run workbench #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: run workbench | |
on: | |
workflow_dispatch: | |
inputs: | |
url: | |
description: URL to Google Sheet | |
required: true | |
type: string | |
range: | |
description: Which sheet to download | |
required: true | |
type: string | |
default: "Sheet1" | |
jobs: | |
run: | |
# 3d max execution time | |
timeout-minutes: 4320 | |
env: | |
SHARED_SECRET: abc123 | |
runs-on: self-hosted | |
permissions: | |
contents: read | |
id-token: write | |
concurrency: | |
group: "workbench-executions" | |
cancel-in-progress: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Validate input | |
run: ./scripts/validate.sh | |
env: | |
URL: ${{ github.event.inputs.url }} | |
RANGE: ${{ github.event.inputs.range }} | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: '>=1.23.3' | |
- name: Install dependencies | |
run: go get . | |
- name: Build | |
run: go build -o fabricator | |
- id: 'auth' | |
name: 'Authenticate to Google Cloud' | |
uses: 'google-github-actions/auth@v1' | |
with: | |
workload_identity_provider: ${{ secrets.WORKBENCH_GCLOUD_OIDC_POOL }} | |
create_credentials_file: true | |
service_account: ${{ secrets.WORKBENCH_GSA }} | |
token_format: 'access_token' | |
access_token_scopes: "https://www.googleapis.com/auth/spreadsheets.readonly" | |
- name: Get Job ID from GH API | |
id: get-job-id | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
jobs=$(gh api repos/${{ github.repository }}/actions/runs/${{ github.run_id}}/attempts/${{ github.run_attempt }}/jobs) | |
job_id=$(echo $jobs | jq -r '.jobs[] | select(.runner_name=="${{ runner.name }}") | .id') | |
echo "job_id=$job_id" >> $GITHUB_OUTPUT | |
- name: query google | |
run: ./scripts/download.sh | |
env: | |
URL: ${{ github.event.inputs.url }} | |
RANGE: ${{ github.event.inputs.range }} | |
ACCESS_TOKEN: ${{ steps.auth.outputs.access_token }} | |
- name: Notify Slack on Start | |
run: ./scripts/slack.sh | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
MESSAGE: | | |
${{ github.actor }} started workbench ingest for __TITLE__ | |
Items being ingested: __LINE_COUNT__ | |
Google Sheet: __URL__ | |
Workbench execution log: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}/job/${{ steps.get-job-id.outputs.job_id }}#step:12:1 | |
URL: ${{ github.event.inputs.url }} | |
- name: transform google sheet | |
run: ./scripts/transform.sh | |
env: | |
URL: ${{ github.event.inputs.url }} | |
RANGE: ${{ github.event.inputs.range }} | |
ACCESS_TOKEN: ${{ steps.auth.outputs.access_token }} | |
- name: Checkout workbench | |
uses: actions/checkout@v4 | |
with: | |
repository: lehigh-university-libraries/islandora_workbench | |
ref: simple-field-json | |
path: islandora_workbench | |
- name: execute | |
working-directory: islandora_workbench | |
run: ../scripts/run-workbench.sh | |
env: | |
ISLANDORA_WORKBENCH_PASSWORD: ${{ secrets.ISLANDORA_WORKBENCH_PASSWORD }} | |
- name: Attach rollback | |
uses: actions/upload-artifact@v4 | |
with: | |
name: rollback.csv | |
path: islandora_workbench/input_data/rollback.csv | |
- name: Notify Slack on Success | |
if: ${{ success() }} | |
run: ./scripts/slack.sh | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
MESSAGE: "✅ Workbench job succeeded!" | |
- name: Notify Slack on Failure | |
if: ${{ failure() }} | |
run: ./scripts/slack.sh | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
MESSAGE: "🚨 Workbench job failed!" | |
- name: cleanup | |
if: ${{ always() }} | |
run: ./scripts/cleanup.sh |