feat: [CI-21342]: Aws migrated and vulnerabilities fixed (#505 )

Made-with: Cursor
Merge pull request #504 from drone-plugins/ci-18951
2026-06-04 18:24:24 +08:00 · 2026-03-04 11:42:44 +05:30 · 2026-02-23 17:07:20 +05:30 · 2026-02-18 10:56:51 +05:30 · 2026-02-18 10:40:37 +05:30 · 2026-02-13 14:47:58 +05:30
9 changed files with 507 additions and 144 deletions
@@ -12,7 +12,7 @@ platform:

 steps:
  - name: vet
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - go vet ./...
    environment:
@@ -22,7 +22,7 @@ steps:
        path: /go

  - name: test
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - go test -cover ./...
    environment:
@@ -55,7 +55,7 @@ platform:

 steps:
  - name: go build
-    image: golang:1.23
+    image: golang:1.24.11
    environment:
      CGO_ENABLED: 0
    commands:
@@ -162,7 +162,7 @@ platform:

 steps:
  - name: go build
-    image: golang:1.23
+    image: golang:1.24.11
    environment:
      CGO_ENABLED: 0
    commands:
@@ -264,7 +264,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker'
    environment:
@@ -275,7 +275,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker'
    environment:
@@ -285,7 +285,7 @@ steps:
        - tag

  - name: executable
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - ./release/linux/amd64/drone-docker --help

@@ -329,7 +329,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-docker ./cmd/drone-docker'
    environment:
@@ -340,7 +340,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-docker ./cmd/drone-docker'
    environment:
@@ -350,7 +350,7 @@ steps:
        - tag

  - name: executable
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - ./release/linux/arm64/drone-docker --help

@@ -429,7 +429,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-gcr ./cmd/drone-gcr'
    environment:
@@ -440,7 +440,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-gcr ./cmd/drone-gcr'
    environment:
@@ -488,7 +488,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-gcr ./cmd/drone-gcr'
    environment:
@@ -499,7 +499,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-gcr ./cmd/drone-gcr'
    environment:
@@ -582,7 +582,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-gar ./cmd/drone-gar'
    environment:
@@ -593,7 +593,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-gar ./cmd/drone-gar'
    environment:
@@ -641,7 +641,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-gar ./cmd/drone-gar'
    environment:
@@ -652,7 +652,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-gar ./cmd/drone-gar'
    environment:
@@ -734,7 +734,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-ecr ./cmd/drone-ecr'
    environment:
@@ -744,7 +744,7 @@ steps:
        exclude:
          - tag
  - name: build-tag
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-ecr ./cmd/drone-ecr'
    environment:
@@ -792,7 +792,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-ecr ./cmd/drone-ecr'
    environment:
@@ -802,7 +802,7 @@ steps:
        exclude:
          - tag
  - name: build-tag
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-ecr ./cmd/drone-ecr'
    environment:
@@ -885,7 +885,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/amd64/drone-heroku ./cmd/drone-heroku'
    environment:
@@ -895,7 +895,7 @@ steps:
        exclude:
          - tag
  - name: build-tag
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/amd64/drone-heroku ./cmd/drone-heroku'
    environment:
@@ -944,7 +944,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_COMMIT_SHA:0:8}" -a -tags netgo -o release/linux/arm64/drone-heroku ./cmd/drone-heroku'
    environment:
@@ -954,7 +954,7 @@ steps:
        exclude:
          - tag
  - name: build-tag
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v}" -a -tags netgo -o release/linux/arm64/drone-heroku ./cmd/drone-heroku'
    environment:
@@ -1035,7 +1035,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/amd64/drone-acr ./cmd/drone-acr'
    environment:
@@ -1045,7 +1045,7 @@ steps:
        exclude:
          - tag
  - name: build-tag
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/amd64/drone-acr ./cmd/drone-acr'
    environment:
@@ -1093,7 +1093,7 @@ platform:

 steps:
  - name: build-push
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/arm64/drone-acr ./cmd/drone-acr'
    environment:
@@ -1104,7 +1104,7 @@ steps:
          - tag

  - name: build-tag
-    image: golang:1.23
+    image: golang:1.24.11
    commands:
      - 'go build -v -ldflags "-X main.version=${DRONE_TAG##v} -X main.build=${DRONE_BUILD_NUMBER}" -a -tags netgo -o release/linux/arm64/drone-acr ./cmd/drone-acr'
    environment:
@@ -33,7 +33,7 @@ pipeline:
                  identifier: Run_1
                  spec:
                    connectorRef: Plugins_Docker_Hub_Connector
-                    image: golang:1.23.0
+                    image: golang:1.24.11
                    shell: Sh
                    command: go vet ./...
              - step:
@@ -42,7 +42,7 @@ pipeline:
                  identifier: Run_2
                  spec:
                    connectorRef: Plugins_Docker_Hub_Connector
-                    image: golang:1.23.0
+                    image: golang:1.24.11
                    shell: Sh
                    command: go test -cover ./...
    - parallel:
@@ -70,7 +70,7 @@ pipeline:
                      identifier: Build_Push
                      spec:
                        connectorRef: Plugins_Docker_Hub_Connector
-                        image: golang:1.23.0
+                        image: golang:1.24.11
                        shell: Sh
                        command: go build -a -tags netgo -o release/linux/amd64/drone-<+matrix.repo> ./cmd/drone-<+matrix.repo>
                        envVariables:
@@ -157,7 +157,7 @@ pipeline:
                      identifier: buildpush
                      spec:
                        connectorRef: Plugins_Docker_Hub_Connector
-                        image: golang:1.23.0
+                        image: golang:1.24.11
                        shell: Sh
                        command: go build -a -tags netgo -o release/linux/arm64/drone-<+matrix.repo> ./cmd/drone-<+matrix.repo>
                        envVariables:
@@ -17,8 +17,14 @@ import (
 	"github.com/inhies/go-bytesize"
 )

