AWSTemplateFormatVersion: "2010-09-09"
Description: Manage GitHub Continuous Integration and Release processes

Parameters:
  GitHubRepositoryName:
    Type: String
    Description: GitHub Repo Name For aws-cloudformation-resource-providers-kinesisfirehose
  GitHubRepositoryShortName:
    Type: String
    Description: Short Name for this provider to avoid exceeding the 64char limit on IAM Resources
  CFNSDKBucket:
    Type: String
    Description: S3 Location of CloudFormation SDK; should be removed when we can publish the latest client

Resources:
  AWSCloudFormationResourceProviderCIPolicy:
    Type: AWS::IAM::ManagedPolicy
    Properties:
      ManagedPolicyName: !Sub "codebuild-${GitHubRepositoryName}-ci-policy"
      Path: /service-role/
      PolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Action:
              - logs:CreateLogGroup
              - logs:CreateLogStream
              - logs:PutLogEvents
            Resource:
              - !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${GitHubRepositoryName}-ci"
              - !Sub "arn:${AWS::Partition}:logs:${AWS::Region}:${AWS::AccountId}:log-group:/aws/codebuild/${GitHubRepositoryName}-ci:*"
          - Effect: Allow
            Action:
              - s3:PutObject
              - s3:GetObject
              - s3:GetObjectVersion
            Resource: !Sub "${CFNSDKBucket}/*"
          - Effect: Allow
            Action:
              - s3:ListBucket
            Resource: !Ref CFNSDKBucket

  AWSCloudFormationResourceProviderCIRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: !Sub "codebuild-${GitHubRepositoryShortName}-ci"
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: codebuild.amazonaws.com
            Action: sts:AssumeRole
      Path: /service-role/
      ManagedPolicyArns:
        - !Ref AWSCloudFormationResourceProviderCIPolicy

  AWSCloudFormationResourceProviderCIProject:
    Type: AWS::CodeBuild::Project
    Properties:
      Name: !Sub "${GitHubRepositoryName}-ci"
      Description: !Sub "https://github.com/aws-cloudformation/${GitHubRepositoryName}/"
      BadgeEnabled: true
      TimeoutInMinutes: 30
      Artifacts:
        Type: NO_ARTIFACTS
      Environment:
        Type: LINUX_CONTAINER
        ComputeType: BUILD_GENERAL1_SMALL
        Image: aws/codebuild/standard:2.0
        PrivilegedMode: false
      Source:
        Type: GITHUB
        Auth:
          Type: OAUTH
        InsecureSsl: false
        Location: !Sub "https://github.com/aws-cloudformation/${GitHubRepositoryName}.git"
        ReportBuildStatus: true
        GitCloneDepth: 1
        BuildSpec: buildspec.yml
      SecondarySources:
          - Type: GITHUB
            Auth:
              Type: OAUTH
            Location: https://github.com/aws-cloudformation/aws-cloudformation-resource-schema.git
            ReportBuildStatus: false
            GitCloneDepth: 1
            SourceIdentifier: SCHEMA
          - Type: GITHUB
            Auth:
              Type: OAUTH
            Location: https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git
            ReportBuildStatus: false
            GitCloneDepth: 1
            SourceIdentifier: RPDK
          - Type: GITHUB
            Auth:
              Type: OAUTH
            Location: https://github.com/aws-cloudformation/aws-cloudformation-rpdk-java-plugin.git
            ReportBuildStatus: false
            GitCloneDepth: 1
            SourceIdentifier: JAVA_PLUGIN
          - Type: S3
            Location: !Sub "${CFNSDKBucket}/"
            SourceIdentifier: SDK
      ServiceRole: !GetAtt AWSCloudFormationResourceProviderCIRole.Arn
      Triggers:
        Webhook: true