From f0833786d9af9b56d9d0221ec6fcfc81cab0713a Mon Sep 17 00:00:00 2001
From: Sudhanshu Pandey <sp6370@nyu.edu>
Date: Tue, 13 Feb 2024 02:56:01 -0500
Subject: [PATCH] fix: ECS deployment GitHub Action (#2061)

Co-authored-by: Matti Nannt <mail@matthiasnannt.com>
---
 .github/workflows/ecs-deployment.yml | 37 +++++++++-------------------
 1 file changed, 12 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/ecs-deployment.yml b/.github/workflows/ecs-deployment.yml
index 939b4b4525..8d301c09b5 100644
--- a/.github/workflows/ecs-deployment.yml
+++ b/.github/workflows/ecs-deployment.yml
@@ -7,14 +7,11 @@ name: ECS
 
 on:
   push:
-    branches:
-      - main
+    branches: [main]
   workflow_dispatch: # Add manual trigger support
 
 env:
-  # Use docker.io for Docker Hub if empty
   REGISTRY: ghcr.io
-  # github.repository as <account>/<repo>
   IMAGE_NAME: formbricks/formbricks-experimental
   DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/formbricks?schema=public"
 
@@ -24,20 +21,13 @@ jobs:
     permissions:
       contents: read
       packages: write
-      # This is used to complete the identity challenge
-      # with sigstore/fulcio when running outside of PRs.
-      id-token: write
+      id-token: write  # Only necessary for sigstore/fulcio outside PRs
 
     steps:
-      - name: Generate Random NEXTAUTH_SECRET
+      - name: Generate Secrets
         run: |
-          SECRET=$(openssl rand -hex 32)
-          echo "NEXTAUTH_SECRET=$SECRET" >> $GITHUB_ENV
-
-      - name: Generate Random ENCRYPTION_KEY
-        run: |
-          SECRET=$(openssl rand -hex 32)
-          echo "ENCRYPTION_KEY=$SECRET" >> $GITHUB_ENV
+          echo "NEXTAUTH_SECRET=$(openssl rand -hex 32)" >> $GITHUB_ENV
+          echo "ENCRYPTION_KEY=$(openssl rand -hex 32)" >> $GITHUB_ENV
 
       - name: Checkout repository
         uses: actions/checkout@v3
@@ -53,7 +43,7 @@ jobs:
 
       # https://github.com/docker/login-action
       - name: Log into registry
-        uses: docker/login-action@v3 # v3.0.0
+        uses: docker/login-action@v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
@@ -93,17 +83,15 @@ jobs:
             DATABASE_URL=${{ env.DATABASE_URL }}
             ENCRYPTION_KEY=${{ env.ENCRYPTION_KEY }}
             NEXT_PUBLIC_SENTRY_DSN=${{ env.NEXT_PUBLIC_SENTRY_DSN }}
-      
+
       - name: Sign the images with GitHub OIDC Token
         env:
           DIGEST: ${{ steps.build-and-push.outputs.digest }}
           TAGS: ${{ steps.meta.outputs.tags }}
-        run: |
-          images=""
-          for tag in ${TAGS}; do
-            images+="${tag}@${DIGEST} "
-          done
-          cosign sign --yes ${images}
+        run: cosign sign --yes ${{ steps.meta.outputs.tags }}@${{ steps.build-and-push.outputs.digest }}
+    
+    outputs:
+      image_tag_sha: ${{ steps.meta.outputs.tags }}
   
   deploy:
     needs: build
@@ -126,7 +114,7 @@ jobs:
         with:
           task-definition: task-definition.json
           container-name: prod-webapp-container
-          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          image: ${{ needs.build.outputs.image_tag_sha }}
 
       - name: Deploy Amazon ECS task definition
         uses: aws-actions/amazon-ecs-deploy-task-definition@v1
@@ -134,4 +122,3 @@ jobs:
           task-definition: ${{ steps.task-def.outputs.task-definition }}
           service: prod-webapp-ecs-service
           cluster: prod-core-infra-ecs-cluster
-          wait-for-service-stability: true