Create stop-ecs workflow

[seniakalma]

Motivation

The Zebra running in ECS is not configured to save the state in the file system (under /persistence) but in memory (RAM) - meaning that upon a task restart the state will be removed and the running time for the tx-tool will be improved (nullified).
This PR adds a simple Github Actions Workflow to kill all the currently running ECS tasks (ECS will spawn automatically new tasks)

Minimal IAM permissions to run this task:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "ListTasksInSpecificCluster",
      "Effect": "Allow",
      "Action": "ecs:ListTasks",
      "Resource": "*",
      "Condition": {
        "StringEquals": {
          "ecs:cluster": "arn:aws:ecs:eu-central-1:ACCOUNT_ID:cluster/dev-zebra-cluster"
        }
      }
    },
    {
      "Sid": "StopTasksInSpecificCluster",
      "Effect": "Allow",
      "Action": "ecs:StopTask",
      "Resource": "arn:aws:ecs:eu-central-1:ACCOUNT_ID:task/dev-zebra-cluster/*",
      "Condition": {
        "StringEquals": {
          "ecs:cluster": "arn:aws:ecs:eu-central-1:ACCOUNT_ID:cluster/dev-zebra-cluster"
        }
      }
    },
    {
      "Sid": "DescribeSpecificService",
      "Effect": "Allow",
      "Action": "ecs:DescribeServices",
      "Resource": "arn:aws:ecs:eu-central-1:ACCOUNT_ID:service/dev-zebra-cluster/dev-zebra"
    }
  ]
}

[seniakalma]

Add review condition for running this workflow
Everyone with access can trigger
Pablo/Arseni can approve

[seniakalma]

Add review condition for running this workflow Everyone with access can trigger Pablo/Arseni can approve

Enforced as part of the protection rules on the "production" environment @PaulLaux

[PaulLaux]

Looks solid overall.

• Did you test it?
• Cleanup the PR description. Avoid redundant text.
• Explain the confirmation mechanism in the PR description. Who exactly can run? who exactly can confirm? where it is configured.
• Provide the minimal AWS IAM permissions required for this to work in the PR description.

[PaulLaux]

please type yes?

[PaulLaux]

The message is not clear enough. Consider the context and where the message is being shown and provide a clearer message.

[seniakalma]

Removed.

[seniakalma]

Looks solid overall.

• Did you test it?
• Cleanup the PR description. Avoid redundant text.
• Explain the confirmation mechanism in the PR description. Who exactly can run? who exactly can confirm? where it is configured.
• Provide the minimal AWS IAM permissions required for this to work in the PR description.

Tested it locally, it worked.
Clean the description, and added the minimal IAM permissions required for this.
Everyone with Write access to the repo can trigger this workflow. Only you and me can confirm the request itself, and actually make it start running. The formar is configured as part of regular Github Actions, the latter can be found here (as we use the "production" environment property):
https://github.com/QED-it/zebra/settings/environments/6923873946/edit

[PaulLaux]

• Why CI fails?
• How did you test it locally?
• Please format PR description properly: https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks#syntax-highlighting . code / json should be indented and properly formatted.

[seniakalma]

• Why CI fails?
• How did you test it locally?
• Please format PR description properly: https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks#syntax-highlighting . code / json should be indented and properly formatted.

No idea about the tests, I didn't change anything related. I re-ran them and they passed.
Tested with act, which is a way to run Github Actions locally. I tried and the workflow worked.
I tried to format it as code but it lost the indentation, but indeed JSON did the trick - thanks!