From f8b3dfe8b12ff1f8f077d8b7d98915e64e056263 Mon Sep 17 00:00:00 2001
From: OziinG <145884442+OziinG@users.noreply.github.com>
Date: Thu, 30 Apr 2026 15:17:19 +0900
Subject: [PATCH] Fail fast when no SSM deploy targets match

Make the EC2 deploy workflow stop with a clear target-registration error instead of looping on NO_TARGETS when no SSM-managed instance matches the configured tag.

Constraint: Manual deploy with GitHubActionsRole authenticated but found zero SSM target invocations for tag:Service=tomotono-route-console in ca-central-1.

Rejected: Waiting through the full polling loop | it hides the actionable EC2/SSM/tag blocker.

Confidence: high

Scope-risk: narrow

Directive: Keep no-target failures explicit; fix EC2 SSM management/tagging before rerunning deploy.

Tested: bash -n scripts/dispatch-ec2-deploy-ssm.sh; git diff --check.

Not-tested: Successful live deploy because no SSM target currently matches the configured selector.

Related: #3

Co-authored-by: OmX <omx@oh-my-codex.dev>
---
 scripts/dispatch-ec2-deploy-ssm.sh | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/scripts/dispatch-ec2-deploy-ssm.sh b/scripts/dispatch-ec2-deploy-ssm.sh
index 8df5e9d..40dfb58 100755
--- a/scripts/dispatch-ec2-deploy-ssm.sh
+++ b/scripts/dispatch-ec2-deploy-ssm.sh
@@ -54,10 +54,20 @@ COMMAND_ID="$(aws ssm send-command \
 
 echo "ssm_command_id=${COMMAND_ID}"
 
-TARGET_COUNT="$(aws ssm list-command-invocations --region "${AWS_REGION}" --command-id "${COMMAND_ID}" --query 'length(CommandInvocations)' --output text 2>/dev/null || echo 0)"
-if [[ "${TARGET_COUNT}" == "0" ]]; then
-  echo "SSM command was created. Waiting briefly for target invocation registration..."
+TARGET_COUNT="0"
+for _ in $(seq 1 6); do
+  TARGET_COUNT="$(aws ssm list-command-invocations --region "${AWS_REGION}" --command-id "${COMMAND_ID}" --query 'length(CommandInvocations)' --output text 2>/dev/null || echo 0)"
+  if [[ "${TARGET_COUNT}" != "0" ]]; then
+    break
+  fi
+  echo "SSM command was created, but no target invocation is registered yet. Waiting for target registration..."
   sleep 5
+done
+
+if [[ "${TARGET_COUNT}" == "0" ]]; then
+  echo "No SSM targets matched ${TOMOTONO_SSM_TARGET_KEY}=${TOMOTONO_SSM_TARGET_VALUE} in ${AWS_REGION}." >&2
+  echo "Ensure the EC2 instance is SSM-managed, online, in ${AWS_REGION}, and tagged for this target." >&2
+  exit 1
 fi
 
 if [[ "${TOMOTONO_WAIT_FOR_COMPLETION}" != "true" ]]; then