information
Extract the repository owner and name from Git configuration:
# Get the remote URL git config --get remote.origin.url
Parse the result to extract
owner/repo
→https://github.com/foo/bar.gitfoo/bar
→git@github.com:foo/bar.gitfoo/bar
Store as
REPO_FULL_NAMEfoo/barStep 2: Get Configuration
S3 Bucket:
- Check if
environment variable is setS3_ARTIFACT_BUCKETecho $S3_ARTIFACT_BUCKET - If set, use that value
- If not set, ask the user for the S3 artifacts bucket name
- Example:
my-artifacts-bucket - This will be stored as a GitHub secret
S3_ARTIFACT_BUCKET
- Example:
AWS Region:
- Check if
environment variable is setAWS_REGIONecho $AWS_REGION - If set, use that value
- If not set, ask the user to confirm the AWS region, providing options:
- Default:
us-west-2 - Other common options:
,us-east-1
,us-east-2
,eu-west-1ap-southeast-1 - Allow custom input
- Default:
Initial Environment: Default to
devStep 3: Detect Build Command
Check for common build files and infer the build command:
withMakefile
target →buildmake build
withpackage.json
script →buildnpm run build
→go.modgo build ./...
→pom.xmlmvn package
→build.gradlegradle build
If multiple or none found, ask the user for the build command.
Step 4: Create/Update GitHub Workflow
Create
.github/workflows/deploy.ymlname: Deploy to AWS on: push: branches: - main - develop workflow_dispatch: permissions: id-token: write contents: read jobs: deploy: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.AWS_ROLE_ARN }} aws-region: ${{ secrets.AWS_REGION }} - name: Set version variables id: version run: | REPO="<repo-owner>/<repo-name>" BRANCH="${{ github.ref_name }}" SHA_SHORT="${{ github.sha }}" SHA_SHORT="${SHA_SHORT:0:6}" VERSION="${{ github.run_number }}.${SHA_SHORT}" S3_PREFIX="${REPO}/${BRANCH}/${VERSION}" echo "repo=${REPO}" >> $GITHUB_OUTPUT echo "branch=${BRANCH}" >> $GITHUB_OUTPUT echo "version=${VERSION}" >> $GITHUB_OUTPUT echo "s3_prefix=${S3_PREFIX}" >> $GITHUB_OUTPUT - name: Build application run: | <build-command> - name: Generate CloudFormation parameters run: | cat > cloudformation-params.json <<EOF { "Env": "dev", "Version": "${{ steps.version.outputs.version }}", "S3Bucket": "${{ secrets.S3_ARTIFACT_BUCKET }}", "S3Prefix": "${{ steps.version.outputs.s3_prefix }}" } EOF - name: Upload to S3 run: | S3_PATH="s3://${{ secrets.S3_ARTIFACT_BUCKET }}/${{ steps.version.outputs.s3_prefix }}/" # Upload CloudFormation template aws s3 cp cloudformation.template "${S3_PATH}" # Upload parameters aws s3 cp cloudformation-params.json "${S3_PATH}" # Upload environment-specific parameters if they exist if [ -f cloudformation-params.dev.json ]; then aws s3 cp cloudformation-params.dev.json "${S3_PATH}" fi if [ -f cloudformation-params.prd.json ]; then aws s3 cp cloudformation-params.prd.json "${S3_PATH}" fi # Upload any build artifacts as needed # Example: aws s3 cp build/function.zip "${S3_PATH}" - name: Deployment info run: | echo "✓ Deployed version: ${{ steps.version.outputs.version }}" echo "✓ S3 path: s3://${{ secrets.S3_ARTIFACT_BUCKET }}/${{ steps.version.outputs.s3_prefix }}/" echo "✓ Environment: dev"
Replace placeholders:
: Full repository name from Git (e.g.,<repo-owner>/<repo-name>
)mycompany/my-app
: Detected or user-provided build command<build-command>
Note: The workflow uses
${{ secrets.AWS_REGION }}Step 5: Update CloudFormation Template
If
cloudformation.templateIf any of these parameters are missing, add them:
Parameters: Env: Type: String Default: dev Description: Environment name (dev, staging, prd) AllowedValues: - dev - staging - prd Version: Type: String Description: Build version in format {build_number}.{commit_hash} S3Bucket: Type: String Description: Artifacts bucket name S3Prefix: Type: String Description: S3 path to artifacts in format {repo}/{branch}/{version}
If
cloudformation.templateAWSTemplateFormatVersion: '2010-09-09' Description: Deployment for <repo-name> Parameters: Env: Type: String Default: dev Description: Environment name (dev, stg, prd, etc) Version: Type: String Description: Build version in format {build_number}.{commit_hash} S3Bucket: Type: String Description: Artifacts bucket name S3Prefix: Type: String Description: S3 path to artifacts in format {repo}/{branch}/{version} Resources: # TODO: Add your infrastructure resources here # Example: # MyBucket: # Type: AWS::S3::Bucket # Properties: # BucketName: !Sub '${Env}-<repo-name>-${AWS::AccountId}' # Tags: # - Key: Version # Value: !Ref Version # - Key: Environment # Value: !Ref Env
