SRE-197, SRE-198, BE-233: Add reusable GitHub Action for ECS service redeployment (#8169)

Author: TimDiekmann

.github/actions/redeploy-ecs-service/action.yml

@@ -0,0 +1,48 @@
+name: Redeploy ECS service
+description: Force a new ECS service deployment with optional role assumption
+
+inputs:
+  AWS_ACCESS_KEY_ID:
+    description: AWS access key id
+    required: true
+  AWS_SECRET_ACCESS_KEY:
+    description: AWS secret access key
+    required: true
+  AWS_SESSION_TOKEN:
+    description: AWS session token
+    required: true
+  AWS_REGION:
+    description: AWS region
+    required: true
+  ECS_CLUSTER_NAME:
+    description: ECS cluster name
+    required: true
+  ECS_SERVICE_NAME:
+    description: ECS service name
+    required: true
+  ROLE_ARN:
+    description: IAM role ARN to assume for deployment (cross-account)
+    required: false
+
+runs:
+  using: composite
+  steps:
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@7474bc4690e29a8392af63c5b98e7449536d5c3a # v4.3.1
+      with:
+        aws-access-key-id: ${{ inputs.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ inputs.AWS_SECRET_ACCESS_KEY }}
+        aws-session-token: ${{ inputs.AWS_SESSION_TOKEN }}
+        aws-region: ${{ inputs.AWS_REGION }}
+        role-to-assume: ${{ inputs.ROLE_ARN }}
+
+    - name: Redeploy ECS service
+      env:
+        ECS_CLUSTER_NAME: ${{ inputs.ECS_CLUSTER_NAME }}
+        ECS_SERVICE_NAME: ${{ inputs.ECS_SERVICE_NAME }}
+      shell: bash
+      run: |
+        aws ecs update-service \
+          --cluster "${ECS_CLUSTER_NAME}" \
+          --service "${ECS_SERVICE_NAME}" \
+          --force-new-deployment 1> /dev/null

.github/workflows/hash-backend-cd.yml

@@ -4,8 +4,8 @@
   "private": true,
   "license": "AGPL-3",
   "scripts": {
-    "build:docker": "docker buildx build --build-arg PROFILE=production --tag hash-graph --file docker/Dockerfile ../../ --load",
-    "build:docker:dev": "docker buildx build --build-arg PROFILE=dev --tag hash-graph --file docker/Dockerfile ../../ --load",
+    "build:docker": "docker buildx build --build-arg PROFILE=production --build-arg ENABLE_TEST_SERVER=yes --tag hash-graph --file docker/Dockerfile ../../ --load",
+    "build:docker:dev": "docker buildx build --build-arg PROFILE=dev --build-arg ENABLE_TEST_SERVER=yes --tag hash-graph --file docker/Dockerfile ../../ --load",
     "compile": "cargo build --bin hash-graph --all-features",
     "compile:release": "cargo build --bin hash-graph --all-features --release",
     "doc:dependency-diagram": "cargo run -p hash-repo-chores -- dependency-diagram --output docs/dependency-diagram.mmd --root hash-graph --root-deps-and-dependents --link-mode non-roots --include-dev-deps --include-build-deps --logging-console-level info",

apps/hash-graph/package.json

@@ -376,7 +376,7 @@ pub async fn server(args: ServerArgs) -> Result<(), Report<GraphError>> {
 }
 
 pub async fn healthcheck(address: HttpAddress) -> Result<(), Report<HealthcheckError>> {
-    let request_url = format!("http://{address}/api-doc/openapi.json");
+    let request_url = format!("http://{address}/health");
 
     timeout(
         Duration::from_secs(10),

apps/hash-graph/src/subcommand/server.rs

@@ -91,7 +91,7 @@ pub async fn test_server(args: TestServerArgs) -> Result<(), Report<GraphError>>
 }
 
 pub async fn healthcheck(address: HttpAddress) -> Result<(), Report<HealthcheckError>> {
-    let request_url = format!("http://{address}/snapshot");
+    let request_url = format!("http://{address}/health");
 
     timeout(
         Duration::from_secs(10),

apps/hash-graph/src/subcommand/test_server.rs

@@ -336,12 +336,14 @@ where
 pub fn openapi_only_router() -> Router {
     let open_api_doc = OpenApiDocumentation::openapi();
 
-    Router::new().nest(
-        "/api-doc",
-        Router::new()
-            .route("/openapi.json", get(|| async { Json(open_api_doc) }))
-            .route("/models/{*path}", get(serve_static_schema)),
-    )
+    Router::new()
+        .route("/health", get(async || "Healthy".into_response()))
+        .nest(
+            "/api-doc",
+            Router::new()
+                .route("/openapi.json", get(|| async { Json(open_api_doc) }))
+                .route("/models/{*path}", get(serve_static_schema)),
+        )
 }
 
 /// A [`Router`] that serves all of the REST API routes, and the `OpenAPI` specification.

libs/@local/graph/api/src/rest/mod.rs

@@ -12,8 +12,8 @@ use std::collections::HashMap;
 use axum::{
     Extension, Router,
     body::Body,
-    response::Response,
-    routing::{delete, post},
+    response::{IntoResponse as _, Response},
+    routing::{delete, get, post},
 };
 use error_stack::Report;
 use futures::TryStreamExt as _;
@@ -32,6 +32,7 @@ use uuid::Uuid;
 pub fn routes(store_pool: PostgresStorePool) -> Router {
     Router::new()
         .layer(http_tracing_layer::HttpTracingLayer)
+        .route("/health", get(async || "Healthy".into_response()))
         .route("/snapshot", post(restore_snapshot))
         .route("/accounts", delete(delete_accounts))
         .route("/data-types", delete(delete_data_types))

libs/@local/graph/test-server/src/lib.rs

@@ -28,13 +28,15 @@ use tracing_subscriber::{Layer, registry::LookupSpan};
 pub enum SentryEnvironment {
     #[default]
     Development,
+    Staging,
     Production,
 }
 
 impl fmt::Display for SentryEnvironment {
     fn fmt(&self, fmt: &mut fmt::Formatter<'_>) -> fmt::Result {
         match self {
             Self::Development => fmt.write_str("development"),
+            Self::Staging => fmt.write_str("staging"),
             Self::Production => fmt.write_str("production"),
         }
     }