.github/workflows/main.yml

name: Build with CodeArtifact

on:
  push:
    branches:
      - develop

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v3

      - name: Set up environment variables and obtain CodeArtifact auth token
        env:
          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
        run: |
          echo "Setting up AWS CodeArtifact authentication token"
          export CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token \
            --domain ${{ secrets.CODEARTIFACT_DOMAIN }} \
            --domain-owner $AWS_ACCOUNT_ID \
            --region $AWS_REGION \
            --query authorizationToken \
            --output text)
      

      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: '17'
          distribution: 'temurin'

      - name: Build with Maven
        env:
          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
        run: |
          echo "Running Maven Build"
          export CODEARTIFACT_AUTH_TOKEN=$(aws codeartifact get-authorization-token \
            --domain ${{ secrets.CODEARTIFACT_DOMAIN }} \
            --domain-owner $AWS_ACCOUNT_ID \
            --region $AWS_REGION \
            --query authorizationToken \
            --output text) 
          mvn clean install
          package_list=$(aws codeartifact list-packages \
          --domain mdaca \
          --repository OHDSI \
          --format maven \
          --query "packages[].{namespace:namespace,package:package}" \
          --output text)

          # Iterate through each package in the list
          echo "$package_list" | while read -r namespace package; do
          # Only proceed if both namespace and package have values
          if [[ -n "$namespace" && -n "$package" ]]; then
            echo "Deleting package $package in namespace $namespace"
            aws codeartifact delete-package \
            --domain mdaca \
            --repository OHDSI \
            --format maven \
            --namespace "$namespace" \
            --package "$package"
            else
            echo "Skipping invalid entry: namespace=$namespace, package=$package"
            fi
            done
          mvn clean deploy -s .m2/settings.xml -DaltDeploymentRepository=codeartifact::default::https://mdaca-201959883603.d.codeartifact.us-east-2.amazonaws.com/maven/OHDSI/
      - name: Scan a specific path with Trivy
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          path: '/home/runner/work/OHDSI-ArachneCommons/OHDSI-ArachneCommons/target'  # Replace with the actual path you want to scan
          severity: 'CRITICAL,HIGH'