+// writeCard maintains backward compatibility by using TempTag
 func (p Plugin) writeCard() error {
-	cmd := exec.Command(dockerExe, "inspect", p.Build.TempTag)
+	return p.writeCardForImage(p.Build.TempTag)
+}
+
+// writeCardForImage generates card for any image reference
+func (p Plugin) writeCardForImage(imageRef string) error {
+	cmd := exec.Command(dockerExe, "inspect", imageRef)
 	data, err := cmd.CombinedOutput()
 	if err != nil {
 		return err
@@ -38,7 +44,11 @@ func (p Plugin) writeCard() error {
 	for _, tag := range inspect.RepoTags {
 		sliceTagStruct = append(sliceTagStruct, TagStruct{Tag: tag})
 	}
-	inspect.ParsedRepoTags = sliceTagStruct[1:] // remove the first tag which is always "hash:latest"
+	if len(sliceTagStruct) > 1 {
+		inspect.ParsedRepoTags = sliceTagStruct[1:] // remove the first tag which is always "hash:latest"
+	} else {
+		inspect.ParsedRepoTags = sliceTagStruct
+	}
 	// create the url from repo and registry
 	inspect.URL = mapRegistryToURL(p.Daemon.Registry, p.Build.Repo)
 	cardData, _ := json.Marshal(inspect)
@@ -33,7 +33,7 @@ func main() {
 		cli.BoolFlag{
 			Name:   "dry-run",
 			Usage:  "dry run disables docker push",
-			EnvVar: "PLUGIN_DRY_RUN",
+			EnvVar: "PLUGIN_DRY_RUN, PLUGIN_NO_PUSH",
 		},
 		cli.StringFlag{
 			Name:   "remote.url",
@@ -112,6 +112,12 @@ func main() {
 			Usage:  "don't start the docker daemon",
 			EnvVar: "PLUGIN_DAEMON_OFF",
 		},
+		cli.IntFlag{
+			Name:   "daemon.retry-count",
+			Usage:  "number of retry attempts to reach docker daemon",
+			Value:  15,
+			EnvVar: "PLUGIN_DAEMON_RETRY_COUNT",
+		},
 		cli.StringFlag{
 			Name:   "dockerfile",
 			Usage:  "build dockerfile",
@@ -339,6 +345,16 @@ func main() {
 			Usage:  "additional cosign parameters (e.g., annotations, flags)",
 			EnvVar: "PLUGIN_COSIGN_PARAMS",
 		},
+		cli.BoolFlag{
+			Name:   "push-only",
+			Usage:  "skip build and only push images",
+			EnvVar: "PLUGIN_PUSH_ONLY",
+		},
+		cli.StringFlag{
+			Name:   "source-image",
+			Usage:  "source image to tag and push (format: repo:tag)",
+			EnvVar: "PLUGIN_SOURCE_IMAGE",
+		},
 	}

 	if err := app.Run(os.Args); err != nil {
@@ -409,6 +425,7 @@ func run(c *cli.Context) error {
 			DNSSearch:     c.StringSlice("daemon.dns-search"),
 			MTU:           c.String("daemon.mtu"),
 			Experimental:  c.Bool("daemon.experimental"),
+			RetryCount:    c.Int("daemon.retry-count"),
 			RegistryType:  registryType,
 		},
 		BaseImageRegistry: c.String("docker.baseimageregistry"),
@@ -419,6 +436,8 @@ func run(c *cli.Context) error {
 			Password:   c.String("cosign.password"),
 			Params:     c.String("cosign.params"),
 		},
+		PushOnly:    c.Bool("push-only"),
+		SourceImage: c.String("source-image"),
 	}

 	if c.Bool("tags.auto") {
@@ -1,35 +1,31 @@
 package main

 import (
+	"context"
 	"encoding/base64"
+	"errors"
 	"fmt"
-	"io/ioutil"
 	"log"
 	"os"
 	"os/exec"
 	"strconv"
 	"strings"

+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
+	"github.com/aws/aws-sdk-go-v2/service/ecr"
+	ecrtypes "github.com/aws/aws-sdk-go-v2/service/ecr/types"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
 	"github.com/joho/godotenv"
 	"github.com/sirupsen/logrus"

-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/awserr"
-	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/ecr"
-
 	docker "github.com/drone-plugins/drone-docker"
 )

-type ecrAPI interface {
-	DescribeImages(*ecr.DescribeImagesInput) (*ecr.DescribeImagesOutput, error)
-}
-
 const defaultRegion = "us-east-1"

 func main() {
-	// Load env-file if it exists first
 	if env := os.Getenv("PLUGIN_ENV_FILE"); env != "" {
 		godotenv.Load(env)
 	}
@@ -50,7 +46,6 @@ func main() {
 		skipPushIfTagExists = parseBoolOrDefault(false, getenv("PLUGIN_SKIP_PUSH_IF_TAG_EXISTS"))
 	)

-	// set the region
 	if region == "" {
 		region = defaultRegion
 	}
@@ -62,13 +57,15 @@ func main() {
 		os.Setenv("AWS_SECRET_ACCESS_KEY", secret)
 	}

-	sess, err := session.NewSession(&aws.Config{Region: &region})
+	ctx := context.Background()
+
+	cfg, err := config.LoadDefaultConfig(ctx, config.WithRegion(region))
 	if err != nil {
-		log.Fatal(fmt.Sprintf("error creating aws session: %v", err))
+		log.Fatal(fmt.Sprintf("error creating aws config: %v", err))
 	}

