bump dind to 20.10.9

rebased on master + applied the previous changes

commit b96d524
Author: surtur <a_mirre@utb.cz>
Date:   Fri Oct 22 14:28:24 2021 +0200

    chore: bump dind to 20.10.9

commit ca9cfe9
Author: surtur <a_mirre@utb.cz>
Date:   Tue Jun 8 22:32:45 2021 +0200

    chore: bump docker to 20.10.7-dind

commit 5dc2b56
Author: surtur <a_mirre@utb.cz>
Date:   Tue Apr 13 10:00:07 2021 +0200

    chore: bump docker to 20.10.6-dind

commit 6dc63b2
Author: surtur <a_mirre@utb.cz>
Date:   Wed Mar 17 02:35:29 2021 +0100

    chore: bump docker to 20.10.5-dind

commit 1ae4536
Author: surtur <a_mirre@utb.cz>
Date:   Wed Mar 17 01:11:36 2021 +0100

    docker: add multiple different image tags

    rolling:
    * latest
    * edge-dind

    fixed to a commit:
    * ${DRONE_COMMIT_SHA:0:8}
    * ${DRONE_COMMIT_SHA:0:8}-edge-dind
    * ${DRONE_COMMIT_SHA:0:8}-linux-amd64

commit 6b86978
Author: surtur <a_mirre@utb.cz>
Date:   Wed Mar 17 02:22:36 2021 +0100

    ci: use plugins/docker:linux-amd64

    * bump from :18
    * add repo tag for dry_run

commit 2a52c7e
Author: surtur <a_mirre@utb.cz>
Date:   Tue Mar 16 22:26:30 2021 +0100

    chore: bump docker to 19.03.15-dind

commit e5693c3
Author: surtur <a_mirre@utb.cz>
Date:   Tue Mar 16 21:53:51 2021 +0100

    ci: dry-run on push+publish to immawanderer

commit 07c40b4
Author: surtur <a_mirre@utb.cz>
Date:   Tue Mar 16 19:59:34 2021 +0100

    jsonnet: thow out {arm,gcr,acr,heroku} stuff

commit f005615
Author: surtur <a_mirre@utb.cz>
Date:   Tue Mar 16 19:26:12 2021 +0100

    ci: edit .drone.yml to only build for linux-amd64

    * rm windows pipelines as I don't have any windows runners
    * rm arm/arm64 pipelines as I don't have any arm runners
    * rm {ecr,acr,whatever} publish steps as we're not publishing anything
      just yet
    * tag the image under immawanderer, not the official plugins repo
    * run as a dry_run (cause we're not really publishing, right?)

commit 6ec5e71
Merge: 88f8bf1 0911e6a
Author: TP Honey <tp@harness.io>
Date:   Wed Oct 13 17:19:30 2021 +0100

    Merge pull request drone-plugins#338 from tphoney/bump-go-1.13

    (maint) bump git to 1.13 for build and test

commit 0911e6a
Author: TP Honey <tp@harness.io>
Date:   Wed Oct 13 14:49:29 2021 +0100

    (maint) bump git to 1.13 for build and test

commit 88f8bf1
Merge: 607b04a 2d70a1f
Author: TP Honey <tp@harness.io>
Date:   Wed Oct 13 14:32:03 2021 +0100

    Merge pull request drone-plugins#337 from tphoney/prep_v19.03.9

    (maint) v19.03.9 release prep

commit 2d70a1f
Author: TP Honey <tp@harness.io>
Date:   Wed Oct 13 14:24:58 2021 +0100

    (maint) v19.03.9 release prep

commit 607b04a
Merge: 72ef7b1 e44c2d4
Author: Eoin McAfee <83226740+eoinmcafee00@users.noreply.github.com>
Date:   Thu Sep 23 15:52:24 2021 +0100

    Merge pull request drone-plugins#333 from jimsheldon/ecr-externalid

    adding support for externalId

commit e44c2d4
Author: Jim Sheldon <jim.sheldon@meltwater.com>
Date:   Fri Sep 17 15:33:05 2021 -0400

    adding support for externalId

commit 72ef7b1
Author: Brad Rydzewski <bradley.rydzewski@harness.io>
Date:   Mon Aug 2 22:15:39 2021 -0400

    log available credentials before login

commit fbbeec5
Author: Brad Rydzewski <bradley.rydzewski@harness.io>
Date:   Mon Aug 2 21:42:22 2021 -0400

    use Replace instead of ReplaceAll

commit b1d8698
Author: Brad Rydzewski <bradley.rydzewski@harness.io>
Date:   Mon Aug 2 21:28:37 2021 -0400

    print login failure reason to output

commit d4cf9f2
Author: Brad Rydzewski <brad.rydzewski@gmail.com>
Date:   Sun Jul 11 15:50:43 2021 -0400

    remove pull always

commit f753800
Merge: dd359df c10d367
Author: Brad Rydzewski <brad.rydzewski@gmail.com>
Date:   Sun Jul 11 15:39:35 2021 -0400

