From d8b6b48fa34561c16680cc5787ab97b3f18b2141 Mon Sep 17 00:00:00 2001
From: Roman Voitenko <roman.voitenko@konsult.atg.se>
Date: Wed, 30 Sep 2020 23:32:23 +0200
Subject: [PATCH 1/2] add possibility to turn on ECR image scanning for repos
 created by ecr plugin

---
 cmd/drone-ecr/main.go | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/cmd/drone-ecr/main.go b/cmd/drone-ecr/main.go
index 5f1e83e..c8e512b 100644
--- a/cmd/drone-ecr/main.go
+++ b/cmd/drone-ecr/main.go
@@ -37,6 +37,7 @@ func main() {
 		lifecyclePolicy  = getenv("PLUGIN_LIFECYCLE_POLICY")
 		repositoryPolicy = getenv("PLUGIN_REPOSITORY_POLICY")
 		assumeRole       = getenv("PLUGIN_ASSUME_ROLE")
+		scanOnPush       = parseBoolOrDefault(false, getenv("PLUGIN_SCAN_ON_PUSH"))
 	)
 
 	// set the region
@@ -72,7 +73,7 @@ func main() {
 	}
 
 	if create {
-		err = ensureRepoExists(svc, trimHostname(repo, registry))
+		err = ensureRepoExists(svc, trimHostname(repo, registry), scanOnPush)
 		if err != nil {
 			log.Fatal(fmt.Sprintf("error creating ECR repo: %v", err))
 		}
@@ -118,9 +119,10 @@ func trimHostname(repo, registry string) string {
 	return repo
 }
 
-func ensureRepoExists(svc *ecr.ECR, name string) (err error) {
+func ensureRepoExists(svc *ecr.ECR, name string, scanOnPush bool) (err error) {
 	input := &ecr.CreateRepositoryInput{}
 	input.SetRepositoryName(name)
+	input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush})
 	_, err = svc.CreateRepository(input)
 	if err != nil {
 		if aerr, ok := err.(awserr.Error); ok && aerr.Code() == ecr.ErrCodeRepositoryAlreadyExistsException {

From 3501d9a65d0f773b01cf2c1a50d13a7726bca166 Mon Sep 17 00:00:00 2001
From: Roman Voitenko <roman.voitenko@konsult.atg.se>
Date: Thu, 1 Oct 2020 10:43:25 +0200
Subject: [PATCH 2/2] add possibility to turn on/off image scanning not only
 during repo creation, but when repo already created

---
 cmd/drone-ecr/main.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/cmd/drone-ecr/main.go b/cmd/drone-ecr/main.go
index c8e512b..9de37a1 100644
--- a/cmd/drone-ecr/main.go
+++ b/cmd/drone-ecr/main.go
@@ -77,6 +77,10 @@ func main() {
 		if err != nil {
 			log.Fatal(fmt.Sprintf("error creating ECR repo: %v", err))
 		}
+		err = updateImageScannningConfig(svc, trimHostname(repo, registry), scanOnPush)
+		if err != nil {
+			log.Fatal(fmt.Sprintf("error updating scan on push for ECR repo: %v", err))
+		}
 	}
 
 	if lifecyclePolicy != "" {
@@ -134,6 +138,15 @@ func ensureRepoExists(svc *ecr.ECR, name string, scanOnPush bool) (err error) {
 	return
 }
 
+func updateImageScannningConfig(svc *ecr.ECR, name string, scanOnPush bool) (err error) {
+	input := &ecr.PutImageScanningConfigurationInput{}
+	input.SetRepositoryName(name)
+	input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush})
+	_, err = svc.PutImageScanningConfiguration(input)
+
+	return err
+}
+
 func uploadLifeCyclePolicy(svc *ecr.ECR, lifecyclePolicy string, name string) (err error) {
 	input := &ecr.PutLifecyclePolicyInput{}
 	input.SetLifecyclePolicyText(lifecyclePolicy)