.circleci/config.yml

default-machine: &default-machine
  machine:
    image: ubuntu-2204:current
    docker_layer_caching: true
  resource_class: arm.large
version: 2.1
orbs:
  aws-cli: circleci/aws-cli@3.1
parameters:
  workflow:
    type: enum
    default: test
    description: The workflow to trigger.
    enum: [test, deploy]
commands:
  devcontainer-install:
    steps:
      - run: npm install -g @devcontainers/cli
  devcontainer-build:
    steps:
      - run: devcontainer build --workspace-folder .
  devcontainer-up:
    steps:
      - run: devcontainer up --workspace-folder .
      - run: devcontainer run-user-commands --workspace-folder .
  devcontainer-run:
    parameters:
      cmd: { type: string }
      args: { type: string, default: "" }
      options: { type: string, default: "" }
    steps:
      - attach_workspace:
          at: .
      - run: |
          if [ -f aws.env ]; then
            cat aws.env >> "$BASH_ENV"
          fi
      - run: >
          devcontainer exec 
          --workspace-folder . 
          << parameters.options >> 
          << parameters.cmd >> 
          << parameters.args >>
jobs:
  devcontainer:
    <<: *default-machine
    steps:
      - checkout
      - devcontainer-install
      - devcontainer-build
  aws-oidc:
    executor: aws-cli/default
    steps:
      - aws-cli/setup:
          role-arn: $OIDC_ROLE_ARN
          role-session-name: circleci
          session-duration: '900'
      - run:
          name: Store Env Variables
          command: |
            echo "export AWS_ACCESS_KEY_ID=\"${AWS_ACCESS_KEY_ID}\"" > aws.env
            echo "export AWS_SECRET_ACCESS_KEY=\"${AWS_SECRET_ACCESS_KEY}\"" >> aws.env
            echo "export AWS_SESSION_TOKEN=\"${AWS_SESSION_TOKEN}\"" >> aws.env
      - persist_to_workspace:
          root: .
          paths: [ aws.env ]
  test-job:
    <<: *default-machine
    steps:
      - checkout
      - devcontainer-install
      - devcontainer-up
      - devcontainer-run: { cmd: ./bin/setup }
      - devcontainer-run: { cmd: ./bin/test }
  deploy-job:
    <<: *default-machine
    steps:
      - checkout
      - devcontainer-install
      - devcontainer-up
      - devcontainer-run:
          options: >-
            --remote-env AWS_REGION=us-east-1
            --remote-env AWS_DEFAULT_REGION=us-east-1
            --remote-env AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
            --remote-env AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
            --remote-env AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN
          cmd: |
            ./bin/deploy
workflows:
  test:
    when: { equal: [ test, << pipeline.parameters.workflow >> ] }
    jobs:
      - devcontainer
      - test-job:
          requires: [devcontainer]
  deploy:
    # when: { equal: [ deploy, << pipeline.parameters.workflow >> ] }
    jobs:
      - devcontainer
      - aws-oidc:
          context: org-global
          requires: [devcontainer]
      - deploy-job:
          requires: [aws-oidc]