add config-update workflow and update_admin_access script

The config-update workflow runs one of the scripts in bin/config_update, commits and PRs the config changes if there are any, and auto-merges that PR if it passes checks.
The workflow can be triggered from op-admin-dashboard given that it has credentials to trigger workflows (which are provided through a Github app: https://github.com/settings/apps/op-config-updates)
Currently, this works to add/remove admin users from the admin_access list:
e-mission/op-admin-dashboard#167 (comment)

Tested end-to-end from admin dash:
e-mission/op-admin-dashboard#168

Author: JGreenlee

.github/workflows/config-update.yml

@@ -0,0 +1,73 @@
+name: Update Deployment Config
+
+on:
+  workflow_dispatch:
+    inputs:
+      deployment:
+        required: true
+        type: string
+        description: Name of the deployment to update config for (e.g. nrel-commute)
+      user_email:
+        required: true
+        type: string
+        description: Email of the user triggering the workflow
+      script_name:
+        required: true
+        type: choice
+        options:
+          - update_admin_access
+      script_args:
+        required: false
+        type: string
+        description: Additional arguments for the script (space-separated)
+      token:
+        required: false
+        type: string
+        description: GitHub token for authentication. If not provided, the workflow will use the default token.
+
+env:
+  GITHUB_TOKEN: ${{ inputs.token || secrets.GITHUB_TOKEN }}
+
+jobs:
+  update_config:
+    runs-on: ubuntu-latest
+
+    outputs:
+      PR_URL: ${{ steps.commit_and_pr.outputs.PR_URL }}
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+
+      - name: Create update branch
+        id: create_branch
+        run: |
+          BRANCH_NAME="config-update-${{ github.event.inputs.script_name }}-${{ github.run_id }}"
+          git checkout -b $BRANCH_NAME
+          echo "BRANCH_NAME=$BRANCH_NAME" >> "$GITHUB_OUTPUT"
+
+      - name: Run config update script
+        run: |
+          python bin/config_update/${{ inputs.script_name }}.py ${{ inputs.deployment }} ${{ inputs.script_args }}
+
+      - name: Commit and PR changes if needed
+        id: commit_and_pr
+        run: |
+          git config user.name "GitHub Actions"
+          git config user.email "actions@github.com"
+          git add .
+          git commit \
+            -m "[${{ inputs.deployment }}] ${{ inputs.script_name }}" \
+            -m "Updated [${{ inputs.deployment }}] configuration using \`${{ inputs.script_name }}\` with args \`${{ inputs.script_args }}\`" \
+            -m "This commit was generated by the \`config-update\` workflow: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+            -m "Triggered by admin user: ${{ inputs.user_email }}"
+          git push --set-upstream origin ${{ steps.create_branch.outputs.BRANCH_NAME }}
+          echo "Creating PR..."
+          PR_URL=$(gh pr create --base main --head ${{ steps.create_branch.outputs.BRANCH_NAME }} --fill)
+          GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} gh pr merge "$PR_URL" --auto --squash
+          echo "PR created and will merge if checks pass: $PR_URL"

.gitignore

@@ -1,2 +1,4 @@
 .DS_Store
 .vscode/settings.json
+.env
+__pycache__

bin/config_update/_util.py

@@ -0,0 +1,23 @@
+import os
+import sys
+import json
+
+
+def read_config(deployment):
+    config_file_path = f'configs/{deployment}.nrel-op.json'
+    if not os.path.exists(config_file_path):
+        print(f"There is no deployment called {deployment} - no changes made.")
+        sys.exit(1)
+    with open(config_file_path, 'r', encoding='utf-8') as f:
+        return json.load(f)
+
+
+def update_config(deployment, new_config, msg):
+    config_file_path = f'configs/{deployment}.nrel-op.json'
+    if new_config and msg:
+        with open(config_file_path, 'w', encoding='utf-8') as f:
+            json.dump(new_config, f, indent=4, ensure_ascii=False)
+            f.write("\n")
+        print(f"Updated {config_file_path} with new config.")
+    else:
+        print("No changes made.")

bin/config_update/update_admin_access.py

@@ -0,0 +1,64 @@
+"""
+Add or remove admin email addresses from admin_dashboard.admin_access
+"""
+
+import sys
+import argparse
+import re
+
+from _util import read_config, update_config
+
+
+def add_admin_email(config, email):
+    if not re.match(r'^[\w\.-]+@[\w\.-]+\.\w{2,}$', email):
+        print(f"{email} is an invalid email format - no changes made.")
+        sys.exit(1)
+    
+    if email not in config.get('admin_dashboard', {}).get('admin_access', []):
+        if 'admin_dashboard' not in config:
+            config['admin_dashboard'] = {}
+        if 'admin_access' not in config['admin_dashboard']:
+            config['admin_dashboard']['admin_access'] = []
+        config['admin_dashboard']['admin_access'].append(email)
+        print(f"Added {email} to the admin_access list.")
+    else:
+        print(f"{email} is already an admin - no changes made.")
+        return
+
+    return config
+
+
+def remove_admin_email(config, email):
+    if email in config.get('admin_dashboard', {}).get('admin_access', []):
+        config['admin_dashboard']['admin_access'].remove(email)
+    else:
+        print(f"{email} is not an admin - no changes made.")
+        return
+
+    return config
+
+
+def update_admin_access(config, action, email):
+    new_config = None
+    if action == 'add':
+        new_config = add_admin_email(config, email)
+    elif action == 'remove':
+        new_config = remove_admin_email(config, email)
+
+    return new_config
+
+
+if __name__ == '__main__':
+    parser = argparse.ArgumentParser()
+    parser.add_argument('deployment', type=str)
+    parser.add_argument('action', type=str, help='Action to perform (add/remove)')
+    parser.add_argument('email', type=str, help='Email address to add/remove')
+    args = parser.parse_args()
+
+    config = read_config(args.deployment)
+    new_config = update_admin_access(config, args.action, args.email)
+    if new_config:
+        msg = f"update admin_access\n\n - {args.action} {args.email}"
+        update_config(args.deployment, new_config, msg)
+    else:
+        print("No changes made.")