    Merge pull request drone-plugins#325 from drone-plugins/revert-322-update-seccomp

    Revert "Update seccomp to 20.10 docker"

commit c10d367
Author: Brad Rydzewski <brad.rydzewski@gmail.com>
Date:   Sun Jul 11 15:38:04 2021 -0400

    Revert "Update seccomp to 20.10 docker (drone-plugins#322)"

    This reverts commit dd359df.

commit dd359df
Author: techknowlogick <matti@mdranta.net>
Date:   Wed Jul 7 15:03:54 2021 -0400

    Update seccomp to 20.10 docker (drone-plugins#322)

    * Update seccomp to 20.10 docker

commit 729aa5d
Merge: f08821b db5c216
Author: TP Honey <tp@harness.io>
Date:   Wed Jul 7 19:52:19 2021 +0100

    Merge pull request drone-plugins#323 from tphoney/docker_rate_limit

    (maint) CI, remove the dry run steps, due to rate limiting

commit db5c216
Author: TP Honey <tp@harness.io>
Date:   Wed Jul 7 19:37:30 2021 +0100

    (maint) CI, remove the dry run steps, due to rate limiting

commit f08821b
Merge: 0f6bd8a 5760e7b
Author: Brad Rydzewski <brad.rydzewski@gmail.com>
Date:   Tue Apr 6 15:55:56 2021 -0400

    Merge pull request drone-plugins#300 from rvoitenko/ecr_scan_on_push

    ECR: adding setting to enable image scanning while repo creation

commit 5760e7b
Merge: 3501d9a 7ade37a
Author: Roman Voitenko <r00mka@gmail.com>
Date:   Sat Feb 20 13:32:16 2021 +0100

    Merge branch 'master' into ecr_scan_on_push

commit 3501d9a
Author: Roman Voitenko <roman.voitenko@konsult.atg.se>
Date:   Thu Oct 1 10:43:25 2020 +0200

    add possibility to turn on/off image scanning not only during repo creation, but when repo already created

commit d8b6b48
Author: Roman Voitenko <roman.voitenko@konsult.atg.se>
Date:   Wed Sep 30 23:32:23 2020 +0200

    add possibility to turn on ECR image scanning for repos created by ecr plugin

.drone.yml

@@ -8,8 +8,7 @@ platform:
 
 steps:
 - name: vet
-  pull: always
-  image: golang:1.11
+  image: golang:1.13
   commands:
   - go vet ./...
   environment:
@@ -19,8 +18,7 @@ steps:
     path: /go
 
 - name: test
-  pull: always
-  image: golang:1.11
+  image: golang:1.13
   commands:
   - go test -cover ./...
   environment:
@@ -51,8 +49,7 @@ platform:
 
 steps:
 - name: build-push
-  pull: always
-  image: golang:1.11
+  image: golang:1.13
   commands:
   - "go build -v -ldflags \"-X main.version=${DRONE_COMMIT_SHA:0:8}\" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker"
   environment:
@@ -64,8 +61,7 @@ steps:
       - tag
 
 - name: build-tag
-  pull: always
-  image: golang:1.11
+  image: golang:1.13
   commands:
   - "go build -v -ldflags \"-X main.version=${DRONE_TAG##v}\" -a -tags netgo -o release/linux/amd64/drone-docker ./cmd/drone-docker"
   environment:
@@ -76,8 +72,7 @@ steps:
     - tag
 
 - name: executable
-  pull: always
-  image: golang:1.11
+  image: golang:1.13
   commands:
   - ./release/linux/amd64/drone-docker --help
 

.github_changelog_generator

@@ -0,0 +1,2 @@
+since-tag=v19.03.8
+

CHANGELOG.md

@@ -0,0 +1,25 @@
+# Changelog
+
+## [v19.03.9](https://github.com/drone-plugins/drone-docker/tree/v19.03.9) (2021-10-13)
+
+[Full Changelog](https://github.com/drone-plugins/drone-docker/compare/v19.03.8...v19.03.9)
+
+**Implemented enhancements:**
+
+- adding support for externalId [\#333](https://github.com/drone-plugins/drone-docker/pull/333) ([jimsheldon](https://github.com/jimsheldon))
+- Add support for automatic opencontainer labels [\#313](https://github.com/drone-plugins/drone-docker/pull/313) ([codrut-fc](https://github.com/codrut-fc))
+- add custom seccomp profile [\#312](https://github.com/drone-plugins/drone-docker/pull/312) ([xoxys](https://github.com/xoxys))
+- ECR: adding setting to enable image scanning while repo creation [\#300](https://github.com/drone-plugins/drone-docker/pull/300) ([rvoitenko](https://github.com/rvoitenko))
+
+**Fixed bugs:**
+
+- Revert "Update seccomp to 20.10 docker" [\#325](https://github.com/drone-plugins/drone-docker/pull/325) ([bradrydzewski](https://github.com/bradrydzewski))
+
+**Merged pull requests:**
+
+- \(maint\) CI, remove the dry run steps, due to rate limiting [\#323](https://github.com/drone-plugins/drone-docker/pull/323) ([tphoney](https://github.com/tphoney))
+- Update seccomp to 20.10 docker [\#322](https://github.com/drone-plugins/drone-docker/pull/322) ([techknowlogick](https://github.com/techknowlogick))
+
+
+
+\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*

