Implement a GitHub Actions CD pipeline that automatically deploys Maglev to the AWS dev/test account on every merge to main.
Background
We already publish the Docker image to the public GHCR registry (ghcr.io/onebusaway/maglev) on every merge to main, tagged with the commit SHA. The CD pipeline can pull directly from there — no separate registry push step is needed.
Acceptance criteria
- On merge to main, a GitHub Actions workflow registers a new ECS task definition revision referencing the already-published GHCR image (
ghcr.io/onebusaway/maglev:<short-sha>)
- The workflow calls
ecs update-service to deploy the new revision and waits for service stability before reporting success
- The workflow authenticates to AWS via OIDC
- The IAM role assumed by the workflow is scoped to the minimum permissions required (task definition registration,
ecs update-service on the dev cluster)
Out of scope
- IaC for the dev environment
- Rollback automation
Implement a GitHub Actions CD pipeline that automatically deploys Maglev to the AWS dev/test account on every merge to main.
Background
We already publish the Docker image to the public GHCR registry (
ghcr.io/onebusaway/maglev) on every merge to main, tagged with the commit SHA. The CD pipeline can pull directly from there — no separate registry push step is needed.Acceptance criteria
ghcr.io/onebusaway/maglev:<short-sha>)ecs update-serviceto deploy the new revision and waits for service stability before reporting successecs update-serviceon the dev cluster)Out of scope