feat(ecr): support imageScanOnPush when creating the repository #7501
Conversation
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
I am ready to review now. |
| scanOnPush: false, | ||
| }, | ||
| }, | ||
| physicalResourceId: cr.PhysicalResourceId.of(this.repositoryArn), |
There was a problem hiding this comment.
Hi @jogold it's restricted to this.repositoryArn now.
There was a problem hiding this comment.
No it's not, have a look at https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/custom-resources#execution-policy-1
There was a problem hiding this comment.
@jogold Thanks for the heads-up. Just fixed it. Please review again.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
copy @eladb @jogold @MrArnoldPalmer It's been 6 days since last review. Would be appreciated if someone can review it again. thanks |
There was a problem hiding this comment.
@pahud Code is looking good but I've been trying to figure out if we can also present this option for the ECR repository in the bootstrap stack, so users leveraging ecr-assets can setup scanning.
As far as I can tell that would require adding an instance method on ecr.RepositoryBase (and a method interface on IRepository) then calling that method inside the Repository constructor. I'm okay with doing that in the future since it can be done without breaking changes.
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Commit Message
feat(ecr): support imageScanOnPush when creating the repository
Add a new imageScanOnPush property for the new repository creation.
Fix #7471
End Commit Message
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license