# ecs-deploy

> ECS deploy

Roll new images out to ECS services. The services pin a mutable branch tag, so a deploy is just `update-service --force-new-deployment` after the tag has been re-pushed (ecr-build-push) -- no task-definition change involved. Waits for the services to reach steady state, logging rollout progress every 15s; fails fast if the deployment circuit breaker reports FAILED, and prints recent service events on any failure. Assumes the deploy role (DEPLOY_ROLE_ARN) via OIDC -- the calling job needs `permissions: id-token: write`.

## Inputs

| Input | Required | Default | Description |
|---|---|---|---|
| `role-arn` | yes | — | DEPLOY_ROLE_ARN -- the deploy IAM role to assume via OIDC. |
| `region` | yes | — | Region of the cluster. |
| `cluster` | yes | — | ECS cluster name (e.g. codegen-example-app-prod-primary). |
| `services` | yes | — | Service name(s) to redeploy, space-separated (e.g. "app-prod-primary-api app-prod-primary-worker"). |
| `wait` | no | `true` | Wait for the services to reach steady state ("true"/"false"). |
| `timeout-minutes` | no | `15` | Give up (and fail) if the services aren't stable after this long. |

## Usage

```yaml
- uses: actions/checkout@v6
- uses: FSHTech/github-actions/ecs-deploy@v1
  with:
    role-arn: ...
    region: ...
    cluster: ...
    services: ...
```