version: 0.2

phases:

  install:
    runtime-versions:
       python: latest
    commands:
      - cd /usr/bin
      - yum install -y yum-utils
      - yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
      - yum install -y terraform-${TF_VERSION}
      - python -V
      - pip3 install checkov

  build:
    commands:   
      - cd "$CODEBUILD_SRC_DIR"
      - |
        if [ -z "${CHECKOV_SKIPS}" ]; then 
          checkov --directory ./ --skip-path ./deploy -o junitxml > checkov.xml
        else
          checkov --directory ./ --skip-path ./deploy --skip-check ${CHECKOV_SKIPS} -o junitxml > checkov.xml
        fi

  post_build:
    commands:
      - echo "checkov complete, see report for details"

reports:
  ${SAST_REPORT_ARN}:
    files:
      - checkov.xml
    base-directory: ./
    file-format: JUNITXML