ecs updates

Author: CLJ2006

ansible/deploy-ecs-proxies.yml

@@ -45,4 +45,5 @@
 
   roles:
     - setup-facts
+    - deploy-ecs-proxies-retag
     - deploy-ecs-proxies

ansible/roles/build-ecs-proxies/tasks/main.yml

@@ -30,44 +30,26 @@
   with_items: "{{ new_repos }}"
   when: new_repos
 
-# TEST REPO (override this for testing) - DELETE
-
-- set_fact:
-    test_repo: "canary_canary-api"
-
 - name: Read lifecycle policy file
   ansible.builtin.slurp:
     src: "{{ playbook_dir }}/ecr-lifecycle/ecr_lifecycle.json"
   register: desired_policy_raw
-  # when: new_repos   # Uncomment
-
-- name: Debug raw slurp output
-  debug:
-    var: desired_policy_raw
+  # when: new_repos UNCOMMENT
 
 - name: Decode lifecycle policy JSON
   set_fact:
     desired_policy_json: "{{ desired_policy_raw.content | b64decode | from_json }}"
-  # when: new_repos   # Uncomment
+  # when: new_repos UNCOMMENT
 
-- name: Debug decoded lifecycle policy JSON
-  debug:
-    var: desired_policy_json
-
-- name: Apply lifecycle policy to ECR repo
+- name: Apply lifecycle policy to each new repo
   ansible.builtin.command: >
     {{ aws_cmd }} ecr put-lifecycle-policy
-    --repository-name {{ test_repo }}
+    --repository-name {{ item }}
     --lifecycle-policy-text '{{ desired_policy_json | to_json }}'
+  with_items: "{{ new_repos }}"
   register: lifecycle_update
-  # ignore_errors: yes
-  # with_items: "{{ new_repos }}"   # Uncomment
-  # when:
-  #   - new_repos # Uncomment
-
-- name: Debug lifecycle update result
-  debug:
-    var: lifecycle_update
+  ignore_errors: yes
+  # when: new_repos UNCOMMENT
 
 - name: ecr login
   shell: "eval $({{ aws_cmd }} ecr get-login --no-include-email)"

ansible/roles/deploy-ecs-proxies-retag/tasks/main.yml

@@ -0,0 +1,24 @@
+- name: Pull existing image {{ item }}:{{ build_label }}
+  ansible.builtin.command:
+    cmd: >
+      docker pull {{ ecr_registry }}/{{ item }}:{{ build_label }}
+  with_items: "{{ repo_names }}"
+  register: pull_results
+
+- name: Retag image {{ item.item }}:{{ build_label }} → ecs-{{ build_label }}
+  ansible.builtin.command:
+    cmd: >
+      docker tag
+      {{ ecr_registry }}/{{ item.item }}:{{ build_label }}
+      {{ ecr_registry }}/{{ item.item }}:ecs-{{ build_label }}
+  with_items: "{{ pull_results.results }}"
+  when: item.rc == 0
+
+- name: Push new tag ecs-{{ build_label }} for {{ item.item }}
+  ansible.builtin.command:
+    cmd: >
+      docker push {{ ecr_registry }}/{{ item.item }}:ecs-{{ build_label }}
+  with_items: "{{ pull_results.results }}"
+  when: item.rc == 0
+
+

ansible/roles/deploy-ecs-proxies-retag/vars/main.yml

@@ -0,0 +1,6 @@
+---
+build_label: "{{ lookup('env', 'build_label') }}"
+containers: "{{ docker_containers | json_query('[].name') | unique | sort }}"
+repo_names: "{{ containers | map('regex_replace', '^(.*)$', service_id + '_\\1') | list }}"
+base_dir: "{{ playbook_dir }}/../.."
+

ansible/roles/deploy-ecs-proxies/tasks/main.yml

@@ -82,44 +82,6 @@
       register: tfapply
       when: not do_not_terraform
 
-    - name: Retag ECS image using ECR API (release pipelines only)
-      when: lookup('env', 'RELEASE_RELEASEID') | length > 0
-      vars:
-        # Choose PTL for lower envs, PROD for prod
-        TARGET_ACCOUNT: >-
-          {{
-            (apigee_environment == "prod")
-            | ternary(PROD_ACCOUNT_ID, PTL_ACCOUNT_ID)
-          }}
-        REPO: "{{ service_id }}_{{ ecs_service[0].name }}"
-        OLD: "{{ build_label }}"
-        NEW: "ecs-{{ build_label }}"
-      shell: |
-        # 1. Fetch manifest from the SAME account (PTL for lower envs, PROD for prod)
-        MANIFEST=$(aws ecr batch-get-image \
-          --region eu-west-2 \
-          --registry-id {{ TARGET_ACCOUNT }} \
-          --repository-name {{ REPO }} \
-          --image-ids imageTag={{ OLD }} \
-          --query 'images[0].imageManifest' \
-          --output text)
-
-        # Safety check: ensure the base tag exists
-        if [ -z "$MANIFEST" ]; then
-          echo "ERROR: Tag {{ OLD }} does not exist in account {{ TARGET_ACCOUNT }}"
-          exit 1
-        fi
-
-        # 2. Write the new tag into the SAME account
-        aws ecr put-image \
-          --region eu-west-2 \
-          --registry-id {{ TARGET_ACCOUNT }} \
-          --repository-name {{ REPO }} \
-          --image-tag {{ NEW }} \
-          --image-manifest "$MANIFEST"
-      args:
-        executable: /bin/bash
-
   rescue:
     - name: output plan
       debug: