amazon-web-services bitbucket amazon-ecs bitbucket-pipelines

How to use previous task definition with ECS and bitbucket pipeline deployment

I'm following this doc https://confluence.atlassian.com/bitbucket/deploy-to-amazon-ecs-892623902.html to set up a pipeline to deploy to the ECS cluster.

This doc is using a custom task def JSON file and using the same for the deployment after updating the image name.

Am I required to copy the complete task definition JSON and put that in my repository? My task definition has lots of environment variables in it. I do not want to expose them by putting it in the repository.

Or, the task definition template will update the default task definition and create a new revision. (not overwrite)

The deployment step is

tags:
    revision-*:
       - step:
          deployment: production
          name: Deploy to ECS
          script:
            # Replace the docker image name in the task definition with the newly pushed image.
            - export IMAGE_NAME=${ECR_USERNAME}/${BITBUCKET_REPO_SLUG}:latest

            - envsubst < task-definition-template.json >  task-definition.json

            # Update the task definition.
            - pipe: atlassian/aws-ecs-deploy:1.0.0
              variables:
                AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
                AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
                AWS_DEFAULT_REGION: $AWS_DEFAULT_REGION
                CLUSTER_NAME: $AWS_ECS_CLUSTER_NAME
                SERVICE_NAME: $AWS_ECS_SERVICE_NAME
                TASK_DEFINITION: 'task-definition.json'

It is expecting me to have a definition file in my repository task-definition-template.json

How can I use the predefined tasks instead of using the JSON file? Also, where can I find more doc about the pipe.

atlassian/aws-ecs-deploy

Solution

You can put a shell script into your repository for deployment, and execute this script in the Bitbucket pipeline.

e.g. put this shell script in cicd/update-task.sh

update-task.sh :

#!/bin/bash
set -e
ECR_IMAGE_TAG=1234555555.dkr.ecr.eu-west-1.amazonaws.com/my-image:abcdefa

if [ "$TASK_FAMILY" = "" ]; then
  echo "Missing variable TASK_FAMILY" >&2
  exit 1
fi

if [ "$AWS_DEFAULT_REGION" = "" ]; then
  echo "Missing variable AWS_DEFAULT_REGION" >&2
  exit 1
fi

if [ "$ECR_IMAGE_TAG" = "" ]; then
  echo "Missing variable ECR_IMAGE_TAG" >&2
  exit 1
fi

TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition "$TASK_FAMILY")
NEW_TASK_DEFINTIION=$(echo "$TASK_DEFINITION" | jq --arg IMAGE "$ECR_IMAGE_TAG" '.taskDefinition | .containerDefinitions[0].image = $IMAGE | del(.taskDefinitionArn) | del(.revision) | del(.status) | del(.requiresAttributes) | del(.compatibilities)')
NEW_TASK_INFO=$(aws ecs register-task-definition --region "$AWS_DEFAULT_REGION" --cli-input-json "$NEW_TASK_DEFINTIION")
NEW_REVISION=$(echo "$NEW_TASK_INFO" | jq '.taskDefinition.revision')

# return new task revision
echo "${TASK_FAMILY}:${NEW_REVISION}"