-	svc := getECRClient(sess, assumeRole, externalId, idToken)
-	username, password, defaultRegistry, err := getAuthInfo(svc)
+	svc := getECRClient(cfg, assumeRole, externalId, idToken)
+	username, password, defaultRegistry, err := getAuthInfo(ctx, svc)

 	if registry == "" {
 		registry = defaultRegistry
@@ -83,32 +80,32 @@ func main() {
 	}

 	if create {
-		err = ensureRepoExists(svc, trimHostname(repo, registry), scanOnPush)
+		err = ensureRepoExists(ctx, svc, trimHostname(repo, registry), scanOnPush)
 		if err != nil {
 			log.Fatal(fmt.Sprintf("error creating ECR repo: %v", err))
 		}
-		err = updateImageScannningConfig(svc, trimHostname(repo, registry), scanOnPush)
+		err = updateImageScanningConfig(ctx, svc, trimHostname(repo, registry), scanOnPush)
 		if err != nil {
 			log.Fatal(fmt.Sprintf("error updating scan on push for ECR repo: %v", err))
 		}
 	}

 	if lifecyclePolicy != "" {
-		p, err := ioutil.ReadFile(lifecyclePolicy)
+		p, err := os.ReadFile(lifecyclePolicy)
 		if err != nil {
 			log.Fatal(err)
 		}
-		if err := uploadLifeCyclePolicy(svc, string(p), trimHostname(repo, registry)); err != nil {
+		if err := uploadLifeCyclePolicy(ctx, svc, string(p), trimHostname(repo, registry)); err != nil {
 			log.Fatal(fmt.Sprintf("error uploading ECR lifecycle policy: %v", err))
 		}
 	}

 	if repositoryPolicy != "" {
-		p, err := ioutil.ReadFile(repositoryPolicy)
+		p, err := os.ReadFile(repositoryPolicy)
 		if err != nil {
 			log.Fatal(err)
 		}
-		if err := uploadRepositoryPolicy(svc, string(p), trimHostname(repo, registry)); err != nil {
+		if err := uploadRepositoryPolicy(ctx, svc, string(p), trimHostname(repo, registry)); err != nil {
 			log.Fatal(fmt.Sprintf("error uploading ECR repository policy. %v", err))
 		}
 	}
@@ -119,7 +116,6 @@ func main() {
 	os.Setenv("DOCKER_PASSWORD", password)
 	os.Setenv("PLUGIN_REGISTRY_TYPE", "ECR")

-	// Skip if tag already exits for both mutable and immutable repos
 	if skipPushIfTagExists {
 		tagInput := getenv("PLUGIN_TAG", "PLUGIN_TAGS")
 		var tags []string
@@ -136,7 +132,7 @@ func main() {

 		repositoryName := trimHostname(repo, registry)
 		for _, t := range tags {
-			exists, err := tagExists(svc, repositoryName, t)
+			exists, err := tagExists(ctx, svc, repositoryName, t)
 			if err != nil {
 				logrus.Fatalf("Error checking if image exists for tag %s: %v", t, err)
 			}
@@ -147,7 +143,6 @@ func main() {
 		}
 	}

-	// invoke the base docker plugin binary
 	cmd := exec.Command(docker.GetDroneDockerExecCmd())
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
@@ -162,57 +157,63 @@ func trimHostname(repo, registry string) string {
 	return repo
 }

-func ensureRepoExists(svc *ecr.ECR, name string, scanOnPush bool) (err error) {
-	input := &ecr.CreateRepositoryInput{}
-	input.SetRepositoryName(name)
-	input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush})
-	_, err = svc.CreateRepository(input)
+func ensureRepoExists(ctx context.Context, svc *ecr.Client, name string, scanOnPush bool) error {
+	_, err := svc.CreateRepository(ctx, &ecr.CreateRepositoryInput{
+		RepositoryName: aws.String(name),
+		ImageScanningConfiguration: &ecrtypes.ImageScanningConfiguration{
+			ScanOnPush: scanOnPush,
+		},
+	})
 	if err != nil {
-		if aerr, ok := err.(awserr.Error); ok && aerr.Code() == ecr.ErrCodeRepositoryAlreadyExistsException {
-			// eat it, we skip checking for existing to save two requests
-			err = nil
+		var rae *ecrtypes.RepositoryAlreadyExistsException
+		if errors.As(err, &rae) {
+			return nil
 		}
+		return err
 	}
-
-	return
+	return nil
 }

-func updateImageScannningConfig(svc *ecr.ECR, name string, scanOnPush bool) (err error) {
-	input := &ecr.PutImageScanningConfigurationInput{}
-	input.SetRepositoryName(name)
-	input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush})
-	_, err = svc.PutImageScanningConfiguration(input)
-
+func updateImageScanningConfig(ctx context.Context, svc *ecr.Client, name string, scanOnPush bool) error {
+	_, err := svc.PutImageScanningConfiguration(ctx, &ecr.PutImageScanningConfigurationInput{
+		RepositoryName: aws.String(name),
+		ImageScanningConfiguration: &ecrtypes.ImageScanningConfiguration{
+			ScanOnPush: scanOnPush,
+		},
+	})
 	return err
 }

-func uploadLifeCyclePolicy(svc *ecr.ECR, lifecyclePolicy string, name string) (err error) {
-	input := &ecr.PutLifecyclePolicyInput{}
-	input.SetLifecyclePolicyText(lifecyclePolicy)
-	input.SetRepositoryName(name)
-	_, err = svc.PutLifecyclePolicy(input)
-
+func uploadLifeCyclePolicy(ctx context.Context, svc *ecr.Client, lifecyclePolicy string, name string) error {
+	_, err := svc.PutLifecyclePolicy(ctx, &ecr.PutLifecyclePolicyInput{
+		LifecyclePolicyText: aws.String(lifecyclePolicy),
+		RepositoryName:      aws.String(name),
+	})
 	return err
 }

-func uploadRepositoryPolicy(svc *ecr.ECR, repositoryPolicy string, name string) (err error) {
-	input := &ecr.SetRepositoryPolicyInput{}
-	input.SetPolicyText(repositoryPolicy)
-	input.SetRepositoryName(name)
-	_, err = svc.SetRepositoryPolicy(input)
-
+func uploadRepositoryPolicy(ctx context.Context, svc *ecr.Client, repositoryPolicy string, name string) error {
+	_, err := svc.SetRepositoryPolicy(ctx, &ecr.SetRepositoryPolicyInput{
+		PolicyText:     aws.String(repositoryPolicy),
+		RepositoryName: aws.String(name),
+	})
 	return err
 }

