Hi folks, I am about to try to set up AWS Codebuild + AWS Codepipeline for my Pulumi Jupyterhub ECS infrastructure. I’ve not set up a pipeline like this before and wanted to reach out to yall about some things that are a bit confusing to me in regards to Pulumi’s role in the pipeline. My directory structure for my stack looks like this:

jupyterhub > tree
.
├── README.md
├── jupyterhub.png
└── src
    ├── docker-hub
    │   ├── Dockerfile
    ├── docker-notebook
    │   ├── Dockerfile
    ├── jupyterhub-code-pipeline
    │   ├── Pulumi.jupyterhub-code-pipeline.yaml
    │   ├── Pulumi.yaml
    │   ├── __main__.py
    │   └── requirements.txt
    ├── jupyterhub-ecs-infra
    │   ├── Pulumi.jupyterhub-ecs-infra.yaml
    │   ├── Pulumi.yaml
    │   ├── __main__.py
    │   └── requirements.txt
    ├── jupyterhub-net-infra
    │   ├── Pulumi.jupyterhub-network-infra.yaml
    │   ├── Pulumi.yaml
    │   ├── __main__.py
    │   ├── config.yml
    │   └── requirements.txt
    └── notebook-ecs-infra
        ├── Pulumi.notebook-ecs-infra.yaml
        ├── Pulumi.yaml
        ├── __main__.py
        └── requirements.txt

Based on this structure and the following documentation for Pulumi + Codebuild — I believe I will need multiple

buildspec.yml

files to account for these different stacks, is that correct? Looking at the Pulumi module for Codebuild shows a supporting type called

ProjectSecondarySource

where you need to specify a buildspec — is there where I would specify each of my projects? For example, will I need a

ProjectSecondarySource

for

jupyterhub-net-infra

,

notebook-ecs-infra

, and

jupyterhub-ecs-infra

? It seems so. Finally, one thing I am concerned about is this reliance of

jupyterhub-ecs-infra

and

notebook-ecs-infra

to be in sync. Specifically, when you make an update to the task definition in

notebook-ecs-infra

the arn for the task definition changes, as a result,

jupyterhub-ecs-infra

needs to be updated to reference that new taskdefiniton arn from the updated notebook stack. How do I account for this in my pipeline? Should I be completely rebuilding the infrastructure after every merge to master? Apologies if this is a massive post. Thanks in advance!