-
Notifications
You must be signed in to change notification settings - Fork 0
146 lines (119 loc) · 4.79 KB
/
publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: Publish
on:
push:
workflow_dispatch:
jobs:
main:
name: Validate STAC
runs-on: ubuntu-latest
steps:
- uses: linz/action-typescript@9bf69b0f313b3525d3ba3116f26b1aff7eb7a6c0 # v3
with:
node-version: 20.x
- name: Create STAC Catalog
uses: docker://ghcr.io/linz/argo-tasks:v4
with:
args: stac-catalog --output stac/catalog.json --template template/catalog.json /github/workspace/stac/
- name: Validate STAC Catalog
uses: docker://ghcr.io/linz/argo-tasks:v4
with:
args: stac-validate /github/workspace/stac/catalog.json
- name: Validate STAC Collections
run: |
# Enable double star operator
shopt -s globstar
docker run -v "$PWD:$PWD" ghcr.io/linz/argo-tasks:v4 stac-validate "$PWD"/stac/**/collection.json
- name: Download actionlint
run: docker build --tag actionlint - < .github/workflows/actionlint.dockerfile
- name: Run actionlint to check workflow files
run: docker run --volume="${PWD}:/repo" --workdir=/repo actionlint -color
publish-odr:
name: Publish ODR
runs-on: ubuntu-latest
needs: main
if: ${{ github.ref == 'refs/heads/master' }}
environment:
name: prod
permissions:
id-token: write
contents: read
steps:
- uses: linz/action-typescript@9bf69b0f313b3525d3ba3116f26b1aff7eb7a6c0 # v3
with:
node-version: 20.x
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
fetch-depth: 0
- name: Use Node.js 18.x
uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
with:
node-version: '18.x'
- name: Setup kubectl
uses: azure/setup-kubectl@3e0aec4d80787158d308d7b364cb1b702e7feb7f # v4.0.0
with:
version: 'latest'
- name: AWS Configure
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4
with:
aws-region: ap-southeast-2
mask-aws-account-id: true
role-to-assume: ${{ secrets.AWS_EKS_CI_ROLE }}
- name: Login to EKS
run: |
aws eks update-kubeconfig --name Workflows --region ap-southeast-2
- name: Check EKS connection
run: |
kubectl get nodes
- name: Install Argo
run: |
curl -sLO https://github.com/argoproj/argo-workflows/releases/download/v3.4.11/argo-linux-amd64.gz
gunzip argo-linux-amd64.gz
chmod +x argo-linux-amd64
./argo-linux-amd64 version
- name: Submit Added/Changed Parameter Files
id: modified-files
if: ${{ !contains(github.event.head_commit.message, '[skip-argo]')}}
run: |
# AM = Include: Added, Modified
mapfile -d '' modified_parameter_files < <(git diff --name-only --diff-filter=AM -z ${{ github.event.before }} ${{ github.event.after }} -- "publish-odr-parameters/*.yaml")
for file in "${modified_parameter_files[@]}"; do
./argo-linux-amd64 submit --wait --from wftmpl/copy -n argo -f "$file" -p aws_role_config_path="s3://linz-bucket-config/config-write.open-data-registry.json" -p exclude="collection.json$" --generate-name "publish-odr-file-copy-"
done
sync-stac:
name: Sync STAC files
runs-on: ubuntu-latest
concurrency: publish-${{ github.ref }}
needs: publish-odr
if: ${{ github.ref == 'refs/heads/master' }}
environment:
name: prod
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
with:
ref: master # Ensure only the latest STAC documents are synced into S3
- name: AWS Configure
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4
with:
aws-region: ap-southeast-2
mask-aws-account-id: true
role-to-assume: ${{ secrets.AWS_ODR_CI_ROLE }}
- name: AWS Configure ODR
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4
with:
aws-region: ap-southeast-2
mask-aws-account-id: true
role-to-assume: ${{ secrets.AWS_ODR_DATA_MANAGER_ROLE }}
role-chaining: true
- name: Create STAC Catalog
uses: docker://ghcr.io/linz/argo-tasks:v4
with:
args: stac-catalog --output stac/catalog.json --template template/catalog.json /github/workspace/stac/
# Sync STAC files only on push to 'master'
- name: Sync STAC
if: ${{ !contains(github.event.head_commit.message, '[skip-sync]')}}
uses: docker://ghcr.io/linz/argo-tasks:v4
with:
args: stac-sync /github/workspace/stac/ s3://nz-elevation/