Skip to content

Commit

Permalink
feat: update pr.yml to use github actor (#223)
Browse files Browse the repository at this point in the history 
* feat: update pr.yml to use github actor

* fix: update test file

* fix: update collection name in test.json

* fix: rename file

* fix: attempt to trigger workflow with modified file

* fix: try triggering action again

* fix: yet another attempt to trigger, add logging of added_files count

* fix: debug api response

* fix: add more debugging

* fix: add more debugging

* fix: add debugging to jwt headers and payload

* fix: set iss to id not str

* fix: prepend header payload to generated signature

* fix: update debugging messages

* fix: remove old debugging logs, uncomment to set installation id

* fix: remove renaming of repo

* feat: add step to authenticate with GitHub app

* fix: set git config user name and email to github actions bot

* fix: remove github token in create veda-config pr step

* fix: add debugging for auth

* fix: try using actor for user name and email

* fix: cleanup

* fix: rename create new dataset-config

* fix: try adding new config again

* fix: add empty test.json

* Update .github/workflows/pr.yml

* fix: update to retrieve email from env var
  • Loading branch information
@botanical
botanical authored Jan 24, 2025
1 parent a744b05 commit 7b2bad1
Show file tree
Hide file tree
Showing 3 changed files with 97 additions and 37 deletions.
72 changes: 66 additions & 6 deletions .github/workflows/pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,10 +78,12 @@ jobs:
- name: List all newly added files
env:
ADDED_FILES: ${{ steps.changed-files.outputs.added_files }}
ADDED_FILES_COUNT: $${{ steps.changed-files.outputs.added_files_count}}
run: |
for file in ${ADDED_FILES}; do
echo "$file was added"
done
echo "added_files_count: ${ADDED_FILES_COUNT}"
# Uses service client creds to get token
# No username/password needed
Expand Down Expand Up @@ -240,11 +242,73 @@ jobs:
run: |
echo "VEDA_CONFIG_REPO=${{ vars.VEDA_CONFIG_REPO_ORG }}/${{ vars.VEDA_CONFIG_REPO_NAME }}" >> $GITHUB_ENV
- name: Get Installation ID
id: get-installation-id
run: |
echo "${{ secrets.APP_PEM }}" > app.pem
APP_ID="${{ vars.VEDA_CONFIG_APP_ID }}"
# Ensure APP_ID is set
if [ -z "$APP_ID" ]; then
echo "Error: APP_ID is not set!"
exit 1
fi
# Ensure private key exists
if [ ! -f app.pem ]; then
echo "Error: Private key (app.pem) not found!"
exit 1
fi
# Generate JWT
HEADER='{"alg":"RS256","typ":"JWT"}'
PAYLOAD='{"iat":'$(date +%s)',"exp":'$(($(date +%s)+540))',"iss":'"$APP_ID"'}'
# Base64 URL-safe encode header and payload
BASE64_HEADER=$(printf '%s' "$HEADER" | openssl base64 -A | tr -d '=' | tr '/+' '_-')
BASE64_PAYLOAD=$(printf '%s' "$PAYLOAD" | openssl base64 -A | tr -d '=' | tr '/+' '_-')
# Combine Header and Payload
JWT_HEADER_PAYLOAD="${BASE64_HEADER}.${BASE64_PAYLOAD}"
JWT_SIGNATURE=$(printf '%s' "$JWT_HEADER_PAYLOAD" | openssl dgst -sha256 -sign app.pem | openssl base64 -A | tr -d '=' | tr '/+' '_-')
if [ -z "$JWT_SIGNATURE" ]; then
echo "Error: Failed to create JWT_SIGNATURE!"
exit 1
fi
JWT="$JWT_HEADER_PAYLOAD.$JWT_SIGNATURE"
# Get installation ID
RESPONSE=$(curl -s -X GET \
-H "Authorization: Bearer $JWT" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/app/installations)
INSTALLATION_ID=$(echo $RESPONSE | jq -r '.[0].id')
echo "installation_id=$INSTALLATION_ID" >> $GITHUB_ENV
TOKEN_RESPONSE=$(curl -s -X POST \
-H "Authorization: Bearer $JWT" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/app/installations/$INSTALLATION_ID/access_tokens)
INSTALLATION_TOKEN=$(echo $TOKEN_RESPONSE | jq -r '.token')
echo "installation_token=$INSTALLATION_TOKEN" >> $GITHUB_ENV
- name: Clone veda-config repository
