{{- if .Values.pipeline.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: ClusterWorkflowTemplate
metadata:
  name: amp-security-pipeline-v1.0.0
spec:
  templates:
    - name: upload-storage
      container:
        image: amazon/aws-cli:2.15.40
        env:
          - name: AWS_ACCESS_KEY_ID
            valueFrom:
              secretKeyRef:
                name: amp-security-pipeline-secrets
                key: AWS_ACCESS_KEY_ID
          - name: AWS_SECRET_ACCESS_KEY
            valueFrom:
              secretKeyRef:
                name: amp-security-pipeline-secrets
                key: AWS_SECRET_ACCESS_KEY
          - name: MINIO_ROOT_USER
            valueFrom:
              secretKeyRef:
                name: amp-security-pipeline-secrets
                key: MINIO_ROOT_USER
          - name: MINIO_ROOT_PASSWORD
            valueFrom:
              secretKeyRef:
                name: amp-security-pipeline-secrets
                key: MINIO_ROOT_PASSWORD
        command:
          - sh
          - -c
        args:
          - |
            set -eu
            repo_name="${REPO_NAME:-repo}"
            commit_sha="${GIT_COMMIT_SHA:-unknown}"
            report_date="$(date -u +%F)"
            aws s3 sync /workspace/reports "s3://${REPORTS_BUCKET:-security-reports}/${repo_name}/${report_date}/${commit_sha}/"
      volumeMounts:
        - name: workspace
          mountPath: /workspace
{{- end }}