-func getAuthInfo(svc *ecr.ECR) (username, password, registry string, err error) {
+func getAuthInfo(ctx context.Context, svc *ecr.Client) (username, password, registry string, err error) {
 	var result *ecr.GetAuthorizationTokenOutput
 	var decoded []byte

-	result, err = svc.GetAuthorizationToken(&ecr.GetAuthorizationTokenInput{})
+	result, err = svc.GetAuthorizationToken(ctx, &ecr.GetAuthorizationTokenInput{})
 	if err != nil {
 		return
 	}

+	if len(result.AuthorizationData) == 0 {
+		err = fmt.Errorf("no authorization data returned from ECR")
+		return
+	}
+
 	auth := result.AuthorizationData[0]
 	token := *auth.AuthorizationToken
 	decoded, err = base64.StdEncoding.DecodeString(token)
@@ -221,7 +222,11 @@ func getAuthInfo(svc *ecr.ECR) (username, password, registry string, err error)
 	}

 	registry = strings.TrimPrefix(*auth.ProxyEndpoint, "https://")
-	creds := strings.Split(string(decoded), ":")
+	creds := strings.SplitN(string(decoded), ":", 2)
+	if len(creds) < 2 {
+		err = fmt.Errorf("invalid ECR authorization token format")
+		return
+	}
 	username = creds[0]
 	password = creds[1]
 	return
@@ -233,7 +238,6 @@ func parseBoolOrDefault(defaultValue bool, s string) (result bool) {
 	if err != nil {
 		result = defaultValue
 	}
-
 	return
 }

@@ -247,55 +251,51 @@ func getenv(key ...string) (s string) {
 	return
 }

-func getECRClient(sess *session.Session, role string, externalId string, idToken string) *ecr.ECR {
+func getECRClient(cfg aws.Config, role string, externalId string, idToken string) *ecr.Client {
 	if role == "" {
-		return ecr.New(sess)
+		return ecr.NewFromConfig(cfg)
 	}

+	stsSvc := sts.NewFromConfig(cfg)
+
 	if idToken != "" {
-		tempFile, err := os.CreateTemp("/tmp", "idToken-*.jwt")
-		if err != nil {
-			log.Fatalf("Failed to create temporary file: %v", err)
-		}
-		defer tempFile.Close()
+		provider := stscreds.NewWebIdentityRoleProvider(stsSvc, role, identityToken(idToken))
+		cfg.Credentials = aws.NewCredentialsCache(provider)
+		return ecr.NewFromConfig(cfg)
+	}

-		if err := os.Chmod(tempFile.Name(), 0600); err != nil {
-			log.Fatalf("Failed to set file permissions: %v", err)
-		}
-
-		if _, err := tempFile.WriteString(idToken); err != nil {
-			log.Fatalf("Failed to write ID token to temporary file: %v", err)
-		}
-
-		// Create credentials using the path to the ID token file
-		creds := stscreds.NewWebIdentityCredentials(sess, role, "", tempFile.Name())
-		return ecr.New(sess, &aws.Config{Credentials: creds})
-	} else if externalId != "" {
-		return ecr.New(sess, &aws.Config{
-			Credentials: stscreds.NewCredentials(sess, role, func(p *stscreds.AssumeRoleProvider) {
-				p.ExternalID = &externalId
-			}),
+	var provider *stscreds.AssumeRoleProvider
+	if externalId != "" {
+		provider = stscreds.NewAssumeRoleProvider(stsSvc, role, func(o *stscreds.AssumeRoleOptions) {
+			o.ExternalID = &externalId
 		})
 	} else {
-		return ecr.New(sess, &aws.Config{
-			Credentials: stscreds.NewCredentials(sess, role),
-		})
+		provider = stscreds.NewAssumeRoleProvider(stsSvc, role)
 	}
+	cfg.Credentials = aws.NewCredentialsCache(provider)
+	return ecr.NewFromConfig(cfg)
 }

-func tagExists(svc ecrAPI, repository, tag string) (bool, error) {
+func tagExists(ctx context.Context, svc *ecr.Client, repository, tag string) (bool, error) {
 	input := &ecr.DescribeImagesInput{
 		RepositoryName: aws.String(repository),
-		ImageIds: []*ecr.ImageIdentifier{
+		ImageIds: []ecrtypes.ImageIdentifier{
 			{ImageTag: aws.String(tag)},
 		},
 	}
-	output, err := svc.DescribeImages(input)
+	output, err := svc.DescribeImages(ctx, input)
 	if err != nil {
-		if aerr, ok := err.(awserr.Error); ok && aerr.Code() == "ImageNotFoundException" {
+		var inf *ecrtypes.ImageNotFoundException
+		if errors.As(err, &inf) {
 			return false, nil
 		}
 		return false, err
 	}
 	return len(output.ImageDetails) > 0, nil
 }
+
+type identityToken string
+
+func (t identityToken) GetIdentityToken() ([]byte, error) {
+	return []byte(t), nil
+}
@@ -30,6 +30,7 @@ type (
 		MTU           string             // Docker daemon mtu setting
 		IPv6          bool               // Docker daemon IPv6 networking
 		Experimental  bool               // Docker daemon enable experimental mode
+		RetryCount    int                // Number of retry attempts to reach Docker daemon
 		RegistryType  drone.RegistryType // Docker registry type
 	}

@@ -96,6 +97,8 @@ type (
 		BaseImageRegistry string       // Docker registry to pull base image
 		BaseImageUsername string       // Docker registry username to pull base image
 		BaseImagePassword string       // Docker registry password to pull base image
+		PushOnly          bool         // Push only mode, skips build process
+		SourceImage       string       // Source image to push (optional)
 	}

