Add-ECR-registry-external-accout-access

README.md

@@ -41,11 +41,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - id: ecr-deploy
-      uses: bitovi/github-actions-deploy-aws-ecr-registry@v0.1.1
+      uses: bitovi/github-actions-deploy-aws-ecr-registry@v0.1.2
       with:
         aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         aws_default_region: us-east-1
+        aws_ecr_repo_mutable: true
+        aws_ecr_repo_encryption_type: AES256
+        aws_ecr_repo_read_external_aws_account: 123456789.987654321
+        aws_ecr_lifecycle_policy_input: '{\"rules\":[{\"rulePriority\":1,\"description\":\"expire-after-100\",\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":100},\"action\":{\"type\":\"expire\"}}]}'
 ```
 
 ### Inputs
@@ -100,6 +104,8 @@ The following inputs can be used as `step.with` keys
 | `aws_ecr_repo_policy_input` | String | The JSON policy to apply to the repository. If defined overrides the default policy. |
 | `aws_ecr_repo_read_arn` | String | The ARNs of the IAM users/roles that have read access to the repository. (Comma separated list). |
 | `aws_ecr_repo_write_arn` | String | The ARNs of the IAM users/roles that have read/write access to the repository. (Comma separated list). |
+| `aws_ecr_repo_read_external_aws_account`| String | Comma separated list of AWS Accounts IDs that will be provided with read access to the registry. |
+| `aws_ecr_repo_write_external_aws_account`| String | Comma separated list of AWS Accounts IDs that will be provided with write access to the registry. |
 | `aws_ecr_repo_read_arn_lambda` | String | The ARNs of the Lambda service roles that have read access to the repository. (Comma separated list). |
 | `aws_ecr_lifecycle_policy_input` | String | The policy document. This is a JSON formatted string. See more details about [Policy Parameters](http://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html#lifecycle_policy_parameters) in the official AWS docs. |
 | `aws_ecr_public_repo_catalog` | String | Catalog data configuration for the repository. Defaults to `{}`. |

action.yaml

@@ -103,6 +103,12 @@ inputs:
   aws_ecr_repo_write_arn:
     description: 'The ARNs of the IAM users/roles that have read/write access to the repository. (Comma separated list)'
     required: false
+  aws_ecr_repo_read_external_aws_account:
+    description: 'The ARNs of the external AWS accounts that have read access to the repository'
+    required: false
+  aws_ecr_repo_write_external_aws_account:
+    description: 'The ARNs of the external AWS accounts that have write access to the repository'
+    required: false
   aws_ecr_repo_read_arn_lambda:
     description: 'The ARNs of the Lambda service roles that have read access to the repository. (Comma separated list)'
     required: false
@@ -136,7 +142,7 @@ runs:
   steps:
     - name: Deploy with BitOps
       id: deploy
-      uses: bitovi/github-actions-commons@v1
+      uses: bitovi/github-actions-commons@v2
       with:
         # Current repo vars
         bitops_code_only: ${{ inputs.bitops_code_only }}
@@ -176,6 +182,8 @@ runs:
         aws_ecr_repo_policy_input: ${{ inputs.aws_ecr_repo_policy_input }}
         aws_ecr_repo_read_arn: ${{ inputs.aws_ecr_repo_read_arn }}
         aws_ecr_repo_write_arn: ${{ inputs.aws_ecr_repo_write_arn }}
+        aws_ecr_repo_read_external_aws_account: ${{ inputs.aws_ecr_repo_read_external_aws_account }}
+        aws_ecr_repo_write_external_aws_account: ${{ inputs.aws_ecr_repo_write_external_aws_account }}
         aws_ecr_repo_read_arn_lambda: ${{ inputs.aws_ecr_repo_read_arn_lambda }}
         aws_ecr_lifecycle_policy_input: ${{ inputs.aws_ecr_lifecycle_policy_input }}
         aws_ecr_public_repo_catalog: ${{ inputs.aws_ecr_public_repo_catalog }}