From 69e8986e87656c2bfd7c90d6d23c0378ff7e7a57 Mon Sep 17 00:00:00 2001
From: hc-github-team-nomad-core
 <82989552+hc-github-team-nomad-core@users.noreply.github.com>
Date: Thu, 29 Jun 2023 09:57:46 -0400
Subject: [PATCH] backport all current workflows to 1.5.x (#17769)

Co-authored-by: Tim Gross <tgross@hashicorp.com>
---
 .github/ISSUE_TEMPLATE/config.yml      |  3 +
 .github/secret-scanning.yml            |  5 ++
 .github/workflows/backport.yml         |  4 ++
 .github/workflows/build.yml            | 80 +++++++++++++-------------
 .github/workflows/ember-assets.yml     | 26 ---------
 .github/workflows/ember-test-audit.yml |  5 +-
 .github/workflows/release.yml          |  4 +-
 7 files changed, 58 insertions(+), 69 deletions(-)
 create mode 100644 .github/secret-scanning.yml
 delete mode 100644 .github/workflows/ember-assets.yml

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 20ae1fefce29..c2139edb97dd 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 blank_issues_enabled: false
 contact_links:
   - name: Ask a Question
diff --git a/.github/secret-scanning.yml b/.github/secret-scanning.yml
new file mode 100644
index 000000000000..37283b7eec0e
--- /dev/null
+++ b/.github/secret-scanning.yml
@@ -0,0 +1,5 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+paths-ignore:
+  - "website/content/*"
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
index c313a7bd01cb..6aa0fc0e2d4e 100644
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -19,6 +19,8 @@ jobs:
         env:
           BACKPORT_LABEL_REGEXP: "backport/(?P<target>website)"
           BACKPORT_TARGET_TEMPLATE: "stable-{{.target}}"
+          # Enabling this option increased the number of backport failures.
+          BACKPORT_MERGE_COMMIT: false
           GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
       - name: Backport changes to targeted release branch
         run: |
@@ -26,6 +28,8 @@ jobs:
         env:
           BACKPORT_LABEL_REGEXP: "backport/(?P<target>\\d+\\.\\d+\\.[+\\w]+)"
           BACKPORT_TARGET_TEMPLATE: "release/{{.target}}"
+          # Enabling this option increased the number of backport failures.
+          BACKPORT_MERGE_COMMIT: false
           GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
   handle-failure:
     needs:
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 7557284f82a0..151f4c27b505 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -100,7 +100,7 @@ jobs:
       - name: Setup node and yarn
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
-          node-version: "14"
+          node-version: "18"
           cache-dependency-path: "ui/yarn.lock"
 
       - name: Install Yarn
@@ -151,7 +151,7 @@ jobs:
       - name: Setup node and yarn
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
-          node-version: "14"
+          node-version: "18"
           cache-dependency-path: "ui/yarn.lock"
 
       - name: Install Yarn
@@ -261,7 +261,7 @@ jobs:
       - name: Setup node and yarn
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
-          node-version: "14"
+          node-version: "18"
           cache-dependency-path: "ui/yarn.lock"
 
       - name: Install Yarn
@@ -286,41 +286,43 @@ jobs:
           name: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
           path: ${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
 
