add ecs web pre & post deploy commands

compute/ecs_service/rvn-ecs-web-definition.yml

@@ -3,8 +3,8 @@ definition:
   name: ECS Web Server
   description: Web server ECS service for running an HTTP application behind an ECS cluster load balancer.
 release:
-  version: 0.3.0
-  description: "Breaking: rename image registry field and other improvements"
+  version: 0.4.0
+  description: Add pre- and post-deploy commands.
 module:
   inputs:
     - id: section_cluster
@@ -625,6 +625,138 @@ module:
       placeholder: |-
         - name: DATABASE_URL
           valueFrom: arn:aws:ssm:...
+    - id: section_deploy_commands
+      label: Pre and post deploy
+      type: section
+      description: Optional one-off commands that run in ECS before or after each deployment, using the same task image, roles, networking, and environment as the web container.
+    - id: pre_deploy_enabled
+      label: Run pre-deploy command
+      type: boolean
+      description: Run a one-off ECS task before updating the ECS service.
+      default: false
+    - id: pre_deploy_command
+      label: Pre-deploy command
+      type: string_array
+      description: Command arguments to run before updating the ECS service. For shell behavior, use `/bin/sh`, `-lc`, and your command string as separate arguments.
+      add_button_label: Add cmd segment
+      placeholder: npm
+      required: true
+      show_when:
+        pre_deploy_enabled: true
+      default: []
+    - id: pre_deploy_environment_variables
+      label: Pre-deploy environment variables
+      type: array
+      description: Additional environment variables for the pre-deploy task. Runtime environment variables and secrets are already inherited from the app container.
+      placeholder: |-
+        - name: MIGRATION_MODE
+          value: online
+      collapsible: true
+      show_when:
+        pre_deploy_enabled: true
+      required: false
+      default: []
+    - id: pre_deploy_cpu
+      label: Pre-deploy CPU units
+      type: number
+      description: Optional CPU units for the pre-deploy task. Leave blank to use the app task CPU setting.
+      collapsible: true
+      show_when:
+        pre_deploy_enabled: true
+      min: 1
+      required: false
+    - id: pre_deploy_memory
+      label: Pre-deploy memory (MiB)
+      type: number
+      description: Optional memory in MiB for the pre-deploy task. Leave blank to use the app task memory setting.
+      collapsible: true
+      show_when:
+        pre_deploy_enabled: true
+      min: 1
+      required: false
+    - id: pre_deploy_ephemeral_storage_size_gib
+      label: Pre-deploy ephemeral storage (GiB)
+      type: number
+      description: Optional ephemeral storage size for the pre-deploy task. Leave blank to use the task definition default.
+      collapsible: true
+      show_when:
+        pre_deploy_enabled: true
+      min: 21
+      max: 200
+      required: false
+    - id: pre_deploy_timeout
+      label: Pre-deploy timeout (secs)
+      type: number
+      description: Maximum time to wait for the pre-deploy task to finish.
+      collapsible: true
+      show_when:
+        pre_deploy_enabled: true
+      min: 1
+      default: 1800
+    - id: post_deploy_enabled
+      label: Run post-deploy command
+      type: boolean
+      description: Run a one-off ECS task after the ECS service deployment succeeds.
+      default: false
+    - id: post_deploy_command
+      label: Post-deploy command
+      type: string_array
+      description: Command arguments to run after the ECS service deployment succeeds. For shell behavior, use `/bin/sh`, `-lc`, and your command string as separate arguments.
+      add_button_label: Add cmd segment
+      placeholder: npm
+      required: true
+      show_when:
+        post_deploy_enabled: true
+      default: []
+    - id: post_deploy_environment_variables
+      label: Post-deploy environment variables
+      type: array
+      description: Additional environment variables for the post-deploy task. Runtime environment variables and secrets are already inherited from the app container.
+      placeholder: |-
+        - name: RELEASE_PHASE
+          value: postdeploy
+      collapsible: true
+      show_when:
+        post_deploy_enabled: true
+      required: false
+      default: []
+    - id: post_deploy_cpu
+      label: Post-deploy CPU units
+      type: number
+      description: Optional CPU units for the post-deploy task. Leave blank to use the app task CPU setting.
+      collapsible: true
+      show_when:
+        post_deploy_enabled: true
+      min: 1
+      required: false
+    - id: post_deploy_memory
+      label: Post-deploy memory (MiB)
+      type: number
+      description: Optional memory in MiB for the post-deploy task. Leave blank to use the app task memory setting.
+      collapsible: true
+      show_when:
+        post_deploy_enabled: true
+      min: 1
+      required: false
+    - id: post_deploy_ephemeral_storage_size_gib
+      label: Post-deploy ephemeral storage (GiB)
+      type: number
+      description: Optional ephemeral storage size for the post-deploy task. Leave blank to use the task definition default.
+      collapsible: true
+      show_when:
+        post_deploy_enabled: true
+      min: 21
+      max: 200
+      required: false
+    - id: post_deploy_timeout
+      label: Post-deploy timeout (secs)
+      type: number
+      description: Maximum time to wait for the post-deploy task to finish.
+      collapsible: true
+      show_when:
+        post_deploy_enabled: true
+      min: 1
+      default: 1800
     - id: section_logging
       label: Logging
       type: section
@@ -1131,8 +1263,8 @@ module:
                   module.input.scale_out_cooldown, scale_in_enabled: module.input.scale_in_enabled}] : []
                   >>
                 - >-
-                    ...<< module.input.custom_metric_scaling_policies != nil ?
