Deploying to ECS in multiple regions with GitHub Actions

release.yml

name: Create Amazon ECS release

on:
  workflow_run:
    workflows: ["Tests"]
    branches: [master]
    types: [completed]

concurrency:
  group: production

env:
  AWS_ROLE: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE }}
  IMAGE_TAG: ${{ github.sha }}

jobs:
  build:
    name: Build and push Docker image
    runs-on: ubuntu-latest
    timeout-minutes: 10
    if: ${{ github.event.workflow_run.conclusion == 'success' }}

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Build Docker image
        id: build-image
        run: |
          docker build --build-arg ENVIRONMENT=production -t honeybadger:latest -f Dockerfile.prod .
          docker save honeybadger:latest | gzip > honeybadger.tar.gz

      - name: Upload Docker image
        uses: actions/upload-artifact@v4
        with:
          name: honeybadger
          path: honeybadger.tar.gz

  push:
    needs: build
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
    strategy:
      matrix:
        region: [us-east-1, eu-central-1]
    steps:
      - name: Download Docker image
        uses: actions/download-artifact@v4
        with:
          name: honeybadger

      - name: Load Docker image
        run: |
          gunzip -c honeybadger.tar.gz | docker load

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ env.AWS_ROLE }}
          aws-region: ${{ matrix.region }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

      - name: Tag and push image to Amazon ECR
        env:
          ECR_REPOSITORY: ${{ steps.login-ecr.outputs.registry }}/honeybadger
        run: |
          docker tag honeybadger:latest $ECR_REPOSITORY:$IMAGE_TAG
          docker tag honeybadger:latest $ECR_REPOSITORY:latest
          docker push $ECR_REPOSITORY:$IMAGE_TAG
          docker push $ECR_REPOSITORY:latest

      # We need to delete the artifact to avoid storing the Docker image in the GitHub Actions storage
      - uses: geekyeggo/delete-artifact@v5
        with:
          name: honeybadger

  deploy:
    needs: push
    name: Update Web Task
    runs-on: ubuntu-latest
    timeout-minutes: 10
    permissions:
      id-token: write
      contents: read
    environment:
      name: production
    strategy:
      matrix:
        region: [us-east-1, eu-central-1]
    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ env.AWS_ROLE }}
          aws-region: ${{ matrix.region }}

      - name: Download task definition
        run: aws ecs describe-task-definition --task-definition app --query taskDefinition > task-definition.json

      - name: Fill in the new image ID in the task definition for the app container
        id: task-def-app
        uses: aws-actions/amazon-ecs-render-task-definition@v1
        with:
          task-definition: task-definition.json
          container-name: app
          image: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ matrix.region }}.amazonaws.com/honeybadger:${{ env.IMAGE_TAG }}

      # This is only needed if the ECS task is configured to deploy with CodeDeploy for blue/green deploys
      - name: Checkout
        uses: actions/checkout@v4

      - name: Deploy web task definition
        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
        with:
          task-definition: ${{ steps.task-def-app.outputs.task-definition }}
          service: web
          cluster: honeybadger-production
          wait-for-service-stability: false
          # These are used for blue/green deploys with CodeDeploy. Omit if you are not using CodeDeploy to deploy the ECS task.
          codedeploy-application: honeybadger-web-production
          codedeploy-deployment-group: production
          codedeploy-appspec: config/appspec.yml