bored-branch-92019
04/13/2023, 2:11 PMFargateService
for an ECS cluster through GitHub actions. Currently the way I envisioned this all working was using environment variables set by the GitHub action as apart of building the docker images and pushing them to ECR (worth noting we use immutable image tags based on AWS recommended secruity best practices). This however makes it so there is an infrastructure update every-time there is a commit to our deployment branch (main) and I am curious if this is to be expected when using Pulumi or any IAC approach? Is it recommended to handle deployments separate from infrastructure changes? If so what is the recommended approach for making sure the correct things get deployed with the latest image AND doing an infra deployment with the latest code?
I included a code example of this in the thread.import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
if (!process.env.IMAGE_TAG ) {
throw Error(`Failed to execute due to missing docker tags. The docker image tags must be provided via the environment in order to deploy all services.
Make sure to set the following ENV variables.
IMAGE_TAG
`);
}
const cluster = new aws.ecs.Cluster("cluster", {});
const lb = new awsx.lb.ApplicationLoadBalancer("lb", {});
const service = new awsx.ecs.FargateService("service", {
cluster: cluster.arn,
assignPublicIp: true,
desiredCount: 2,
taskDefinitionArgs: {
container: {
// This image is built entirely seperately from pulumi inside of a github action, so I would like to pull the image tag from these
image: process.env.IMAGE_TAG,
cpu: 512,
memory: 128,
essential: true,
portMappings: [{
targetGroup: lb.defaultTargetGroup,
}],
},
},
});
export const url = lb.loadBalancer.dnsName;
polite-sandwich-68547
04/13/2023, 2:57 PMbored-branch-92019
04/13/2023, 4:21 PMpolite-sandwich-68547
05/04/2023, 2:15 PMbored-branch-92019
05/04/2023, 2:16 PM