resource "aws_ecr_repository" "my_repository" {
  name                 = "${var.ecr_name}"
  image_tag_mutability = "MUTABLE"

  image_scanning_configuration {
    scan_on_push = true
  }
}

resource "aws_ecr_lifecycle_policy" "my_repository_policy" {
  repository = aws_ecr_repository.my_repository.name

  policy = jsonencode({
    rules = [
      # 1️⃣ PROTECT important environment tags forever
      {
        rulePriority = 1
        description  = "Keep prod, main, dev images forever"
        selection = {
          tagStatus     = "tagged"
          tagPrefixList = ["prod", "main", "dev"]
          countType     = "imageCountMoreThan"
          countNumber   = 9999
        }
        action = {
          type = "retain"
        }
      },

      # 2️⃣ Expire everything else beyond the most recent 10 images
      {
        rulePriority = 2
        description  = "Retain only the last 10 images"
        selection = {
          tagStatus   = "any"
          countType   = "imageCountMoreThan"
          countNumber = 10
        }
        action = {
          type = "expire"
        }
      }
    ]
  })
}