diff --git a/cmd/drone-ecr/main.go b/cmd/drone-ecr/main.go index 1a949c6..1390d8e 100644 --- a/cmd/drone-ecr/main.go +++ b/cmd/drone-ecr/main.go @@ -12,6 +12,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" + "github.com/aws/aws-sdk-go/aws/credentials/stscreds" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/ecr" ) @@ -28,6 +29,7 @@ func main() { create = parseBoolOrDefault(false, getenv("PLUGIN_CREATE_REPOSITORY", "ECR_CREATE_REPOSITORY")) lifecyclePolicy = getenv("PLUGIN_LIFECYCLE_POLICY") repositoryPolicy = getenv("PLUGIN_REPOSITORY_POLICY") + assumeRole = getenv("PLUGIN_ASSUME_ROLE") ) // set the region @@ -43,12 +45,11 @@ func main() { } sess, err := session.NewSession(&aws.Config{Region: ®ion}) - if err != nil { log.Fatal(fmt.Sprintf("error creating aws session: %v", err)) } - svc := ecr.New(sess) + svc := getECRClient(sess, assumeRole) username, password, defaultRegistry, err := getAuthInfo(svc) if registry == "" { @@ -184,3 +185,12 @@ func getenv(key ...string) (s string) { } return } + +func getECRClient(sess *session.Session, role string) *ecr.ECR { + if role == "" { + return ecr.New(sess) + } + return ecr.New(sess, &aws.Config{ + Credentials: stscreds.NewCredentials(sess, role), + }) +} diff --git a/docker/docker/Dockerfile.windows.1809 b/docker/docker/Dockerfile.windows.1809 index 647ec42..bffc4b4 100644 --- a/docker/docker/Dockerfile.windows.1809 +++ b/docker/docker/Dockerfile.windows.1809 @@ -13,7 +13,8 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl Invoke-WebRequest $('https://github.com/docker/toolbox/releases/download/v{0}/DockerToolbox-{0}.exe' -f $env:DOCKER_VERSION) -OutFile 'dockertoolbox.exe' -UseBasicParsing RUN /innoextract.exe dockertoolbox.exe -FROM plugins/base:windows-1809 +FROM mcr.microsoft.com/windows/nanoserver:1809 +USER ContainerAdministrator LABEL maintainer="Drone.IO Community " ` org.label-schema.name="Drone Docker" `