← Week 3: Testing & Deployment

Day 18: CI/CD Pipeline

Phase 7 · Oct 10, 2026

← Week 3: Testing & Deployment

Agenda (2–3 hours)

  • Design (30 min): Define the CI/CD pipeline stages — lint, test, build, push, deploy
  • Implement (90 min): Write GitHub Actions workflows for CI (on PR) and CD (on main merge); wire up ECR push and ECS rolling deploy
  • Test (60 min): Open a test PR; verify CI runs and fails on a test failure; merge to main; verify ECS service updates
← Week 3: Testing & Deployment

Pipeline Stages

PR opened → CI:
  1. cargo fmt --check
  2. cargo clippy -- -D warnings
  3. cargo test --workspace (includes integration tests against DynamoDB Local)
  4. cargo build --release (verify compile)

Merge to main → CD:
  1. cargo test --workspace (final gate)
  2. docker build --tag $ECR_URI:$SHA .
  3. docker push $ECR_URI:$SHA
  4. aws ecs register-task-definition (new revision with $SHA image)
  5. aws ecs update-service --task-definition new-revision (rolling deploy)
  6. aws ecs wait services-stable (block until healthy)
← Week 3: Testing & Deployment

GitHub Actions CI

name: CI
on: [pull_request]
jobs:
  ci:
    runs-on: ubuntu-latest
    services:
      dynamodb:
        image: amazon/dynamodb-local
        ports: ["8000:8000"]
      elasticmq:
        image: softwaremill/elasticmq
        ports: ["9324:9324"]
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
        with: { components: clippy, rustfmt }
      - run: cargo fmt --check
      - run: cargo clippy -- -D warnings
      - run: cargo test --workspace
        env:
          DYNAMO_ENDPOINT: http://localhost:8000
          SQS_ENDPOINT: http://localhost:9324
← Week 3: Testing & Deployment

ECS Rolling Deploy

- name: Deploy to ECS
  run: |
    # Register new task definition with updated image
    TASK_DEF=$(aws ecs register-task-definition \
      --cli-input-json file://task-definition.json \
      | jq -r '.taskDefinition.taskDefinitionArn')

    # Update service to use new revision
    aws ecs update-service \
      --cluster prod-cluster \
      --service api-service \
      --task-definition $TASK_DEF

    # Wait for rollout to complete (fail the pipeline if unhealthy)
    aws ecs wait services-stable \
      --cluster prod-cluster \
      --services api-service
← Week 3: Testing & Deployment

Key Takeaways

  • aws ecs wait services-stable blocks the pipeline until the rolling deploy completes — surfaces deployment failures immediately
  • Integration tests in CI against DynamoDB Local and ElasticMQ catch bugs before they reach production
  • Store the image tag as the git SHA — enables precise rollback (update-service --task-definition sha-of-last-good)
  • Separate CI (on PR) from CD (on main) — fast feedback for developers, gated deploy for production

Tomorrow: production readiness review — the full checklist before going live.