updated deploy workflow

[tellmeY18]

The GitHub action is updated to use currently active ecs task definition instead of the one defined in the repo. This ensures changes made in ecs cluster stay there instead of getting reset.

@ohcnetwork/care-backend-maintainers @ohcnetwork/care-backend-admins

Summary by CodeRabbit

• Deployment Configuration

  • Simplified GitHub Actions workflow by removing unnecessary environment variables
  • Updated deployment steps for better clarity and process management

• Infrastructure

  • Removed AWS task definition files for backend and Celery services

Note: These changes primarily affect the deployment infrastructure and do not introduce visible end-user features.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request involves streamlining the deployment workflow configuration by removing several AWS-related environment variables and task definition files. The GitHub Actions workflow for deployment has been simplified, with changes to how task definitions are retrieved and processed. The staging branch trigger has been removed, and new cache creation steps have been introduced. Task definitions for Celery and Backend services are now dynamically downloaded during the deployment process. It's almost like a spring cleaning, but for code!

Changes

File	Change Summary
.github/workflows/deploy.yml	- Removed environment variables for AWS credentials and task definitions - Updated cache creation steps - Modified task definition retrieval process - Renamed deployment steps for clarity
aws/backend.json	- Entire file removed
aws/celery.json	- Entire file removed

Possibly related PRs

• removed gcs-deploy #2709: The changes in both PRs involve modifications to the .github/workflows/deploy.yml file, specifically related to deployment configurations, indicating a direct connection in the context of workflow adjustments.

Suggested Reviewers

• gigincg

Poem

🌈 Out with the old, in with the new,
Variables vanished, like morning dew.
Task definitions now take a fresh flight,
GitHub Actions dancing, oh what a sight!
Cleaned up the mess, made it all bright! ✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 60.46%. Comparing base (fab832b) to head (9d13c4a).

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #2740   +/-   ##
========================================
  Coverage    60.46%   60.46%           
========================================
  Files          252      252           
  Lines        12705    12705           
  Branches      1111     1111           
========================================
  Hits          7682     7682           
  Misses        4954     4954           
  Partials        69       69           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

.github/workflows/deploy.yml (3)

81-85: Perhaps we could skip the manual cache directory creation?

The docker/build-push-action typically handles cache directory creation automatically. These manual mkdir commands seem a bit... redundant, don't you think?

-      - name: Create new cache
-        run: |
-          mkdir -p /tmp/.buildx-cache
-          mkdir -p /tmp/.buildx-cache-new

---

109-115: The cache update could use some error handling, just saying...

While running this step even on failure is clever, we might want to add some basic error handling and logging.

       - name: Update cache
         if: always()
         run: |
+          set -e
           if [ -d "/tmp/.buildx-cache-new" ]; then
+            echo "Updating build cache..."
             rm -rf /tmp/.buildx-cache
             mv /tmp/.buildx-cache-new /tmp/.buildx-cache
+            echo "Cache update completed successfully"
+          else
+            echo "No new cache directory found, skipping update"
           fi

---

165-191: A rollback strategy would be nice, wouldn't it?

While the deployment steps look good, we might want to add a rollback strategy in case things go sideways. Just a thought.

Consider adding:

1. Task definition version tracking
2. Automatic rollback on deployment failure
3. Manual rollback capability through workflow dispatch

Example rollback step:

      - name: Rollback on failure
        if: failure()
        run: |
          aws ecs update-service \
            --cluster ${{ env.ECS_CLUSTER }} \
            --service ${{ env.ECS_SERVICE_BACKEND }} \
            --task-definition ${{ env.ECS_SERVICE_BACKEND }}:${{ steps.get-previous-task-definition.outputs.version }}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 73f36db and a6f7227.

📒 Files selected for processing (3)

• .github/workflows/deploy.yml (4 hunks)
• aws/backend.json (0 hunks)
• aws/celery.json (0 hunks)

💤 Files with no reviewable changes (2)

• aws/backend.json
• aws/celery.json

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: test / test

🔇 Additional comments (2)

.github/workflows/deploy.yml (2)

173-176: The Backend task definition download has the same... opportunities for improvement.

