Skip to the content.

CodePipeline → GitHub Commit Status Setup

This skill provisions infrastructure that automatically posts GitHub commit statuses when CodePipeline deployments start, succeed, or fail — giving a clear per-environment visual on every commit without any manual work after the initial setup.

What gets created:


Step 1 — Collect inputs

Ask the user for all of the following before generating any files. Do not proceed until you have confirmed values for everything.

# Input Example
1 GitHub Personal Access Token github_pat_... or ghp_...
2 GitHub repository (owner/repo) myorg/my-app
3 AWS CLI profile myprofile
4 AWS region ap-south-1
5 Resource name prefix (kebab-case, no trailing dash) my-project
6 SSM parameter path for the token /my-project/github-token
7 Pipeline mappings — one row per pipeline: pipeline name → EB environment name see below

For the pipeline mappings, prompt the user to list each CodePipeline by name and its matching Elastic Beanstalk environment name. The pipeline name and EB environment name are often identical, but ask explicitly — they can differ. Collect until the user says they’re done.

Example confirmed summary to show the user before proceeding:

GitHub repo:    myorg/my-app
AWS profile:    myprofile
AWS region:     ap-south-1
Prefix:         my-project
SSM path:       /my-project/github-token

Pipeline → EB environment:
  my-app-prod    → my-app-prod
  my-app-staging → my-app-staging
  my-app-worker  → my-app-worker

Step 2 — Generate the files

Read the three templates from this skill’s templates/ directory (use the Read tool). Generate the real files into aws/codepipeline-github-status/ in the project root, substituting the user’s values everywhere a `` appears.

Template → generated file mapping

Template Output path
templates/lambda_function.py aws/codepipeline-github-status/lambda_function.py
templates/template.yml aws/codepipeline-github-status/template.yml
templates/deploy.sh aws/codepipeline-github-status/deploy.sh

Placeholder substitution guide

lambda_function.py

template.yml

deploy.sh

After writing the files, make deploy.sh executable:

chmod +x aws/codepipeline-github-status/deploy.sh

Step 3 — Store the GitHub token in SSM

aws ssm put-parameter \
  --profile <AWS_PROFILE> \
  --region <AWS_REGION> \
  --name <SSM_PARAM_PATH> \
  --type SecureString \
  --value "<TOKEN>" \
  --description "GitHub PAT for CodePipeline commit status checks" \
  --overwrite

Do not echo the raw token value in any output shown to the user.


Step 4 — Deploy

cd aws/codepipeline-github-status && ./deploy.sh

The deploy script:

  1. Zips lambda_function.py
  2. Runs cloudformation deploy (creates the stack on first run, updates on subsequent runs)
  3. Calls lambda update-function-code to push the real code (replaces the CloudFormation placeholder)
  4. Waits for the Lambda update to settle

Step 5 — Verify

Confirm the EventBridge rule is wired to the Lambda and the SSM env var is correct:

aws events list-targets-by-rule \
  --profile <AWS_PROFILE> \
  --region <AWS_REGION> \
  --rule <PREFIX>-codepipeline-github-status-trigger \
  --query 'Targets[*].[Id,Arn]' \
  --output table

aws lambda get-function-configuration \
  --profile <AWS_PROFILE> \
  --region <AWS_REGION> \
  --function-name <PREFIX>-codepipeline-github-status \
  --query 'Environment.Variables' \
  --output table

What the user sees on GitHub

Each commit on a covered branch will show one check per EB environment:

SUPERSEDED pipeline state is intentionally not handled — CodePipeline fires it when a newer execution replaces a queued one, and the replacement execution will post the final status.


Re-deploying / updating later

To push Lambda code changes or update the CloudFormation stack after editing files, just re-run ./deploy.sh from aws/codepipeline-github-status/. It is fully idempotent.