v0.42.1

protected tags keep count @whereismyjetpack (#139)

- **introduce `protected_tags_keep_count`** - **updates readme**

what

Adds protected_tags_keep_count and defaults it to 999999

why

A user may want to retain release tags for an extended period, but not indefinitely.

🤖 Automatic Updates

Migrate new test account @osterman (#138)

## what - Update `.github/settings.yml` - Update `.github/chatops.yml` files

why

• Re-apply .github/settings.yml from org level to get terratest environment
• Migrate to new test account

References

• DEV-388 Automate clean up of test account in new organization
• DEV-387 Update terratest to work on a shared workflow instead of a dispatch action
• DEV-386 Update terratest to use new testing account with GitHub OIDC

Update .github/settings.yml @osterman (#136)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update .github/settings.yml @osterman (#135)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

v0.42.0

fix(#133): have ability to use wildcards in protected_tags variale @mrdntgrn (#134)

## what

• the change allows to pass wildcards in protected_tags list

why

• there are use cases when the protected tags are not only prefix defineable and only wildcard can be used like "*prod" or semversion *.*.*

references

• fixes #133

v0.41.1

Add support for time based rotation @uhlajs (#132)

## what

Add support for countType "sinceImagePushed" ECR Lifepolicy rule.

why

• Increase flexibility and usefulness of this module.

references

• Implements #92.

🤖 Automatic Updates

Update .github/settings.yml @osterman (#131)

## what - Update `.github/settings.yml` - Drop `.github/auto-release.yml` files

why

• Re-apply .github/settings.yml from org level
• Use organization level auto-release settings

references

• DEV-1242 Add protected tags with Repository Rulesets on GitHub

Update release workflow to allow pull-requests: write @osterman (#129)

## what - Update workflow (`.github/workflows/release.yaml`) to have permission to comment on PR

why

• So we can support commenting on PRs with a link to the release

Update GitHub Workflows to use shared workflows from '.github' repo @osterman (#128)

## what - Update workflows (`.github/workflows`) to use shared workflows from `.github` repo

why

• Reduce nested levels of reusable workflows

Update GitHub Workflows to Fix ReviewDog TFLint Action @osterman (#127)

## what - Update workflows (`.github/workflows`) to add `issue: write` permission needed by ReviewDog `tflint` action

why

• The ReviewDog action will comment with line-level suggestions based on linting failures

Update GitHub workflows @osterman (#126)

## what - Update workflows (`.github/workflows/settings.yaml`)

why

• Support new readme generation workflow.
• Generate banners

Use GitHub Action Workflows from `cloudposse/.github` Repo @osterman (#125)

## what

• Install latest GitHub Action Workflows

why

• Use shared workflows from cldouposse/.github repository
• Simplify management of workflows from centralized hub of configuration

Add GitHub Settings @osterman (#123)

## what - Install a repository config (`.github/settings.yaml`)

why

• Programmatically manage GitHub repo settings

Update README.md and docs @cloudpossebot (#120)

## what This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update Scaffolding @osterman (#121)

## what - Reran `make readme` to rebuild `README.md` from `README.yaml` - Migrate to square badges - Add scaffolding for repo settings and Mergify

why

• Upstream template changed in the .github repo
• Work better with repository rulesets
• Modernize look & feel

v0.41.0

Allow to use ECR replication @dmitrijn (#103)

• Allow to use ECR replication
• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecr_replication_configuration

Closes #99

v0.40.1

Allow cache though enabled repositories to fetch image from upstream @mfuhrmeisterDM (#117)

what

Add a principal list (principals_pull_though_access) which are allowed to use specific repositories as pull through cache (import images from upstream). This holds for repositories where one of the strings in prefixes_pull_through_repositories is a prefix of the repository name.

why

We are using ecr-public pull through cache and we want also new images to be downloaded automatically to the cache. Allowed principals for respective repos can use it with the newly introduced variables.

🤖 Automatic Updates

Update README.md and docs @cloudpossebot (#116)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update README.md and docs @cloudpossebot (#115)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

Update README.md and docs @cloudpossebot (#114)

what

This is an auto-generated PR that updates the README.md and docs

why

To have most recent changes of README.md and doc from origin templates

v0.40.0

feat: support scan_type @dudymas (#113)

what

• add scanning_configuration as child module

why

• support scan_type settings
• should be deployed as a per-account global, rather than per-ecr-repo

Notes

• fixes #90

v0.39.0

feat: add organizations as readonly access @dragosmc (#106)

what

• Add the ability to have organizations as trustees (read-only) for the ECR repository

why

• As described in #82 , it's sometimes useful to allow an entire organization to consume images from a centralized repository

references

• closes #82

v0.38.0

fix: cleans up principals lambda logic to separate policy doc @Gowiem (#105)

what

• Clean up of the logic surrounding the var.principals_lambda policies

why

• When this was originally implemented it was copy / pastad across multiple policy docs, which isn't necessary and creates a bunch of bloat.

references

• Discovered in #98
• Originally introduced in #88

v0.37.0

add optional policy allowing push access @kpankonen (#98)

what

• adds the ability to give push-only access to the repository

why

• full access was more than we wanted in our situation (CI pushing images to the repo) so we added a principals_push_access to give push-only access.

references

• policy is based on this AWS doc

Sync github @max-lobur (#104)

Sync github from the template

v0.36.0

• No changes