ECS: Wait for rollout before returning from update_task_definition (!49) · Merge requests · GitLab.org / cloud-deploy

Alishan Ladhani requested to merge ali/ecs-wait-for-rollout-completed into master Jun 08, 2022

The ECS deploy job runs ecs update-task-definition, which initiates a deployment and returns immediately. This is problematic for a few reasons:

Subsequent jobs (e.g dast) that depend on the deployment being finished will run before the deployment is done
In scenarios where a load-balancer is not used, we don't know the IP address of the task(s) until the deployment is finished

In order to improve this behaviour, we could change ecs update-task-definition to wait until the deployment finishes before returning. The rolloutState attribute seems like a good indicator to use for this. It starts of as IN_PROGRESS and changes to COMPLETED once the deployment is finished.

See this job log for an example: https://gitlab.com/ali-gitlab/golang-app/-/jobs/2571466990

This is the first step towards getting DAST working for ECS deployments.

Related to gitlab#228908 (closed)

Edited Jun 09, 2022 by Alishan Ladhani

ECS: Wait for rollout before returning from update_task_definition

Merge request reports