Lifecycle policy delete image that was in use

[joshgubler]

Image 1 deployed successfully.
Developer pushed 10 images that all had bugs.
Default Lifecycle Policy only keeps the most recent 10 images.
Now ECS can't launch a task with the latest stable configuration.

[joshgubler]

Proper solution is a better tagging strategy:
After CodeDeploy succeeds, add a second tag to the image stable-<timestamp>.
If CodeDeploy fails, add a second tag to the image unstable-<timestamp>.
Have LifeCycle policy keep the most recent 10 stable images (for rollback if needed).
Have LifeCycle policy keep the most recent 5 unstable images (for troubleshooting).

[joshgubler]

This would be easy to do in GitHub Actions. Difficult in CodePipeline. For now, we could just keep the most recent 100 images.

[joshgubler]

{
    "rules": [
        {
            "rulePriority": 1,
            "description": "Rule 1",
            "selection": {
                "tagStatus": "tagged",
                "tagPrefixList": ["stable"],
                "countType": "imageCountMoreThan",
                "countNumber": 10
            },
            "action": {
                "type": "expire"
            }
        },
        {
            "rulePriority": 2,
            "description": "Rule 2",
            "selection": {
                "tagStatus": "tagged",
                "tagPrefixList": ["unstable"],
                "countType": "imageCountMoreThan",
                "countNumber": 5
            },
            "action": {
                "type": "expire"
            }
        }
    ]
}

[joshgubler]

This requires pieces to be implemented outside of this module (i.e. GitHub Actions). Rather than coupling this modules defaults to that outside implementation, we'll implement the best practice over in the hw-fargate-api template repo.