Common usage patterns:
Lambda Function
MyFunction: Type: AWS::Lambda::Function Properties: FunctionName: !Sub '${Env}-my-function' Code: S3Bucket: !Ref S3Bucket S3Key: !Sub '${S3Prefix}/function.zip' Environment: Variables: VERSION: !Ref Version
ECS Task Definition
TaskDefinition: Type: AWS::ECS::TaskDefinition Properties: Family: !Sub '${Env}-my-service' ContainerDefinitions: - Name: app Image: !Sub '${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/my-app:${Version}'
Step 6: Create Parameter Files
Base Parameters File
Create
cloudformation-params.json{ "Env": "dev", "Version": "1.000000", "S3Bucket": "<bucket-name>", "S3Prefix": "<repo-owner>/<repo-name>/main/1.000000" }
Replace:
: S3 bucket name provided by user<bucket-name>
: Full repo name from Git<repo-owner>/<repo-name>
Note: The GitHub workflow dynamically generates this file during deployment, but this template file:
- Shows the structure for reference
- Can be used for local testing (users can modify values manually)
Environment-Specific Parameter Files
Environment-specific parameter files allow you to override or add parameters per environment. They merge with the base
cloudformation-params.jsonHow they work:
- AWS Deployer loads
firstcloudformation-params.json - Then merges
if it existscloudformation-params.<env>.json - Environment-specific values override base values
When to use them:
- Different instance sizes per environment (t3.micro in dev, m5.large in prod)
- Feature flags (debug mode enabled only in dev)
- Environment-specific endpoints or domains
- Different scaling parameters
Create
:cloudformation-params.dev.json
{ }
Create
:cloudformation-params.prd.json
{ }
Example with actual parameters:
If your CloudFormation template has:
Parameters: InstanceType: Type: String Default: t3.micro EnableDebugMode: Type: String Default: "false"
You might use:
cloudformation-params.dev.json{ "InstanceType": "t3.micro", "EnableDebugMode": "true" }
cloudformation-params.prd.json{ "InstanceType": "m5.large", "EnableDebugMode": "false" }
Step 7: Explain GitHub OIDC Setup
After creating all files, explain to the user how to set up GitHub OIDC authentication and configure the required secrets. Make sure to clearly communicate that they need to:
- Run the
CLI command (you do NOT run it for them)aws-deployer setup-github - Manually add the
GitHub secretAWS_REGION - Verify all three secrets are configured:
,AWS_ROLE_ARN
,S3_ARTIFACT_BUCKETAWS_REGION
Provide the following instructions:
Next: Configure GitHub OIDC Authentication
Your repository is now configured for AWS Deployer! Before the GitHub Actions workflow can run, you need to set up GitHub OIDC authentication and configure GitHub secrets.
Required GitHub Secrets: Your workflow requires THREE GitHub secrets to be configured:
- IAM role for GitHub OIDC authenticationAWS_ROLE_ARN
- S3 bucket for storing deployment artifactsS3_ARTIFACT_BUCKET
- AWS region where the deployer is runningAWS_REGION
Step 1: Set Up GitHub OIDC with AWS
You need to run the
aws-deployer setup-githubPrerequisites:
-
GitHub Personal Access Token (PAT) stored in AWS Secrets Manager:
# Create a PAT at https://github.com/settings/tokens with 'repo' scope # Then store it in Secrets Manager: aws secretsmanager create-secret \ --name github/pat-token \ --secret-string '{"github_pat":"ghp_xxxxxxxxxxxxx"}' \ --region <region> -
AWS Deployer CLI built and available:
# Build the CLI if not already available cd /path/to/aws-deployer make build-cli
Run the setup command:
aws-deployer setup-github \ --role-name github-actions-<short-repo-name> \ --repo <repo-owner>/<repo-name> \ --bucket <bucket-name> \ --github-token-secret github/pat-token \ --region <region>
For your repository:
aws-deployer setup-github \ --role-name github-actions-<short-repo-name> \ --repo <full-repo-name> \ --bucket <bucket-name> \ --github-token-secret github/pat-token \ --region <region>
What this command does:
- Creates GitHub OIDC provider in AWS (if it doesn't exist)
- Creates IAM role
with S3 upload permissionsgithub-actions-<repo-name> - Adds
secret to your GitHub repositoryAWS_ROLE_ARN - Adds