 	Card []struct {
@@ -135,14 +138,18 @@ func (p Plugin) Exec() error {

 	// poll the docker daemon until it is started. This ensures the daemon is
 	// ready to accept connections before we proceed.
+	maxRetries := p.Daemon.RetryCount
+	if maxRetries <= 0 {
+		maxRetries = 15 // default value
+	}
 	for i := 0; ; i++ {
 		cmd := commandInfo()
 		err := cmd.Run()
 		if err == nil {
 			break
 		}
-		if i == 15 {
-			fmt.Println("Unable to reach Docker Daemon after 15 attempts.")
+		if i == maxRetries {
+			fmt.Printf("Unable to reach Docker Daemon after %d attempts.\n", maxRetries)
 			break
 		}
 		time.Sleep(time.Second * 1)
@@ -201,7 +208,8 @@ func (p Plugin) Exec() error {
 			fmt.Println(out)
 			return fmt.Errorf("Error authenticating base connector: exit status 1")
 		}
-	} else {
+	} else if !p.PushOnly {
+		// Skip base image connector warning in push-only mode (not pulling anything)
 		fmt.Println("\033[33mTo ensure consistent and reliable pipeline execution, we recommend setting up a Base Image Connector.\033[0m\n" +
 			"\033[33mWhile optional at this time, configuring it helps prevent failures caused by Docker Hub's rate limits.\033[0m")
 	}
@@ -229,6 +237,16 @@ func (p Plugin) Exec() error {
 		}
 	}

+	// Enforce mutual exclusivity: push-only and dry-run cannot be used together
+	if p.PushOnly && p.Dryrun {
+		return fmt.Errorf("conflict: push-only and dry-run cannot be used together")
+	}
+
+	// Handle push-only mode if requested
+	if p.PushOnly {
+		return p.pushOnly()
+	}
+
 	if p.Build.Squash && !p.Daemon.Experimental {
 		fmt.Println("Squash build flag is only available when Docker deamon is started with experimental flag. Ignoring...")
 		p.Build.Squash = false
@@ -579,7 +597,8 @@ func addProxyValue(build *Build, key string) {

 // helper function to get a proxy value from the environment.
 //
-// assumes that the upper and lower case versions of are the same.
+// Checks in order: lowercase key, uppercase key, then HARNESS_<UPPERCASE_KEY>.
+// Assumes that the upper and lower case versions are the same value.
 func getProxyValue(key string) string {
 	value := os.Getenv(key)

@@ -587,15 +606,26 @@ func getProxyValue(key string) string {
 		return value
 	}

-	return os.Getenv(strings.ToUpper(key))
+	value = os.Getenv(strings.ToUpper(key))
+
+	if len(value) > 0 {
+		return value
+	}
+
+	harnessValue := os.Getenv("HARNESS_" + strings.ToUpper(key))
+	if len(harnessValue) > 0 {
+		fmt.Printf("Using HARNESS_%s as proxy value for %s\n", strings.ToUpper(key), key)
+	}
+	return harnessValue
 }

 // helper function that looks to see if a proxy value was set in the build args.
 func hasProxyBuildArg(build *Build, key string) bool {
 	keyUpper := strings.ToUpper(key)
+	harnessKey := "HARNESS_" + keyUpper

 	for _, s := range build.Args {
-		if strings.HasPrefix(s, key) || strings.HasPrefix(s, keyUpper) {
+		if strings.HasPrefix(s, key) || strings.HasPrefix(s, keyUpper) || strings.HasPrefix(s, harnessKey) {
 			return true
 		}
 	}
@@ -604,9 +634,10 @@ func hasProxyBuildArg(build *Build, key string) bool {
 }
 func hasProxyBuildArgNew(build *Build, key string) bool {
 	keyUpper := strings.ToUpper(key)
+	harnessKey := "HARNESS_" + keyUpper

 	for _, s := range build.ArgsNew {
-		if strings.HasPrefix(s, key) || strings.HasPrefix(s, keyUpper) {
+		if strings.HasPrefix(s, key) || strings.HasPrefix(s, keyUpper) || strings.HasPrefix(s, harnessKey) {
 			return true
 		}
 	}
@@ -742,6 +773,22 @@ func getDigest(buildName string) (string, error) {
 	return "", errors.New("unable to fetch digest")
 }

+// imageExists checks if an image exists in local daemon
+func imageExists(tag string) bool {
+	cmd := exec.Command(dockerExe, "image", "inspect", tag)
+	return cmd.Run() == nil
+}
+
+// getDigestAfterPush gets digest from a pushed image
+func getDigestAfterPush(tag string) (string, error) {
+	cmd := exec.Command(dockerExe, "inspect", "--format", "{{ index (split (index .RepoDigests 0) \"@\") 1 }}", tag)
+	output, err := cmd.Output()
+	if err != nil {
+		return "", fmt.Errorf("failed to get digest for %s: %w", tag, err)
+	}
+	return strings.TrimSpace(string(output)), nil
+}
+
 // shouldSignWithCosign determines if cosign signing should be performed
 func (p Plugin) shouldSignWithCosign() bool {
 	return p.Cosign.PrivateKey != ""
@@ -837,7 +884,7 @@ func executeCosignCommand(cmd *exec.Cmd) {
 	cmd.Stdout = os.Stdout
 	cmd.Stderr = os.Stderr
 	fmt.Printf("🚀 Executing: %s %s\n", cmd.Path, strings.Join(cmd.Args[1:], " "))
-	
+
 	if err := cmd.Run(); err != nil {
 		fmt.Printf("⚠️  WARNING: Image signing failed: %s\n", err)
 		fmt.Printf("   Image was pushed successfully but could not be signed\n")
@@ -845,4 +892,164 @@ func executeCosignCommand(cmd *exec.Cmd) {
 	}
 }

+// pushOnly handles pushing images without building them
+func (p Plugin) pushOnly() error {
+	// Check if source image is specified
+	sourceImageName := p.SourceImage
+	var sourceTags []string

