NHSDigital
diff --git a/‎ecr-lifecycle/ecr_lifecycle.json‎ ‎ansible/ecr-lifecycle/ecr_lifecycle.json‎ecr-lifecycle/ecr_lifecycle.json renamed to ansible/ecr-lifecycle/ecr_lifecycle.json b/‎ecr-lifecycle/ecr_lifecycle.json‎ ‎ansible/ecr-lifecycle/ecr_lifecycle.json‎ecr-lifecycle/ecr_lifecycle.json renamed to ansible/ecr-lifecycle/ecr_lifecycle.json
diff --git a/‎ansible/roles/build-ecs-proxies/tasks/build-container.yml‎
Lines changed: 48 additions & 0 deletions b/‎ansible/roles/build-ecs-proxies/tasks/build-container.yml‎
Lines changed: 48 additions & 0 deletions
@@ -79,5 +79,53 @@
     {{ aws_cmd }} ecr put-lifecycle-policy
     --repository-name {{ service_id }}_{{ item }}
     --lifecycle-policy-text file://{{ playbook_dir }}/../ecr-lifecycle/ecr_lifecycle.json
+  when:
+    - existing_policy_json != desired_policy_json- name: Get existing lifecycle policy JSON for {{ service_id }}_{{ item }}
+  ansible.builtin.command: >
+    {{ aws_cmd }} ecr get-lifecycle-policy
+    --repository-name {{ service_id }}_{{ item }}
+    --query 'lifecyclePolicyText'
+    --output text
+  register: existing_policy_raw
+  failed_when: false
+  changed_when: false
+
+- name: Parse existing lifecycle policy JSON if present
+  set_fact:
+    existing_policy_json: "{{ existing_policy_raw.stdout | from_json }}"
+  when:
+    - existing_policy_raw.stdout is defined
+    - existing_policy_raw.stdout != ""
+    - existing_policy_raw.stdout != "None"
+    - existing_policy_raw.stdout != "null"
+
+- name: Ensure existing_policy_json always exists
+  set_fact:
+    existing_policy_json: {}
+  when: existing_policy_json is not defined
+
+- name: Read lifecycle policy from the shared file
+  ansible.builtin.slurp:
+    src: "{{ playbook_dir }}/ecr-lifecycle/ecr_lifecycle.json"
+  register: desired_policy_raw
+
+- name: Debug raw slurp output
+  debug:
+    var: desired_policy_raw
+
+- name: Show decoded lifecycle policy content
+  debug:
+    msg: "{{ desired_policy_raw.content | b64decode }}"
+
+- name: Decode lifecycle policy file
+  set_fact:
+    desired_policy_json: "{{ desired_policy_raw.content | b64decode | from_json }}"
+
+- name: Apply lifecycle policy to ecr {{ service_id }}_{{ item }} if different
+  ansible.builtin.command: >
+    {{ aws_cmd }} ecr put-lifecycle-policy
+    --repository-name {{ service_id }}_{{ item }}
+    --lifecycle-policy-text file://{{ playbook_dir }}/ecr-lifecycle/ecr_lifecycle.json
   when:
     - existing_policy_json != desired_policy_json
+