+  build-docker:
+    name: Docker ${{ matrix.arch }} build
+    needs:
+      - get-product-version
+      - build-linux
+    runs-on: [ custom, linux, xxl, 20.04 ]
+    strategy:
+      matrix:
+        arch: ["arm64", "amd64"]
+    env:
+      version: ${{needs.get-product-version.outputs.product-version}}
+      revision: ${{github.sha}}
+    steps:
+      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - name: Set revision
+        if: "${{ github.event.inputs.build-ref != '' }}"
+        run: |
+          echo "revision=${{ github.event.inputs.build-ref }}" >> "$GITHUB_ENV"
+      - name: Docker Build (Action)
+        uses: hashicorp/actions-docker-build@v1
+        with:
+          smoke_test: |
+            TEST_VERSION="$(docker run "${IMAGE_NAME}" version | awk '/Nomad v/{print $2}')"
+            if [ "${TEST_VERSION}" != "v${version}" ]; then
+              echo "Test FAILED"
+              exit 1
+            fi
+            echo "Test PASSED"
+          version: ${{env.version}}
+          revision: ${{env.revision}}
+          target: release
+          arch: ${{matrix.arch}}
+          tags: |
+            docker.io/hashicorp/${{env.PKG_NAME}}:${{env.version}}
+          dev_tags: |
+            docker.io/hashicorppreview/${{ env.PKG_NAME }}:${{ env.version }}-dev
+            docker.io/hashicorppreview/${{ env.PKG_NAME }}:${{ env.version }}-${{env.revision}}
+
 permissions:
   contents: read
-# This placed here for when the Nomad team is ready to build docker images.
-# Please reach out the RDX team for assistance or refer to the CRT Self-Serve Onboarding doc.
-
-  # build-docker-default:
-  #   name: Docker ${{ matrix.arch }} default release build
-  #   needs:
-  #     - get-product-version
-  #     - build
-  #   runs-on: [ custom, linux, xxl, 20.04 ]
-  #   strategy:
-  #     matrix:
-  #       arch: ["arm", "arm64", "386", "amd64"]
-  #   env:
-  #     repo: ${{github.event.repository.name}}
-  #     version: ${{needs.get-product-version.outputs.product-version}}
-
-  #   steps:
-  #     - uses: actions/checkout@v3
-  #     - name: Docker Build (Action)
-  #       uses: hashicorp/actions-docker-build@v1
-  #       with:
-  #         # Add smoke test here. Below is a sample smoke test that runs the built image
-  #         # and validates the version.
-  #         smoke_test: |
-  #           TEST_VERSION="$(docker run "${IMAGE_NAME}" | awk '/CLI version/{print $3}')"
-  #           if [ "${TEST_VERSION}" != "${version}" ]; then
-  #             echo "Test FAILED"
-  #             exit 1
-  #           fi
-  #           echo "Test PASSED"
-  #         version: ${{env.version}}
-  #         target: release-default
-  #         arch: ${{matrix.arch}}
-  #         tags: |
-  #           docker.io/hashicorp/${{env.repo}}:${{env.version}}
-  #           986891699432.dkr.ecr.us-east-1.amazonaws.com/hashicorp/${{env.repo}}:${{env.version}}
diff --git a/.github/workflows/ember-assets.yml b/.github/workflows/ember-assets.yml
deleted file mode 100644
index afeeaeb66f1c..000000000000
--- a/.github/workflows/ember-assets.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-name: Ember Asset Sizes
-
-on:
-  pull_request:
-    paths:
-    - 'ui/**'
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-        with:
-          fetch-depth: 0
-      - name: Use Node.js
-        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
-        with:
-          node-version: '14'
-      - uses: mainmatter/ember-asset-size-action@255fe534db3d2f731e0d70ce9a5de74b0a6b140a # v3
-        with:
-          repo-token: "${{ secrets.GITHUB_TOKEN }}"
-          working-directory: "ui"
-permissions:
-  contents: read
diff --git a/.github/workflows/ember-test-audit.yml b/.github/workflows/ember-test-audit.yml
index ef2fd5a42297..d478b264f6eb 100644
--- a/.github/workflows/ember-test-audit.yml
+++ b/.github/workflows/ember-test-audit.yml
@@ -22,7 +22,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
-          node-version: '14'
+          node-version: '18'
       - run: yarn --frozen-lockfile
       - run: mkdir -p /tmp/test-reports
       - run: npx ember-test-audit 1 --json --output ../base-audit.json
@@ -39,7 +39,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
-          node-version: '14'
+          node-version: '18'
       - run: yarn --frozen-lockfile
       - run: mkdir -p /tmp/test-reports
       - run: npx ember-test-audit 1 --json --output ../pr-audit.json
@@ -84,4 +84,5 @@ jobs:
           message_path: flakiness-report.md
 permissions:
   contents: read
+  pull-requests: write
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 26f1faeaa6b8..7dedce926f49 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -77,7 +77,7 @@ jobs:
       - name: Setup node and yarn
         uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
-          node-version: "14"
+          node-version: "18"
           cache-dependency-path: "ui/yarn.lock"
 
       - name: Install Yarn
@@ -143,7 +143,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
         run: |
-          gh workflow run build.yml --field build-ref=${{ steps.commit-change-push.outputs.build-ref }} --field make-prerelease=false
+          gh workflow run build.yml --ref ${{ github.ref_name }} --field build-ref=${{ steps.commit-change-push.outputs.build-ref }} --field make-prerelease=false
 
       - name: Revert notification channel
         if: ${{ github.event.inputs.notification-channel != '' }}