From 9b2902ef8b485742ad835846471a5b9c5b56869d Mon Sep 17 00:00:00 2001
From: hc-github-team-secure-vault-core
 <82990506+hc-github-team-secure-vault-core@users.noreply.github.com>
Date: Fri, 21 Apr 2023 11:25:55 -0400
Subject: [PATCH] backport of commit 166f270613356dea2d1d40d786cb6ea4c7b8b51a
 (#20292)

Co-authored-by: Jaymala <jaymala@hashicorp.com>
---
 .github/scripts/verify_changes.sh | 32 ++++++++++++++++++++++++++++
 .github/workflows/build.yml       | 35 ++++++++++++++++++-------------
 2 files changed, 53 insertions(+), 14 deletions(-)
 create mode 100755 .github/scripts/verify_changes.sh

diff --git a/.github/scripts/verify_changes.sh b/.github/scripts/verify_changes.sh
new file mode 100755
index 000000000000..49ee7d6786c3
--- /dev/null
+++ b/.github/scripts/verify_changes.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+#  This script validates if the git diff contains on docs changes
+
+event_type=$1 # GH event type (pull_request)
+ref_name=$2 # branch reference that triggered the workflow
+head_ref=$3 # PR branch head ref
+base_ref=$4 # PR branch base ref
+
+changed_dir=""
+
+if [[ "$event_type" == "pull_request" ]]; then
+  git fetch --no-tags --prune origin $head_ref
+  git fetch --no-tags --prune origin $base_ref
+  head_commit="origin/$head_ref"
+  prev_commit="origin/$base_ref"
+else
+  git fetch --no-tags --prune origin $ref_name
+  head_commit=$(git log origin/$ref_name --oneline | head -1 | awk '{print $1}')
+  prev_commit=$(git log origin/$ref_name --oneline | head -2 | awk 'NR==2 {print $1}')
+fi
+
+change_count=$(git diff $head_commit..$prev_commit --name-only | awk -F"/" '{ print $1}' | uniq | wc -l)
+
+if [[ $change_count -eq 1 ]]; then
+  changed_dir=$(git diff $head_commit..$prev_commit --name-only | awk -F"/" '{ print $1}' | uniq)
+fi
+
+if [[ "$changed_dir" == "website" ]]; then
+  echo "is_docs_change=true" >> "$GITHUB_OUTPUT"
+else
+  echo "is_docs_change=false" >> "$GITHUB_OUTPUT"
+fi
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 247a8d2abfe3..406b6debf85b 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,8 +10,29 @@ on:
       - release/**
 
 jobs:
+  # verify-changes determines if the changes are only for docs (website)
+  verify-changes:
+    runs-on: ubuntu-latest
+    outputs:
+      is_docs_change: ${{ steps.get-changeddir.outputs.is_docs_change }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Get changed directories
+        id: get-changeddir
+        env:
+          TYPE: ${{ github.event_name }}
+          REF_NAME: ${{ github.ref_name }}
+          HEAD_REF: ${{ github.head_ref }}
+          BASE: ${{ github.base_ref }}
+        run: ./.github/scripts/verify_changes.sh ${{ env.TYPE }} ${{ env.REF_NAME }} ${{ env.HEAD_REF }} ${{ env.BASE }}
+
   product-metadata:
+    # do not run build and test steps for docs changes
+    # Following https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/troubleshooting-required-status-checks#handling-skipped-but-required-checks
+    # we conditionally skip the build and tests for docs(website) changes
+    if: ${{ needs.verify-changes.outputs.is_docs_change == 'false' }}
     runs-on: ubuntu-latest
+    needs: verify-changes
     outputs:
       build-date: ${{ steps.get-metadata.outputs.build-date }}
       filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
@@ -155,13 +176,6 @@ jobs:
 
   test:
     name: Test ${{ matrix.build-artifact-name }}
-    # Only run the Enos workflow against branches that are created from the
-    # hashicorp/vault repository. This has the effect of limiting execution of
-    # Enos scenarios to branches that originate from authors that have write
-    # access to hashicorp/vault repository. This is required as Github Actions
-    # will not populate the required secrets for branches created by outside
-    # contributors in order to protect the secrets integrity.
-    if: "! github.event.pull_request.head.repo.fork"
     needs:
       - product-metadata
       - build-linux
@@ -185,13 +199,6 @@ jobs:
 
   test-docker-k8s:
     name: Test Docker K8s
-    # Only run the Enos workflow against branches that are created from the
-    # hashicorp/vault repository. This has the effect of limiting execution of
-    # Enos scenarios to branches that originate from authors that have write
-    # access to hashicorp/vault repository. This is required as Github Actions
-    # will not populate the required secrets for branches created by outside
-    # contributors in order to protect the secrets integrity.
-    if: "! github.event.pull_request.head.repo.fork"
     needs:
       - product-metadata
       - build-docker