From 6a3084b785458ef3303de6daa0807db4cd64e220 Mon Sep 17 00:00:00 2001
From: sj-williams <steve.williams@digital.justice.gov.uk>
Date: Fri, 23 Jun 2023 16:34:56 +0100
Subject: [PATCH 1/7] add ready_for_deletion flag for destroying non-empty ECR

---
 examples/ecr.tf | 7 +++++++
 main.tf         | 1 +
 variables.tf    | 6 ++++++
 3 files changed, 14 insertions(+)

diff --git a/examples/ecr.tf b/examples/ecr.tf
index 427ee4d..bfdc6a2 100644
--- a/examples/ecr.tf
+++ b/examples/ecr.tf
@@ -69,4 +69,11 @@ module "ecr" {
     }
     EOF
   */
+
+  # OPTIONAL: Add this parameter when you are planning on either deleting your environment namespace or ECR resource.
+  # IMPORTANT: It is the PR owners responsibility to ensure that no other environments are sharing this ECR registry.
+  # This flag will allow a non-empty ECR to be deleted.
+  # Defaults to false
+  
+  # ready_for_deletion = true
 }
diff --git a/main.tf b/main.tf
index f714bef..eaeaa4b 100644
--- a/main.tf
+++ b/main.tf
@@ -25,6 +25,7 @@ resource "aws_ecr_repository" "repo" {
   name = "${var.team_name}/${var.repo_name}"
   image_scanning_configuration {
     scan_on_push = var.scan_on_push
+    force_delete = var.ready_for_deletion
   }
 }
 
diff --git a/variables.tf b/variables.tf
index 717f2e5..62f17b3 100644
--- a/variables.tf
+++ b/variables.tf
@@ -77,3 +77,9 @@ variable "github_actions_prefix" {
   type        = string
   default     = ""
 }
+
+variable "ready_for_deletion" {
+  description = "Set this to true if you intend to delete your ECR resource or namespace. NOTE: PR owner has responsibility to ensure that no other environments are sharing this ECR."
+  type        = bool
+  default     = false
+}

From 484d97a4c659ab4c5242be93ba24093dbae69db9 Mon Sep 17 00:00:00 2001
From: sj-williams <steve.williams@digital.justice.gov.uk>
Date: Fri, 23 Jun 2023 16:38:06 +0100
Subject: [PATCH 2/7] force-delete correctly placed

---
 main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index eaeaa4b..7c46eac 100644
--- a/main.tf
+++ b/main.tf
@@ -25,8 +25,8 @@ resource "aws_ecr_repository" "repo" {
   name = "${var.team_name}/${var.repo_name}"
   image_scanning_configuration {
     scan_on_push = var.scan_on_push
-    force_delete = var.ready_for_deletion
   }
+  force_delete = var.ready_for_deletion
 }
 
 # ECR lifecycle policy

From 6a03e005b683fbc36fc01ca8d0fc71d2eb528ead Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Tue, 27 Jun 2023 10:49:35 +0000
Subject: [PATCH 3/7] terraform-docs: automated action

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 79548e5..f1a24aa 100644
--- a/README.md
+++ b/README.md
@@ -92,6 +92,7 @@ No modules.
 | <a name="input_lifecycle_policy"></a> [lifecycle\_policy](#input\_lifecycle\_policy) | A lifecycle policy consists of one or more rules that determine which images in a repository should be expired. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace name | `string` | `null` | no |
 | <a name="input_oidc_providers"></a> [oidc\_providers](#input\_oidc\_providers) | OIDC providers for this ECR repository, valid values are "github" or "circleci" | `list(string)` | `[]` | no |
+| <a name="input_ready_for_deletion"></a> [ready\_for\_deletion](#input\_ready\_for\_deletion) | Set this to true if you intend to delete your ECR resource or namespace. NOTE: PR owner has responsibility to ensure that no other environments are sharing this ECR. | `bool` | `false` | no |
 | <a name="input_repo_name"></a> [repo\_name](#input\_repo\_name) | Name of the repository to be created | `string` | n/a | yes |
 | <a name="input_scan_on_push"></a> [scan\_on\_push](#input\_scan\_on\_push) | Whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `true` | no |
 | <a name="input_team_name"></a> [team\_name](#input\_team\_name) | Name of the team creating the credentials | `string` | n/a | yes |

