Use action for GHA diffcalc workflow permissions check

.github/workflows/diffcalc.yml

@@ -14,8 +14,8 @@
 #
 # The workflow can be run in two ways:
 # 1. Via workflow dispatch.
-# 2. By an owner of the repository posting a pull request or issue comment containing `!diffcalc`.  
-# For pull requests, the workflow will assume the pull request as the target to compare against (i.e. the `OSU_B` variable).  
+# 2. By an owner of the repository posting a pull request or issue comment containing `!diffcalc`.
+# For pull requests, the workflow will assume the pull request as the target to compare against (i.e. the `OSU_B` variable).
 # Any lines in the comment of the form `KEY=VALUE` are treated as variables for the generator.
 #
 # ## Google Service Account
@@ -104,21 +104,22 @@ env:
   COMMENT_TAG: execution-${{ github.run_id }}-${{ github.run_number }}-${{ github.run_attempt }}
 
 jobs:
-  wait-for-queue:
-    name: "Wait for previous workflows"
+  check-permissions:
+    name: Check permissions
     runs-on: ubuntu-latest
-    if: ${{ !cancelled() && (github.event_name == 'workflow_dispatch' || contains(github.event.comment.body, '!diffcalc') && github.event.comment.author_association == 'OWNER') }}
-    timeout-minutes: 50400 # 35 days, the maximum for jobs.
+    if: ${{ github.event_name == 'workflow_dispatch' || contains(github.event.comment.body, '!diffcalc') }}
     steps:
-      - uses: ahmadnassri/action-workflow-queue@v1
+      - name: Check permissions
+        if: ${{ github.event_name != 'workflow_dispatch' }}
+        uses: actions-cool/check-user-permission@v2
         with:
-          timeout: 2147483647 # Around 24 days, maximum supported.
-          delay: 120000 # Poll every 2 minutes. API seems fairly low on this one.
+          require: 'write'
 
   create-comment:
     name: Create PR comment
+    needs: check-permissions
     runs-on: ubuntu-latest
-    if: ${{ github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '!diffcalc') && github.event.comment.author_association == 'OWNER' }}
+    if: ${{ github.event_name == 'issue_comment' && github.event.issue.pull_request }}
     steps:
       - name: Create comment
         uses: thollander/actions-comment-pull-request@v2
@@ -129,11 +130,21 @@ jobs:
 
             *This comment will update on completion*
 
+  wait-for-queue:
+    name: "Wait for previous workflows"
+    needs: check-permissions
+    runs-on: ubuntu-latest
+    timeout-minutes: 50400 # 35 days, the maximum for jobs.
+    steps:
+      - uses: ahmadnassri/action-workflow-queue@v1
+        with:
+          timeout: 2147483647 # Around 24 days, maximum supported.
+          delay: 120000 # Poll every 2 minutes. API seems fairly low on this one.
+
   directory:
     name: Prepare directory
     needs: wait-for-queue
     runs-on: self-hosted
-    if: ${{ !cancelled() && (github.event_name == 'workflow_dispatch' || contains(github.event.comment.body, '!diffcalc') && github.event.comment.author_association == 'OWNER') }}
     outputs:
       GENERATOR_DIR: ${{ steps.set-outputs.outputs.GENERATOR_DIR }}
       GENERATOR_ENV: ${{ steps.set-outputs.outputs.GENERATOR_ENV }}
@@ -159,7 +170,6 @@ jobs:
     name: Setup environment
     needs: directory
     runs-on: self-hosted
-    if: ${{ !cancelled() && needs.directory.result == 'success' }}
     env:
       VARS_JSON: ${{ toJSON(vars) }}
     steps:
@@ -239,7 +249,6 @@ jobs:
     name: Setup scores
     needs: [ directory, environment ]
     runs-on: self-hosted
-    if: ${{ !cancelled() && needs.environment.result == 'success' }}
     steps:
       - name: Query latest data
         id: query
@@ -272,7 +281,6 @@ jobs:
     name: Setup beatmaps
     needs: directory
     runs-on: self-hosted
-    if: ${{ !cancelled() && needs.directory.result == 'success' }}
     steps:
       - name: Query latest data
         id: query
@@ -305,7 +313,6 @@ jobs:
     needs: [ directory, environment, scores, beatmaps ]
     runs-on: self-hosted
     timeout-minutes: 720
-    if: ${{ !cancelled() && needs.scores.result == 'success' && needs.beatmaps.result == 'success' }}
     outputs:
       TARGET: ${{ steps.run.outputs.TARGET }}
       SPREADSHEET_LINK: ${{ steps.run.outputs.SPREADSHEET_LINK }}
@@ -331,17 +338,21 @@ jobs:
           cd "${{ needs.directory.outputs.GENERATOR_DIR }}"
           docker-compose down
 
+  output-cli:
+    name: Output info
+    needs: generator
+    runs-on: ubuntu-latest
+    steps:
       - name: Output info
-        if: ${{ success() }}
         run: |
-          echo "Target: ${{ steps.run.outputs.TARGET }}"
-          echo "Spreadsheet: ${{ steps.run.outputs.SPREADSHEET_LINK }}"
+          echo "Target: ${{ needs.generator.outputs.TARGET }}"
+          echo "Spreadsheet: ${{ needs.generator.outputs.SPREADSHEET_LINK }}"
 
   update-comment:
     name: Update PR comment
     needs: [ create-comment, generator ]
     runs-on: ubuntu-latest
-    if: ${{ github.event_name == 'issue_comment' && github.event.issue.pull_request && contains(github.event.comment.body, '!diffcalc') && github.event.comment.author_association == 'OWNER' }}
+    if: ${{ needs.create-comment.result == 'success' }}
     steps:
       - name: Update comment on success
         if: ${{ needs.generator.result == 'success' }}