run workbench #84
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: run workbench | |
on: | |
workflow_dispatch: | |
inputs: | |
url: | |
description: URL to Google Sheet | |
required: true | |
type: string | |
range: | |
description: Which sheet to download | |
required: true | |
type: string | |
default: "Sheet1" | |
jobs: | |
run: | |
# 3d max execution time | |
timeout-minutes: 4320 | |
env: | |
SHARED_SECRET: ${{ secrets.FABRICATOR_SHARED_SECRET }} | |
FABRICATOR_DATA_MOUNT: /mnt/islandora_staging | |
runs-on: self-hosted | |
permissions: | |
contents: read | |
id-token: write | |
concurrency: | |
group: "workbench-executions" | |
cancel-in-progress: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Validate input | |
run: ./scripts/validate.sh | |
env: | |
URL: ${{ github.event.inputs.url }} | |
RANGE: ${{ github.event.inputs.range }} | |
- id: 'auth_ro' | |
name: 'Authenticate to Google Cloud (read only)' | |
uses: 'google-github-actions/auth@v1' | |
with: | |
workload_identity_provider: ${{ secrets.WORKBENCH_GCLOUD_OIDC_POOL }} | |
create_credentials_file: true | |
service_account: ${{ secrets.WORKBENCH_GSA }} | |
token_format: 'access_token' | |
access_token_scopes: "https://www.googleapis.com/auth/spreadsheets.readonly" | |
- name: Get Job ID from GH API | |
id: get-job-id | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
jobs=$(gh api repos/${{ github.repository }}/actions/runs/${{ github.run_id}}/attempts/${{ github.run_attempt }}/jobs) | |
job_id=$(echo $jobs | jq -r '.jobs[] | select(.runner_name=="${{ runner.name }}") | .id') | |
echo "job_id=$job_id" >> $GITHUB_OUTPUT | |
- name: query google | |
run: ./scripts/download.sh | |
env: | |
URL: ${{ github.event.inputs.url }} | |
RANGE: ${{ github.event.inputs.range }} | |
ACCESS_TOKEN: ${{ steps.auth_ro.outputs.access_token }} | |
- name: Notify Slack on Start | |
run: ./scripts/slack.sh | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
MESSAGE: | | |
${{ github.actor }} started workbench ingest for __TITLE__ | |
Items being ingested: __LINE_COUNT__ | |
Google Sheet: __URL__ | |
Workbench execution log: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/job/${{ steps.get-job-id.outputs.job_id }}#step:10:1 | |
URL: ${{ github.event.inputs.url }} | |
- name: transform google sheet | |
run: ./scripts/transform.sh | |
env: | |
URL: ${{ github.event.inputs.url }} | |
RANGE: ${{ github.event.inputs.range }} | |
ACCESS_TOKEN: ${{ steps.auth_ro.outputs.access_token }} | |
- name: Checkout workbench | |
uses: actions/checkout@v4 | |
with: | |
repository: lehigh-university-libraries/islandora_workbench | |
ref: simple-field-json | |
path: islandora_workbench | |
- name: execute | |
working-directory: islandora_workbench | |
run: ../scripts/run-workbench.sh | |
env: | |
ISLANDORA_WORKBENCH_PASSWORD: ${{ secrets.ISLANDORA_WORKBENCH_PASSWORD }} | |
- id: 'auth_rw' | |
name: 'Authenticate to Google Cloud (read+write)' | |
uses: 'google-github-actions/auth@v1' | |
with: | |
workload_identity_provider: ${{ secrets.WORKBENCH_GCLOUD_OIDC_POOL }} | |
create_credentials_file: true | |
service_account: ${{ secrets.WORKBENCH_GSA }} | |
token_format: 'access_token' | |
access_token_scopes: "https://www.googleapis.com/auth/spreadsheets" | |
- name: add node IDs to sheet | |
run: ./scripts/insert-nids.sh | |
env: | |
URL: ${{ github.event.inputs.url }} | |
ACCESS_TOKEN: ${{ steps.auth_rw.outputs.access_token }} | |
- name: Notify Slack on Success | |
if: ${{ success() }} | |
run: ./scripts/slack.sh | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
MESSAGE: "✅ Workbench job succeeded!" | |
- name: Notify Slack on Failure | |
if: ${{ failure() }} | |
run: ./scripts/slack.sh | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
MESSAGE: "🚨 Workbench job failed!" |