From db3d40ca0bc9f0e4cb317309846bdce3436832de Mon Sep 17 00:00:00 2001 From: Pablo Castillo Date: Thu, 1 Jul 2021 11:40:29 -0700 Subject: [PATCH 1/3] Added ability to set Image Scanning for repos --- README.md | 1 + action.yml | 3 +++ entrypoint.sh | 13 +++++++++++++ 3 files changed, 17 insertions(+) diff --git a/README.md b/README.md index 915b192..0227d76 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,7 @@ This Action allows you to create Docker images and push into a ECR repository. | `create_repo` | `boolean` | `false` | Set this to true to create the repository if it does not already exist | | `set_repo_policy` | `boolean` | `false` | Set this to true to set a IAM policy on the repository | | `repo_policy_file` | `string` | `repo-policy.json` | Set this to repository policy statement json file. only used if the set_repo_policy is set to true | +| `image_scanning_configuration:` | `boolean` | `false` | Set this to True if you want AWS to scan your images for vulnerabilities | | `tags` | `string` | `latest` | Comma-separated string of ECR image tags (ex latest,1.0.0,) | | `dockerfile` | `string` | `Dockerfile` | Name of Dockerfile to use | | `extra_build_args` | `string` | `""` | Extra flags to pass to docker build (see docs.docker.com/engine/reference/commandline/build) | diff --git a/action.yml b/action.yml index d50835e..9a7f0a0 100644 --- a/action.yml +++ b/action.yml @@ -36,6 +36,9 @@ inputs: tags: description: Comma-separated string of ECR image tags default: latest + image_scanning_configuration: + description: Set this to True if you want AWS to scan your images for vulnerabilities + default: false dockerfile: description: Name of Dockerfile to use default: Dockerfile diff --git a/entrypoint.sh b/entrypoint.sh index be1b29b..e329b6c 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -7,6 +7,7 @@ INPUT_TAGS="${INPUT_TAGS:-latest}" INPUT_CREATE_REPO="${INPUT_CREATE_REPO:-false}" INPUT_SET_REPO_POLICY="${INPUT_SET_REPO_POLICY:-false}" INPUT_REPO_POLICY_FILE="${INPUT_REPO_POLICY_FILE:-repo-policy.json}" +INPUT_IMAGE_SCANNING_CONFIGURATION="${INPUT_IMAGE_SCANNING_CONFIGURATION:-false}" function main() { sanitize "${INPUT_ACCESS_KEY_ID}" "access_key_id" @@ -14,6 +15,7 @@ function main() { sanitize "${INPUT_REGION}" "region" sanitize "${INPUT_ACCOUNT_ID}" "account_id" sanitize "${INPUT_REPO}" "repo" + sanitize "${INPUT_IMAGE_SCANNING_CONFIGURATION}" "image_scanning_configuration" ACCOUNT_URL="$INPUT_ACCOUNT_ID.dkr.ecr.$INPUT_REGION.amazonaws.com" @@ -25,6 +27,7 @@ function main() { create_ecr_repo $INPUT_CREATE_REPO set_ecr_repo_policy $INPUT_SET_REPO_POLICY docker_push_to_ecr $INPUT_TAGS $ACCOUNT_URL + image_scanning_configuration $INPUT_IMAGE_SCANNING_CONFIGURATION } function sanitize() { @@ -96,6 +99,16 @@ function set_ecr_repo_policy() { fi } +function put_image_scanning_configuration() { + if [ "${1}" = true ]; then + echo "== START SET IMAGE SCANNING CONFIGURATION" + if [ -f "${INPUT_IMAGE_SCANNING_CONFIGURATION}" ]; then + aws ecr put-image-scanning-configuration --repository-name $INPUT_REPO --image-scanning-configuration scanOnPush=${INPUT_IMAGE_SCANNING_CONFIGURATION} + echo "== FINISHED SET IMAGE SCANNING CONFIGURATION" + fi + fi +} + function run_pre_build_script() { if [ ! -z "${1}" ]; then echo "== START PREBUILD SCRIPT" From 97d076853c78e65a8ff63acf4717eacb00ab66f7 Mon Sep 17 00:00:00 2001 From: Pablo Castillo Date: Thu, 1 Jul 2021 11:49:34 -0700 Subject: [PATCH 2/3] Added myself as another author --- action.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/action.yml b/action.yml index 9a7f0a0..c83aa05 100644 --- a/action.yml +++ b/action.yml @@ -1,5 +1,5 @@ -name: AWS ECR -author: Lee Sun-Hyoup +name: AWS ECR Push +author: Lee Sun-Hyoup , Pablo Castillo branding: icon: upload-cloud color: orange From 0865f7179f656928e7c48bc071deb8d9556ab82f Mon Sep 17 00:00:00 2001 From: Pablo Castillo Date: Thu, 1 Jul 2021 11:51:18 -0700 Subject: [PATCH 3/3] reverted Action name --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index c83aa05..29ed109 100644 --- a/action.yml +++ b/action.yml @@ -1,4 +1,4 @@ -name: AWS ECR Push +name: AWS ECR author: Lee Sun-Hyoup , Pablo Castillo branding: icon: upload-cloud