#!/bin/bash

TRIVY_OPERATOR_VERSION=0.28.1
TRIVY_DOJO_OPERATOR_VERSION=0.8.8


NAMESPACE=security
TRIVY_OPERATOR_NAME=trivy-operator
TRIVY_DOJO_OPERATOR_NAME=trivy-dojo-operator

kubectl create namespace $NAMESPACE \
  --dry-run=client \
  -o yaml | \
  kubectl -f - apply


if [ -f secrets.txt ]; then
  . secrets.txt
else
  if [ "$GPG_PASSPHRASE" = "" ]; then
    echo "gpg passphrase for secret decrypting not set"
    exit 1
  fi

  SECRETS_FILE=`mktemp`
  gpg --decrypt --passphrase $GPG_PASSPHRASE --yes --batch --homedir /tmp/.gnupg --output $SECRETS_FILE secrets.asc
  . $SECRETS_FILE
  rm $SECRETS_FILE
fi

kubectl create secret generic ${TRIVY_DOJO_OPERATOR_NAME}-trivy-dojo-report-operator-defect-dojo-api-credentials \
  --dry-run=client \
  -o yaml \
  --save-config \
  --from-literal=apiKey="$DOJO_API_KEY" \
  --from-literal=url="$DOJO_URL" | \
  kubectl apply -f - -n $NAMESPACE

kubectl create secret generic trivy-operator-trivy-config \
  --dry-run=client \
  -o yaml \
  --save-config \
  --from-literal="trivy.serverToken"="$TRIVY_SERVER_TOKEN" | \
  kubectl apply -f - -n $NAMESPACE


helm repo add aqua https://aquasecurity.github.io/helm-charts/
helm repo update
helm upgrade --install $TRIVY_OPERATOR_NAME aqua/trivy-operator \
  -f values-trivy-operator.yml \
  --namespace $NAMESPACE \
  --version $TRIVY_OPERATOR_VERSION

helm repo add trivy-dojo-report-operator https://telekom-mms.github.io/trivy-dojo-report-operator/
helm repo update
helm upgrade --install $TRIVY_DOJO_OPERATOR_NAME trivy-dojo-report-operator/trivy-dojo-report-operator \
  -f values-trivy-dojo-operator.yml \
  --namespace $NAMESPACE \
  --version $TRIVY_DOJO_OPERATOR_VERSION