+	if sourceImageName == "" {
+		// If no source image specified, use the repo and first tag
+		fmt.Println("source_image not provided, using repo and tag value")
+		sourceImageName = p.Build.Repo
+		sourceTags = p.Build.Tags
+	} else {
+		// If source image is specified, check if it has a tag
+		lastColonIndex := strings.LastIndex(sourceImageName, ":")
+		if lastColonIndex > 0 && lastColonIndex < len(sourceImageName) {
+			// Check if there's a slash after the last colon (indicating it's a port, not a tag)
+			// For example: registry:5000/image (has slash after colon - port not tag)
+			// vs image:tag (no slash after colon - it's a tag)
+			if strings.LastIndex(sourceImageName, "/") > lastColonIndex {
+				// The last colon is part of the registry:port, not a tag separator
+				sourceTags = []string{"latest"}
+			} else {
+				// The last colon separates the tag
+				tag := sourceImageName[lastColonIndex+1:]
+				sourceImageName = sourceImageName[:lastColonIndex]
+
+				if tag == "" {
+					fmt.Printf("No tag specified in source image (or empty tag). Using 'latest' as the default tag.\n")
+					tag = "latest"
+				}
+				sourceTags = []string{tag}
+			}
+		} else {
+			// Default to "latest" if no tag specified
+			sourceTags = []string{"latest"}
+		}
+		fmt.Printf("Using source image: %s with tag(s): %s\n", sourceImageName, strings.Join(sourceTags, ", "))
+	}
+
+	// For each source tag and target tag combination
+	var digest string
+	var firstPushedImage string
+
+	for _, sourceTag := range sourceTags {
+		sourceFullImageName := fmt.Sprintf("%s:%s", sourceImageName, sourceTag)
+
+		// Check if the source image exists in local daemon
+		if !imageExists(sourceFullImageName) {
+			fmt.Printf("Warning: Source image %s not found\n", sourceFullImageName)
+			// Continue to the next source tag if available, otherwise return error
+			if len(sourceTags) > 1 {
+				continue
+			}
+			return fmt.Errorf("source image %s not found, cannot push", sourceFullImageName)
+		}
+
+		// For each target tag, tag and push
+		for _, targetTag := range p.Build.Tags {
+			targetFullImageName := fmt.Sprintf("%s:%s", p.Build.Repo, targetTag)
+
+			// Skip if source and target are identical
+			if sourceFullImageName == targetFullImageName {
+				fmt.Printf("Source and target image names are identical: %s\n", sourceFullImageName)
+			} else {
+				// Tag the source image with the target name
+				fmt.Printf("Tagging %s as %s\n", sourceFullImageName, targetFullImageName)
+				tagCmd := exec.Command(dockerExe, "tag", sourceFullImageName, targetFullImageName)
+				tagCmd.Stdout = os.Stdout
+				tagCmd.Stderr = os.Stderr
+				trace(tagCmd)
+				if err := tagCmd.Run(); err != nil {
+					return fmt.Errorf("failed to tag image %s as %s: %w", sourceFullImageName, targetFullImageName, err)
+				}
+			}
+		}
+	}
+
+	// Push all target images
+	for _, tag := range p.Build.Tags {
+		fullImageName := fmt.Sprintf("%s:%s", p.Build.Repo, tag)
+
+		// Check if image exists in local daemon
+		if !imageExists(fullImageName) {
+			return fmt.Errorf("image %s not found, cannot push", fullImageName)
+		}
+
+		// Push image
+		fmt.Println("Pushing image:", fullImageName)
+		pushCmd := commandPush(p.Build, tag)
+		pushCmd.Stdout = os.Stdout
+		pushCmd.Stderr = os.Stderr
+		trace(pushCmd)
+		if err := pushCmd.Run(); err != nil {
+			return fmt.Errorf("failed to push image %s: %w", fullImageName, err)
+		}
+
+		// Track the first pushed image for card generation
+		if firstPushedImage == "" {
+			firstPushedImage = fullImageName
+		}
+
+		// Get the digest after push (we only need one)
+		if digest == "" {
+			d, err := getDigestAfterPush(fullImageName)
+			if err == nil {
+				digest = d
+			} else {
+				fmt.Printf("Warning: Could not get digest for %s: %v\n", fullImageName, err)
+			}
+		}
+	}
+
+	// Output the adaptive card
+	if firstPushedImage != "" {
+		if err := p.writeCardForImage(firstPushedImage); err != nil {
+			fmt.Printf("Could not create adaptive card. %s\n", err)
+		}
+	}
+
+	// Write to artifact file
+	if p.ArtifactFile != "" && digest != "" {
+		if err := drone.WritePluginArtifactFile(
+			p.Daemon.RegistryType,
+			p.ArtifactFile,
+			p.Daemon.Registry,
+			p.Build.Repo,
+			digest,
+			p.Build.Tags,
+		); err != nil {
+			fmt.Printf("Failed to write plugin artifact file at path: %s with error: %s\n",
+				p.ArtifactFile, err)
+		}
+	}
+
+	// Handle cosign signing after push
+	if p.shouldSignWithCosign() {
+		// Set up environment variables for cosign
+		os.Setenv("COSIGN_YES", "true")
+
+		if digest != "" {
+			fmt.Printf("🔐 Found image digest: %s\n", digest)
+
+			// Sign with digest reference
+			imageRef := fmt.Sprintf("%s@%s", p.Build.Repo, digest)
+			cosignCmd := createCosignCommand(imageRef, p.Cosign)
+			executeCosignCommand(cosignCmd)
+		} else {
+			fmt.Printf("⚠️  WARNING: Could not get image digest for cosign signing\n")
+			fmt.Printf("   Falling back to tag-based signing\n")
+
+			// Fall back to tag-based signing for each tag
+			for _, tag := range p.Build.Tags {
+				imageRef := fmt.Sprintf("%s:%s", p.Build.Repo, tag)
+				cosignCmd := createCosignCommand(imageRef, p.Cosign)
+				executeCosignCommand(cosignCmd)
+			}
+		}
+	}
+
+	return nil
+}
@@ -1,6 +1,7 @@
 package docker