-                    module.input.custom_metric_scaling_policies : [] >>
+                  ...<< module.input.custom_metric_scaling_policies != nil ?
+                  module.input.custom_metric_scaling_policies : [] >>
             capacity_provider_strategies:
               - >-
                 ...<< module.input.capacity_provider == "fargate" || module.input.additional_fargate_capacity_enabled ?
@@ -1350,6 +1482,48 @@ module:
         << module.input.volumes != nil ? map(module.input.volumes, #.volume_type == "efs" ? {"name": #.name,
         "efs_volume_configuration": #.efs_volume_configuration} : {"name": #.name,
         "docker_volume_configuration": #.docker_volume_configuration}) : [] >>
+    pre_deploy: >-
+      << module.input.pre_deploy_enabled && len(module.input.pre_deploy_command) > 0 ? {"container_overrides": [{"name": stack.output.container_name,
+      "command": module.input.pre_deploy_command, "environment": module.input.pre_deploy_environment_variables,
+      "cpu": module.input.pre_deploy_cpu || nil, "memory": module.input.pre_deploy_memory || nil}], "cpu": string(module.input.pre_deploy_cpu ||
+      (module.input.capacity_provider == "ec2" ? int(float(module.input.task_cpu) * 1024) : int(float(module.input.fargate_size.vcpu)
+      * 1024))), "memory": string(module.input.pre_deploy_memory || (module.input.capacity_provider == "ec2" ?
+      int(float(module.input.task_memory) * 1024) : int(float(module.input.fargate_size.memory_gb) * 1024))),
+      "ephemeral_storage": (module.input.pre_deploy_ephemeral_storage_size_gib ? {size_in_gib:
+      module.input.pre_deploy_ephemeral_storage_size_gib} : nil), "task_role_arn": stack.output.task_role_arn,
+      "execution_role_arn": stack.output.execution_role_arn, "capacity_provider_strategy": ((module.input.capacity_provider ==
+      "fargate" || module.input.additional_fargate_capacity_enabled ? [{capacity_provider:
+      module.input.fargate_capacity_provider_name, weight: 1, base: 0}] : []) | concat(module.input.capacity_provider ==
+      "fargate_spot" || module.input.additional_fargate_spot_capacity_enabled ? [{capacity_provider:
+      module.input.fargate_spot_capacity_provider_name, weight: 1, base: 0}] : []) | concat(module.input.capacity_provider ==
+      "ec2" || module.input.additional_ec2_capacity_enabled ? [{capacity_provider: module.input.ec2_capacity_provider_name,
+      weight: 1, base: 0}] : [])), "network_configuration": {"awsvpc_configuration": {"subnets":
+      (module.input.private_subnet_placement_enabled ? module.input.private_subnet_ids : module.input.public_subnet_ids),
+      "security_groups": ([stack.output.security_group_id] | concat(module.input.security_group_ids != nil ?
+      module.input.security_group_ids : [])), "assign_public_ip": (module.input.private_subnet_placement_enabled ?
+      "DISABLED" : "ENABLED")}}, "enable_execute_command": module.input.execute_command_enabled, "timeout":
+      module.input.pre_deploy_timeout} : nil >>
+    post_deploy: >-
+      << module.input.post_deploy_enabled && len(module.input.post_deploy_command) > 0 ? {"container_overrides": [{"name": stack.output.container_name,
+      "command": module.input.post_deploy_command, "environment": module.input.post_deploy_environment_variables,
+      "cpu": module.input.post_deploy_cpu || nil, "memory": module.input.post_deploy_memory || nil}], "cpu": string(module.input.post_deploy_cpu ||
+      (module.input.capacity_provider == "ec2" ? int(float(module.input.task_cpu) * 1024) : int(float(module.input.fargate_size.vcpu)
+      * 1024))), "memory": string(module.input.post_deploy_memory || (module.input.capacity_provider == "ec2" ?
+      int(float(module.input.task_memory) * 1024) : int(float(module.input.fargate_size.memory_gb) * 1024))),
+      "ephemeral_storage": (module.input.post_deploy_ephemeral_storage_size_gib ? {size_in_gib:
+      module.input.post_deploy_ephemeral_storage_size_gib} : nil), "task_role_arn": stack.output.task_role_arn,
+      "execution_role_arn": stack.output.execution_role_arn, "capacity_provider_strategy": ((module.input.capacity_provider ==
+      "fargate" || module.input.additional_fargate_capacity_enabled ? [{capacity_provider:
+      module.input.fargate_capacity_provider_name, weight: 1, base: 0}] : []) | concat(module.input.capacity_provider ==
+      "fargate_spot" || module.input.additional_fargate_spot_capacity_enabled ? [{capacity_provider:
+      module.input.fargate_spot_capacity_provider_name, weight: 1, base: 0}] : []) | concat(module.input.capacity_provider ==
+      "ec2" || module.input.additional_ec2_capacity_enabled ? [{capacity_provider: module.input.ec2_capacity_provider_name,
+      weight: 1, base: 0}] : [])), "network_configuration": {"awsvpc_configuration": {"subnets":
+      (module.input.private_subnet_placement_enabled ? module.input.private_subnet_ids : module.input.public_subnet_ids),
+      "security_groups": ([stack.output.security_group_id] | concat(module.input.security_group_ids != nil ?
+      module.input.security_group_ids : [])), "assign_public_ip": (module.input.private_subnet_placement_enabled ?
+      "DISABLED" : "ENABLED")}}, "enable_execute_command": module.input.execute_command_enabled, "timeout":
+      module.input.post_deploy_timeout} : nil >>
     timeout: 1800
   ui:
     metrics:
@@ -1510,6 +1684,7 @@ module:
     | Building from source             | Creating images with Nixpacks or a Dockerfile and pushing to ECR |
     | Bringing an existing image       | Deploying a public or private registry image by tag or digest    |
     | Tuning production capacity       | Combining Fargate, Fargate Spot, or EC2 with autoscaling         |
+    | Running release tasks            | Running pre-deploy or post-deploy ECS tasks with the app image   |
     | Debugging running tasks          | Enabling ECS Exec when shell access is needed                    |
 