cmd/drone-ecr/main.go

@@ -37,6 +37,8 @@ func main() {
 		lifecyclePolicy  = getenv("PLUGIN_LIFECYCLE_POLICY")
 		repositoryPolicy = getenv("PLUGIN_REPOSITORY_POLICY")
 		assumeRole       = getenv("PLUGIN_ASSUME_ROLE")
+		externalId       = getenv("PLUGIN_EXTERNAL_ID")
+		scanOnPush       = parseBoolOrDefault(false, getenv("PLUGIN_SCAN_ON_PUSH"))
 	)
 
 	// set the region
@@ -56,7 +58,7 @@ func main() {
 		log.Fatal(fmt.Sprintf("error creating aws session: %v", err))
 	}
 
-	svc := getECRClient(sess, assumeRole)
+	svc := getECRClient(sess, assumeRole, externalId)
 	username, password, defaultRegistry, err := getAuthInfo(svc)
 
 	if registry == "" {
@@ -72,10 +74,14 @@ func main() {
 	}
 
 	if create {
-		err = ensureRepoExists(svc, trimHostname(repo, registry))
+		err = ensureRepoExists(svc, trimHostname(repo, registry), scanOnPush)
 		if err != nil {
 			log.Fatal(fmt.Sprintf("error creating ECR repo: %v", err))
 		}
+		err = updateImageScannningConfig(svc, trimHostname(repo, registry), scanOnPush)
+		if err != nil {
+			log.Fatal(fmt.Sprintf("error updating scan on push for ECR repo: %v", err))
+		}
 	}
 
 	if lifecyclePolicy != "" {
@@ -118,9 +124,10 @@ func trimHostname(repo, registry string) string {
 	return repo
 }
 
-func ensureRepoExists(svc *ecr.ECR, name string) (err error) {
+func ensureRepoExists(svc *ecr.ECR, name string, scanOnPush bool) (err error) {
 	input := &ecr.CreateRepositoryInput{}
 	input.SetRepositoryName(name)
+	input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush})
 	_, err = svc.CreateRepository(input)
 	if err != nil {
 		if aerr, ok := err.(awserr.Error); ok && aerr.Code() == ecr.ErrCodeRepositoryAlreadyExistsException {
@@ -132,6 +139,15 @@ func ensureRepoExists(svc *ecr.ECR, name string) (err error) {
 	return
 }
 
+func updateImageScannningConfig(svc *ecr.ECR, name string, scanOnPush bool) (err error) {
+	input := &ecr.PutImageScanningConfigurationInput{}
+	input.SetRepositoryName(name)
+	input.SetImageScanningConfiguration(&ecr.ImageScanningConfiguration{ScanOnPush: &scanOnPush})
+	_, err = svc.PutImageScanningConfiguration(input)
+
+	return err
+}
+
 func uploadLifeCyclePolicy(svc *ecr.ECR, lifecyclePolicy string, name string) (err error) {
 	input := &ecr.PutLifecyclePolicyInput{}
 	input.SetLifecyclePolicyText(lifecyclePolicy)
@@ -193,11 +209,19 @@ func getenv(key ...string) (s string) {
 	return
 }
 
-func getECRClient(sess *session.Session, role string) *ecr.ECR {
+func getECRClient(sess *session.Session, role string, externalId string) *ecr.ECR {
 	if role == "" {
 		return ecr.New(sess)
 	}
-	return ecr.New(sess, &aws.Config{
-		Credentials: stscreds.NewCredentials(sess, role),
-	})
+	if externalId != "" {
+		return ecr.New(sess, &aws.Config{
+			Credentials: stscreds.NewCredentials(sess, role, func(p *stscreds.AssumeRoleProvider) {
+				p.ExternalID = &externalId
+			}),
+		})
+	} else {
+		return ecr.New(sess, &aws.Config{
+			Credentials: stscreds.NewCredentials(sess, role),
+		})
+	}
 }