 import (
+	"os"
 	"os/exec"
 	"reflect"
 	"strings"
@@ -179,3 +180,90 @@ func TestCommandBuild(t *testing.T) {
 		})
 	}
 }
+
+func TestGetProxyValue(t *testing.T) {
+	tests := []struct {
+		name     string
+		key      string
+		envVars  map[string]string
+		expected string
+	}{
+		{
+			name:     "lowercase env var set",
+			key:      "http_proxy",
+			envVars:  map[string]string{"http_proxy": "http://proxy:8080"},
+			expected: "http://proxy:8080",
+		},
+		{
+			name:     "uppercase env var set",
+			key:      "http_proxy",
+			envVars:  map[string]string{"HTTP_PROXY": "http://proxy:8080"},
+			expected: "http://proxy:8080",
+		},
+		{
+			name:     "HARNESS prefixed env var set",
+			key:      "http_proxy",
+			envVars:  map[string]string{"HARNESS_HTTP_PROXY": "http://harness-proxy:8080"},
+			expected: "http://harness-proxy:8080",
+		},
+		{
+			name: "standard takes precedence over HARNESS",
+			key:  "http_proxy",
+			envVars: map[string]string{
+				"HTTP_PROXY":         "http://standard:8080",
+				"HARNESS_HTTP_PROXY": "http://harness:8080",
+			},
+			expected: "http://standard:8080",
+		},
+		{
+			name: "lowercase takes precedence over uppercase",
+			key:  "no_proxy",
+			envVars: map[string]string{
+				"no_proxy":        "localhost,127.0.0.1",
+				"NO_PROXY":         "*.example.com",
+				"HARNESS_NO_PROXY": "*.local",
+			},
+			expected: "localhost,127.0.0.1",
+		},
+		{
+			name: "lowercase takes precedence over HARNESS",
+			key:  "https_proxy",
+			envVars: map[string]string{
+				"https_proxy":        "https://standard:8080",
+				"HARNESS_HTTPS_PROXY": "https://harness:8080",
+			},
+			expected: "https://standard:8080",
+		},
+		{
+			name:     "no env var set",
+			key:      "http_proxy",
+			envVars:  map[string]string{},
+			expected: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Clean env
+			lowercaseKey := tt.key
+			uppercaseKey := strings.ToUpper(tt.key)
+			harnessKey := "HARNESS_" + strings.ToUpper(tt.key)
+
+			os.Unsetenv(lowercaseKey)
+			os.Unsetenv(uppercaseKey)
+			os.Unsetenv(harnessKey)
+
+			// Set test environment variables
+			for k, v := range tt.envVars {
+				os.Setenv(k, v)
+				defer os.Unsetenv(k)
+			}
+
+			// Execute and verify
+			result := getProxyValue(tt.key)
+			if result != tt.expected {
+				t.Errorf("getProxyValue(%q) = %q, want %q", tt.key, result, tt.expected)
+			}
+		})
+	}
+}
@@ -3,7 +3,11 @@ module github.com/drone-plugins/drone-docker
 require (
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.17.1
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.2
-	github.com/aws/aws-sdk-go v1.26.7
+	github.com/aws/aws-sdk-go-v2 v1.41.2
+	github.com/aws/aws-sdk-go-v2/config v1.32.10
+	github.com/aws/aws-sdk-go-v2/credentials v1.19.10
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.55.3
+	github.com/aws/aws-sdk-go-v2/service/sts v1.41.7
 	github.com/coreos/go-semver v0.3.0
 	github.com/dchest/uniuri v1.2.0
 	github.com/drone-plugins/drone-plugin-lib v0.4.1
@@ -11,7 +15,7 @@ require (
 	github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743
 	github.com/joho/godotenv v1.3.0
 	github.com/pkg/errors v0.9.1
-	github.com/sirupsen/logrus v1.9.0
+	github.com/sirupsen/logrus v1.9.3
 	github.com/stretchr/testify v1.10.0
 	github.com/urfave/cli v1.22.2
 	golang.org/x/oauth2 v0.27.0
@@ -22,6 +26,16 @@ require (
 	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.18 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.5 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.18 // indirect
+	github.com/aws/aws-sdk-go-v2/service/signin v1.0.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.30.11 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.15 // indirect
+	github.com/aws/smithy-go v1.24.1 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
@@ -31,7 +45,6 @@ require (
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.1 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
-	github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
@@ -48,6 +61,6 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

