data "github_repository" "this" {
    name    = "content_source"
}

#resource "aws_codebuild_source_credential" "github_token" {
#  auth_type   = "PERSONAL_ACCESS_TOKEN"
#  server_type = "GITHUB_ENTERPRISE"
#  token       = "" # This could be used to make life easier, but it would be stored in the state in plaintext.
#}
output "Codebuild_AWS_Key_Reminder" {
  value = "REMINDER: If this is a fresh deployment, you must manually enter the GITHUB token for 'mdr-aws-codebuild' (found in the vault) into one of the codebuild jobs."
}

resource "aws_codebuild_project" "this" {
  for_each               = local.splunk_server_types

  name                  = "splunk_apps_${var.splunk_prefix}_${each.value}"
  description           = "Splunk Application build for ${each.value}"
  service_role          = aws_iam_role.codebuild_splunk_apps_role.arn
  encryption_key        = aws_kms_key.s3_codebuild_splunk_apps_artifacts.arn
  badge_enabled         = var.badge_enabled
  concurrent_build_limit = 1
  build_timeout          = 60

  source {
    type                = "GITHUB_ENTERPRISE"
    location            = data.github_repository.this.http_clone_url
    report_build_status = true
    git_clone_depth     = 1
  }

  source_version = var.source_version

  environment {
    compute_type        = "BUILD_GENERAL1_SMALL"
    image               = "${var.common_services_account}.dkr.ecr.us-gov-east-1.amazonaws.com/content_generator:latest"
    image_pull_credentials_type = "SERVICE_ROLE"
    type                = "LINUX_CONTAINER"
    environment_variable {
      name = "TAG"
      type = "PLAINTEXT"
      value = "${var.splunk_prefix}:${each.value}"
    }
  }

  artifacts {
    type                = "S3"
    location            = "xdr-${var.splunk_prefix}-${var.environment}-splunk-apps"
    name                = each.value
    #path                = each.value
    namespace_type      = "NONE"
    packaging           = "NONE"
  }

  tags = merge(var.standard_tags, var.tags)
}

#resource "aws_codebuild_webhook" "this" {
#  project_name  = var.name
#  branch_filter = var.webhook_branch_filter
#
#  depends_on = [ aws_codebuild_project.this  ]
#}

#resource "github_repository_webhook" "this" {
#  active     = true
#  events     = ["push"]
#  repository = data.github_repository.this.name
#
#  configuration {
#    url          = aws_codebuild_webhook.this.payload_url
#    secret       = aws_codebuild_webhook.this.secret
#    content_type = "json"
#    insecure_ssl = false
#  }
#}