xdr-terraform-modules/base/codebuild_project_no_artifact/codebuild.tf

resource "aws_codebuild_project" "this" {
  name           = var.name
  description    = "Container for ${var.name}"
  service_role   = var.service_role
  encryption_key = var.kms_key
  #badge_enabled         = var.badge_enabled

  source {
    type                = "GITHUB_ENTERPRISE"
    location            = var.github_clone_url
    report_build_status = true
    git_clone_depth     = 1
    buildspec           = var.buildspec
  }

  source_version = var.source_version

  environment {
    compute_type    = "BUILD_GENERAL1_SMALL"
    image           = var.image
    type            = "LINUX_CONTAINER"
    privileged_mode = var.privileged_mode

    dynamic "environment_variable" {
      for_each = var.env_vars
      iterator = each
      content {
        name  = each.key
        value = each.value["value"]
        type  = try(each.value["type"], "PLAINTEXT")
      }
    }
  }

  artifacts {
    type = "NO_ARTIFACTS"
  }

  tags = merge(var.standard_tags, var.tags)

  # Govcloud incompatible with "project visibility"
  # See https://github.com/hashicorp/terraform-provider-aws/issues/22473#issuecomment-1081187035
  lifecycle { ignore_changes = [project_visibility] }
}

# Only build the cloudwatch trigger if it's needed
resource "aws_cloudwatch_event_rule" "schedule_rule" {
  count               = var.schedule_expression == "" ? 0 : 1
  name                = "scheduled_build-${var.name}"
  schedule_expression = var.schedule_expression
}

resource "aws_cloudwatch_event_target" "trigger_build" {
  count     = var.schedule_expression == "" ? 0 : 1
  target_id = "trigger_build"
  rule      = aws_cloudwatch_event_rule.schedule_rule[count.index].name
  arn       = aws_codebuild_project.this.id
  role_arn  = var.service_role
}

resource "aws_codebuild_webhook" "this" {
  count         = var.enable_webhook == true ? 1 : 0
  project_name  = var.name
  branch_filter = var.webhook_branch_filter
  depends_on    = [aws_codebuild_project.this]
}