data "github_repository" "this" {
  name = var.repository_name
}

resource "aws_codebuild_project" "this" {
  name           = var.name
  description    = "Codebuild for ${var.name}"
  service_role   = var.service_role
  encryption_key = var.kms_key
  #badge_enabled         = var.badge_enabled

  source {
    type                = "GITHUB_ENTERPRISE"
    location            = var.github_clone_url
    report_build_status = true
    git_clone_depth     = 1
    buildspec           = var.buildspec
  }

  source_version = var.source_version

  environment {
    compute_type    = "BUILD_GENERAL1_SMALL"
    image           = var.image
    type            = "LINUX_CONTAINER"
    privileged_mode = var.privileged_mode

    dynamic "environment_variable" {
      for_each = var.env_vars
      iterator = each
      content {
        name  = each.key
        value = each.value["value"]
        type  = try(each.value["type"], "PLAINTEXT")
      }
    }

    environment_variable {
      name  = "SECURITYGROUP"
      value = aws_security_group.this.id
    }
    environment_variable {
      name  = "IAMINSTANCEPROFILE"
      value = aws_iam_instance_profile.magic_machine.id
    }
    environment_variable {
      name  = "SUBNETID"
      value = var.public_subnets[0]
    }
    environment_variable {
      name  = "GITBRANCH"
      value = var.source_version
    }
  }

  vpc_config {
    vpc_id = data.aws_vpc.this.id

    subnets = var.private_subnets

    security_group_ids = [
      aws_security_group.codebuild.id
    ]
  }

  artifacts {
    type = "NO_ARTIFACTS"
  }

  tags = merge(var.standard_tags, var.tags)

  # The security group must be created before the codebuild project for the 
  # environmental variables. 

  depends_on = [aws_security_group.this, aws_security_group.codebuild]

  # Govcloud incompatible with "project visibility"
  # See https://github.com/hashicorp/terraform-provider-aws/issues/22473#issuecomment-1081187035
  lifecycle { ignore_changes = [project_visibility] }
}

resource "aws_codebuild_webhook" "this" {
  # Disable the webhook for now. It is too aggresive when making quick changes.
  project_name = var.name
  filter_group {
    filter {
      type    = "EVENT"
      pattern = "PUSH"
    }

    filter {
      type    = "HEAD_REF"
      pattern = var.webhook_filter_pattern
    }
  }
  depends_on = [aws_codebuild_project.this]
}

resource "github_repository_webhook" "this" {
  active     = true
  events     = ["push"]
  repository = data.github_repository.this.name

  configuration {
    url          = aws_codebuild_webhook.this.payload_url
    secret       = aws_codebuild_webhook.this.secret
    content_type = "json"
    insecure_ssl = false
  }
}