name: build-and-deployment description: Build commands, build order, TypeScript configuration, and CDK deployment. Use when building packages, troubleshooting build issues, or deploying stacks.
Build and Deployment
Make Commands (Recommended)
Use make for deterministic, hermetic builds that work the same locally and in CI/CD:
# Show all available commands
make help
# Install dependencies
make install
# Clean build artifacts
make clean
# Build all packages in dependency order
make build-all
# Build root package only
make build
# Build CDK app only
make build-app
Code Quality Commands
# Run linter
make lint
# Fix linting issues
make lint-fix
# Format code
make format
# Check formatting (CI)
make format-check
# Format and fix linting
make format-fix
# Run all quality checks (format + lint)
make check
CDK Commands
# Synthesize CloudFormation templates
make synth
# Show CDK diff
make diff
# Deploy all stacks
make deploy
# Deploy specific stack
make deploy-stack STACK=StackName
CI/CD Commands
# CI check (format-check + lint)
make ci-check
# CI build (checks + full build)
make ci-build
# CI deploy (checks + build + synth)
make ci-deploy
Underlying npm Commands
The Makefile wraps these npm commands:
npm install # Install dependencies
npm run clean # Clean build artifacts
npm run build # Build root package
npm run build:workspaces # Build all packages
npm run build:app # Build CDK app
npm run lint # Run linter
npm run lint:fix # Fix linting
npm run format # Format code
npm run format:check # Check formatting
npm run format:fix # Format and fix linting
npm run synth # Synthesize CDK
npm run diff # CDK diff
npm run deploy # Deploy CDK
Build Order
The build process ensures packages are built in dependency order:
- Root package (
src/) - Built first - Base packages (
aws) - No internal dependencies - Dependent packages (
codeartifact) - Built after dependencies - CDK app (
bin/,lib/) - Built last, can import from all packages
Build Script Details
The build:workspaces script:
- Builds root package (
npm run build) - Copies root to
node_modules/@cdk-constructs/cdk/for workspace resolution - Builds all workspace packages using TypeScript project references
- Builds CDK app files (
bin/,lib/)
TypeScript Configuration
Root Package (tsconfig.json)
- Builds
src/**/*only - Excludes
bin/,lib/, andpackages/
CDK App (tsconfig.app.json)
- Builds
bin/**/*andlib/**/* - Can import from workspace packages after they're built
Workspace Build (tsconfig.build.json)
- Lists packages in dependency order
- Uses TypeScript project references for incremental builds
Deployment Patterns
Multi-Account Strategy
This project follows a strict multi-account deployment pattern for security, isolation, and supply chain integrity.
Account Structure
| Account | Purpose | Access Pattern |
|---|---|---|
| BUILD | CI/CD pipelines, artifact generation, supply chain security | Isolated account. Other accounts can access readonly/immutable. |
| DEV | Active development and testing | Can access BUILD artifacts (readonly). |
| STAGING | Pre-production testing and validation | Can access BUILD artifacts (readonly). |
| PROD | Production workloads | Can access BUILD artifacts (readonly). |
BUILD Account Principles
CRITICAL: The BUILD account MUST be its own isolated AWS account.
- Isolation: BUILD account is completely separate from application environments
- Readonly Access: DEV, STAGING, and PROD can only read from BUILD (never write)
- Immutable Artifacts: Once built in BUILD, artifacts cannot be modified
- Supply Chain Security: All dependencies and builds happen in isolated BUILD environment
- Access Control: BUILD account has read/write. Other accounts have readonly only.
CodeArtifact Access Patterns
// BUILD environment - owns the artifact repository
{
...buildEnv,
codeArtifact: {
codeArtifactDomainName: 'cdk-constructs',
codeArtifactRepositoryName: 'cdk-constructs-library-build',
codeArtifactRepositoryDescription: 'Build Repository - Supply Chain Security',
// All accounts can access, but only BUILD can write
allowedAccounts: [Account.BUILD, Account.DEV, Account.STAGING, Account.PROD],
},
}
// Application environments - consume artifacts from BUILD
{
...devEnv,
codeArtifact: {
// DEV has its own repository but also accesses BUILD
allowedAccounts: [Account.DEV, Account.STAGING, Account.BUILD],
},
}
Environment Configuration Location
Environment configurations follow CDK conventions:
- Types:
lib/types/project.ts- ProjectEnvironment type - Configs:
lib/config/environments.ts- buildEnv, devEnv, stagingEnv, prodEnv - Re-exports:
bin/environment.ts- Backwards compatibility
This follows the pattern: bin/ → lib/ for CDK applications.
Deployment Security
- Never deploy BUILD artifacts to BUILD account - BUILD creates, others consume
- Enforce readonly - Use IAM policies to prevent write access from non-BUILD accounts
- Tag everything - Environment and Owner tags applied automatically via EnvironmentConfig
- Audit access - Monitor cross-account access to BUILD artifacts
Common Build Issues
Issue: "Cannot find module '@cdk-constructs/...'"
Solution:
- Run
make installto set up workspace links - Run
make build-allto build packages in order - Ensure package is listed in
tsconfig.build.json
Issue: Circular dependency detected
Solution:
- Check package dependencies in
package.json - Verify build order in
tsconfig.build.json - Ensure no package depends on a package that depends on it