From 42faa3687ccf4b0fbc7ad009ad99b8862dd5d697 Mon Sep 17 00:00:00 2001
From: Sam Salisbury <samsalisbury@gmail.com>
Date: Tue, 11 Feb 2020 17:03:54 +0000
Subject: [PATCH] ci: build website docker image only on OSS repo (#8335)

---
 .circleci/config.yml                          | 66 +++++++++++--------
 .../config/jobs/website-docker-image.yml      | 33 ++++++----
 2 files changed, 60 insertions(+), 39 deletions(-)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index b2fe1cffa..3169740f6 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -314,19 +314,26 @@ jobs:
     - setup_remote_docker
     - run:
         command: |
-          echo 'export PACKAGE_LOCK_CHANGED=$(git diff --name-only $(git log --pretty=format:'%h' -n1 HEAD~1)...HEAD | grep -c website/package-lock.json)' >> $BASH_ENV
-        name: Diff package-lock.json
-    - run:
-        command: |
-          if [ "$CIRCLE_BRANCH" = "master" ] && [ $PACKAGE_LOCK_CHANGED -gt 0 ]; then
-            cd website/
-            docker build -t hashicorp/vault-website:$CIRCLE_SHA1 .
-            docker tag hashicorp/vault-website:$CIRCLE_SHA1 hashicorp/vault-website:latest
-            docker login -u $DOCKER_USER -p $DOCKER_PASS
-            docker push hashicorp/vault-website
-          else
-            echo "Not building a new website docker image - branch is not master and/or dependencies have not changed."
-          fi
+          # BUILD_FROM_REPO should ALWAYS be the main OSS Vault repo URL.
+          BUILD_FROM_REPO=git@github.com:hashicorp/vault.git
+          [ "$CIRCLE_REPOSITORY_URL" = "$BUILD_FROM_REPO" ] || {
+            echo "Not building website docker image for repo '$CIRCLE_REPOSITORY_URL' - we only build it for $BUILD_FROM_REPO."
+            exit 0
+          }
+          [ "$CIRCLE_BRANCH" = "master" ] || {
+            echo "Not building website docker image for branch '$CIRCLE_BRANCH' - we only build it for master."
+            exit 0
+          }
+          PACKAGE_LOCK_CHANGED=$(git diff --name-only $(git log --pretty=format:'%h' -n1 HEAD~1)...HEAD | grep -c website/package-lock.json)
+          [ $PACKAGE_LOCK_CHANGED -gt 0 ] || {
+            echo "Not building a new website docker image - dependencies have not changed."
+            exit 0
+          }
+          cd website/
+          docker build -t hashicorp/vault-website:$CIRCLE_SHA1 .
+          docker tag hashicorp/vault-website:$CIRCLE_SHA1 hashicorp/vault-website:latest
+          docker login -u $DOCKER_USER -p $DOCKER_PASS
+          docker push hashicorp/vault-website
         name: Build Docker Image if Necessary
 workflows:
   ci:
@@ -608,19 +615,26 @@ workflows:
 #     - setup_remote_docker
 #     - run:
 #         command: |
-#           echo 'export PACKAGE_LOCK_CHANGED=$(git diff --name-only $(git log --pretty=format:'%h' -n1 HEAD~1)...HEAD | grep -c website/package-lock.json)' >> $BASH_ENV
-#         name: Diff package-lock.json
-#     - run:
-#         command: |
-#           if [ \"$CIRCLE_BRANCH\" = \"master\" ] && [ $PACKAGE_LOCK_CHANGED -gt 0 ]; then
-#             cd website/
-#             docker build -t hashicorp/vault-website:$CIRCLE_SHA1 .
-#             docker tag hashicorp/vault-website:$CIRCLE_SHA1 hashicorp/vault-website:latest
-#             docker login -u $DOCKER_USER -p $DOCKER_PASS
-#             docker push hashicorp/vault-website
-#           else
-#             echo \"Not building a new website docker image - branch is not master and/or dependencies have not changed.\"
-#           fi
+#           # BUILD_FROM_REPO should ALWAYS be the main OSS Vault repo URL.
