From 79a1f7c8e7a33eba9978ce00b1e48278790e00fc Mon Sep 17 00:00:00 2001
From: John Murret <john.murret@hashicorp.com>
Date: Mon, 8 Jul 2024 15:53:41 -0600
Subject: [PATCH] update with bpa image

---
 .github/workflows/backport-commenter.yml | 65 ++++++++++++++----------
 1 file changed, 38 insertions(+), 27 deletions(-)

diff --git a/.github/workflows/backport-commenter.yml b/.github/workflows/backport-commenter.yml
index a77d89441a03d..ae940b88f9ad0 100644
--- a/.github/workflows/backport-commenter.yml
+++ b/.github/workflows/backport-commenter.yml
@@ -23,53 +23,64 @@ on:
       - jm/**
 
 env:
-  GOPRIVATE: github.com/hashicorp # Required for private/internal backport-checker repo
-  GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+  # This needs to be updated to the date of the last release.
+  BPA_COMMENTER_BEGIN_DATE: "2024-06-12"
+  # This needs to be updated to the versions that are currently being backported.
+  BPA_COMMENTER_VERSIONS: "1.15,1.16,1.17,1.18,1.19"
 
 jobs:
+
   validate-backports-oss:
-    container: hashicorpdev/backport-assistant:claire-dev
-    runs-on: [ 'ubuntu-latest' ]
+    container: hashicorpdev/backport-assistant:0.4.4
+    runs-on: [ 'self-hosted, linux' ]
     steps:
+      - name: Fetch Secrets
+        id: secrets
+        uses: hashicorp/vault-action@v3
+        with:
+          url: ${{ vars.CI_VAULT_URL }}
+          method: ${{ vars.CI_VAULT_METHOD }}
+          path: ${{ vars.CI_VAULT_PATH }}
+          jwtGithubAudience: ${{ vars.CI_VAULT_AUD }}
+          secrets:
+            kv/data/github/${{ github.repository }} github_token ;
+
       - name: backport commenter
         env:
-          # this allows us to be able to run the workflow manually and input the versions and begin date
-          # and also allows us to use the repository environment variables as well if we were to run the workflow on a schedule.
-          # NOTE: The repository variables override the inputs if they are set. If you are using the workflow_dispatch, ensure
-          # you are unsetting the repository variables if you want to use the inputs.
-
-          # TODO(jmurret): Remove this before we merge this PR.
-          BEGIN_DATE: "2024-03-26" # "${{ github.event.inputs.begin-date || vars.BEGIN_DATE }}"
-          VERSIONS: "1.15,1.16,1.17,1.18,1.19" #"${{ github.event.inputs.versions || vars.VERSIONS }}"
           OWNER: hashicorp
           REPO: consul
           SYNC_REPO: consul-enterprise
+          GITHUB_TOKEN: ${{ steps.secrets.outputs.github_token }}
         run: |
           backport-assistant validate \
-            --owner ${OWNER} --repo ${REPO} --sync-repo ${SYNC_REPO} --versions "${VERSIONS}" \
-            --begin-date "${BEGIN_DATE}" --add-comment
+            --owner ${OWNER} --repo ${REPO} --sync-repo ${SYNC_REPO} --versions "${BPA_COMMENTER_VERSIONS}" \
+            --begin-date "${BPA_COMMENTER_BEGIN_DATE}" --add-comment
+
   validate-backports-enterprise:
-    container: hashicorpdev/backport-assistant:claire-dev
-    runs-on: [ 'ubuntu-latest' ]
+    container: hashicorpdev/backport-assistant:0.4.4
+    runs-on: [ 'self-hosted, linux' ]
     # needs to run serially because github search api limits to 30 req/minute.
     # running in parallel will push it over the limit.
     needs:
       - validate-backports-oss
-      - get-go-version
-    if: ${{ always() }}
     steps:
+      - name: Fetch Secrets
+        id: secrets
+        uses: hashicorp/vault-action@v3
+        with:
+          url: ${{ vars.CI_VAULT_URL }}
+          method: ${{ vars.CI_VAULT_METHOD }}
+          path: ${{ vars.CI_VAULT_PATH }}
+          jwtGithubAudience: ${{ vars.CI_VAULT_AUD }}
+          secrets:
+            kv/data/github/${{ github.repository }} github_token ;
+
       - name: backport commenter
         env:
-          # this allows us to be able to run the workflow manually and input the versions and begin date
-          # and also allows us to use the repository environment variables as well if we were to run the workflow on a schedule.
-          # NOTE: The repository variables override the inputs if they are set. If you are using the workflow_dispatch, ensure
-          # you are unsetting the repository variables if you want to use the inputs.
-          # TODO(jmurret): Remove this before we merge this PR.
-          BEGIN_DATE: "2024-03-26" # "${{ github.event.inputs.begin-date || vars.BEGIN_DATE }}"
-          VERSIONS: "1.15,1.16,1.17,1.18,1.19" #"${{ github.event.inputs.versions || vars.VERSIONS }}"
           OWNER: hashicorp
           REPO: consul-enterprise
+          GITHUB_TOKEN: ${{ steps.secrets.outputs.github_token }}
         run: |
           backport-assistant validate \
-            --owner ${{ env.OWNER }} --repo ${{ env.REPO }} --versions "${{ env.VERSIONS }}" \
-            --begin-date ${{ env.BEGIN_DATE }} --add-comment
\ No newline at end of file
+            --owner "${OWNER}" --repo ${REPO} --versions ${BPA_COMMENTER_VERSIONS} \
+            --begin-date ${BPA_COMMENTER_BEGIN_DATE} --add-comment
\ No newline at end of file