Skip to content

chore: update deployment workflows and add ECS action#3221

Merged
marcoieni merged 1 commit intorust-lang:mainfrom
marcoieni:deploy
Mar 5, 2026
Merged

chore: update deployment workflows and add ECS action#3221
marcoieni merged 1 commit intorust-lang:mainfrom
marcoieni:deploy

Conversation

@marcoieni
Copy link
Member

@marcoieni marcoieni commented Mar 4, 2026
edited
Loading

Update the deployment workflows by using latest best practices:

  • Use GitHub OIDC vs aws_secret_access_key (after this PR is merged, we can delete the AWS secrets from the GitHub Actions secrets)
  • Use official docker github actions, which we noticed are more robust in github actions wrt just running docker build
  • Introduce caching to take advantage of cargo chef in CI

Based on https://github.com/rust-lang/bors/blob/main/.github/actions/deploy-ecs/action.yml

GitHub OIDC support was added in rust-lang/simpleinfra#1006

Since the docker containers are not used yet, it is safe to merge this PR and experiment with it 👍

Note on the github action

In the previous approach you were using a github action managed by the infra team, while now you don't anymore.

If there's a preference from various teams that the infra team creates a new shared github action (or update the existing one) we'll do it. But for now I would prefer to start with a local github action, so that we can iterate faster.

Other Docker images

Do we need to upload other images to ECR? If yes, we can do it in another PR.

@github-actions github-actions bot added the S-waiting-on-review Status: This pull request has been implemented and needs to be reviewed label Mar 4, 2026
marcoieni
marcoieni commented Mar 4, 2026
View reviewed changes
@marcoieni marcoieni marked this pull request as ready for review March 4, 2026 09:54
@marcoieni marcoieni requested a review from a team as a code owner March 4, 2026 09:54
@GuillaumeGomez
Copy link
Member

GuillaumeGomez commented Mar 4, 2026

Looks good to me, thanks! Let's wait for @syphar to check as well before merging.

syphar
syphar approved these changes Mar 4, 2026
View reviewed changes
Copy link
Member

@syphar syphar left a comment
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as a first version to play around totally fine.

things for later:

  • deploy a specific branch to the staging cluster for testing
  • build/deploy the watcher, builder
  • run a "release" script / task after deploy (database migrations etc)

View changes since this review

@marcoieni marcoieni merged commit efbe167 into rust-lang:main Mar 5, 2026
15 checks passed
@github-actions github-actions bot added S-waiting-on-deploy This PR is ready to be merged, but is waiting for an admin to have time to deploy it and removed S-waiting-on-review Status: This pull request has been implemented and needs to be reviewed labels Mar 5, 2026
@syphar syphar removed the S-waiting-on-deploy This PR is ready to be merged, but is waiting for an admin to have time to deploy it label Mar 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@syphar syphar syphar approved these changes

@GuillaumeGomez GuillaumeGomez GuillaumeGomez approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@marcoieni @GuillaumeGomez @syphar