     ## Cluster and networking
@@ -1607,6 +1782,12 @@ module:
     | Prebuilt image from registry | Tag for the configured repository, such as latest   |
     | Disabled               | Full image URI, ideally pinned by digest            |
 
+    Run pre-deploy command and Run post-deploy command start optional one-off ECS tasks before or after each deployment. These commands use the deployed app image, the app container name, the configured task role and execution role, the selected capacity provider strategy, service subnets, service security groups, runtime environment variables, and runtime secrets. Leave either toggle disabled to skip that hook and hide its settings.
+
+    Use pre-deploy commands for work that must complete before the service updates, such as database migrations. Use post-deploy commands for work that should happen after a successful deployment, such as cache warming. Commands are ECS command argument arrays. For shell behavior, use `/bin/sh`, `-lc`, and your shell command as separate arguments.
+
+    Hook-specific environment variables are appended to the app container override for the one-off task. Optional hook CPU, memory, ephemeral storage, and timeout settings let release tasks use different resources from the web service without changing the steady-state app task.
+
     ## Builder settings
 
     Builder settings apply to Nixpacks and Dockerfile builds.
@@ -1643,6 +1824,20 @@ module:
     | App memory in GB                | Yes*     | 3.5                        | Required for EC2 capacity                          |
     | CPU architecture                | No       | X86_64                     | x86_64 compatibility or ARM64 cost optimization    |
     | ECS exec                        | No       | false                      | Enable ECS Exec for debugging containers           |
+    | Run pre-deploy command          | No       | false                      | Enable a task before each deployment               |
+    | Pre-deploy command arguments    | Yes*     | []                         | Command arguments run before each deployment       |
+    | Pre-deploy environment variables| No       | []                         | Extra environment variables for the pre-deploy task |
+    | Pre-deploy CPU units            | No       | App task CPU               | CPU override for the pre-deploy task               |
+    | Pre-deploy memory (MiB)         | No       | App task memory            | Memory override for the pre-deploy task            |
+    | Pre-deploy ephemeral storage    | No       | Task definition default    | Ephemeral storage override for the pre-deploy task |
+    | Pre-deploy timeout (secs)       | No       | 1800                       | Maximum pre-deploy task wait time                  |
+    | Run post-deploy command         | No       | false                      | Enable a task after each successful deployment     |
+    | Post-deploy command arguments   | Yes*     | []                         | Command arguments run after each successful deployment |
+    | Post-deploy environment variables| No      | []                         | Extra environment variables for the post-deploy task |
+    | Post-deploy CPU units           | No       | App task CPU               | CPU override for the post-deploy task              |
+    | Post-deploy memory (MiB)        | No       | App task memory            | Memory override for the post-deploy task           |
+    | Post-deploy ephemeral storage   | No       | Task definition default    | Ephemeral storage override for the post-deploy task |
+    | Post-deploy timeout (secs)      | No       | 1800                       | Maximum post-deploy task wait time                 |
     | Autoscaling                     | No       | true                       | Enable CPU and optional memory target tracking     |
     | Deployment type                 | No       | rolling                    | Rolling or blue/green deployment infrastructure    |
     | Tags                            | No       | Standard Ravion tags       | Additional tags applied to resources               |