From 4d186b806a934cdbdae36b9a44f3ef41b99eb520 Mon Sep 17 00:00:00 2001
From: sj-williams <steve.williams@digital.justice.gov.uk>
Date: Wed, 28 Jun 2023 12:28:14 +0100
Subject: [PATCH 4/7] refactor ecr deletion flag to match RDS module approach

---
 main.tf      | 2 +-
 variables.tf | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/main.tf b/main.tf
index 7c46eac..1658088 100644
--- a/main.tf
+++ b/main.tf
@@ -26,7 +26,7 @@ resource "aws_ecr_repository" "repo" {
   image_scanning_configuration {
     scan_on_push = var.scan_on_push
   }
-  force_delete = var.ready_for_deletion
+  force_delete = var.deletion_protection ? false : true
 }
 
 # ECR lifecycle policy
diff --git a/variables.tf b/variables.tf
index 62f17b3..7274b96 100644
--- a/variables.tf
+++ b/variables.tf
@@ -78,8 +78,8 @@ variable "github_actions_prefix" {
   default     = ""
 }
 
-variable "ready_for_deletion" {
-  description = "Set this to true if you intend to delete your ECR resource or namespace. NOTE: PR owner has responsibility to ensure that no other environments are sharing this ECR."
+variable "deletion_protection" {
+  description = "Whether the ECR should have deletion protection enabled for non-empty registry. Set this to false if you intend to delete your ECR resource or namespace. NOTE: PR owner has responsibility to ensure that no other environments are sharing this ECR."
   type        = bool
-  default     = false
+  default     = true
 }

From e99b65c147ab550a6d962fd406ba395a260bdcd6 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Wed, 28 Jun 2023 11:28:43 +0000
Subject: [PATCH 5/7] terraform-docs: automated action

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index f1a24aa..6326a7a 100644
--- a/README.md
+++ b/README.md
@@ -82,6 +82,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| <a name="input_deletion_protection"></a> [deletion\_protection](#input\_deletion\_protection) | Whether the ECR should have deletion protection enabled for non-empty registry. Set this to false if you intend to delete your ECR resource or namespace. NOTE: PR owner has responsibility to ensure that no other environments are sharing this ECR. | `bool` | `true` | no |
 | <a name="input_github_actions_prefix"></a> [github\_actions\_prefix](#input\_github\_actions\_prefix) | String prefix for GitHub Actions variable and secrets key | `string` | `""` | no |
 | <a name="input_github_actions_secret_ecr_access_key"></a> [github\_actions\_secret\_ecr\_access\_key](#input\_github\_actions\_secret\_ecr\_access\_key) | The name of the github actions secret containing the ECR AWS access key | `string` | `"ECR_AWS_ACCESS_KEY_ID"` | no |
 | <a name="input_github_actions_secret_ecr_name"></a> [github\_actions\_secret\_ecr\_name](#input\_github\_actions\_secret\_ecr\_name) | The name of the github actions secret containing the ECR name | `string` | `"ECR_NAME"` | no |
@@ -92,7 +93,6 @@ No modules.
 | <a name="input_lifecycle_policy"></a> [lifecycle\_policy](#input\_lifecycle\_policy) | A lifecycle policy consists of one or more rules that determine which images in a repository should be expired. | `string` | `null` | no |
 | <a name="input_namespace"></a> [namespace](#input\_namespace) | Namespace name | `string` | `null` | no |
 | <a name="input_oidc_providers"></a> [oidc\_providers](#input\_oidc\_providers) | OIDC providers for this ECR repository, valid values are "github" or "circleci" | `list(string)` | `[]` | no |
-| <a name="input_ready_for_deletion"></a> [ready\_for\_deletion](#input\_ready\_for\_deletion) | Set this to true if you intend to delete your ECR resource or namespace. NOTE: PR owner has responsibility to ensure that no other environments are sharing this ECR. | `bool` | `false` | no |
 | <a name="input_repo_name"></a> [repo\_name](#input\_repo\_name) | Name of the repository to be created | `string` | n/a | yes |
 | <a name="input_scan_on_push"></a> [scan\_on\_push](#input\_scan\_on\_push) | Whether images are scanned after being pushed to the repository (true) or not (false) | `bool` | `true` | no |
 | <a name="input_team_name"></a> [team\_name](#input\_team\_name) | Name of the team creating the credentials | `string` | n/a | yes |

