{{- if .Values.pipeline.enabled }}
apiVersion: argoproj.io/v1alpha1
kind: ClusterWorkflowTemplate
metadata:
  name: amp-security-pipeline-v1.0.0
spec:
  templates:
    - name: scan-trufflehog
      metadata:
        annotations:
          secrets.infisical.com/auto-reload: "true"
      initContainers:
        - name: wait-for-infisical
          image: alpine:3.20
          command:
            - sh
            - -c
          args:
            - until [ -n "${TRUFFLEHOG_TOKEN:-}" ]; do sleep 2; done
      container:
        image: alpine:3.20
        command:
          - sh
          - -c
        args:
          - mkdir -p /workspace/reports && echo "stub: trufflehog" > /workspace/reports/trufflehog.json
      volumeMounts:
        - name: workspace
          mountPath: /workspace
{{- end }}