# Copyright 2019 Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0
version: 0.2

phases:
  install:
    runtime-versions:
      java: openjdk11

    commands:
      - apt-get update -y
      - apt-get install -y maven
      - pip3 install --upgrade awscli

  pre_build:
    commands:
      - sonar_host_url="http://<instance-address>:<port-number>"
      - sonar_project_key="$REPOSITORY_NAME"
      - sonar_username=$(aws secretsmanager get-secret-value --secret-id $SONARQUBE_USER_CREDENTIAL_SECRET | jq -r '.SecretString' | jq -r '.username')
      - sonar_password=$(aws secretsmanager get-secret-value --secret-id $SONARQUBE_USER_CREDENTIAL_SECRET | jq -r '.SecretString' | jq -r '.password')
      - git checkout $SOURCE_COMMIT

  build:
    commands:
      - mvn install
      - result=$(mvn clean sonar:sonar -Dsonar.projectKey=$sonar_project_key -Dsonar.host.url=$sonar_host_url -Dsonar.login=$sonar_username -Dsonar.password=$sonar_password)
      - echo $result

  post_build:
    commands:
      - sonar_link=$(echo $result | egrep -o "you can browse http://[^, ]+")
      - sonar_task_id=$(echo $result | egrep -o "task\?id=[^ ]+" | cut -d'=' -f2)
      - | # Allow time for SonarQube Background Task to complete
        stat="PENDING";
        while [ "$stat" != "SUCCESS" ]; do
          if [ $stat = "FAILED" ] || [ $stat = "CANCELLED" ]; then
            echo "SonarQube task $sonar_task_id failed";
            exit 1;
          fi
          stat=$(curl -u "$sonar_username:$sonar_password" $sonar_host_url/api/ce/task\?id=$sonar_task_id | jq -r '.task.status');
          echo "SonarQube analysis status is $stat";
          sleep 5;
        done
      - sonar_analysis_id=$(curl -u "$sonar_username:$sonar_password" $sonar_host_url/api/ce/task\?id=$sonar_task_id | jq -r '.task.analysisId')
      - quality_status=$(curl -u "$sonar_username:$sonar_password" $sonar_host_url/api/qualitygates/project_status\?analysisId=$sonar_analysis_id | jq -r '.projectStatus.status')
      - |
        if [ $quality_status = "ERROR" ]; then
          content=$(echo "SonarQube analysis complete. Quality Gate Failed.\n\nTo see why, $sonar_link");
        elif [ $quality_status = "OK" ]; then
          content=$(echo "SonarQube analysis complete. Quality Gate Passed.\n\nFor details, $sonar_link");
          aws codecommit update-pull-request-approval-state --pull-request-id $PULL_REQUEST_ID --approval-state APPROVE --revision-id $REVISION_ID;
        else
          content="An unexpected error occurred while attempting to analyze with SonarQube.";
        fi
      - aws codecommit post-comment-for-pull-request --pull-request-id $PULL_REQUEST_ID --repository-name $REPOSITORY_NAME --before-commit-id $DESTINATION_COMMIT --after-commit-id $SOURCE_COMMIT --content "$content"

artifacts:
  files: '**/*'