wanderer/drone-docker
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Merge pull request #300 from rvoitenko/ecr_scan_on_push

Browse Source 
ECR: adding setting to enable image scanning while repo creation
This commit is contained in:
Brad Rydzewski 2021-04-06 15:55:56 -04:00 committed by GitHub
commit f08821b024
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
cmd/drone-ecr/main.go
View File

@ -37,6 +37,7 @@ func main() {
lifecyclePolicy = getenv("PLUGIN_LIFECYCLE_POLICY")
repositoryPolicy = getenv("PLUGIN_REPOSITORY_POLICY")
assumeRole = getenv("PLUGIN_ASSUME_ROLE")
scanOnPush = parseBoolOrDefault(false, getenv("PLUGIN_SCAN_ON_PUSH"))
)
// set the region
@ -72,10 +73,14 @@ func main() {
}
if create {
err = ensureRepoExists(svc, trimHostname(repo, registry))
err = ensureRepoExists(svc, trimHostname(repo, registry), scanOnPush)
if err != nil {
log.Fatal(fmt.Sprintf("error creating ECR repo: %v", err))
}
err = updateImageScannningConfig(svc, trimHostname(repo, registry), scanOnPush)
if err != nil {
log.Fatal(fmt.Sprintf("error updating scan on push for ECR repo: %v", err))
}
}
if lifecyclePolicy != "" {
@ -118,9 +123,10 @@ func trimHostname(repo, registry string) string {
return repo
}
func ensureRepoExists(svc *ecr.ECR, name string) (err error) {
func ensureRepoExists(svc *ecr.ECR, name string, scanOnPush bool) (err error) {
input := &ecr.CreateRepositoryInput{}
input.SetRepositoryName(name)
input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush})
_, err = svc.CreateRepository(input)
if err != nil {
if aerr, ok := err.(awserr.Error); ok && aerr.Code() == ecr.ErrCodeRepositoryAlreadyExistsException {
@ -132,6 +138,15 @@ func ensureRepoExists(svc *ecr.ECR, name string) (err error) {
return
}
func updateImageScannningConfig(svc *ecr.ECR, name string, scanOnPush bool) (err error) {
input := &ecr.PutImageScanningConfigurationInput{}
input.SetRepositoryName(name)
input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush})
_, err = svc.PutImageScanningConfiguration(input)
return err
}
func uploadLifeCyclePolicy(svc *ecr.ECR, lifecyclePolicy string, name string) (err error) {
input := &ecr.PutLifecyclePolicyInput{}
input.SetLifecyclePolicyText(lifecyclePolicy)