AFS
/
xdr-terraform-modules


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101
							data "github_repository" "this" {
    name    = var.name
}

resource "aws_codebuild_project" "this_no_artifact" {
  count                 = var.artifact_s3_bucket=="" ? 1 : 0

  name                  = var.name
  description           = "Container for ${var.name}"
  service_role          = var.service_role
  encryption_key        = var.kms_key
  badge_enabled         = var.badge_enabled

  source {
    type                = "GITHUB_ENTERPRISE"
    location            = data.github_repository.this.http_clone_url
    report_build_status = true
  }

  environment {
    compute_type        = "BUILD_GENERAL1_SMALL"
    image               = var.codebuild_image
    type                = "LINUX_CONTAINER"
    privileged_mode     = true
  }

  artifacts {
    type                = "NO_ARTIFACTS"
  }

  tags = merge(var.standard_tags, var.tags)
}
 
resource "aws_ecr_repository" "this-api" {
    name  = "portal-api"
}

resource "aws_ecr_repository" "this-nginx" {
    name  = "portal-nginx"
}

data "aws_iam_policy_document" "ecr_cross_account_policy" {
  statement {
    sid = "ECRWrite"

    effect = "Allow"

    actions = [
      "ecr:GetAuthorizationToken",
      "ecr:GetDownloadUrlForLayer",
      "ecr:BatchGetImage",
      "ecr:BatchCheckLayerAvailability",
      "ecr:PutImage",
      "ecr:InitiateLayerUpload",
      "ecr:UploadLayerPart",
      "ecr:CompleteLayerUpload",
      "ecr:DescribeRepositories",
      "ecr:ListImages",
      "ecr:DescribeImages",
    ]

    principals {
      identifiers = [
        "arn:aws-us-gov:iam::721817724804:root",
        "arn:aws-us-gov:iam::738800754746:root",
        "arn:aws-us-gov:iam::701290387780:root",
      ]
      type        = "AWS"
    }
  }
}

resource "aws_ecr_repository_policy" "this-api" {
  repository = aws_ecr_repository.this-api.name
  policy = data.aws_iam_policy_document.ecr_cross_account_policy.json
}

resource "aws_ecr_repository_policy" "this-nginx" {
  repository = aws_ecr_repository.this-nginx.name
  policy = data.aws_iam_policy_document.ecr_cross_account_policy.json
}

resource "aws_codebuild_webhook" "this" {
  project_name  = var.name
  branch_filter = var.webhook_branch_filter

  depends_on = [ aws_codebuild_project.this_no_artifact  ]
}

resource "github_repository_webhook" "this" {
  active     = true
  events     = ["push"]
  repository = data.github_repository.this.name

  configuration {
    url          = aws_codebuild_webhook.this.payload_url
    secret       = aws_codebuild_webhook.this.secret
    content_type = "json"
    insecure_ssl = false
  }
}