env:
  CIRRUS_VAULT_URL: https://vault.sonar.build:8200
  CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci
  CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}

  # Mend scan global configuration
  MEND_API_KEY: VAULT[development/kv/data/mend data.apikey]

  # Staging image configuration
  STAGING_IMAGE_NAME: sonarsource/sonarqube-scan-action
  CURRENT_TAG: master

vm_instance_template: &VM_TEMPLATE
  experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
  image: docker-builder-v*
  type: t2.small
  region: eu-central-1
  subnet_id: ${CIRRUS_AWS_SUBNET}
  disk: 10
  cpu: 4
  memory: 16G

mend_task:
  ec2_instance:
    <<: *VM_TEMPLATE
  # run only on master and long-term branches
  only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*")
  setup_script:
    - docker build --tag "${STAGING_IMAGE_NAME}:${CURRENT_TAG}" .
    - apt-get remove -y unattended-upgrades
    - apt-get update && apt-get install -y --no-install-recommends openjdk-17-jre
    - curl -sSL https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar -o wss-unified-agent.jar
    - echo "docker.includes=${CURRENT_TAG}" >> .cirrus/wss-unified-agent.config
  scan_script:
    - echo "Scan the ${STAGING_IMAGE_NAME}:${CURRENT_TAG} image"
    - java -jar wss-unified-agent.jar -c .cirrus/wss-unified-agent.config -apiKey $MEND_API_KEY