Deployments¶
Core API¶
How It Deploys¶
Core API deploys automatically on every push to main:
- Quality checks workflow runs (lint, typecheck, tests)
- On success, Deploy to stage workflow triggers:
- Authenticates to AWS via OIDC (role:
gh-oidc-deploy-core-api) - Builds the Docker image
- Tags with both the commit SHA and
latest - Pushes to ECR (
258618559895.dkr.ecr.eu-central-1.amazonaws.com/core-api) - Forces a new ECS deployment on
stage-euc1-core-ecs-cluster
flowchart LR
A[Push to main] --> B[Quality checks]
B -->|pass| C[Deploy to stage]
C --> D[Build image]
D --> E[Push to ECR]
E --> F[ECS redeploy]Infrastructure¶
| Component | Value |
|---|---|
| ECR repo | core-api |
| ECS cluster | stage-euc1-core-ecs-cluster |
| ECS service | core-api |
| Task definition | stage-euc1-core-core-api |
| Resources | 512 CPU / 512 MB memory |
| Port | 3000 |
| Health check | GET /health |
| URL | https://core-api.stage.cookiehub.net |
| Logs | CloudWatch /ecs/stage-euc1-core-core-api |
Checking Deployment Status¶
# Watch the GitHub Actions run
gh run list --repo cookiehub-com/core-api --limit 5
# Check ECS service status
aws ecs describe-services \
--cluster stage-euc1-core-ecs-cluster \
--services core-api \
--query 'services[0].{desired:desiredCount,running:runningCount,status:status}' \
--region eu-central-1
# Check which image is running
aws ecs describe-task-definition \
--task-definition stage-euc1-core-core-api \
--query 'taskDefinition.containerDefinitions[0].image' \
--region eu-central-1
Viewing Logs¶
# Tail recent logs
aws logs tail /ecs/stage-euc1-core-core-api \
--follow \
--region eu-central-1
# Search for errors in the last hour
aws logs filter-log-events \
--log-group-name /ecs/stage-euc1-core-core-api \
--start-time $(date -v-1H +%s000) \
--filter-pattern "error" \
--region eu-central-1
Rollback¶
To roll back to a previous version:
# 1. Find the commit SHA of the version you want
gh run list --repo cookiehub-com/core-api --limit 10
# 2. Re-tag that image as latest
ROLLBACK_SHA="<commit-sha>"
REPO="258618559895.dkr.ecr.eu-central-1.amazonaws.com/core-api"
aws ecr get-login-password --region eu-central-1 | \
docker login --username AWS --password-stdin 258618559895.dkr.ecr.eu-central-1.amazonaws.com
docker pull $REPO:$ROLLBACK_SHA
docker tag $REPO:$ROLLBACK_SHA $REPO:latest
docker push $REPO:latest
# 3. Force new deployment
aws ecs update-service \
--cluster stage-euc1-core-ecs-cluster \
--service core-api \
--force-new-deployment \
--region eu-central-1
Manual Deploy¶
If CI is broken and you need to deploy manually:
# Authenticate to ECR
aws ecr get-login-password --region eu-central-1 | \
docker login --username AWS --password-stdin 258618559895.dkr.ecr.eu-central-1.amazonaws.com
# Build and push
docker build -t core-api:latest .
docker tag core-api:latest 258618559895.dkr.ecr.eu-central-1.amazonaws.com/core-api:latest
docker push 258618559895.dkr.ecr.eu-central-1.amazonaws.com/core-api:latest
# Trigger redeploy
aws ecs update-service \
--cluster stage-euc1-core-ecs-cluster \
--service core-api \
--force-new-deployment \
--region eu-central-1
Required Access¶
- GitHub: Write access to
cookiehub-com/core-api(to push to main) - AWS: IAM user in the stage account with ECS/ECR permissions (only needed for rollback or manual deploy)
Atrax¶
In progress
Atrax deployment documentation pending. Currently stage only, no CI/CD pipeline — manual deploys via ECR push.
Vault¶
In progress
Vault deployment documentation pending — requires input from infra lead on current pipeline.