GlobeBounds - Continuous Deployment Pipeline

GlobeBounds is an interactive geospatial visualisation tool that allows users to explore country boundaries using GeoJSON data. Users can select a country and view its precise polygon shape, with the map dynamically adjusting to focus on that region.

Overview

GlobeBounds is deployed using a fully automated continuous deployment pipeline built with GitHub Actions, Amazon S3, and Amazon CloudFront.

The pipeline ensures that every code change is automatically built, validated, and deployed to production without any manual steps.

What This Project Demonstrates

End to end continuous deployment pipeline setup
Secure AWS authentication using least privilege IAM
Automated frontend build and deployment
Debugging real deployment issues related to CDN caching

Tech Stack

GitHub Actions
AWS S3
AWS CloudFront
Vite and TypeScript
ESLint

Deployment Workflow

Every push to the repository triggers the deployment pipeline.

Pipeline Steps

Checkout the latest code from the repository
Install project dependencies
Build the application and run lint checks
Authenticate with AWS using a least privilege IAM user
Sync the /dist folder to S3 and remove outdated files

This ensures the production site always reflects the latest successful build.

Secure AWS Integration

The pipeline uses a least privilege IAM user rather than full access credentials. Permissions are restricted to:

Uploading files to the S3 bucket
Triggering CloudFront cache invalidation

This follows standard security practices for production deployments.

Challenge: Deployment Not Updating

During development, deployments were completing successfully but changes were not visible on the live site.

Root Cause

CloudFront was serving cached content from edge locations, resulting in stale files being delivered to users.

Solution

A cache invalidation step was added to the pipeline:

shell

aws cloudfront create-invalidation --distribution-id <ID> --paths "/*"

This forces CloudFront to fetch updated files from S3 after each deployment.

Results

Fully automated deployment pipeline
No manual uploads required after setup
Reliable production updates on every push
Improved understanding of CDN caching behaviour

Evidence

Pipeline Execution

S3 Deployment

Live Site

Key Learnings

Deployment pipelines must account for caching layers such as CDNs
CloudFront invalidation is required for consistent updates
Build output paths must align with deployment commands
IAM permissions should be scoped to the minimum required access

Deployment Workflow

Every push to the repository triggers the deployment pipeline.

Pipeline Steps

Checkout the latest code from the repository

Install project dependencies

Build the application and run lint checks

Authenticate with AWS using a least privilege IAM user

Sync the /dist folder to S3 and remove outdated files

This ensures the production site always reflects the latest successful build.

Challenge: Deployment Not Updating

During development, deployments were completing successfully but changes were not visible on the live site.

Root Cause

CloudFront was serving cached content from edge locations, resulting in stale files being delivered to users.

Solution

A cache invalidation step was added to the pipeline:

shell

aws cloudfront create-invalidation --distribution-id <ID> --paths "/*"

This forces CloudFront to fetch updated files from S3 after each deployment.