apiVersion: argoproj.io/v1alpha1
kind: CronWorkflow
metadata:
  name: steampipe-iac-cron
spec:
  schedule: "0 8 * * *"
  timezone: "Asia/Seoul"        
  workflowSpec:
    entrypoint: bash-script-example
    volumes:
    - name: script-volume
      configMap:
        name: steampipe-script 
    - name: kubeconfig
      secret:
        secretName: my-kubeconfig      
    volumeClaimTemplates:
    - metadata:
        name: shared-data
      spec:
        accessModes: ["ReadWriteOnce"]
        resources:
          requests:
            storage: 1Gi  

    templates:
    - name: bash-script-example
      dag:
        tasks:
          - name: steampipe
            template: steampipe
          - name: git
            template: git
            dependencies:
              - steampipe

    - name: steampipe
      script:
        image: ghcr.io/turbot/steampipe:latest
        command: [bash]
        volumeMounts:
        - name: shared-data
          mountPath: /shared-data
        - name: script-volume
          mountPath: /scripts      
        - name: kubeconfig
          mountPath: /kubeconfig        
        env:
        - name: AWS_REGION
          valueFrom:
            secretKeyRef:
              name: aws-creds
              key: AWS_REGION
        - name: AWS_ACCESS_KEY_ID
          valueFrom:
            secretKeyRef:
              name: aws-creds
              key: AWS_ACCESS_KEY_ID
        - name: AWS_SECRET_ACCESS_KEY
          valueFrom:
            secretKeyRef:
              name: aws-creds
              key: AWS_SECRET_ACCESS_KEY
        - name: KMS_ARN
          valueFrom:
            secretKeyRef:
              name: aws-creds
              key: KMS_ARN
        - name: KUBECONFIG
          value: /kubeconfig/config            
        source: |
          # 쿼리 결과를 공유 볼륨에 저장
          steampipe plugin install aws
          steampipe plugin install kubernetes
          sleep 3
          steampipe service restart --force
          sleep 1
          cd /shared-data/
          sleep 1
          bash /scripts/script.sh

    - name: git
      script:
        image: alpine/git:latest
        command: [sh]
        volumeMounts:
        - name: shared-data
          mountPath: /shared-data
        - name: script-volume
          mountPath: /scripts        
        env:
        - name: GIT_USERNAME
          valueFrom:
            secretKeyRef:
              name: git-credentials
              key: username
        - name: GIT_PASSWORD
          valueFrom:
            secretKeyRef:
              name: git-credentials
              key: password              
        source: |
          git config --global credential.helper 'store --file /tmp/credentials'
          echo "https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com" > /tmp/credentials
          git config --global user.email "havelight@ex-em.com"
          git config --global user.name "jaehee-jung"
          cd /shared-data # 경로 내의 파일 목록 확인
          git clone https://github.com/CloudMOA/dsk-iac.git
          # 공유 볼륨에서 쿼리 결과 읽기
          cp README2.md dsk-iac/README.md
          # 커밋 및 푸시 작업 수행
          cd dsk-iac
          git add README.md
          git commit -m "Update README with query result"
          git push