From 22e88e451a6c1eda77e70fefc89ab3df97e5a6d9 Mon Sep 17 00:00:00 2001
From: Sangjoon Bob Lee <bobleesj@gmail.com>
Date: Wed, 23 Oct 2024 11:06:12 -0400
Subject: [PATCH] Separate tag and user privillege

---
 .../workflows/_build-wheel-release-upload.yml | 31 ++----------------
 .../_release_tag_privilege_check.yml          | 32 +++++++++++++++++++
 2 files changed, 35 insertions(+), 28 deletions(-)
 create mode 100644 .github/workflows/_release_tag_privilege_check.yml

diff --git a/.github/workflows/_build-wheel-release-upload.yml b/.github/workflows/_build-wheel-release-upload.yml
index 6d7c536..1d91ae2 100644
--- a/.github/workflows/_build-wheel-release-upload.yml
+++ b/.github/workflows/_build-wheel-release-upload.yml
@@ -17,36 +17,11 @@ on:
         required: true
 
 jobs:
-  tag-check:
-    runs-on: ubuntu-latest
-    outputs:
-      tag_valid: ${{ steps.tag-check.outputs.tag_valid }}
-    steps:
-      - name: Extract and validate tag for (pre)-release
-        id: tag-check
-        run: |
-          TAG_NAME=${GITHUB_REF#refs/tags/}
-
-          # Check if the tag matches the pattern, e.g. 3.1.32 or 0.1.3rc0
-          if [[ "$TAG_NAME" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$TAG_NAME" =~ ^[0-9]+\.[0-9]+\.[0-9]+rc[0-9]+$ ]]; then
-            echo "tag_valid=true" >> $GITHUB_OUTPUT
-          fi
+  tag-privilege-check:
+    uses: bobleesj/release-scripts/.github/workflows/_build-wheel-release-upload.yml@{{ VERSION/v0 }}
 
-  privilege-check:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check user role
-        # FIXME: Replace sbillinge to bobleesj
-        run: |
-          if [ "${{ github.actor }}" != "bobleesj" ]; then
-            echo "Error: Unauthorized user"
-            exit 1
-          fi
-          echo "User sbillinge is allowed to run this workflow."
-        
   build-package:
-    needs: [tag-check, privilege-check]
-    if: needs.tag-check.outputs.tag_valid == 'true'
+    needs: [tag-privilege-check]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/_release_tag_privilege_check.yml b/.github/workflows/_release_tag_privilege_check.yml
new file mode 100644
index 0000000..d5809dc
--- /dev/null
+++ b/.github/workflows/_release_tag_privilege_check.yml
@@ -0,0 +1,32 @@
+name: Check release tag and user privilege for release
+
+on:
+  workflow_call:
+
+jobs:
+  tag-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Extract and validate tag for (pre)-release
+        id: tag-check
+        # Check if the tag matches the pattern, e.g. 3.1.32 or 0.1.3rc0
+        run: |
+          TAG_NAME=${GITHUB_REF#refs/tags/}
+          if [[ "$TAG_NAME" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$TAG_NAME" =~ ^[0-9]+\.[0-9]+\.[0-9]+rc[0-9]+$ ]]; then
+            echo "Valid tag: $TAG_NAME"
+          else
+            echo "Invalid tag: $TAG_NAME"
+            exit 1
+          fi
+
+  privilege-check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check user role
+        # FIXME: Replace sbillinge to bobleesj
+        run: |
+          if [ "${{ github.actor }}" != "bobleesj" ]; then
+            echo "Error: Unauthorized user"
+            exit 1
+          fi
+          echo "User sbillinge is allowed to run this workflow."