restructure how we check authed users

broadinstitute · Jan 14, 2025 · 46e64bb · 46e64bb
1 parent 6afef86
commit 46e64bb
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 17 deletions.
diff --git a/.github/workflows/authorized_users.yml b/.github/workflows/authorized_users.yml
@@ -10,6 +10,8 @@ on:
 jobs:
   check-authorization:
     runs-on: ubuntu-latest
+    outputs:
+      approved: ${{ steps.gatekeeper.outputs.approved }}
     steps:
       - name: Check if user is approved
         id: gatekeeper
@@ -23,32 +25,19 @@ jobs:
           # Check if the user is in the allowlist
           if [[ " ${APPROVED_USERS[@]} " =~ " ${GITHUB_ACTOR} " ]]; then
             echo "User ${GITHUB_ACTOR} is approved."
-            echo "::set-output name=approved::true"
+            echo "approved=true" >> $GITHUB_ENV
           else
             echo "User ${GITHUB_ACTOR} is not approved."
-            echo "::set-output name=approved::false"
+            echo "approved=false" >> $GITHUB_ENV
           fi
 
       - name: Fail if not approved
-        if: steps.gatekeeper.outputs.approved == 'false'
+        if: ${{ env.approved == 'false' }}
         run: |
           echo "This workflow is restricted. Approval required."
           exit 1
 
       - name: Continue workflow if approved
-        if: steps.gatekeeper.outputs.approved == 'true'
+        if: ${{ env.approved == 'true' }}
         run: |
           echo "Proceeding with the workflow for approved user: ${GITHUB_ACTOR}"
-
-      - name: Trigger Test Illumina Genotyping Array Workflow
-        if: steps.gatekeeper.outputs.approved == 'true'
-        run: |
-          curl -X POST \
-            -H "Accept: application/vnd.github+json" \
-            -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-            https://api.github.com/repos/${{ github.repository }}/actions/workflows/test_illumina_genotyping_array.yml/dispatches \
-            -d '{
-              "ref": "np_jw_test_illumina_genotyping_arrays"
-            }'
-          #echo repsonse
-            echo "Response: $?"
diff --git a/.github/workflows/test_illumina_genotyping_array.yml b/.github/workflows/test_illumina_genotyping_array.yml
@@ -64,6 +64,21 @@ env:
 
 
 jobs:
+  check-authorization:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Trigger Authorized Users Workflow
+        id: authorized_check
+        uses: ./.github/workflows/authorized_users.yml
+
+      - name: Fail if authorization fails
+        if: steps.authorized_check.outputs.approved == 'false'
+        run: |
+          echo "This workflow is restricted. User is not authorized."
+          exit 1
   TestIlluminaGenotypingArray:
     runs-on: ubuntu-latest
     # Add "id-token" with the intended permissions.