docker.go

@@ -39,26 +39,26 @@ type (
 
 	// Build defines Docker build parameters.
 	Build struct {
-		Remote        string   // Git remote URL
-		Name          string   // Docker build using default named tag
-		Dockerfile    string   // Docker build Dockerfile
-		Context       string   // Docker build context
-		Tags          []string // Docker build tags
-		Args          []string // Docker build args
-		ArgsEnv       []string // Docker build args from env
-		Target        string   // Docker build target
-		Squash        bool     // Docker build squash
-		Pull          bool     // Docker build pull
-		CacheFrom     []string // Docker build cache-from
-		Compress      bool     // Docker build compress
-		Repo          string   // Docker build repository
-		LabelSchema   []string // label-schema Label map
-		AutoLabel     bool     // auto-label bool
-		Labels        []string // Label map
-		Link          string   // Git repo link
-		NoCache       bool     // Docker build no-cache
-		AddHost       []string // Docker build add-host
-		Quiet         bool     // Docker build quiet
+		Remote      string   // Git remote URL
+		Name        string   // Docker build using default named tag
+		Dockerfile  string   // Docker build Dockerfile
+		Context     string   // Docker build context
+		Tags        []string // Docker build tags
+		Args        []string // Docker build args
+		ArgsEnv     []string // Docker build args from env
+		Target      string   // Docker build target
+		Squash      bool     // Docker build squash
+		Pull        bool     // Docker build pull
+		CacheFrom   []string // Docker build cache-from
+		Compress    bool     // Docker build compress
+		Repo        string   // Docker build repository
+		LabelSchema []string // label-schema Label map
+		AutoLabel   bool     // auto-label bool
+		Labels      []string // Label map
+		Link        string   // Git repo link
+		NoCache     bool     // Docker build no-cache
+		AddHost     []string // Docker build add-host
+		Quiet       bool     // Docker build quiet
 	}
 
 	// Plugin defines the Docker plugin parameters.
@@ -80,16 +80,33 @@ func (p Plugin) Exec() error {
 
 	// poll the docker daemon until it is started. This ensures the daemon is
 	// ready to accept connections before we proceed.
-	for i := 0; i < 15; i++ {
+	for i := 0; ; i++ {
 		cmd := commandInfo()
 		err := cmd.Run()
 		if err == nil {
 			break
 		}
+		if i == 15 {
+			fmt.Println("Unable to reach Docker Daemon after 15 attempts.")
+			break
+		}
 		time.Sleep(time.Second * 1)
 	}
 
-	// Create Auth Config File
+	// for debugging purposes, log the type of authentication
+	// credentials that have been provided.
+	switch {
+	case p.Login.Password != "" && p.Login.Config != "":
+		fmt.Println("Detected registry credentials and registry credentials file")
+	case p.Login.Password != "":
+		fmt.Println("Detected registry credentials")
+	case p.Login.Config != "":
+		fmt.Println("Detected registry credentials file")
+	default:
+		fmt.Println("Registry credentials or Docker config not provided. Guest mode enabled.")
+	}
+
+	// create Auth Config File
 	if p.Login.Config != "" {
 		os.MkdirAll(dockerHome, 0600)
 
@@ -103,21 +120,15 @@ func (p Plugin) Exec() error {
 	// login to the Docker registry
 	if p.Login.Password != "" {
 		cmd := commandLogin(p.Login)
-		err := cmd.Run()
+		raw, err := cmd.CombinedOutput()
 		if err != nil {
-			return fmt.Errorf("Error authenticating: %s", err)
+			out := string(raw)
+			out = strings.Replace(out, "WARNING! Using --password via the CLI is insecure. Use --password-stdin.", "", -1)
+			fmt.Println(out)
+			return fmt.Errorf("Error authenticating: exit status 1")
 		}
 	}
 
-	switch {
-	case p.Login.Password != "":
-		fmt.Println("Detected registry credentials")
-	case p.Login.Config != "":
-		fmt.Println("Detected registry credentials file")
-	default:
-		fmt.Println("Registry credentials or Docker config not provided. Guest mode enabled.")
-	}
-
 	if p.Build.Squash && !p.Daemon.Experimental {
 		fmt.Println("Squash build flag is only available when Docker deamon is started with experimental flag. Ignoring...")
 		p.Build.Squash = false

docker/docker/Dockerfile.linux.amd64

@@ -1,4 +1,4 @@
-FROM docker:20.10.7-dind
+FROM docker:20.10.9-dind
 
 ENV DOCKER_HOST=unix:///var/run/docker.sock
 

pipeline.libsonnet

@@ -5,7 +5,7 @@ local test_pipeline_name = 'testing';
 local windows(os) = os == 'windows';
 
 local golang_image(os, version) =
-  'golang:' + '1.11' + if windows(os) then '-windowsservercore-' + version else '';
+  'golang:' + '1.13' + if windows(os) then '-windowsservercore-' + version else '';
 
 {
   test(os='linux', arch='amd64', version='')::