- Updates to use SSM Param value when terraform code is deployed (#179)

- Updated deploy web/api pipeline to overwrite SSM Param on every run Co-authored-by: Ronaldo Macapobre <rmacapob@gov.bc.ca>
bcgov · Feb 18, 2025 · c5d0bc8 · c5d0bc8
1 parent 2129fff
commit c5d0bc8
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 13 deletions.
diff --git a/.github/workflows/actions/deploy-app/action.yml b/.github/workflows/actions/deploy-app/action.yml
@@ -104,6 +104,11 @@ runs:
         container-name: ${{ steps.vars.outputs.container_name }}
         image: "${{ steps.vars.outputs.full_ecr_repo_url }}:${{ inputs.image_name }}-${{ inputs.short_sha }}"
 
+    - name: Update SSM Param Store
+      shell: bash
+      run: |
+        aws ssm put-parameter --name "/images/${{ inputs.app_name }}-${{ inputs.tier_name }}-image-param-${{ inputs.environment }}" --value "${{ inputs.image_name }}-${{ inputs.short_sha }}" --type "String" --overwrite
+
     - name: Deploy Amazon ECS task definition
       uses: aws-actions/amazon-ecs-deploy-task-definition@v2
       with:

diff --git a/infrastructure/cloud/modules/ECS/TaskDefinition/main.tf b/infrastructure/cloud/modules/ECS/TaskDefinition/main.tf
@@ -1,3 +1,10 @@
+// Retrieves the latest deployed image name (web or api) from SSM Parameter Store.
+// Initial value is 'dummy-image' but gets replaced by Web and API GHA. It was agreed
+// that the parameter is created manually via Console for DEV, TEST and PROD.
+data "aws_ssm_parameter" "image_param" {
+  name = "/images/${var.app_name}-${var.name}-image-param-${var.environment}"
+}
+
 resource "aws_ecs_task_definition" "ecs_td" {
   family                   = "${var.app_name}-${var.name}-td-${var.environment}"
   network_mode             = "awsvpc"
@@ -7,17 +14,11 @@ resource "aws_ecs_task_definition" "ecs_td" {
   execution_role_arn       = var.ecs_execution_role_arn
   task_role_arn            = var.ecs_execution_role_arn
 
-  # This will be uncommented out when the long term solution is implemented (JASPER-291)
-  # lifecycle {
-  #   # Since the dummy-image will be replaced when the GHA pipeline runs,
-  #   # the whole container_definition edits has been ignored.
-  #   ignore_changes = [container_definitions]
-  # }
 
   container_definitions = jsonencode([
     {
       name      = "${var.app_name}-${var.name}-container-${var.environment}"
-      image     = "${var.ecr_repository_url}:${var.image_name}" # This is a placeholder image and will be replaced every deployment of GHA.
+      image     = "${var.ecr_repository_url}:${data.aws_ssm_parameter.image_param.value}"
       essential = true
       portMappings = [
         {

diff --git a/infrastructure/cloud/modules/ECS/TaskDefinition/variables.tf b/infrastructure/cloud/modules/ECS/TaskDefinition/variables.tf
@@ -63,12 +63,6 @@ variable "kms_key_arn" {
   type        = string
 }
 
-variable "image_name" {
-  description = "Image name that will be attached to the Task Definition"
-  type        = string
-  default     = "dummy-image"
-}
-
 variable "log_group_name" {
   description = "The Cloudwatch Log Group Name"
   type        = string