Build a CI/CD pipeline with GitHub Actions
Write a GitHub Actions workflow that runs lint, runs tests, builds a Docker image, pushes it to Amazon ECR, and triggers an ECS service update on every push to main. The pipeline must fail fast; if tests fail, the Docker build should never run.
Why this matters
A CI/CD pipeline is the enforcement mechanism for every quality standard you care about. Without it, lint and tests are optional suggestions. With it, a broken build is immediately visible to the whole team. Building one from scratch teaches you exactly what each step does; which matters when it breaks at 2am.
Before you start
- GitHub repository with a Dockerised application (the previous exercise works perfectly)
- AWS account with ECR and ECS access
- AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY stored as GitHub repository secrets
- ECS cluster and service already created (manually or via Terraform)
Step-by-step guide
- 1
Write the workflow trigger and environment
Create .github/workflows/deploy.yml. Set the trigger to push on the main branch. Define environment variables for your ECR registry, repository name, and ECS service name at the top of the file; this makes the workflow reusable without editing step commands.
- 2
Add lint and test jobs
Create a job called test. Steps: checkout code, set up Python/Node, install dependencies, run linter, run tests. Set continue-on-error: false (the default). This job must complete successfully before anything else runs.
- 3
Add the build and push job
Create a build job with needs: test. Steps: configure AWS credentials using the aws-actions/configure-aws-credentials action, log in to ECR, build the Docker image tagged with the Git SHA, and push. Using the Git SHA as the tag makes every deployment auditable.
- 4
Add the deploy job
Create a deploy job with needs: build. Use the aws-actions/amazon-ecs-deploy-task-definition action. Update the task definition to use the new image URI, register the new task definition, and update the ECS service. Wait for the service to stabilise before the job completes.
- 5
Verify fail-fast behaviour
Deliberately break a test and push to main. Confirm the build and deploy jobs never run. Then fix the test and push again; confirm the full pipeline succeeds and the new image is running in ECS. Check the ECS service events to see the deployment record.