fix auth for inst groups not in our infos (#81)

* fix auth for inst groups not in our infos * bump ci * <bot> update dependencies*.log files(s) * update gitignore (pycharm) * refactor for clarity * add log message for missing inst * don't add insts without mous to user list --------- Co-authored-by: ric-evans <emejqz@gmail.com> Co-authored-by: github-actions <github-actions@github.com>
WIPACrepo · Mar 20, 2024 · 0a42106 · 0a42106
1 parent fbd96c3
commit 0a42106
Show file tree

Hide file tree

Showing 9 changed files with 303 additions and 257 deletions.
diff --git a/.github/workflows/wipac-cicd.yml b/.github/workflows/wipac-cicd.yml
@@ -16,7 +16,12 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - id: versions
-        uses: WIPACrepo/wipac-dev-py-versions-action@v2.1
+        uses: WIPACrepo/wipac-dev-py-versions-action@v2.2
+
+
+  #############################################################################
+  # LINTERS
+  #############################################################################
 
 
   flake8:
@@ -42,30 +47,63 @@ jobs:
       - uses: WIPACrepo/wipac-dev-mypy-action@v2.0
 
 
+  #############################################################################
+  # PACKAGING
+  #############################################################################
+
+
+  writable-branch-detect:
+    runs-on: ubuntu-latest
+    outputs:
+      OKAY: ${{ steps.detect.outputs.OKAY }}
+    steps:
+      - name: is this a non-dependabot branch?
+        id: detect
+        # dependabot can't access normal secrets
+        #   & don't run non-branch triggers (like tags)
+        #   & we don't want to trigger an update on PR's merge to main/master/default (which is a branch)
+        run: |
+          if [[ \
+              ${{github.actor}} != 'dependabot[bot]' && \
+              ${{github.ref_type}} == 'branch' && \
+              ${{format('refs/heads/{0}', github.event.repository.default_branch)}} != ${{github.ref}} \
+          ]]; then
+            echo "OKAY=true" >> "$GITHUB_OUTPUT"
+            echo "yes, this branch is compatible"
+          else
+            echo "OKAY=false" >> "$GITHUB_OUTPUT"
+            echo "no, this branch is incompatible"
+          fi
+
   py-setup:
+    needs: [ writable-branch-detect ]
     runs-on: ubuntu-latest
     steps:
-      # dependabot can't access normal secrets
-      #   & don't run non-branch triggers (like tags)
-      #   & we don't want to trigger an update on PR's merge to main/master/default (which is a branch)
-      # IOW: only for non-dependabot branches
-      - if: |
-          github.actor != 'dependabot[bot]' &&
-          github.ref_type == 'branch' &&
-          format('refs/heads/{0}', github.event.repository.default_branch) != github.ref
-        name: checkout (only for non-dependabot non-default branches)
+      - if: needs.writable-branch-detect.outputs.OKAY == 'true'
         uses: actions/checkout@v3
         with:
           token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-      - if: |
-          github.actor != 'dependabot[bot]' &&
-          github.ref_type == 'branch' &&
-          format('refs/heads/{0}', github.event.repository.default_branch) != github.ref
-        name: wipac-dev-py-setup-action (only for non-dependabot non-default branches)
-        uses: WIPACrepo/wipac-dev-py-setup-action@v2.9
+      - if: needs.writable-branch-detect.outputs.OKAY == 'true'
+        uses: WIPACrepo/wipac-dev-py-setup-action@v3.1
         with:
           base-keywords: WIPAC IceCube
 
+  py-dependencies:
+    needs: [ writable-branch-detect ]
+    runs-on: ubuntu-latest
+    steps:
+      - if: needs.writable-branch-detect.outputs.OKAY == 'true'
+        uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+      - if: needs.writable-branch-detect.outputs.OKAY == 'true'
+        uses: WIPACrepo/wipac-dev-py-dependencies-action@v1.1
+
+
+  #############################################################################
+  # TESTS
+  #############################################################################
+
 
   unit-tests:
     needs: [py-versions]
@@ -217,10 +255,15 @@ jobs:
           docker logs "${{ job.services.mongo.id }}" || true
 
 
+  #############################################################################
+  # GITHUB RELEASE
+  #############################################################################
+
+
   release:
     # only run on main/master/default
     if: format('refs/heads/{0}', github.event.repository.default_branch) == github.ref
-    needs: [flake8, mypy, py-setup, unit-tests, integration-tests]
+    needs: [flake8, mypy, py-setup, py-dependencies, unit-tests, integration-tests]
     runs-on: ubuntu-latest
     concurrency: release
     steps:

diff --git a/.gitignore b/.gitignore
@@ -141,4 +141,6 @@ client_secrets.json
 # wipac-dev-py-setup-action
 !dependencies*.log
 
-*secret\.json
+*secret\.json
+
+.idea