+#           BUILD_FROM_REPO=git@github.com:hashicorp/vault.git
+#           [ \"$CIRCLE_REPOSITORY_URL\" = \"$BUILD_FROM_REPO\" ] || {
+#             echo \"Not building website docker image for repo '$CIRCLE_REPOSITORY_URL' - we only build it for $BUILD_FROM_REPO.\"
+#             exit 0
+#           }
+#           [ \"$CIRCLE_BRANCH\" = \"master\" ] || {
+#             echo \"Not building website docker image for branch '$CIRCLE_BRANCH' - we only build it for master.\"
+#             exit 0
+#           }
+#           PACKAGE_LOCK_CHANGED=$(git diff --name-only $(git log --pretty=format:'%h' -n1 HEAD~1)...HEAD | grep -c website/package-lock.json)
+#           [ $PACKAGE_LOCK_CHANGED -gt 0 ] || {
+#             echo \"Not building a new website docker image - dependencies have not changed.\"
+#             exit 0
+#           }
+#           cd website/
+#           docker build -t hashicorp/vault-website:$CIRCLE_SHA1 .
+#           docker tag hashicorp/vault-website:$CIRCLE_SHA1 hashicorp/vault-website:latest
+#           docker login -u $DOCKER_USER -p $DOCKER_PASS
+#           docker push hashicorp/vault-website
 #         name: Build Docker Image if Necessary
 # references:
 #   cache:
diff --git a/.circleci/config/jobs/website-docker-image.yml b/.circleci/config/jobs/website-docker-image.yml
index fb7299853..6926fba2c 100644
--- a/.circleci/config/jobs/website-docker-image.yml
+++ b/.circleci/config/jobs/website-docker-image.yml
@@ -4,19 +4,26 @@ shell: /usr/bin/env bash -euo pipefail -c
 steps:
   - checkout
   - setup_remote_docker
-  - run:
-      name: Diff package-lock.json
-      command: |
-        echo 'export PACKAGE_LOCK_CHANGED=$(git diff --name-only $(git log --pretty=format:'%h' -n1 HEAD~1)...HEAD | grep -c website/package-lock.json)' >> $BASH_ENV
   - run:
       name: Build Docker Image if Necessary
       command: |
-        if [ "$CIRCLE_BRANCH" = "master" ] && [ $PACKAGE_LOCK_CHANGED -gt 0 ]; then
-          cd website/
-          docker build -t hashicorp/vault-website:$CIRCLE_SHA1 .
-          docker tag hashicorp/vault-website:$CIRCLE_SHA1 hashicorp/vault-website:latest
-          docker login -u $DOCKER_USER -p $DOCKER_PASS
-          docker push hashicorp/vault-website
-        else
-          echo "Not building a new website docker image - branch is not master and/or dependencies have not changed."
-        fi
+        # BUILD_FROM_REPO should ALWAYS be the main OSS Vault repo URL.
+        BUILD_FROM_REPO=git@github.com:hashicorp/vault.git
+        [ "$CIRCLE_REPOSITORY_URL" = "$BUILD_FROM_REPO" ] || {
+          echo "Not building website docker image for repo '$CIRCLE_REPOSITORY_URL' - we only build it for $BUILD_FROM_REPO."
+          exit 0
+        }
+        [ "$CIRCLE_BRANCH" = "master" ] || {
+          echo "Not building website docker image for branch '$CIRCLE_BRANCH' - we only build it for master."
+          exit 0
+        }
+        PACKAGE_LOCK_CHANGED=$(git diff --name-only $(git log --pretty=format:'%h' -n1 HEAD~1)...HEAD | grep -c website/package-lock.json)
+        [ $PACKAGE_LOCK_CHANGED -gt 0 ] || {
+          echo "Not building a new website docker image - dependencies have not changed."
+          exit 0
+        }
+        cd website/
+        docker build -t hashicorp/vault-website:$CIRCLE_SHA1 .
+        docker tag hashicorp/vault-website:$CIRCLE_SHA1 hashicorp/vault-website:latest
+        docker login -u $DOCKER_USER -p $DOCKER_PASS
+        docker push hashicorp/vault-website