added pipelines for prtncon source type #682
Conversation
covesturtevant
left a comment
covesturtevant
left a comment
There was a problem hiding this comment.
Looks great. Please also create DEV github actions for prtncon. Apologies, I forgot to include that in the story.
|
Cove, I missed adding the git hub actions, but now I added them.. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: arc-neon-gke | ||
| #runs-on: ubuntu-latest | ||
| env: | ||
| PACHD_ADDRESS: grpcs://pachyderm-dev.transitions-nonprod.gcp.neoninternal.org:443 | ||
| PACH_TOKEN: ${{ secrets.RepoOwnerPachydermDev }} | ||
| REPO: prtncon_site_list # Pachyderm repo | ||
| BRANCH: master | ||
| IN_PATHS: 'pipe/prtncon/site-list.json' # Comma-separated list (no spaces) to one or more paths or directories. Length must match OUT_PATHS. If directory, all files in directory will be placed in pachyderm at corresponding entry of OUT_PATHS. | ||
| OUT_PATHS: 'site-list.json' # Comma-separated list (no spaces) of corresponding path(s) to place the files(s) in Pachyderm. Must be same length as IN_PATHS. If corresponding entry in IN_PATHS is a file, specify to the file. If corresponding entry in IN_PATHS is a directory, specify to the directory. | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - run: ls -la | ||
|
|
||
| - name: Put file | ||
| uses: ./.github/actions/put-files | ||
| with: | ||
| pachd_address: ${{ env.PACHD_ADDRESS }} | ||
| pach_token: ${{ env.PACH_TOKEN }} | ||
| repo_name: ${{ env.REPO }} | ||
| branch_name: ${{ env.BRANCH }} | ||
| in_paths: ${{ env.IN_PATHS }} | ||
| out_paths: ${{ env.OUT_PATHS }} | ||
|
|
||
|
No newline at end of file |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 7 months ago
To fix the issue, we will add a permissions block at the root level of the workflow file. This block will specify the least privileges required for the workflow to function correctly. Based on the provided workflow, the most likely required permission is contents: read, as the workflow primarily interacts with repository files. If the custom action (put-files) requires additional permissions, they can be added later after further analysis.
| @@ -1,2 +1,4 @@ | ||
| name: DEV-prtncon-site-list | ||
| permissions: | ||
| contents: read | ||
| on: |
| runs-on: ubuntu-latest # windows-latest || macos-latest | ||
| outputs: | ||
| # Use this changed_file_list if you plan to use get-changed-files-action | ||
| changed_file_list: ${{ steps.changed-files-action.outputs.changed_file_list }} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 # OR "2" -> To retrieve the preceding commit. | ||
|
|
||
| # Using get-changed-files-action | ||
| - name: Get changed files action | ||
| id: changed-files-action | ||
| uses: ./.github/actions/get-changed-files | ||
|
|
||
| update_pipelines: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 7 months ago
To fix the issue, add a permissions block to the workflow to explicitly limit the GITHUB_TOKEN permissions. Based on the workflow's functionality, it primarily reads repository contents and processes changes, so contents: read is sufficient. This block should be added at the root level of the workflow to apply to all jobs unless overridden.
| @@ -1,2 +1,4 @@ | ||
| name: DEV-prtncon-update-dag | ||
| permissions: | ||
| contents: read | ||
| on: |
| needs: changed_files | ||
| runs-on: arc-neon-gke | ||
| #runs-on: ubuntu-latest | ||
| env: | ||
| PACHD_ADDRESS: grpcs://pachyderm-dev.transitions-nonprod.gcp.neoninternal.org:443 | ||
| PACH_TOKEN: ${{ secrets.RepoOwnerPachydermDev }} | ||
| PATHS: 'pipe/prtncon=pipe_list_prtncon.txt' # Format: '<directory>=<pipe_list_file>'. Separate multiple with comma (e.g. 'pipe/pqs1=pipe_list_pqs1.txt,pipe/parWaterSurface=pipe_list_parWaterSurface.txt'). Order matters. | ||
| TRANSACTION: True | ||
| UPDATE_SCOPE: changed # 'all' or 'changed'. If not specified, all will be updated. 'changed' will update/create any changed/non-existent pipelines. | ||
| CHANGED_FILES: ${{needs.changed_files.outputs.changed_file_list}} | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - run: ls -la | ||
|
|
||
| - name: Update pipelines | ||
| uses: ./.github/actions/update-pipelines | ||
| with: | ||
| pachd_address: ${{ env.PACHD_ADDRESS }} | ||
| pach_token: ${{ env.PACH_TOKEN }} | ||
| paths: ${{ env.PATHS }} | ||
| transaction: ${{ env.TRANSACTION }} | ||
| update_scope: ${{ env.UPDATE_SCOPE }} | ||
| changed_files: ${{ env.CHANGED_FILES }} | ||
|
No newline at end of file |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 7 months ago
To fix the issue, we will add a permissions block to the workflow. This block will specify the minimal permissions required for the workflow to function correctly. Based on the workflow's operations, the contents: read permission is sufficient for the changed_files job, as it only checks for changed files. For the update_pipelines job, additional permissions might be required depending on its interaction with the repository or external systems. However, since the provided code does not indicate any repository write operations, we will start with contents: read for both jobs.
| @@ -1,2 +1,4 @@ | ||
| name: DEV-prtncon-update-dag | ||
| permissions: | ||
| contents: read | ||
| on: |
covesturtevant
left a comment
covesturtevant
left a comment
There was a problem hiding this comment.
Looking good. Thanks for adding the github actions. One final change needed - the site list is incomplete. You can use the "Site-product Matrix" tab in Blizzard and search for DP1.00013.001 to get the sites applicable for this source type. Or use a different PDR query of your choice.
|
Cove, made changes to the site list according to the "Site-product Matrix" tab in Blizzard and reran both trino and kafka pipelines and they ran successfully. |
covesturtevant
left a comment
covesturtevant
left a comment
There was a problem hiding this comment.
Looks good, thanks.
No description provided.