secret to your GitHub repositoryS3_ARTIFACT_BUCKET
Step 2: Add Required GitHub Secrets
After running the
aws-deployer setup-githubAWS_REGIONRequired secrets:
- Created byAWS_ROLE_ARN
commandaws-deployer setup-github
- Created byS3_ARTIFACT_BUCKET
commandaws-deployer setup-github
- Must be added manuallyAWS_REGION
To add AWS_REGION manually:
- Go to
https://github.com/<owner>/<repo>/settings/secrets/actions - Click "New repository secret"
- Name:
AWS_REGION - Value:
(e.g.,<region>
)us-west-2 - Click "Add secret"
Verify all secrets exist:
Go to
https://github.com/<owner>/<repo>/settings/secrets/actions- ✓
- IAM role ARN for GitHub OIDCAWS_ROLE_ARN - ✓
- S3 bucket name (e.g.,S3_ARTIFACT_BUCKET
)<bucket-name> - ✓
- AWS region (e.g.,AWS_REGION
)<region>
Step 3: Test the Workflow
Once all secrets are configured:
- Push a commit or click "Run workflow" in the Actions tab
- Monitor the deployment in GitHub Actions
- Check AWS Step Functions for execution status
Monitoring Deployments
After pushing code, monitor the deployment:
GitHub Actions
- Check the Actions tab:
https://github.com/<owner>/<repo>/actions - Review workflow logs for any errors
AWS Step Functions
# Get state machine ARN STATE_MACHINE_ARN=$(aws ssm get-parameter \ --name "/<env>/aws-deployer/state-machine-arn" \ --query 'Parameter.Value' \ --output text) # List recent executions aws stepfunctions list-executions \ --state-machine-arn "${STATE_MACHINE_ARN}" \ --max-results 10
Lambda Logs
# S3 trigger logs aws logs tail /aws/lambda/<env>-aws-deployer-s3-trigger --follow # Build trigger logs aws logs tail /aws/lambda/<env>-aws-deployer-trigger-build --follow
DynamoDB Build Records
# Check build history aws dynamodb query \ --table-name <env>-aws-deployer--builds \ --key-condition-expression "pk = :pk" \ --expression-attribute-values '{":pk":{"S":"<repo-name>/dev"}}'
Troubleshooting
"Error: Could not assume role with OIDC"
Cause: GitHub OIDC not configured or secrets missing
Fix:
- Run the
command shown aboveaws-deployer setup-github - Verify all required secrets exist in GitHub repository settings:
AWS_ROLE_ARNS3_ARTIFACT_BUCKETAWS_REGION
- Check IAM role trust policy allows your repository
aws iam get-role --role-name github-actions-<repo-name> \ --query 'Role.AssumeRolePolicyDocument'
"S3_ARTIFACT_BUCKET secret not found"
Cause: GitHub secret not configured
Fix: Run the
aws-deployer setup-github- Go to
https://github.com/<owner>/<repo>/settings/secrets/actions - Click "New repository secret"
- Name:
S3_ARTIFACT_BUCKET - Value: Your S3 bucket name
S3 Upload Succeeds but Deployment Doesn't Start
Cause: S3 trigger Lambda not configured or wrong S3 path
Fix:
# Check S3 files were uploaded aws s3 ls s3://<bucket-name>/<repo-owner>/<repo-name>/ --recursive # Check S3 trigger Lambda logs aws logs tail /aws/lambda/<env>-aws-deployer-s3-trigger --since 10m
CloudFormation Stack Fails
Check stack events:
# List stacks for this repo aws cloudformation describe-stacks \ --query 'Stacks[?contains(StackName, `<repo-name>`)].{Name:StackName, Status:StackStatus}' # Get detailed errors aws cloudformation describe-stack-events \ --stack-name <env>-<repo-name> \ --max-items 20
Files Created
After running this skill, you should have:
-
- GitHub Actions workflow.github/workflows/deploy.yml -
- CloudFormation template with required parameterscloudformation.template -
- Base parameters templatecloudformation-params.json -
- Dev environment parameters (empty initially)cloudformation-params.dev.json -
- Production environment parameters (empty initially)cloudformation-params.prd.json
Summary
This skill configured your repository for AWS Deployer by:
- ✓ Detecting repository information from Git
- ✓ Getting S3 bucket and AWS region (from environment variables or by asking)
- ✓ Creating GitHub Actions workflow
- ✓ Ensuring CloudFormation template has required parameters
- ✓ Creating parameter files for local testing
Next steps:
- Run
command to configure GitHub OIDCaws-deployer setup-github - Add
GitHub secret manuallyAWS_REGION - Verify all three secrets exist:
,AWS_ROLE_ARN
,S3_ARTIFACT_BUCKETAWS_REGION - Push a commit to trigger your first deployment
- Add your infrastructure resources to
cloudformation.template - Add environment-specific parameters if needed
For infrastructure setup, use the
setup-deployer