Skip to main content

ECS with ecspresso

We use the ecspresso deployment tool for Amazon ECS to manage ECS services using a code-driven approach, alongside reusable GitHub Action workflows. This setup allows tasks to be defined with Terraform within the infrastructure repository, and task definitions to reside alongside the application code. Ecspresso provides extensive configuration options via YAML, JSON, and Jsonnet, and includes plugins for enhanced functionality such as Terraform state lookups.

Github Action Workflows

The basic deployment flow is for feature branches. You can use the following sample workflow to add pull request deploys to your application repository:

Deploy
name: Feature Branch
on:
pull_request:
branches: [ 'main' ]
types: [opened, synchronize, reopened, closed, labeled, unlabeled]

permissions:
pull-requests: write
deployments: write
id-token: write
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false

jobs:
monorepo:
uses: cloudposse/github-actions-workflows/.github/workflows/controller-monorepo.yml@main
with:
file: ./deploy/config.yaml

ci:
uses: cloudposse/github-actions-workflows/.github/workflows/ci-dockerized-app-build.yml@main
needs: [ monorepo ]
with:
organization: "cloudposse"
repository: ${{ github.event.repository.name }}
secrets:
ecr-region: ${{ secrets.ECR_REGION }}
ecr-iam-role: ${{ secrets.ECR_IAM_ROLE }}
registry: ${{ secrets.ECR_REGISTRY }}
secret-outputs-passphrase: ${{ secrets.GHA_SECRET_OUTPUT_PASSPHRASE }}

cd:
uses: cloudposse/github-actions-workflows/.github/workflows/cd-preview-ecspresso.yml@main
needs: [ ci, monorepo ]
if: ${{ always() && needs.monorepo.outputs.apps != '[]' }}
strategy:
matrix:
app: ${{ fromJson(needs.monorepo.outputs.apps) }}
with:
image: ${{ needs.ci.outputs.image }}
tag: ${{ needs.ci.outputs.tag }}
repository: ${{ github.event.repository.name }}
app: ${{ matrix.app }}
open: ${{ github.event.pull_request.state == 'open' }}
labels: ${{ toJSON(github.event.pull_request.labels.*.name) }}
ref: ${{ github.event.pull_request.head.ref }}
exclusive: true
enable-migration: ${{ contains(fromJSON(needs.monorepo.outputs.migrations), matrix.app) }}
settings: ${{ needs.monorepo.outputs.settings }}
env-label: |
qa1: deploy/qa1
secrets:
secret-outputs-passphrase: ${{ secrets.GHA_SECRET_OUTPUT_PASSPHRASE }}

References