https://pulumi.com logo
Title
b

bored-branch-92019

04/13/2023, 2:11 PM
Hey All, I have a question about the recommended approach of updating a
FargateService
for an ECS cluster through GitHub actions. Currently the way I envisioned this all working was using environment variables set by the GitHub action as apart of building the docker images and pushing them to ECR (worth noting we use immutable image tags based on AWS recommended secruity best practices). This however makes it so there is an infrastructure update every-time there is a commit to our deployment branch (main) and I am curious if this is to be expected when using Pulumi or any IAC approach? Is it recommended to handle deployments separate from infrastructure changes? If so what is the recommended approach for making sure the correct things get deployed with the latest image AND doing an infra deployment with the latest code? I included a code example of this in the thread.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

if (!process.env.IMAGE_TAG ) {
  throw Error(`Failed to execute due to missing docker tags. The docker image tags must be provided via the environment in order to deploy all services.
   Make sure to set the following ENV variables.
   IMAGE_TAG
  `);
}



const cluster = new aws.ecs.Cluster("cluster", {});
const lb = new awsx.lb.ApplicationLoadBalancer("lb", {});
const service = new awsx.ecs.FargateService("service", {
    cluster: cluster.arn,
    assignPublicIp: true,
    desiredCount: 2,
    taskDefinitionArgs: {
        container: {
            // This image is built entirely seperately from pulumi inside of a github action, so I would like to pull the image tag from these
            image: process.env.IMAGE_TAG,
            cpu: 512,
            memory: 128,
            essential: true,
            portMappings: [{
                targetGroup: lb.defaultTargetGroup,
            }],
        },
    },
});
export const url = lb.loadBalancer.dnsName;
p

polite-sandwich-68547

04/13/2023, 2:57 PM
as you prefer, I use both approaches
on some projects pulumi runs on every merge on other projects I have a manual step to update the infra and handle deployment using other tools
in this case infra-update is a manual step in the pipeline
b

bored-branch-92019

04/13/2023, 4:21 PM
Could you tell me a bit about the tradeoffs you have encountered with doing both of these approaches. I would also be curious to hear how your manual step works. We have been doing the using pulumi runs on every merge but that takes ~12-15 minutes to deploy 3 different FargateServices to ECS which is a rather long time.
p

polite-sandwich-68547

05/04/2023, 2:15 PM
I deploy on fargate in a couple of minutes using Pulumi
b

bored-branch-92019

05/04/2023, 2:16 PM
Yea we experience the same thing but we have (now 4) different services apart of the same pulumi project (3-4 minutes each). The resolution seems to be to split up the pulumi project.