fix(ci): fail deployment action when deployment is rolled back

Problem: When ECS's circuit breaker mechanism rolls back a failing
deploy, the deploy task github action will exit with a success code when
infact the deployment was not successful.

In order to identify unsuccessful service updates, we want the github
action to fail. At time of writing, there is no option elicit this
behavior from the aws-actions/amazon-ecs-deploy-task-definition@v2
action. Instead, we must check that the services current task definition
is the one we attempted to roll out.

See discussion in aws-actions/amazon-ecs-deploy-task-definition#191

Author: willscripted

.github/workflows/callable-deploy-ecs.yml

@@ -69,12 +69,31 @@ jobs:
           echo "$( jq --arg image "${{ steps.config.outputs.TARGET_IMAGE_W_DIGEST }}" '.containerDefinitions |= map((select(.name == "gateway") | .image) |= $image)' task.json )" > task.json
           cat task.json
 
-
       - name: Deploy Amazon ECS task definition
+        id: ecs-deploy
         uses: aws-actions/amazon-ecs-deploy-task-definition@v2
         with:
           task-definition: task.json
           service: ${{ vars.ECS_SERVICE }}
           cluster: ${{ vars.ECS_CLUSTER }}
           wait-for-service-stability: true
-          propagate-tags: SERVICE
+          propagate-tags: SERVICE
+
+      - name: Verify deploy
+        id: check-deployment
+        run: |
+          TASK_DEF_EXPECTED=${{ steps.ecs-deploy.outputs.task-definition-arn }}
+          TASK_DEF_CURRENT=$(
+            aws ecs describe-services \
+              --cluster ${{ vars.ECS_CLUSTER }} \
+              --services ${{ vars.ECS_SERVICE }} \
+              --query services[0].deployments[0].taskDefinition \
+              | jq -r "."
+          )
+          echo "Task Arn - Current: $TASK_DEF_CURRENT"
+          echo "Task Arn - Expected: $TASK_DEF_EXPECTED"
+          if [ "$TASK_DEF_CURRENT" != "$TASK_DEF_EXPECTED" ]; then
+            echo "Current task arn does not match the expected task arn."
+            echo "The deployment may have been rolled back or been deposed by a more recent deployment attempt"
+            exit 1
+          fi