Action not updating ECS service with the last task definition revision

[anzileiro]

Hi I'm using this Github Action to deploy our company services on AWS ECS although we just see that this action isn't updating our ECS Services with the last Task Definition.

Below is the currently revision running on this service which is: 8.

Below is the action that was triggered by the merge in our sandbox branch, which has to update our sandbox environment with the last code merged.

Surprisingly looking to our service the service task definition still with the same revision: 8, but on the task definition pages we could see that Github Action updated the new task definition revision which is: 10.

In resume, It looks like that this Github Action is unable to update the ECS Service with the last updated Task Definition Revision.

Could you please help us?

Regards,

Anderson Anzileiro

[DLoBoston]

I am having this exact issue as well.

[DLoBoston]

Upon further review, it was working as intended. The problem was my service was configured to have a minimumHealthyPercent of 100%. With only 1 instance running, it would not allow the task to be killed. As soon as I set the minimumHealthyPercent to 0% everything worked as expected. If you run multiple instances it doesn't need to be 0%, just a percentage that will allow a task to be stopped.

[ken-tan3]

I face the same issue, though the service value following was empty in my case.

      - name: Deploy Amazon ECS task definition
        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
        with:
          task-definition: ${{ steps.task-def.outputs.task-definition }}
          service: ${{ env.ECS_SERVICE }}
          cluster: ${{ env.ECS_CLUSTER }}
          wait-for-service-stability: true

[Exagone313]

If someone else stumbles upon this issue.

This GitHub action will not say anything when deployment is failing. The CI will appear to have succeeded even if it didn't.

In fact, it will keep the previous working deployment when deployment is failing. But the CI job is still green when it happens.

On the AWS console, you need to check the Events tab on the service page for events containing deployment failed: tasks failed to start.

In my case, I had an issue on the policy of the task execution role (found on the Networking tab on the task page, inside the service). I had added references to new secrets (secrets[].valueFrom) that couldn't be accessed by that role.

It wasn't easy to debug, as there weren't any logs about why the task failed to start.

I am looking for a way to make this GitHub action to fail if the new task wasn't really deployed, as wait-for-service-stability: true is not enough.

It should be possible to add a CI task that will check the task definition revision that is really used and make sure it is the latest. But it's just a dirty hack, aws-actions/amazon-ecs-deploy-task-definition should take care of this.