diff --git a/cmd/drone-ecr/main.go b/cmd/drone-ecr/main.go index 5f1e83e..9de37a1 100644 --- a/cmd/drone-ecr/main.go +++ b/cmd/drone-ecr/main.go @@ -37,6 +37,7 @@ func main() { lifecyclePolicy = getenv("PLUGIN_LIFECYCLE_POLICY") repositoryPolicy = getenv("PLUGIN_REPOSITORY_POLICY") assumeRole = getenv("PLUGIN_ASSUME_ROLE") + scanOnPush = parseBoolOrDefault(false, getenv("PLUGIN_SCAN_ON_PUSH")) ) // set the region @@ -72,10 +73,14 @@ func main() { } if create { - err = ensureRepoExists(svc, trimHostname(repo, registry)) + err = ensureRepoExists(svc, trimHostname(repo, registry), scanOnPush) if err != nil { log.Fatal(fmt.Sprintf("error creating ECR repo: %v", err)) } + err = updateImageScannningConfig(svc, trimHostname(repo, registry), scanOnPush) + if err != nil { + log.Fatal(fmt.Sprintf("error updating scan on push for ECR repo: %v", err)) + } } if lifecyclePolicy != "" { @@ -118,9 +123,10 @@ func trimHostname(repo, registry string) string { return repo } -func ensureRepoExists(svc *ecr.ECR, name string) (err error) { +func ensureRepoExists(svc *ecr.ECR, name string, scanOnPush bool) (err error) { input := &ecr.CreateRepositoryInput{} input.SetRepositoryName(name) + input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush}) _, err = svc.CreateRepository(input) if err != nil { if aerr, ok := err.(awserr.Error); ok && aerr.Code() == ecr.ErrCodeRepositoryAlreadyExistsException { @@ -132,6 +138,15 @@ func ensureRepoExists(svc *ecr.ECR, name string) (err error) { return } +func updateImageScannningConfig(svc *ecr.ECR, name string, scanOnPush bool) (err error) { + input := &ecr.PutImageScanningConfigurationInput{} + input.SetRepositoryName(name) + input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush}) + _, err = svc.PutImageScanningConfiguration(input) + + return err +} + func uploadLifeCyclePolicy(svc *ecr.ECR, lifecyclePolicy string, name string) (err error) { input := &ecr.PutLifecyclePolicyInput{} input.SetLifecyclePolicyText(lifecyclePolicy)