From cdb6303c4d9239dfa9761aa61a339339197261ae Mon Sep 17 00:00:00 2001
From: Mike Baum <mike.baum@hashicorp.com>
Date: Fri, 2 Dec 2022 14:29:20 -0500
Subject: [PATCH] [QT-318] Add workflow dispatch trigger for bootstrap
 workflow, update ssh key name (#18174)

* Added a workflow dispatch trigger for bootstrap workflow, updated ssh key name
* Ensure the bootstrap workflow is only run for PRs that change the bootstrapping code
---
 ...bootstrap-ci.yml => enos-ci-bootstrap.yml} | 24 ++++++++-----------
 enos/README.md                                |  1 +
 enos/ci/bootstrap/main.tf                     |  2 +-
 enos/ci/bootstrap/variables.tf                |  9 +++++++
 4 files changed, 21 insertions(+), 15 deletions(-)
 rename .github/workflows/{enos-bootstrap-ci.yml => enos-ci-bootstrap.yml} (63%)

diff --git a/.github/workflows/enos-bootstrap-ci.yml b/.github/workflows/enos-ci-bootstrap.yml
similarity index 63%
rename from .github/workflows/enos-bootstrap-ci.yml
rename to .github/workflows/enos-ci-bootstrap.yml
index c4889b9a7..b9544ae58 100644
--- a/.github/workflows/enos-bootstrap-ci.yml
+++ b/.github/workflows/enos-ci-bootstrap.yml
@@ -1,19 +1,28 @@
 name: enos-ci-bootstrap
 
 on:
+  workflow_dispatch:
   pull_request:
     branches:
       - main
+    paths:
+      - enos/ci/**
+      - .github/workflows/enos-ci-bootstrap.yml
   push:
     branches:
       - main
     paths:
       - enos/ci/**
-      - .github/workflows/enos-bootstrap-ci.yml
+      - .github/workflows/enos-ci-bootstrap.yml
 
 jobs:
   bootstrap-ci:
     runs-on: ubuntu-latest
+    env:
+      TF_WORKSPACE: "${{ github.event.repository.name }}-ci-enos-bootstrap"
+      TF_VAR_repository: ${{ github.event.repository.name }}
+      TF_VAR_aws_ssh_public_key: ${{ secrets.SSH_KEY_PUBLIC_CI }}
+      TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }}
     steps:
       - uses: actions/checkout@v3
       - name: Set up Terraform
@@ -26,13 +35,9 @@ jobs:
           if ${IS_ENT} == true; then
             echo "aws_role=arn:aws:iam::505811019928:role/github_actions-vault-enterprise_ci" >> $GITHUB_OUTPUT
             echo "aws role set to 'arn:aws:iam::505811019928:role/github_actions-vault-enterprise_ci'"
-            echo "product_line=vault-enterprise" >> $GITHUB_OUTPUT
-            echo "product line set to 'vault-enterprise'"
           else
             echo "aws_role=arn:aws:iam::040730498200:role/github_actions-vault_ci" >> $GITHUB_OUTPUT
             echo "aws role set to 'arn:aws:iam::040730498200:role/github_actions-vault_ci'"
-            echo "product_line=vault" >> $GITHUB_OUTPUT
-            echo "product line set to 'vault'"
           fi
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v1
@@ -46,22 +51,13 @@ jobs:
       - name: Init Terraform
         id: tf_init
         run: |
-          export TF_WORKSPACE="${{ steps.prepare_for_terraform.outputs.product_line }}-ci-enos-bootstrap"
-          export TF_VAR_aws_ssh_public_key="${{ secrets.ENOS_CI_SSH_KEY }}"
-          export TF_TOKEN_app_terraform_io="${{ secrets.TF_API_TOKEN }}"
           terraform -chdir=enos/ci/bootstrap init
       - name: Plan Terraform
         id: tf_plan
         run: |
-          export TF_WORKSPACE="${{ steps.prepare_for_terraform.outputs.product_line }}-ci-enos-bootstrap"
-          export TF_VAR_aws_ssh_public_key="${{ secrets.ENOS_CI_SSH_KEY }}"
-          export TF_TOKEN_app_terraform_io="${{ secrets.TF_API_TOKEN }}"
           terraform -chdir=enos/ci/bootstrap plan
       - name: Apply Terraform
         if: ${{ github.ref == 'refs/heads/main' }}
         id: tf_apply
         run: |
-          export TF_WORKSPACE="${{ steps.prepare_for_terraform.outputs.product_line }}-ci-enos-bootstrap"
-          export TF_VAR_aws_ssh_public_key="${{ secrets.ENOS_CI_SSH_KEY }}"
-          export TF_TOKEN_app_terraform_io="${{ secrets.TF_API_TOKEN }}"
           terraform -chdir=enos/ci/bootstrap apply -auto-approve
diff --git a/enos/README.md b/enos/README.md
index a38cbdecf..2a501719b 100644
--- a/enos/README.md
+++ b/enos/README.md
@@ -185,6 +185,7 @@ state will be managed by Terraform Cloud. Here are the steps to configure the Gi
 > cd ./enos/ci/service-user-iam
 > export TF_WORKSPACE=<repo name>-ci-service-user-iam
 > export TF_TOKEN_app_terraform_io=<Terraform Cloud Token>
+> export TF_VAR_aws_ssh_public_key=<public key>
 > export TF_VAR_repository=<repository name>
 > terraform init
 > terraform plan
diff --git a/enos/ci/bootstrap/main.tf b/enos/ci/bootstrap/main.tf
index 990ba3ea9..804f1e66b 100644
--- a/enos/ci/bootstrap/main.tf
+++ b/enos/ci/bootstrap/main.tf
@@ -34,7 +34,7 @@ provider "aws" {
 
 
 locals {
-  key_name = "enos-ci-ssh-key"
+  key_name = "${var.repository}-ci-ssh-key"
 }
 
 resource "aws_key_pair" "enos_ci_key_us_east_1" {
diff --git a/enos/ci/bootstrap/variables.tf b/enos/ci/bootstrap/variables.tf
index fcba83777..3aab3449f 100644
--- a/enos/ci/bootstrap/variables.tf
+++ b/enos/ci/bootstrap/variables.tf
@@ -2,3 +2,12 @@ variable "aws_ssh_public_key" {
   description = "The public key to use for the ssh key"
   type        = string
 }
+
+variable "repository" {
+  description = "The repository to bootstrap the ci for, either 'vault' or 'vault-enterprise'"
+  type        = string
+  validation {
+    condition     = contains(["vault", "vault-enterprise"], var.repository)
+    error_message = "Repository must be one of either 'vault' or 'vault-enterprise'"
+  }
+}