ecs-run-migration¶
ECS run migration
Run the app’s one-off migrate task definition on Fargate and fail unless the migrate container exits 0. The task’s network configuration (private subnets + security group) is cloned from an existing service in the cluster, so no networking coordinates are needed. Assumes the deploy role (DEPLOY_ROLE_ARN) via OIDC – the calling job needs permissions: id-token: write. On failure the task’s CloudWatch logs are printed (best effort). Gate service deploys on this step.
Inputs¶
Input |
Required |
Default |
Description |
|---|---|---|---|
|
yes |
— |
DEPLOY_ROLE_ARN – the deploy IAM role to assume via OIDC. |
|
yes |
— |
Region of the cluster (run migrations in the tier’s primary region only). |
|
yes |
— |
ECS cluster name (e.g. codegen-example-app-prod-primary). |
|
yes |
— |
Migrate task definition FAMILY (e.g. codegen-example-app-prod-primary-migrate); the latest ACTIVE revision runs. |
|
yes |
— |
Service in the cluster whose awsvpc network configuration the task clones (the api service). |
|
no |
|
Container whose exit code decides success. |
|
no |
|
Give up (and fail) if the task hasn’t stopped after this long. |
Usage¶
- uses: actions/checkout@v6
- uses: FSHTech/github-actions/ecs-run-migration@v1
with:
role-arn: ...
region: ...
cluster: ...
task-definition: ...
network-from-service: ...