This section could benefit from the same robustness improvements suggested for the Celery task definition download.

Please apply the same improvements suggested for the Celery task definition download above.

---

157-163: Might want to validate that task definition before deploying.

The task definition update looks fine, but we should probably validate the rendered output before proceeding.

[coderabbitai]

🛠️ Refactor suggestion

The task definition download could be more... robust.

While fetching the current task definition is a good approach, we might want to add error handling and be more specific with our query.

       - name: Download task definition for Celery Service
         run: |
+          set -e
+          echo "Downloading Celery task definition..."
-          aws ecs describe-task-definition --task-definition ${{ env.ECS_SERVICE_CELERY }} --query taskDefinition > celery-task-definition.json
+          aws ecs describe-task-definition --task-definition ${{ env.ECS_SERVICE_CELERY }} \
+            --query 'taskDefinition' \
+            --output json > celery-task-definition.json || {
+              echo "Failed to download Celery task definition"
+              exit 1
+            }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Download task definition for Celery Service
	run: |
	aws ecs describe-task-definition --task-definition ${{ env.ECS_SERVICE_CELERY }} --query taskDefinition > celery-task-definition.json
	- name: Download task definition for Celery Service
	run: |
	set -e
	echo "Downloading Celery task definition..."
	aws ecs describe-task-definition --task-definition ${{ env.ECS_SERVICE_CELERY }} \
	--query 'taskDefinition' \
	--output json > celery-task-definition.json || {
	echo "Failed to download Celery task definition"
	exit 1
	}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

.github/workflows/deploy.yml (3)

7-7: Would be nice to document the removal of staging branch trigger.

I see we're quietly removing the staging branch trigger. While I'm sure there's a perfectly good reason for this, perhaps we could add a comment explaining why, just so future maintainers don't waste their time wondering about it?

---

81-85: The cache management could use a bit more... finesse.

While the cache creation and update logic is a step in the right direction, we might want to consider:

• Adding cleanup of old caches to prevent unlimited growth
• Setting size limits for the cache
• Adding error handling for directory operations

      - name: Create new cache
        run: |
+         set -e
          mkdir -p /tmp/.buildx-cache
          mkdir -p /tmp/.buildx-cache-new
+         # Cleanup old caches (older than 7 days)
+         find /tmp/.buildx-cache* -type f -mtime +7 -delete || true
+         # Set size limit (e.g., 5GB)
+         cache_size=$(du -sb /tmp/.buildx-cache | cut -f1)
+         if [ "$cache_size" -gt 5368709120 ]; then
+           echo "Cache size exceeds 5GB, cleaning oldest files..."
+           find /tmp/.buildx-cache -type f -printf '%T+ %p\n' | sort | head -n 100 | cut -d' ' -f2- | xargs rm
+         fi

Also applies to: 109-115

---

159-165: The task definition rendering steps look... familiar.

I see we're using the same pattern for both services. Perhaps we could make this more DRY?

Consider creating a reusable job:

  deploy-service:
    inputs:
      service-name:
        required: true
      container-name:
        required: true
    steps:
      - uses: ./.github/actions/download-task-definition
        with:
          service-name: ${{ inputs.service-name }}
          output-file: task-definition.json
      
      - uses: aws-actions/amazon-ecs-render-task-definition@v1
        with:
          task-definition: task-definition.json
          container-name: ${{ inputs.container-name }}
          image: ${{ env.IMAGE_VALUE }}

Also applies to: 184-190

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a6f7227 and 9116a30.

📒 Files selected for processing (1)

• .github/workflows/deploy.yml (4 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: test / test
• GitHub Check: Analyze (python)

🔇 Additional comments (1)

.github/workflows/deploy.yml (1)

149-198: Changes align well with the PR objectives.

The implementation successfully moves from predefined to active ECS task definitions, which should help preserve cluster changes as intended. The error handling, while basic, should prevent most deployment issues.