Building a GitOps Pipeline on AWS ECS: From Manual SSH to Zero-Downtime Blue/Green Deployments

How I Built a GitOps Pipeline That Deploys Itself — and Rolls Back When Things Break I used to deploy by SSHing into a server, pulling new code, restarting Docker Compose, and hoping. That worked until the day I pushed a bug to production on a Friday afternoon and spent the weekend manually rolling it back. This is the story of rebuilding that entire workflow — from "SSH and pray" to a system where a git push triggers security scans, builds container images, shifts traffic 10% at a time, and automatically reverts if anything looks wrong. Where It Started The app is a full-stack notes manager: Next.js frontend, NestJS backend, PostgreSQL, with Nginx as the reverse proxy. Four containers. Nothing exotic. The original deployment process: ssh ubuntu@my-server-ip cd /opt/notes-app git pull docker-compose down && docker-compose up -d --build # Go get coffee. Hope it comes back up. This is fine when you have one server and one developer. It breaks down the moment you want to deploy without do