import * as pulumi from "@pulumi/pulumi";
import * as aws    from "@pulumi/aws";

import * as fs from "fs";

import * as common from "./common";

import * as backend  from "./backend";
import * as frontend from "./frontend";

const tags   = common.tags;
const prefix = `${common.prefix}-deployment`;


// ---- role ----
const role = new aws.iam.Role(`${prefix}-role`, {
  tags,
  assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "codebuild.amazonaws.com" }),
});
new aws.iam.RolePolicyAttachment(`${prefix}-policy-codebuild`, {
  role: role.name,
  policyArn: aws.iam.ManagedPolicies.AWSCodeBuildDeveloperAccess,
});
new aws.iam.RolePolicy(`${prefix}-role-policy-bucket`, {
  role: role.name,
  policy: pulumi.all([backend.bucket.arn, frontend.bucket.arn]).apply(([be, fe]) => JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: [
          "s3:GetObject",
          "s3:PutObject",
          "s3:DeleteObject"
        ],
        Resource: [ `${be}/*`, `${fe}/*`, ],
      },
      {
        Effect: "Allow",
        Action: [
          "s3:ListBucket",
        ],
        Resource: [ be, fe, ],
      },
    ]
  })),
});
new aws.iam.RolePolicy(`${prefix}-role-policy-lambda`, {
  role: role.name,
  policy: pulumi.all([backend.lambda.arn]).apply(([lambda]) => JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: [
          "lambda:UpdateFunctionCode",
        ],
        Resource: lambda,
      },
    ]
  })),
});
new aws.iam.RolePolicy(`${prefix}-role-policy-logs`, {
  role: role.name,
  policy: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: [
          "logs:CreateLogGroup",
          "logs:CreateLogStream",
          "logs:PutLogEvents",
        ],
        Resource: "*",
      },
    ]
  }),
});


// ---- codebuild ----
const codebuild = new aws.codebuild.Project(`${prefix}-codebuild`, {
  tags,
  source: {
    type: "NO_SOURCE",
    buildspec: fs.readFileSync("../buildspec.yml", "utf-8"),
  },
  environment: {
    computeType: "BUILD_GENERAL1_SMALL",
    image: "aws/codebuild/standard:7.0",
    type: "LINUX_CONTAINER",
    environmentVariables: [
      { name: "IMBUSY_BE_LAMBDA", value: backend.lambda.name, },
      { name: "IMBUSY_BE_BUCKET", value: backend.bucket.bucket, },
      { name: "IMBUSY_FE_BUCKET", value: frontend.bucket.bucket, },
    ],
  },
  serviceRole: role.arn,
  artifacts: {
    type: "NO_ARTIFACTS",
  },
});