platform: linux
inputs:
  - name: source
  - name: common-tasks
outputs:
  - name: source-out
image_resource:
  type: docker-image
  source:
    repository: quay.io/mojanalytics/alpine-python-git-jq
run:
  path: sh
  args:
  - -ec
  - |
    cp -R ./source/. ./source-out/
    if [[ -f ./source/iam_config.yaml ]] && [[ ! -f ./source/iam_policy.json ]]; then
      echo 'Building iam_policy.json from iam_config.yaml'
      pip install iam_builder
      iam_builder -c ./source/iam_config.yaml -o ./source/iam_policy.json
    fi
    export ROLE_NAME=$(cat source/deploy.json | jq -r '.role_name')
    deny=$(sed 's@\$ROLE_NAME@'${ROLE_NAME}'@g' ./common-tasks/templates/parameter-deny-all.json | jq .)
    jq --argjson a "$deny" '.Statement += [$a]' ./source/iam_policy.json > ./source-out/iam_policy.json
    cat ./source-out/iam_policy.json