aws ecr tagging updates for canary

Author: CLJ2006

ansible/ecr-lifecycle/ecr_lifecycle.json

@@ -2,12 +2,12 @@
   "rules": [
     {
       "rulePriority": 1,
-      "description": "Keep the 10 most recent ECS deployment images - AMEND NUMBER AFTER TEST",
+      "description": "Keep the 6 most recent ECS deployment images tagged ecs- (release images)",
       "selection": {
         "tagStatus": "tagged",
         "tagPrefixList": ["ecs-"],
         "countType": "imageCountMoreThan",
-        "countNumber": 800
+        "countNumber": 6
       },
       "action": { "type": "expire" }
     },
@@ -24,11 +24,11 @@
     },
     {
       "rulePriority": 3,
-      "description": "Keep the 5 most recent build images (all tags) - AMEND NUMBER AFTER TEST",
+      "description": "Keep the 6 most recent build images (all tags)",
       "selection": {
         "tagStatus": "any",
         "countType": "imageCountMoreThan",
-        "countNumber": 800
+        "countNumber": 6
       },
       "action": { "type": "expire" }
     }

ansible/roles/build-ecs-proxies/tasks/main.yml

@@ -30,26 +30,28 @@
   with_items: "{{ new_repos }}"
   when: new_repos
 
-- name: Read lifecycle policy file
-  ansible.builtin.slurp:
-    src: "{{ playbook_dir }}/ecr-lifecycle/ecr_lifecycle.json"
-  register: desired_policy_raw
-  when: new_repos | length > 0
-
-- name: Decode lifecycle policy JSON
-  set_fact:
-    desired_policy_json: "{{ desired_policy_raw.content | b64decode | from_json }}"
-  when: new_repos | length > 0
-
-- name: Apply lifecycle policy to each new repo
-  ansible.builtin.command: >
-    {{ aws_cmd }} ecr put-lifecycle-policy
-    --repository-name {{ item }}
-    --lifecycle-policy-text '{{ desired_policy_json | to_json }}'
-  with_items: "{{ new_repos }}"
-  register: lifecycle_update
-  ignore_errors: yes
-  when: new_repos | length > 0
+# TO DO- Add back in once confirmed lifecycle policy to be applied to all new repos.
+
+# - name: Read lifecycle policy file
+#   ansible.builtin.slurp:
+#     src: "{{ playbook_dir }}/ecr-lifecycle/ecr_lifecycle.json"
+#   register: desired_policy_raw
+#   when: new_repos | length > 0
+
+# - name: Decode lifecycle policy JSON
+#   set_fact:
+#     desired_policy_json: "{{ desired_policy_raw.content | b64decode | from_json }}"
+#   when: new_repos | length > 0
+
+# - name: Apply lifecycle policy to each new repo
+#   ansible.builtin.command: >
+#     {{ aws_cmd }} ecr put-lifecycle-policy
+#     --repository-name {{ item }}
+#     --lifecycle-policy-text '{{ desired_policy_json | to_json }}'
+#   with_items: "{{ new_repos }}"
+#   register: lifecycle_update
+#   ignore_errors: yes
+#   when: new_repos | length > 0
 
 - name: ecr login
   shell: "eval $({{ aws_cmd }} ecr get-login --no-include-email)"

ansible/roles/deploy-ecs-proxies-retag/tasks/main.yml

@@ -30,7 +30,7 @@
 - name: Pull existing image
   ansible.builtin.command:
     cmd: >
-      docker pull {{ ecr_registry }}/{{ item }}:{{ build_label }}
+      docker pull --platform=all {{ ecr_registry }}/{{ item }}:{{ build_label }}
   loop: "{{ repo_names }}"
   loop_control:
     label: "{{ item }}"
@@ -42,7 +42,9 @@
   loop: "{{ pull_results.results }}"
   loop_control:
     label: "{{ item.item }}"
-  when: item.rc == 0
+  when:
+    - item.rc == 0
+    - item.item == "canary_canary-api"
 
 - name: Retag image
   ansible.builtin.command:
@@ -53,15 +55,19 @@
   loop: "{{ pull_results.results }}"
   loop_control:
     label: "{{ item.item }}"
-  when: item.rc == 0
+  when:
+    - item.rc == 0
+    - item.item == "canary_canary-api"
 
 - name: Debug pushing image
   debug:
     msg: "Pushing ecs-{{ build_label }} for {{ item.item }}"
   loop: "{{ pull_results.results }}"
   loop_control:
     label: "{{ item.item }}"
-  when: item.rc == 0
+  when:
+    - item.rc == 0
+    - item.item == "canary_canary-api"
 
 - name: Push new tag
   ansible.builtin.command:
@@ -70,7 +76,20 @@
   loop: "{{ pull_results.results }}"
   loop_control:
     label: "{{ item.item }}"
-  when: item.rc == 0
-
-
+  when:
+    - item.rc == 0
+    - item.item == "canary_canary-api"
 
+- name: Delete old tag from ECR
+  ansible.builtin.command:
+    cmd: >
+      aws ecr batch-delete-image
+      --repository-name {{ item.item }}
+      --image-ids imageTag={{ build_label }}
+      --region {{ aws_region }}
+  loop: "{{ pull_results.results }}"
+  loop_control:
+    label: "{{ item.item }}"
+  when:
+    - item.rc == 0
+    - item.item == "canary_canary-api"

ansible/roles/deploy-ecs-proxies/templates/terraform/locals.tf

@@ -43,18 +43,23 @@ locals {
 
   }
 
-  ecs_service = [
-  {% for container in ecs_service %}
-    {{
-        (
-          container
-          | combine(
-            {'image': '${local.account_id}.dkr.ecr.eu-west-2.amazonaws.com/' + service_id + '_' + container.name + ':ecs-' + build_label }
-          )
-        ) | to_json
-    }},
-  {% endfor %}
-  ]
+ecs_service = [
+{% for container in ecs_service %}
+  {{
+      (
+        container
+        | combine(
+          {
+            'image':
+              '${local.account_id}.dkr.ecr.eu-west-2.amazonaws.com/'
+              + service_id + '_' + container.name
+              + (container.name == "canary_canary-api" ? ':ecs-' + build_label : ':' + build_label)
+          }
+        )
+      ) | to_json
+  }},
+{% endfor %}
+]
 
   exposed_service = element(matchkeys(local.ecs_service, local.ecs_service.*.expose, list(true)), 0)