run: |
git clone https://github.com/${{ env.VEDA_CONFIG_REPO }}.git
git clone https://x-access-token:${{ env.installation_token }}@github.com/${{ env.VEDA_CONFIG_REPO}}.git
ls
- name: Authenticate with GitHub App
run: |
echo "${{ env.installation_token }}" | gh auth login --with-token
git config --global user.name "VEDA-Github-Actor[bot]]"
git config --global user.email ${{ vars.GH_ACTOR_EMAIL }}
- name: Copy untracked mdx files to veda-config
run: |
echo "Copying untracked .mdx files to veda-config repository"
Expand All @@ -255,14 +319,10 @@ jobs:
- name: Create veda-config PR with changes
id: create-pr
env:
GITHUB_TOKEN: ${{ secrets.VEDA_CONFIG_REPO_ACCESS_TOKEN }}
COMMENT_ID: ${{ needs.publish-new-datasets.outputs.commentId }}
PUBLISHED_COLLECTION_FILES: ${{ steps.publish-collections.outputs.success_collections }}
run: |
cd veda-config
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"
git remote set-url origin https://${{ secrets.VEDA_CONFIG_REPO_ACCESS_TOKEN }}@github.com/${{ env.VEDA_CONFIG_REPO }}
files_string=$(IFS=$'\n'; echo "${PUBLISHED_COLLECTION_FILES[*]}")
hash=$(echo -n "$files_string" | md5sum | cut -d ' ' -f 1)
Expand Down Expand Up @@ -293,7 +353,7 @@ jobs:
body="### Add dataset(s) - $first_collection_id [Automated PR by ${{ github.actor }}]\n\n$collection_bullet_points"
echo "$body"
PR_URL=$(GITHUB_TOKEN=${{ secrets.VEDA_CONFIG_REPO_ACCESS_TOKEN }} gh pr create -R ${{ env.VEDA_CONFIG_REPO }} -H $NEW_BRANCH -B develop --title "$pr_title" --body "$(echo -e "$body")")
PR_URL=$(gh pr create -R ${{ env.VEDA_CONFIG_REPO }} -H $NEW_BRANCH -B develop --title "$pr_title" --body "$(echo -e "$body")")
echo "PR_URL=$PR_URL" >> $GITHUB_OUTPUT
echo "PR creation succeeded!"
Expand Down
31 changes: 31 additions & 0 deletions ingestion-data/staging/dataset-config/test-pr-gh-actor.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
{
"collection": "hls-swir-falsecolor-composite-TEST-GH-ACTOR",
"title": "HLS SWIR FalseColor Composite",
"spatial_extent": {
"xmin": -156.75,
"ymin": 20.80,
"xmax": -156.55,
"ymax": 20.94
},
"temporal_extent": {
"startdate": "2023-08-08T00:00:00Z",
"enddate": "2023-08-08T23:59:59Z"
},
"data_type": "cog",
"license": "CC0-1.0",
"description": "HLS falsecolor composite imagery using Bands 12, 8A, and 4.",
"is_periodic": false,
"time_density": "day",
"sample_files": [
"s3://veda-data-store-staging/maui-fire/Lahaina_HLS_2023-08-08_SWIR_falsecolor_cog.tif",
"s3://veda-data-store-staging/maui-fire/Lahaina_HLS_2023-08-13_SWIR_falsecolor_cog.tif"
],
"discovery_items": [
{
"discovery": "s3",
"prefix": "maui-fire/",
"bucket": "veda-data-store-staging",
"filename_regex": "(.*)SWIR_falsecolor(.*).tif$"
}
]
}
31 changes: 0 additions & 31 deletions ingestion-data/staging/dataset-config/test.json
View file
Original file line number Diff line number Diff line change
@@ -1,31 +0,0 @@
{
"collection": "hls-swir-falsecolor-composite-THIRD-TEST",
"title": "HLS SWIR FalseColor Composite",
"spatial_extent": {
"xmin": -156.75,
"ymin": 20.80,
"xmax": -156.55,
"ymax": 20.94
},
"temporal_extent": {
"startdate": "2023-08-08T00:00:00Z",
"enddate": "2023-08-08T23:59:59Z"
},
"data_type": "cog",
"license": "CC0-1.0",
"description": "HLS falsecolor composite imagery using Bands 12, 8A, and 4.",
"is_periodic": false,
"time_density": "day",
"sample_files": [
"s3://veda-data-store-staging/maui-fire/Lahaina_HLS_2023-08-08_SWIR_falsecolor_cog.tif",
"s3://veda-data-store-staging/maui-fire/Lahaina_HLS_2023-08-13_SWIR_falsecolor_cog.tif"
],
"discovery_items": [
{
"discovery": "s3",
"prefix": "maui-fire/",
"bucket": "veda-data-store-staging",
"filename_regex": "(.*)SWIR_falsecolor(.*).tif$"
}
]
}

0 comments on commit 7b2bad1

Please sign in to comment.