xdr-terraform-modules/submodules/codebuild/codebuild-ecr-image/codebuild.tf

resource "aws_codebuild_project" "this" {
  name         = var.name
  description  = "Container for ${var.name}"
  service_role = var.codebuild_assume_role_arn
  #encryption_key        = var.kms_key
  #badge_enabled         = var.badge_enabled

  source {
    type = "GITHUB_ENTERPRISE"
    #location           = data.github_repository.this.http_clone_url
    location            = var.github_clone_url
    report_build_status = true
    git_clone_depth     = 1
    buildspec           = var.buildspec
  }

  source_version = var.source_version

  environment {
    compute_type    = "BUILD_GENERAL1_SMALL"
    image           = "aws/codebuild/amazonlinux2-x86_64-standard:3.0"
    type            = "LINUX_CONTAINER"
    privileged_mode = true


    dynamic "environment_variable" {
      for_each = var.env_vars
      iterator = each
      content {
        name  = each.key
        value = each.value["value"]
        type  = try(each.value["type"], "PLAINTEXT")
      }
    }
  }

  artifacts {
    type = "NO_ARTIFACTS"
  }

  tags = merge(var.standard_tags, var.tags)

  # Govcloud incompatible with "project visibility"
  # See https://github.com/hashicorp/terraform-provider-aws/issues/22473#issuecomment-1081187035
  lifecycle { ignore_changes = [project_visibility] }
}

resource "aws_cloudwatch_event_rule" "schedule_rule" {
  count               = var.schedule_expression == "" ? 0 : 1
  name                = "scheduled_build-${var.name}"
  schedule_expression = var.schedule_expression
}

resource "aws_cloudwatch_event_target" "trigger_build" {
  count     = var.schedule_expression == "" ? 0 : 1
  target_id = "trigger_build"
  rule      = aws_cloudwatch_event_rule.schedule_rule[count.index].name
  arn       = aws_codebuild_project.this.id
  role_arn  = var.codebuild_assume_role_arn
}