From dc78c5b08aaed181b673a8e498d56f5aa3c17b6b Mon Sep 17 00:00:00 2001
From: sj-williams <steve.williams@digital.justice.gov.uk>
Date: Wed, 28 Jun 2023 14:59:21 +0100
Subject: [PATCH 6/7] update example

---
 examples/ecr.tf | 6 +++---
 variables.tf    | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/examples/ecr.tf b/examples/ecr.tf
index bfdc6a2..bc73d4b 100644
--- a/examples/ecr.tf
+++ b/examples/ecr.tf
@@ -70,10 +70,10 @@ module "ecr" {
     EOF
   */
 
-  # OPTIONAL: Add this parameter when you are planning on either deleting your environment namespace or ECR resource.
+  # OPTIONAL: Add deletion_protection = false parameter if you are planning on either deleting your environment namespace or ECR resource.
   # IMPORTANT: It is the PR owners responsibility to ensure that no other environments are sharing this ECR registry.
   # This flag will allow a non-empty ECR to be deleted.
-  # Defaults to false
+  # Defaults to true
   
-  # ready_for_deletion = true
+  # deletion_protection = false
 }
diff --git a/variables.tf b/variables.tf
index 7274b96..c6032de 100644
--- a/variables.tf
+++ b/variables.tf
@@ -79,7 +79,7 @@ variable "github_actions_prefix" {
 }
 
 variable "deletion_protection" {
-  description = "Whether the ECR should have deletion protection enabled for non-empty registry. Set this to false if you intend to delete your ECR resource or namespace. NOTE: PR owner has responsibility to ensure that no other environments are sharing this ECR."
+  description = "(Optional) Whether the ECR should have deletion protection enabled for non-empty registry. Set this to false if you intend to delete your ECR resource or namespace. NOTE: PR owner has responsibility to ensure that no other environments are sharing this ECR. Defaults to true."
   type        = bool
   default     = true
 }

From 4072a9336871a2329d32c2d7f5bd2ba0c39fefb6 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Wed, 28 Jun 2023 13:59:44 +0000
Subject: [PATCH 7/7] terraform-docs: automated action

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6326a7a..49f2165 100644
--- a/README.md
+++ b/README.md
@@ -82,7 +82,7 @@ No modules.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_deletion_protection"></a> [deletion\_protection](#input\_deletion\_protection) | Whether the ECR should have deletion protection enabled for non-empty registry. Set this to false if you intend to delete your ECR resource or namespace. NOTE: PR owner has responsibility to ensure that no other environments are sharing this ECR. | `bool` | `true` | no |
+| <a name="input_deletion_protection"></a> [deletion\_protection](#input\_deletion\_protection) | (Optional) Whether the ECR should have deletion protection enabled for non-empty registry. Set this to false if you intend to delete your ECR resource or namespace. NOTE: PR owner has responsibility to ensure that no other environments are sharing this ECR. Defaults to true. | `bool` | `true` | no |
 | <a name="input_github_actions_prefix"></a> [github\_actions\_prefix](#input\_github\_actions\_prefix) | String prefix for GitHub Actions variable and secrets key | `string` | `""` | no |
 | <a name="input_github_actions_secret_ecr_access_key"></a> [github\_actions\_secret\_ecr\_access\_key](#input\_github\_actions\_secret\_ecr\_access\_key) | The name of the github actions secret containing the ECR AWS access key | `string` | `"ECR_AWS_ACCESS_KEY_ID"` | no |
 | <a name="input_github_actions_secret_ecr_name"></a> [github\_actions\_secret\_ecr\_name](#input\_github\_actions\_secret\_ecr\_name) | The name of the github actions secret containing the ECR name | `string` | `"ECR_NAME"` | no |