-go 1.23.0
+go 1.24

-toolchain go1.23.7
+toolchain go1.24.11
@@ -15,8 +15,36 @@ github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mo
 github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3 h1:H5xDQaE3XowWfhZRUpnfC+rGZMEVoSiji+b+/HFAPU4=
 github.com/AzureAD/microsoft-authentication-library-for-go v1.3.3/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/aws/aws-sdk-go v1.26.7 h1:ObjEnmzvSdYy8KVd3me7v/UMyCn81inLy2SyoIPoBkg=
-github.com/aws/aws-sdk-go v1.26.7/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
+github.com/aws/aws-sdk-go-v2 v1.41.2 h1:LuT2rzqNQsauaGkPK/7813XxcZ3o3yePY0Iy891T2ls=
+github.com/aws/aws-sdk-go-v2 v1.41.2/go.mod h1:IvvlAZQXvTXznUPfRVfryiG1fbzE2NGK6m9u39YQ+S4=
+github.com/aws/aws-sdk-go-v2/config v1.32.10 h1:9DMthfO6XWZYLfzZglAgW5Fyou2nRI5CuV44sTedKBI=
+github.com/aws/aws-sdk-go-v2/config v1.32.10/go.mod h1:2rUIOnA2JaiqYmSKYmRJlcMWy6qTj1vuRFscppSBMcw=
+github.com/aws/aws-sdk-go-v2/credentials v1.19.10 h1:EEhmEUFCE1Yhl7vDhNOI5OCL/iKMdkkYFTRpZXNw7m8=
+github.com/aws/aws-sdk-go-v2/credentials v1.19.10/go.mod h1:RnnlFCAlxQCkN2Q379B67USkBMu1PipEEiibzYN5UTE=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.18 h1:Ii4s+Sq3yDfaMLpjrJsqD6SmG/Wq/P5L/hw2qa78UAY=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.18/go.mod h1:6x81qnY++ovptLE6nWQeWrpXxbnlIex+4H4eYYGcqfc=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.18 h1:F43zk1vemYIqPAwhjTjYIz0irU2EY7sOb/F5eJ3HuyM=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.18/go.mod h1:w1jdlZXrGKaJcNoL+Nnrj+k5wlpGXqnNrKoP22HvAug=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.18 h1:xCeWVjj0ki0l3nruoyP2slHsGArMxeiiaoPN5QZH6YQ=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.18/go.mod h1:r/eLGuGCBw6l36ZRWiw6PaZwPXb6YOj+i/7MizNl5/k=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 h1:WKuaxf++XKWlHWu9ECbMlha8WOEGm0OUEZqm4K/Gcfk=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4/go.mod h1:ZWy7j6v1vWGmPReu0iSGvRiise4YI5SkR3OHKTZ6Wuc=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.55.3 h1:RtGctYMmkTerGClvdY6bHXdtly4FeYw9wz/NPz62LF8=
+github.com/aws/aws-sdk-go-v2/service/ecr v1.55.3/go.mod h1:vBfBu24Ka3/5UZtepbTV0gnc9VPLT8ok+0oDDaYAzn4=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.5 h1:CeY9LUdur+Dxoeldqoun6y4WtJ3RQtzk0JMP2gfUay0=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.5/go.mod h1:AZLZf2fMaahW5s/wMRciu1sYbdsikT/UHwbUjOdEVTc=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.18 h1:LTRCYFlnnKFlKsyIQxKhJuDuA3ZkrDQMRYm6rXiHlLY=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.18/go.mod h1:XhwkgGG6bHSd00nO/mexWTcTjgd6PjuvWQMqSn2UaEk=
+github.com/aws/aws-sdk-go-v2/service/signin v1.0.6 h1:MzORe+J94I+hYu2a6XmV5yC9huoTv8NRcCrUNedDypQ=
+github.com/aws/aws-sdk-go-v2/service/signin v1.0.6/go.mod h1:hXzcHLARD7GeWnifd8j9RWqtfIgxj4/cAtIVIK7hg8g=
+github.com/aws/aws-sdk-go-v2/service/sso v1.30.11 h1:7oGD8KPfBOJGXiCoRKrrrQkbvCp8N++u36hrLMPey6o=
+github.com/aws/aws-sdk-go-v2/service/sso v1.30.11/go.mod h1:0DO9B5EUJQlIDif+XJRWCljZRKsAFKh3gpFz7UnDtOo=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.15 h1:edCcNp9eGIUDUCrzoCu1jWAXLGFIizeqkdkKgRlJwWc=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.15/go.mod h1:lyRQKED9xWfgkYC/wmmYfv7iVIM68Z5OQ88ZdcV1QbU=
+github.com/aws/aws-sdk-go-v2/service/sts v1.41.7 h1:NITQpgo9A5NrDZ57uOWj+abvXSb83BbyggcUBVksN7c=
+github.com/aws/aws-sdk-go-v2/service/sts v1.41.7/go.mod h1:sks5UWBhEuWYDPdwlnRFn1w7xWdH29Jcpe+/PJQefEs=
+github.com/aws/smithy-go v1.24.1 h1:VbyeNfmYkWoxMVpGUAbQumkODcYmfMRfZ8yQiH30SK0=
+github.com/aws/smithy-go v1.24.1/go.mod h1:LEj2LM3rBRQJxPZTB4KuzZkaZYnZPnvgIhb4pu07mx0=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@@ -81,8 +109,6 @@ github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56
 github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU=
 github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743 h1:X3Xxno5Ji8idrNiUoFc7QyXpqhSYlDRYQmc7mlpMBzU=
 github.com/inhies/go-bytesize v0.0.0-20210819104631-275770b98743/go.mod h1:KrtyD5PFj++GKkFS/7/RRrfnRhAMGQwy75GLCHWrCNs=
-github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
-github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
 github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs=
@@ -108,8 +134,8 @@ github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQD
 github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
-github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
+github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
Author	SHA1	Message	Date
chhawchharia	2f6803e300	feat: [CI-21342]: Aws migrated and vulnerabilities fixed (#505 ) Made-with: Cursor	2026-03-04 11:42:44 +05:30
ebtasam-faridy	f5f11face3	Merge pull request #504 from drone-plugins/ci-18951 feat: [CI-18951]: check for HARNESS prefixed proxy variables	2026-02-23 17:07:20 +05:30
Chirag S	e70d271e93	feat: [CI-18951]: added a log when harness fallback is used	2026-02-18 10:56:51 +05:30
Chirag S	f32aa46ea8	feat: [CI-18951]: added unit tests and better comments for the changes	2026-02-18 10:40:37 +05:30
Chirag S	5810bf8a5a	feat: [CI-18951]: check for HARNESS prefixed proxy variables	2026-02-13 14:47:58 +05:30
Anurag Madnawat	23887402c3	[feat]: [CI-20260]: Make daemon retry count configurable (#503 )	2026-02-11 11:04:38 +05:30
ebtasam-faridy	e9bba4ffcf	Update pipeline drone-docker-harness (#502 )	2026-01-28 19:07:35 +05:30
ebtasam-faridy	7b900ae75d	Ci 20437 (#499 ) * fix: [CI-20437] Golang version update for vulnerability fix * fix: [CI-20437] Golang version update for vulnerability fix	2026-01-28 14:13:48 +05:30
OP (oppenheimer)	aabeaaf7bb	feat: [CI-20527]: add push-only mode to skip build and push pre-existing images (#500 ) * Add push-only support * Include support for PLUGIN_NO_PUSH as well	2026-01-26 22:55:18 +05:30