*Deploying* To ECs2 With GitHub Actions

Anyone happen to know how to use "aws deploy" (or something else) to deploy to an EC2 instance from within a GH Action - meaning deploy the targets.

I have a GH Actions workflow that cross-builds a Rust project. It uses, per many examples, this command to "deploy" to EC2:

      - name: Deploy
        id: deploy
        run: |
          aws deploy create-deployment \
          --application-name xxx \
          --deployment-group-name xxxx \
          --deployment-config-name CodeDeployDefault.AllAtOnce \
          --github-location repository=${{ github.repository }},commitId=${{ github.sha }}

(The other necessary parts - aws-actions/configure-aws-credentials and aws sts get-caller-identity - are there too, of course.)

So, all this does is deploy the repo there - the source. Not the targets that the workflow just built.

And, actions/upload-artifact builds an archive and makes it accessible via https - but doesn't copy it to the EC2 VM.

I know everybody loves docker now (I do too) but it's overkill for this. We just want to copy the built executables as part of the deployment. Is there any way to do this?

(An acceptable alternative would be using a post-script to download that archive and expand it - doable but not ideal.)

Another idea is to just commit the build targets to the repo.

Either you put it on S3 and have a userdata in the EC2 instance download and execute it or you need to build a virtual machine image (AMI), which can be imported from some common VM image formats which you could build on GH.

These things aren't doable do to other factors. Maybe in the future.

I almost have the commit-targets path working. It is failing because the role doesn't have write access to the repo. I can't see why, yet, but I'm sure there's a way around this.

Update: I got committing from the Action to work with these permission settings:

permissions:
  id-token: write
  contents: write
  repository-projects: write