Updated cmd/kaniko-ecr/main.go

.harness/harness.yaml

@@ -12,6 +12,32 @@ pipeline:
         build: <+input>
         sparseCheckout: []
   stages:
+    - stage:
+        name: Manager Approval
+        identifier: Manager_Approval
+        description: ""
+        type: Approval
+        spec:
+          execution:
+            steps:
+              - step:
+                  name: CI Manager Approval
+                  identifier: CI_Manager_Approval
+                  type: HarnessApproval
+                  timeout: 1d
+                  spec:
+                    approvalMessage: |-
+                      Please review the following information
+                      and approve the pipeline progression
+                    includePipelineExecutionHistory: true
+                    approvers:
+                      minimumCount: 1
+                      disallowPipelineExecutor: false
+                      userGroups:
+                        - CI_Manager
+                    isAutoRejectEnabled: false
+                    approverInputs: []
+        tags: {}
     - parallel:
         - stage:
             name: linux-amd64
@@ -629,13 +655,13 @@ pipeline:
                           nodeName: manifest_<+matrix.repo>
                   - step:
                       type: Plugin
-                      name: Manifest_kaniko191
+                      name: Manifest_kaniko
                       identifier: Manifest_kaniko
                       spec:
                         connectorRef: Plugins_Docker_Hub_Connector
                         image: plugins/manifest
                         settings:
-                          auto_tag: "false"
+                          auto_tag: "true"
                           spec: docker/<+matrix.repo>/manifest-kaniko1.9.1.tmpl
                           username: drone
                           password: <+secrets.getValue("Plugins_Docker_Hub_Pat")>
@@ -653,4 +679,3 @@ pipeline:
                           nodeName: manifest_<+matrix.repo>
         when:
           pipelineStatus: Success
-  allowStageExecutions: true

cmd/kaniko-ecr/main.go

@@ -879,18 +879,6 @@ func getOidcCreds(oidcToken, assumeRole string) (string, string, string, error)
 	return *result.Credentials.AccessKeyId, *result.Credentials.SecretAccessKey, *result.Credentials.SessionToken, nil
 }
 
-func createECRSession(region, accessKey, secretKey, sessionToken string) *ecrv1.ECR {
-	sess := session.Must(session.NewSession(&awsv1.Config{
-		Region: awsv1.String(region),
-		Credentials: credentials.NewStaticCredentials(
-			accessKey,
-			secretKey,
-			sessionToken,
-		),
-	}))
-	return ecrv1.New(sess)
-}
-
 func handlePushOnly(c *cli.Context) error {
 	sourceTarPath := c.String("source-tar-path")
 	if sourceTarPath == "" {
@@ -921,15 +909,31 @@ func handlePushOnly(c *cli.Context) error {
 		if err != nil {
 			return fmt.Errorf("failed to get OIDC credentials: %v", err)
 		}
-
-		svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken)
+		
+		sess := session.Must(session.NewSession(&awsv1.Config{
+			Region: awsv1.String(c.String("region")),
+			Credentials: credentials.NewStaticCredentials(
+				accessKey,
+				secretKey,
+				sessionToken,
+			),
+		}))
+		svc = ecrv1.New(sess)
 	} else if assumeRole := c.String("assume-role"); assumeRole != "" {
 		accessKey, secretKey, sessionToken, err := getAssumeRoleCreds(c.String("region"), assumeRole, c.String("external-id"), "")
 		if err != nil {
 			return fmt.Errorf("failed to get assume role credentials: %v", err)
 		}
-
-		svc = createECRSession(c.String("region"), accessKey, secretKey, sessionToken)
+		
+		sess := session.Must(session.NewSession(&awsv1.Config{
+			Region: awsv1.String(c.String("region")),
+			Credentials: credentials.NewStaticCredentials(
+				accessKey,
+				secretKey,
+				sessionToken,
+			),
+		}))
+		svc = ecrv1.New(sess)
 	} else {
 		// Use direct credentials or IAM role
 		sess := session.Must(session.NewSession(&awsv1.Config{