.github/workflows/cube_preprocessing.yaml

name: cube preprocessing

on:
  workflow_dispatch:
  workflow_run:
    workflows: ["download occurrence cube"]
    types:
      - completed

jobs:
  fetch-data:
    runs-on: ${{ matrix.config.os }}
    if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
    environment: ${{ github.ref == 'refs/heads/main' && 'PROD' || 'UAT' }}

    name: ${{ matrix.config.os }} (${{ matrix.config.r }})

    strategy:
      fail-fast: false
      matrix:
        config:
          - { os: ubuntu-latest, r: "release" }
    env:
      R_REMOTES_NO_ERRORS_FROM_WARNINGS: true
      RSPM: ${{ matrix.config.rspm }}
      GITHUB_TOKEN: ${{ secrets.AUTOMATISATION }}
      USERNAME: ${{ secrets.USERNAME }}
      S3_BUCKET: ${{ secrets.S3_BUCKET }}
      amiabot: ${{ secrets.AMIABOT }}

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          token: ${{ secrets.AUTOMATISATION }}

      - name: Setup R
        uses: r-lib/actions/setup-r@v2
        with:
          r-version: ${{ matrix.config.r }}
          http-user-agent: ${{ matrix.config.http-user-agent }}

      - name: Setup pandoc
        uses: r-lib/actions/setup-pandoc@v2

      - name: Install linux libraries
        run: |
          sudo apt install libsodium-dev
          sudo apt-get install libcurl4-openssl-dev
          sudo apt-get install libgdal-dev libproj-dev
          sudo apt install libudunits2-dev
          sudo apt install --yes libharfbuzz-dev libfribidi-dev
          sudo apt-get install -y libfontconfig1-dev
          R --no-save -e 'install.packages("devtools")'
          R --no-save -e 'devtools::install_github("inbo/INBOtheme@v0.5.9", force = TRUE)'
          R --no-save -e 'devtools::install_github("inbo/alien-species-portal@uat", 
                         subdir = "alienSpecies", force = TRUE)'

      - name: install packages
        run: |
          source("src/install_packages_occ_indic.R")
        shell: Rscript {0}

      - name: Setup AWS credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}

      - name: Assume Role
        id: assume_role
        run: |
          ROLE_ARN="${{ secrets.AWS_ROLE_ARN }}"
          TEMP_ROLE=$(aws sts assume-role \
            --role-arn $ROLE_ARN \
            --role-session-name inbo-deployment)
          echo "::set-output name=AWS_ACCESS_KEY_ID::$(echo $TEMP_ROLE | jq -r .Credentials.AccessKeyId)"
          echo "::set-output name=AWS_SECRET_ACCESS_KEY::$(echo $TEMP_ROLE | jq -r .Credentials.SecretAccessKey)"
          echo "::set-output name=AWS_SESSION_TOKEN::$(echo $TEMP_ROLE | jq -r .Credentials.SessionToken)"
          
      - name: Get latest successful run ID 
        id: get-latest-run
        run: |
          run_id=$(gh run list -w get_occ_cube.yaml --status success --json databaseId --jq '.[0].databaseId')
          echo "run_id=$run_id" >> $GITHUB_OUTPUT
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          
      - name: Download be_alientaxa_cube artifact
        uses: actions/download-artifact@v4
        with:
          name: be_alientaxa_cube.csv
          path: ./cube_data/
          run-id: ${{ steps.get-latest-run.outputs.run_id }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          merge-multiple: true
          
      - name: Download be_classes_cube artifact
        uses: actions/download-artifact@v4
        with:
          name: be_classes_cube.csv
          path: ./cube_data/
          run-id: ${{ steps.get-latest-run.outputs.run_id }}
          github-token: ${{ secrets.GITHUB_TOKEN }}
          merge-multiple: true

      - name: cube_preprocessing
        run: |
          source("src/run_cube_preprocessing.R")
        shell: Rscript {0}
        env:
          AWS_ACCESS_KEY_ID: ${{ steps.assume_role.outputs.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ steps.assume_role.outputs.AWS_SECRET_ACCESS_KEY }}
          AWS_SESSION_TOKEN: ${{ steps.assume_role.outputs.AWS_SESSION_TOKEN }}
          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
          S3_BUCKET: ${{ secrets.S3_BUCKET }}

      - name: Commit and push changes
        uses: devops-infra/action-commit-push@master
        with:
          github_token: ${{ secrets.AUTOMATISATION }}
          commit_prefix: "[AUTO]"
          commit_message: "update cube_preprocessing"
          target_branch: automatic-update-occ_indic_preprocessing
          add_timestamp: true

      - name: Get branch name
        run: |
          git branch --show-current

      - name: Create pull request
        uses: devops-infra/action-pull-request@v0.4.2
        with:
          github_token: ${{ secrets.AUTOMATISATION }}
          target_branch: uat
          title: "[AUTO] update cube_preprocessing"
          template: .github/PR_occ_indic_preprocessing.md
          reviewer: SanderDevisscher
          label: automated workflow
          get_diff: false