data "github_repository" "this" {
  name = var.repository
}

resource "aws_codebuild_project" "this" {
  for_each = local.splunk_server_types

  name                   = "splunk_apps_${var.splunk_prefix}_${each.value}_${var.repository}"
  description            = "Splunk Application build for ${each.value} from ${var.repository} repository"
  service_role           = aws_iam_role.codebuild_splunk_apps_role.arn
  encryption_key         = aws_kms_key.s3_codebuild_splunk_apps_artifacts.arn
  badge_enabled          = var.badge_enabled
  concurrent_build_limit = 1
  build_timeout          = 60

  source {
    type                = "GITHUB_ENTERPRISE"
    location            = data.github_repository.this.http_clone_url
    report_build_status = true
    git_clone_depth     = 1

    git_submodules_config {
      fetch_submodules = true
    }
  }

  source_version = var.source_version

  environment {
    compute_type                = "BUILD_GENERAL1_SMALL"
    image                       = "${var.common_services_account}.dkr.ecr.us-gov-east-1.amazonaws.com/content_generator:latest"
    image_pull_credentials_type = "SERVICE_ROLE"
    type                        = "LINUX_CONTAINER"
    environment_variable {
      name  = "TAG"
      type  = "PLAINTEXT"
      value = "${var.splunk_prefix}:${each.value}"
    }
    environment_variable {
      name  = "ARTIFACTS_PATH"
      type  = "PLAINTEXT"
      value = "s3://xdr-${var.splunk_prefix}-${var.environment}-splunk-apps/${each.value}/${var.repository}/"
    }
  }

  # Example: s3://xdr-moose-test-splunk-apps/sh-es/content_source/
  artifacts {
    type           = "S3"
    location       = "xdr-${var.splunk_prefix}-${var.environment}-splunk-apps"
    name           = var.repository
    path           = "/${each.value}/"
    namespace_type = "NONE"
    packaging      = "NONE"
  }

  tags = merge(local.standard_tags, var.tags)

  # Govcloud incompatible with "project visibility"
  # See https://github.com/hashicorp/terraform-provider-aws/issues/22473#issuecomment-1081187035
  lifecycle { ignore_changes = [project_visibility] }
}

locals {
  webhooks = var.enable_webhooks ? local.splunk_server_types : []
}

resource "aws_codebuild_webhook" "this" {
  #for_each = local.splunk_server_types
  for_each = local.webhooks

  project_name  = aws_codebuild_project.this[each.value].name
  branch_filter = var.webhook_branch_filter

}

resource "github_repository_webhook" "this" {
  #for_each = local.splunk_server_types
  for_each = local.webhooks

  active     = true
  events     = ["push"]
  repository = data.github_repository.this.name

  configuration {
    url          = aws_codebuild_webhook.this[each.value].payload_url
    secret       = aws_codebuild_webhook.this[each.value].secret
    content_type = "json"
    insecure_ssl = false
  }
}