From 2a6fd67af0f2df9c852e2eae8d1c8193899ead9e Mon Sep 17 00:00:00 2001
From: David Munn <dcwmunn@gmail.com>
Date: Tue, 30 Dec 2025 14:57:19 +0000
Subject: [PATCH] Initial Commit

---
 .github/workflows/cd-ecs-service.yml | 56 ++++++++++++++++++++++++++++
 infra/ecs.tf                         | 27 ++++----------
 infra/files/task-definition.json     | 39 +++++++++++++++++++
 infra/test-task-definition.tf        |  9 +++++
 4 files changed, 112 insertions(+), 19 deletions(-)
 create mode 100644 .github/workflows/cd-ecs-service.yml
 create mode 100644 infra/files/task-definition.json
 create mode 100644 infra/test-task-definition.tf

diff --git a/.github/workflows/cd-ecs-service.yml b/.github/workflows/cd-ecs-service.yml
new file mode 100644
index 0000000..cba1453
--- /dev/null
+++ b/.github/workflows/cd-ecs-service.yml
@@ -0,0 +1,56 @@
+name: Deploy New Service Image
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - "src/**"
+      - "web/**"
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          # TODO: Create new deployment user with creds, appropriate deployment policies too
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: eu-west-1
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build, tag, and push image to Amazon ECR
+        id: build-image
+        env:
+          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+          ECR_REPOSITORY: dev-kempolds
+          IMAGE_TAG: ${{ github.sha }}
+        run: |
+          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+
+      - name: Fill in the new image ID in the Amazon ECS task definition
+        id: task-def
+        uses: aws-actions/amazon-ecs-render-task-definition@v1
+        with:
+          task-definition: task-definition.json
+          container-name: kempolds
+          image: ${{ steps.build-image.outputs.image }}
+
+      - name: Deploy Amazon ECS task definition
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
+        with:
+          task-definition: ${{ steps.task-def.outputs.task-definition }}
+          service: dev-kempfolds
+          cluster: dev-kempfolds
+          wait-for-service-stability: true
diff --git a/infra/ecs.tf b/infra/ecs.tf
index ca5e966..4985d3d 100644
--- a/infra/ecs.tf
+++ b/infra/ecs.tf
@@ -65,28 +65,17 @@ module "ecs_service" {
 
   assign_public_ip = true
 
+  requires_compatibilities = ["FARGATE"]
+
   cpu    = 1024
   memory = 4096
 
-  container_definitions = {
-    "${var.project_name}" = {
-      name      = "${var.project_name}"
-      essential = true
-      image     = "${module.public_ecr.repository_url}:latest"
-      port_mappings = [
-        {
-          name          = "${var.project_name}"
-          containerPort = 80
-          protocol      = "tcp"
-        }
-      ]
-
-      readonly_root_filesystem = false
-
-      enable_cloudwatch_logging = true
-      memory_reservation        = 100
-    }
-  }
+  # Create task definition file seperately to allow for continuous deployment using automation
+  create_task_definition    = false
+  task_definition_arn       = aws_ecs_task_definition.task_definition.arn
+  create_task_exec_iam_role = true
+  create_task_exec_policy   = true
+  create_tasks_iam_role     = true
 
   load_balancer = {
     service = {
diff --git a/infra/files/task-definition.json b/infra/files/task-definition.json
new file mode 100644
index 0000000..36926ad
--- /dev/null
+++ b/infra/files/task-definition.json
@@ -0,0 +1,39 @@
+[
+  {
+    "name": "kempfolds",
+    "image": "TODO: Env Var",
+    "cpu": 0,
+    "memoryReservation": 100,
+    "portMappings": [
+      {
+        "name": "kempfolds",
+        "containerPort": 80,
+        "hostPort": 80,
+        "protocol": "tcp"
+      }
+    ],
+    "essential": true,
+    "environment": [],
+    "mountPoints": [],
+    "volumesFrom": [],
+    "linuxParameters": {
+      "initProcessEnabled": false
+    },
+    "startTimeout": 30,
+    "stopTimeout": 120,
+    "user": "0",
+    "privileged": false,
+    "readonlyRootFilesystem": false,
+    "interactive": false,
+    "pseudoTerminal": false,
+    "logConfiguration": {
+      "logDriver": "awslogs",
+      "options": {
+        "awslogs-group": "/aws/ecs/dev-kempfolds",
+        "awslogs-region": "eu-west-1",
+        "awslogs-stream-prefix": "ecs"
+      }
+    },
+    "systemControls": []
+  }
+]
diff --git a/infra/test-task-definition.tf b/infra/test-task-definition.tf
new file mode 100644
index 0000000..5ca3fb5
--- /dev/null
+++ b/infra/test-task-definition.tf
@@ -0,0 +1,9 @@
+resource "aws_ecs_task_definition" "task_definition" {
+  family                   = var.project_name
+  requires_compatibilities = ["FARGATE"]
+  network_mode             = "awsvpc"
+  execution_role_arn       = "arn:aws:iam::518035887622:role/ecsTaskExecutionRole"
+  container_definitions    = file("files/task-definition.json")
+  cpu                      = 256
+  memory                   = 512
+}