.buildkite/pipeline.yml

@@ -1,16 +1,14 @@
 steps:
   - label: ":shell: Tests"
     plugins:
-      docker-compose#v1.2.1:
-        run: tests
+      - plugin-tester#v1.1.1: ~
 
   - label: ":sparkles: Lint"
     plugins:
-      plugin-linter#v1.0.0:
-        name: ecr
+      - plugin-linter#v3.3.0:
+          id: ecr
 
   - label: ":shell: Shellcheck"
     plugins:
-      shellcheck#v1.0.1:
-        files: hooks/**
-    skip: "Shellcheck doesn't pass right now"
+      - shellcheck#v1.4.0:
+          files: hooks/**

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @buildkite-plugins/plugin-engineering

CHANGELOG.md

@@ -1,3 +1,7 @@
+## [v2.2.0](https://github.com/buildkite-plugins/ecr-buildkite-plugin/compare/v2.1.1...v2.2.0) (2020-11-24)
+
+* Ensure a log output heading is always shown. [#55](https://github.com/buildkite-plugins/ecr-buildkite-plugin/pull/55) ([pda](https://github.com/pda))
+
 ## [v2.1.0](https://github.com/buildkite-plugins/ecr-buildkite-plugin/tree/v2.1.0) (2020-03-10)
 [Full Changelog](https://github.com/buildkite-plugins/ecr-buildkite-plugin/compare/v2.0.0...v2.1.0)
 

CODE_OF_CONDUCT.md

@@ -0,0 +1,131 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the overall
+  community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or advances of
+  any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email address,
+  without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at [coc@buildkite.com](mailto:coc@buildkite.com)
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series of
+actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or permanent
+ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within the
+community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
+
+Community Impact Guidelines were inspired by
+[Mozilla's code of conduct enforcement ladder][Mozilla CoC].
+
+For answers to common questions about this code of conduct, see the FAQ at
+[https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
+[https://www.contributor-covenant.org/translations][translations].
+
+[homepage]: https://www.contributor-covenant.org
+[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
+[Mozilla CoC]: https://github.com/mozilla/diversity
+[FAQ]: https://www.contributor-covenant.org/faq
+[translations]: https://www.contributor-covenant.org/translations

README.md

@@ -1,7 +1,9 @@
-# ECR Buildkite Plugin
+# ECR Buildkite Plugin [![Build status](https://badge.buildkite.com/152a3248fa274dab20f022ff7b68e9de96a4fc3388de29d013.svg?branch=master)](https://buildkite.com/buildkite/plugins-ecr)
 
 A [Buildkite plugin](https://buildkite.com/docs/agent/v3/plugins) to login to an ECR repository before running a build step.
 
+This will use standard AWS credentials available [in the environment](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html), or as an [instance role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html) or task role as available. These must be granted [appropriate permissions](https://docs.aws.amazon.com/AmazonECR/latest/userguide/security_iam_id-based-policy-examples.html) for login to succeed and for push and pull to operate.
+
 ## Example
 
 This will login docker to ECR prior to running your script.
@@ -10,23 +12,36 @@ This will login docker to ECR prior to running your script.
 steps:
   - command: ./run_build.sh
     plugins:
-      - ecr#v2.1.0:
+      - ecr#v2.9.0:
           login: true
 ```
 
-If you want to log in to ECR on [another account](https://docs.aws.amazon.com/AmazonECR/latest/userguide/RepositoryPolicyExamples.html#IAM_allow_other_accounts):
-
+If you want to log in to ECR on [another account](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html#IAM_allow_other_accounts):
 
 ```yml
 steps:
   - command: ./run_build.sh
     plugins:
-      - ecr#v2.1.0:
+      - ecr#v2.9.0:
           login: true
           account_ids: "0015615400570"
           region: "ap-southeast-2"
 ```
 
+If you need to assume a role to perform that login:
+
+```yml
+steps:
+  - command: ./run_build.sh
+    plugins:
+      - ecr#v2.9.0:
+          login: true
+          account-ids: "0015615400570"
+          region: "ap-southeast-2"
+          assume_role:
+            role_arn: "arn:aws:iam::0015615400570:role/demo"
+```
+
 ## Options
 
 ### `login`
@@ -37,8 +52,14 @@ Whether to login to your account's ECR.
 
 Either a string, or a list of strings with AWS account IDs that correspond to the Amazon ECR registries that you want to log in to. Make sure to quote these if they start with a 0.
 
+You can use the literal `public.ecr.aws` as a value to authenticate against AWS ECR public registries.
+
+:warning: If you are using [ECR Credential Helper](https://github.com/awslabs/amazon-ecr-credential-helper/) in your docker configuration it is possible you have to add `https://` to your account IDs to prevent an error (see the [corresponding bug report](https://github.com/docker/cli/issues/3665) for more information).
+
 ### `no-include-email` (optional)
 
+> Obsolete if using AWS CLI version 1.17.10 or newer.
+
 Add `--no-include-email` to ecr get-login. Required for docker 17.06+, but needs aws-cli 1.11.91+.
 
 ### `region` (optional)
@@ -49,6 +70,18 @@ Set a specific region for ECR, defaults to `AWS_DEFAULT_REGION` on the agent, or
 
 Retries login after a delay N times. Defaults to 0.
 
+### `assume-role` (optional)
+
+> Updates AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN environment variables.
+
+Assume an AWS IAM role before ECR login. Supports `role-arn` and `duration-seconds` (optional) per the [associated AWS CLI command.](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/sts/assume-role.html)
+
+### `profile` (optional)
+
+> Requires AWS CLI version 1.17.10 or greater.
+
+Use a different AWS profile from the default during ECR login.
+
 ## License
 
 MIT (see [LICENSE](LICENSE))