From e7e8dd882dbdfe83a7f71d624fd0ab2678408e58 Mon Sep 17 00:00:00 2001
From: Ompragash Viswanathan <ompragash@proton.me>
Date: Mon, 13 May 2024 18:19:14 +0530
Subject: [PATCH 1/2] Fixed 'error getting ECR auth: WebIdentityErr: unable to
 read file at' issue

---
 cmd/drone-ecr/main.go | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/cmd/drone-ecr/main.go b/cmd/drone-ecr/main.go
index 20b5346..0b5a061 100644
--- a/cmd/drone-ecr/main.go
+++ b/cmd/drone-ecr/main.go
@@ -42,7 +42,7 @@ func main() {
 		assumeRole       = getenv("PLUGIN_ASSUME_ROLE")
 		externalId       = getenv("PLUGIN_EXTERNAL_ID")
 		scanOnPush       = parseBoolOrDefault(false, getenv("PLUGIN_SCAN_ON_PUSH"))
-		idToken          = os.Getenv("PLUGIN_OIDC_TOKEN_ID") 
+		idToken          = os.Getenv("PLUGIN_OIDC_TOKEN_ID")
 	)
 
 	// set the region
@@ -218,9 +218,24 @@ func getECRClient(sess *session.Session, role string, externalId string, idToken
 	if role == "" {
 		return ecr.New(sess)
 	}
-	// Use STS AssumeRoleWithWebIdentity when idToken is provided
+
 	if idToken != "" {
-		creds := stscreds.NewWebIdentityCredentials(sess, role, "", idToken)
+		tempFile, err := ioutil.TempFile("/tmp", "idToken-*.jwt")
+		if err != nil {
+			log.Fatalf("Failed to create temporary file: %v", err)
+		}
+		defer tempFile.Close()
+
+		if err := os.Chmod(tempFile.Name(), 0600); err != nil {
+			log.Fatalf("Failed to set file permissions: %v", err)
+		}
+
+		if _, err := tempFile.WriteString(idToken); err != nil {
+			log.Fatalf("Failed to write ID token to temporary file: %v", err)
+		}
+
+		// Create credentials using the path to the ID token file
+		creds := stscreds.NewWebIdentityCredentials(sess, role, "", tempFile.Name())
 		return ecr.New(sess, &aws.Config{Credentials: creds})
 	} else if externalId != "" {
 		return ecr.New(sess, &aws.Config{

From 49e9dde7a73443b3f09bfa4d111f72b815dc0771 Mon Sep 17 00:00:00 2001
From: Ompragash Viswanathan <ompragash@proton.me>
Date: Mon, 13 May 2024 19:23:57 +0530
Subject: [PATCH 2/2] Updated cmd/drone-ecr/main.go

---
 cmd/drone-ecr/main.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/drone-ecr/main.go b/cmd/drone-ecr/main.go
index 0b5a061..ae26829 100644
--- a/cmd/drone-ecr/main.go
+++ b/cmd/drone-ecr/main.go
@@ -220,7 +220,7 @@ func getECRClient(sess *session.Session, role string, externalId string, idToken
 	}
 
 	if idToken != "" {
-		tempFile, err := ioutil.TempFile("/tmp", "idToken-*.jwt")
+		tempFile, err := os.CreateTemp("/tmp", "idToken-*.jwt")
 		if err != nil {
 			log.Fatalf("Failed to create temporary file: %v", err)
 		}