Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds a new GitHub Actions workflow for deploying the frontend to AWS ECS by forcing a new deployment. The workflow is designed to be manually triggered via workflow_dispatch, with automated push triggers commented out.
Changes:
- Added a new GitHub Actions workflow file for ECS frontend deployment with OIDC authentication to AWS
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| --cluster cre-examples-cluster \ | ||
| --service cre-examples-frontend \ |
There was a problem hiding this comment.
The cluster name and service name are hardcoded. These should be parameterized using GitHub variables (similar to how AWS_REGION is handled) to improve maintainability and allow easier configuration changes without modifying the workflow file. Consider using ${{vars.AWS_ECS_CLUSTER}} and ${{vars.AWS_ECS_SERVICE_FRONTEND}} or similar variable names.
| --cluster cre-examples-cluster \ | |
| --service cre-examples-frontend \ | |
| --cluster ${{vars.AWS_ECS_CLUSTER}} \ | |
| --service ${{vars.AWS_ECS_SERVICE_FRONTEND}} \ |
| --force-new-deployment \ | ||
| --region ${{vars.AWS_REGION}} No newline at end of file |
There was a problem hiding this comment.
The --region flag in the AWS CLI command is redundant because the region is already configured in the AWS credentials setup step (line 21). When credentials are configured with aws-region, all subsequent AWS CLI commands in that job will use that region automatically. Removing this redundant flag would make the code cleaner and avoid potential confusion if the two region values ever differ.
| --force-new-deployment \ | |
| --region ${{vars.AWS_REGION}} | |
| --force-new-deployment |
| aws ecs update-service \ | ||
| --cluster cre-examples-cluster \ | ||
| --service cre-examples-frontend \ | ||
| --force-new-deployment \ |
There was a problem hiding this comment.
The workflow lacks error handling and validation for the ECS deployment. The aws ecs update-service command can fail for various reasons (service not found, insufficient permissions, cluster not available), but there's no mechanism to detect or report these failures effectively. Consider adding validation checks or at least a step to verify the deployment status after forcing the new deployment, such as using aws ecs wait services-stable.
| --force-new-deployment \ | |
| --force-new-deployment \ | |
| --region ${{vars.AWS_REGION}} | |
| - name: Wait for ECS service to become stable (frontend) | |
| env: | |
| AWS_PAGER: "" | |
| run: | | |
| aws ecs wait services-stable \ | |
| --cluster cre-examples-cluster \ | |
| --services cre-examples-frontend \ |
| role-to-assume: ${{secrets.AWS_ROLE_TO_ASSUME}} | ||
| aws-region: ${{vars.AWS_REGION}} | ||
|
|
||
| - name: Force new deployment (frontend) | ||
| env: | ||
| AWS_PAGER: "" | ||
| run: | | ||
| aws ecs update-service \ | ||
| --cluster cre-examples-cluster \ | ||
| --service cre-examples-frontend \ | ||
| --force-new-deployment \ | ||
| --region ${{vars.AWS_REGION}} No newline at end of file |
There was a problem hiding this comment.
Missing consistent spacing in the GitHub expressions. Throughout this file, expressions like ${{secrets.AWS_ROLE_TO_ASSUME}} don't have spaces around the content. However, looking at other workflow files in the repository (e.g., docker-fe.yml lines 32-33, 41-42), the convention is to use spaces: ${{ vars.DOCKERHUB_USERNAME }}. The expressions should follow the established convention of including spaces for consistency.
No description provided.