Conversation
Uses the GH API to "enable" scheduled workflows on the first of every month as a work-around for scheduled workflows being automatically disabled when no repository activity has occurred in 60 days. Included all active Nextstrain org GH Action workflows that have the `schedule` trigger plus this new workflow so it keeps itself enabled. <https://github.com/search?q=org%3Anextstrain+path%3A.github%2Fworkflows%2F**+schedule&type=code>
Used for `repo` scope token to work across different repositories. Outside of this commit, I had to allow the `.github` repository to use the organization secret.
| - { repo: rsv, workflow: rebuild.yaml } | ||
| - { repo: seasonal-cov, workflow: ingest-to-phylogenetic.yaml } | ||
| - { repo: status, workflow: ci.yaml } | ||
| - { repo: WNV, workflow: ingest-to-phylogenetic.yaml } |
There was a problem hiding this comment.
Not entirely clear to me why this failed for WNV:
gh: Must have admin rights to Repository. (HTTP 403)
{"message":"Must have admin rights to Repository.","documentation_url":"https://docs.github.com/rest/actions/workflows#enable-a-workflow","status":"403"}
There was a problem hiding this comment.
OH, nextstrain/core (which includes nextstrain-bot user) only has read access for the WNV repo.
There was a problem hiding this comment.
Updated nextstrain/core to admin access for WNV repo (after confirmation on Slack) and the job succeeded.
There was a problem hiding this comment.
I think the error message is misleading and admin is not strictly necessary (and should be avoided if possible). The API call for augur's ci.yaml was successful with write on that repo. Can we check if this works with write on WNV?
There was a problem hiding this comment.
Ah you're right! I set nextstrain/core to write access for WNV repo and the job succeeded
There was a problem hiding this comment.
The access requirements are defined here, but it's not super clear.
.github/.github/workflows/keep-workflows-enabled.yaml
Lines 15 to 18 in 25cc821
Suggestion: summarize with a comment along the lines of "ensure nextstrain-bot has write access to all repos included in the matrix" so in the future we're less likely to see the misleading error message.
| - { repo: .github, workflow: keep-workflows-enabled.yaml } | ||
| - { repo: augur, workflow: ci.yaml } | ||
| - { repo: avian-flu, workflow: ingest-to-phylogenetic-ncbi.yaml } | ||
| - { repo: cli, workflow: ci.yaml } | ||
| - { repo: cli, workflow: standalone-installers.yaml } | ||
| - { repo: conda-base, workflow: installation.yaml } | ||
| - { repo: dengue, workflow: ingest-to-phylogenetic.yaml } | ||
| - { repo: forecasts-ncov, workflow: update-ncov-case-counts.yaml } | ||
| - { repo: lassa, workflow: ci.yaml } | ||
| - { repo: lassa, workflow: ingest-to-phylogenetic.yaml } | ||
| - { repo: measles, workflow: ingest-to-phylogenetic.yaml } | ||
| - { repo: mpox, workflow: fetch-and-ingest.yaml } | ||
| - { repo: ncov, workflow: rebuild-100k.yml } | ||
| - { repo: ncov-ingest, workflow: fetch-and-ingest-genbank-master.yml } | ||
| - { repo: ncov-ingest, workflow: fetch-and-ingest-gisaid-master.yml } | ||
| - { repo: nextstrain.org, workflow: index-resources.yml } | ||
| - { repo: nextstrain.org, workflow: remind-to-promote.yml } | ||
| - { repo: nipah, workflow: ingest-to-phylogenetic.yaml } | ||
| - { repo: oropouche, workflow: ingest-to-phylogenetic.yaml } | ||
| - { repo: rabies, workflow: ingest-to-phylogenetic.yaml } | ||
| - { repo: rsv, workflow: fetch-and-ingest.yaml } | ||
| - { repo: rsv, workflow: rebuild.yaml } | ||
| - { repo: seasonal-cov, workflow: ingest-to-phylogenetic.yaml } | ||
| - { repo: status, workflow: ci.yaml } | ||
| - { repo: WNV, workflow: ingest-to-phylogenetic.yaml } | ||
| - { repo: zika, workflow: ingest-to-phylogenetic.yaml } |
There was a problem hiding this comment.
I'd much prefer to query these (e.g. from GitHub's API) rather than hardcode them all here... (but we don't need to do that now if you aren't so inclined)
There was a problem hiding this comment.
Heh, it's a "feature" to allow explicit opt-in of workflows 😉
There was a problem hiding this comment.
Will revisit when I have the appetite: #119
| fail-fast: false | ||
| matrix: | ||
| include: | ||
| - { repo: .github, workflow: keep-workflows-enabled.yaml } |
Shorter job name is more useful on the workflow summary page. Co-authored-by: Thomas Sibley <tsibley@fredhutch.org>
3 participants
Description of proposed changes
Uses the GH API to "enable" scheduled workflows on the first of
every month as a work-around for scheduled workflows being automatically
disabled when no repository activity has occurred in 60 days.
Included all active Nextstrain org GH Action workflows that have the
scheduletrigger plus this new workflow so it keeps itself enabled.https://github.com/search?q=org%3Anextstrain+path%3A.github%2Fworkflows%2F**+schedule&type=code
Related issue(s)
Resolves #112
Checklist