-
Notifications
You must be signed in to change notification settings - Fork 1
126 lines (110 loc) · 4.33 KB
/
run.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
name: run workbench
on:
workflow_dispatch:
inputs:
url:
description: URL to Google Sheet
required: true
type: string
range:
description: Which sheet to download
required: true
type: string
default: "Sheet1"
jobs:
run:
# 3d max execution time
timeout-minutes: 4320
env:
SHARED_SECRET: ${{ secrets.FABRICATOR_SHARED_SECRET }}
FABRICATOR_DATA_MOUNT: /mnt/islandora_staging
runs-on: self-hosted
permissions:
contents: read
id-token: write
concurrency:
group: "workbench-executions"
cancel-in-progress: false
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- name: Validate input
run: ./scripts/validate.sh
env:
URL: ${{ github.event.inputs.url }}
RANGE: ${{ github.event.inputs.range }}
- id: 'auth_ro'
name: 'Authenticate to Google Cloud (read only)'
uses: 'google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f' # v2
with:
workload_identity_provider: ${{ secrets.WORKBENCH_GCLOUD_OIDC_POOL }}
create_credentials_file: true
service_account: ${{ secrets.WORKBENCH_GSA }}
token_format: 'access_token'
access_token_scopes: "https://www.googleapis.com/auth/spreadsheets.readonly"
- name: Get Job ID from GH API
id: get-job-id
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
jobs=$(gh api repos/${{ github.repository }}/actions/runs/${{ github.run_id}}/attempts/${{ github.run_attempt }}/jobs)
job_id=$(echo $jobs | jq -r '.jobs[] | select(.runner_name=="${{ runner.name }}") | .id')
echo "job_id=$job_id" >> $GITHUB_OUTPUT
- name: query google
run: ./scripts/download.sh
env:
URL: ${{ github.event.inputs.url }}
RANGE: ${{ github.event.inputs.range }}
ACCESS_TOKEN: ${{ steps.auth_ro.outputs.access_token }}
- name: Notify Slack on Start
run: ./scripts/slack.sh
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
MESSAGE: |
${{ github.actor }} started workbench ingest for __TITLE__
Items being ingested: __LINE_COUNT__
Google Sheet: __URL__
Workbench execution log: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/job/${{ steps.get-job-id.outputs.job_id }}#step:10:1
URL: ${{ github.event.inputs.url }}
- name: transform google sheet
run: ./scripts/transform.sh
env:
URL: ${{ github.event.inputs.url }}
RANGE: ${{ github.event.inputs.range }}
ACCESS_TOKEN: ${{ steps.auth_ro.outputs.access_token }}
- name: Checkout workbench
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
repository: lehigh-university-libraries/islandora_workbench
ref: simple-field-json
path: islandora_workbench
- name: execute
working-directory: islandora_workbench
run: ../scripts/run-workbench.sh
env:
ISLANDORA_WORKBENCH_PASSWORD: ${{ secrets.ISLANDORA_WORKBENCH_PASSWORD }}
- id: 'auth_rw'
name: 'Authenticate to Google Cloud (read+write)'
uses: 'google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f' # v2
with:
workload_identity_provider: ${{ secrets.WORKBENCH_GCLOUD_OIDC_POOL }}
create_credentials_file: true
service_account: ${{ secrets.WORKBENCH_GSA }}
token_format: 'access_token'
access_token_scopes: "https://www.googleapis.com/auth/spreadsheets"
- name: add node IDs to sheet
run: ./scripts/insert-nids.sh
env:
URL: ${{ github.event.inputs.url }}
ACCESS_TOKEN: ${{ steps.auth_rw.outputs.access_token }}
- name: Notify Slack on Success
if: ${{ success() }}
run: ./scripts/slack.sh
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
MESSAGE: "✅ Workbench job succeeded!"
- name: Notify Slack on Failure
if: ${{ failure() }}
run: ./scripts/slack.sh
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
MESSAGE: "🚨 Workbench job failed!"