Refactor schematic-auth into new setup-schematic per issue #6

nf-osi · Jul 8, 2022 · b5c48a4 · b5c48a4
1 parent 2586f58
commit b5c48a4
Show file tree

Hide file tree

Showing 4 changed files with 187 additions and 0 deletions.
diff --git a/setup-schematic/.synapseConfig b/setup-schematic/.synapseConfig
@@ -0,0 +1,60 @@
+###########################
+# Login Credentials       #
+###########################
+
+## Used for logging in to Synapse
+## Alternatively, you can use rememberMe=True in synapseclient.login or login subcommand of the commandline client.
+[authentication]
+# username
+authtoken = MY_AUTHTOKEN
+
+
+## If you have projects with file stored on SFTP servers, you can specify your credentials here
+## You can specify multiple sftp credentials
+#[sftp://some.sftp.url.com]
+#username= <sftpuser>
+#password= <sftppwd>
+#[sftp://a.different.sftp.url.com]
+#username= <sftpuser>
+#password= <sftppwd>
+
+
+## If you have projects that need to be stored in an S3-like (e.g. AWS S3, Openstack) storage but cannot allow Synapse
+## to manage access your storage you may put your credentials here.
+## To avoid duplicating credentials with that used by the AWS Command Line Client,
+## simply put the profile name form your ~/.aws/credentials file
+## more information about aws credentials can be found here http://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html
+#[https://s3.amazonaws.com/bucket_name] # this is the bucket's endpoint
+#profile_name=local_credential_profile_name
+
+
+###########################
+# Caching                 #
+###########################
+
+## your downloaded files are cached to avoid repeat downloads of the same file. change 'location' to use a different folder on your computer as the cache location
+#[cache]
+#location = ~/.synapseCache
+
+
+###########################
+# Advanced Configurations #
+###########################
+
+## If this section is specified, then the synapseclient will print out debug information
+#[debug]
+
+
+## Configuring these will cause the Python client to use these as Synapse service endpoints instead of the default prod endpoints.
+#[endpoints]
+#repoEndpoint=<repoEndpoint>
+#authEndpoint=<authEndpoint>
+#fileHandleEndpoint=<fileHandleEndpoint>
+#portalEndpoint=<portalEndpoint>
+
+## Settings to configure how Synapse uploads/downloads data
+#[transfer]
+
+# use this to configure the default for how many threads/connections Synapse will use to perform file transfers.
+# Currently this applies only to files whose underlying storage is AWS S3.
+# max_threads=16
diff --git a/setup-schematic/action.yml b/setup-schematic/action.yml
@@ -0,0 +1,75 @@
+name: Setup schematic
+description: Setup a specific version of schematic from GitHub source
+author: Anh Nguyet Vu
+
+inputs:
+  schematic-version:
+    description: The tag or commit sha to use.
+    default: v21.06
+  auth-token:
+    description: 'Synapse authentication token, only provide if needed for some functions of schematic'
+    required: false
+    default: ''
+  service-key: # same as service_account_key in https://github.com/google-github-actions/setup-gcloud/blob/master/action.yml
+    description: 'Google API service key with scope for GoogleSheets, only provide if needed for some functions of schematic'
+    required: false
+    default: ''
+
+runs:
+  using: "composite"
+
+steps:
+  #----------------------------------------------
+  #      set-up python
+  #----------------------------------------------
+  - name: Set up python
+    id: setup-python
+    uses: actions/setup-python@v2
+    with:
+      python-version: 3.8
+
+  #----------------------------------------------
+  #      install & configure poetry  
+  #----------------------------------------------
+  - name: Install Poetry
+    uses: snok/install-poetry@v1
+    with:
+      virtualenvs-create: true
+      virtualenvs-in-project: false
+      installer-parallel: true
+
+  #----------------------------------------------
+  #     install schematic
+  #----------------------------------------------
+  - name: Check out schematic
+    id: checkout-schematic
+    uses: actions/checkout@v3
+    with:
+      repository: Sage-Bionetworks/schematic
+      path: schematic
+      fetch-depth: 0
+
+  - run: git checkout ${{ schematic-version }}
+
+  - name: Install schematic
+    working-directory: schematic
+    run: poetry install --no-interaction
+    shell: bash
+
+  - name: Activate
+    run: source .venv/bin/activate
+    shell: bash
+
+  # Issues with configs not being backwards-compatible so might need to handle this better
+  - run: mv $GITHUB_ACTION_PATH/config.yml $GITHUB_WORKSPACE/config.yml
+    shell: bash
+
+  #----------------------------------------------
+  #     setup auth-related files if needed
+  #----------------------------------------------
+  - name: Furnish config and auth files
+    run: $GITHUB_ACTION_PATH/setup_schematic_auth.sh ${{ inputs.auth-token }} ${{ inputs.service-key }}
+    shell: bash
+
+
+
diff --git a/setup-schematic/config.yml b/setup-schematic/config.yml
@@ -0,0 +1,36 @@
+# Do not change the 'definitions' section unless you know what you're doing
+definitions:
+  synapse_config: ".synapseConfig"
+  creds_path: "credentials.json"
+  token_pickle: "token.pickle"
+  service_acct_creds: "creds.json"
+
+synapse:
+  master_fileview: 'syn23643253'
+  manifest_folder: 'manifests'
+  manifest_basename: 'synapse_storage_manifest'
+  manifest_filename: 'synapse_storage_manifest.csv'
+  token_creds: 'syn23643259'
+  service_acct_creds: 'syn25171627'
+
+manifest:
+  title: 'Patient'
+  data_type: 'PatientData'
+
+model:
+  input:
+    location: 'SCHEMA_JSONLD_LOCATION'
+    file_type: 'local'
+
+style:
+  google_manifest:
+    req_bg_color:
+      red: 0.9215
+      green: 0.9725
+      blue: 0.9803
+    opt_bg_color:
+      red: 1.0
+      green: 1.0
+      blue: 0.9019
+    master_template_id: '1LYS5qE4nV9jzcYw5sXwCza25slDfRA1CIg3cs-hCdpU'
+    strict_validation: true
diff --git a/setup-schematic/setup_schematic_auth.sh b/setup-schematic/setup_schematic_auth.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# This script sets up schematic auth in a strict manner:
+# 1) Only allows Synapse auth with auth token. Uses this to create `.synapseConfig`.
+# 2) Only allows Google API auth with service token. Uses this to create `creds.json`. 
+# In workflows, these should be passed in as secrets.
+
+# Furnish with .synapseConfig file if given
+# Schematic does not take auth as CLI parameter and requires it be in config.yml.
+sed "s/MY_AUTHTOKEN/$1/" $GITHUB_ACTION_PATH/.synapseConfig > $GITHUB_WORKSPACE/.synapseConfig
+
+# Furnish appropriate creds.json file if given
+# Schematic/GCP client does not take creds as CLI parameter and requires the .json file.
+echo $2 | base64 -d > $GITHUB_WORKSPACE/creds.json
+
+