From 1920281cc41699f0fa32235d0cb99280f768e22c Mon Sep 17 00:00:00 2001
From: Patrick Kalita <pkalita@lbl.gov>
Date: Fri, 12 Apr 2024 15:28:04 -0700
Subject: [PATCH 1/3] Add workflow for triggering website build when gorefs
 change

---
 .../workflows/trigger-website-rebuild.yaml    | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 .github/workflows/trigger-website-rebuild.yaml

diff --git a/.github/workflows/trigger-website-rebuild.yaml b/.github/workflows/trigger-website-rebuild.yaml
new file mode 100644
index 00000000..ef8c2a96
--- /dev/null
+++ b/.github/workflows/trigger-website-rebuild.yaml
@@ -0,0 +1,29 @@
+# This workflow triggers a rebuild of the GO website when the gorefs.yaml file is updated.
+# This repo has the GO Workflow Bot app installed, and the app's private key is stored as
+# a repo secret. The private key is used to generate an access token. The access token is
+# provided to the GitHub CLI when triggering the deploy workflow in the
+# geneontology.github.io repo. Without the app-generated token, the default GITHUB_TOKEN
+# would not have the necessary permissions to trigger workflows in a different repo.
+
+name: Trigger Website Rebuild
+
+on:
+  push:
+    branches:
+      - master
+    paths:
+      - metadata/gorefs.yaml
+      - .github/workflows/trigger-website-rebuild.yaml
+
+jobs:
+  trigger-website-rebuild:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.WORKFLOW_BOT_APP_ID }}
+          private-key: ${{ secrets.WORKFLOW_BOT_PRIVATE_KEY }}
+      - run: gh workflow run deploy.yaml --repo geneontology/geneontology.github.io
+        env:
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}

From 238611aab2fdd1f0e9e6914d89969ac7647def6a Mon Sep 17 00:00:00 2001
From: Patrick Kalita <pkalita@lbl.gov>
Date: Fri, 12 Apr 2024 15:49:18 -0700
Subject: [PATCH 2/3] Don't trigger site rebuild if gorefs.yaml is invalid

---
 .github/workflows/trigger-website-rebuild.yaml | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trigger-website-rebuild.yaml b/.github/workflows/trigger-website-rebuild.yaml
index ef8c2a96..1765d7e1 100644
--- a/.github/workflows/trigger-website-rebuild.yaml
+++ b/.github/workflows/trigger-website-rebuild.yaml
@@ -19,11 +19,25 @@ jobs:
   trigger-website-rebuild:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@v1
+      # In theory, a failed validation would have been caught by the qc workflow before this point.
+      # But we validate again here just to double-check that we're not triggering a rebuild based
+      # on invalid data. This is also simpler than tying this workflow to the qc workflow.
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'pip'
+      - run: pip install linkml
+      - name: Validate gorefs.yaml
+        run: linkml-validate -s metadata/gorefs.schema.yaml metadata/gorefs.yaml
+
+      - name: Create GitHub App token
+        uses: actions/create-github-app-token@v1
         id: app-token
         with:
           app-id: ${{ vars.WORKFLOW_BOT_APP_ID }}
           private-key: ${{ secrets.WORKFLOW_BOT_PRIVATE_KEY }}
-      - run: gh workflow run deploy.yaml --repo geneontology/geneontology.github.io
+
+      - name: Trigger deploy workflow in geneontology.github.io
+        run: gh workflow run deploy.yaml --repo geneontology/geneontology.github.io
         env:
           GH_TOKEN: ${{ steps.app-token.outputs.token }}

From 89370a14a1dc9722e9636b83268737bd485b6e6c Mon Sep 17 00:00:00 2001
From: Patrick Kalita <pkalita@lbl.gov>
Date: Fri, 12 Apr 2024 16:02:57 -0700
Subject: [PATCH 3/3] Check out repo before validation

---
 .github/workflows/trigger-website-rebuild.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/trigger-website-rebuild.yaml b/.github/workflows/trigger-website-rebuild.yaml
index 1765d7e1..0b586899 100644
--- a/.github/workflows/trigger-website-rebuild.yaml
+++ b/.github/workflows/trigger-website-rebuild.yaml
@@ -22,6 +22,7 @@ jobs:
       # In theory, a failed validation would have been caught by the qc workflow before this point.
       # But we validate again here just to double-check that we're not triggering a rebuild based
       # on invalid data. This is also simpler than tying this workflow to the qc workflow.
+      - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
         with:
           python-version: '3.11'