scheduling make run-prod, using caj by default, rm unused wf (#343)

* scheduling make run-prod, using caj by default, rm unused wf

* [pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci

---------

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

Author: giomrella

.github/workflows/run-prod.yaml

@@ -0,0 +1,68 @@
+name: make run-prod (or custom)
+
+on:
+  schedule:
+    - cron: '0 13 * * 3'
+  workflow_dispatch:
+    inputs:
+      command:
+        description: The Makefile command to run. Default = make run-prod
+        type: string
+
+env:
+  COMMAND: ${{ inputs.command || 'make run-prod' }}
+
+jobs:
+  run-command:
+    permissions:
+          id-token: write # This is required for requesting the JWT
+          contents: read  # This is required for actions/checkout
+    environment: production
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout Repo
+        id: checkout_repo
+        uses: actions/checkout@v4
+
+      # From: https://stackoverflow.com/a/58035262/2097171
+      - name: Extract branch name
+        shell: bash
+        run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
+        id: get-branch
+
+      # From: https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#requesting-the-jwt-using-the-actions-core-toolkit
+      - name: Install OIDC Client from Core Package
+        run: npm install @actions/core@1.6.0 @actions/http-client
+      - name: Get Id Token
+        uses: actions/github-script@v7
+        id: idtoken
+        with:
+          script: |
+            const coredemo = require('@actions/core')
+            const id_token = await coredemo.getIDToken('api://AzureADTokenExchange')
+            coredemo.setOutput('id_token', id_token)
+
+
+      - name: Run command
+        uses: CDCgov/cfa-actions/runner-action@v1.4.0
+        with:
+          github_app_id: ${{ secrets.CDCENT_ACTOR_APP_ID }}
+          github_app_pem: ${{ secrets.CDCENT_ACTOR_APP_PEM }}
+          wait_for_completion: true
+          print_logs: true
+          script: |
+            echo "Logging into Azure CLI"
+            az login --service-principal \
+            --username ${{ secrets.AZURE_NNHT_SP_CLIENT_ID }} \
+            --tenant ${{ secrets.TENANT_ID }} \
+            --federated-token ${{ steps.idtoken.outputs.id_token }} \
+            --output none
+
+            CURRENT_BRANCH="${{ steps.get-branch.outputs.branch }}"
+            echo "Cloning repo at branch '$CURRENT_BRANCH'"
+            git clone -b "$CURRENT_BRANCH" https://github.com/${{ github.repository }}.git
+            cd cfa-epinow2-pipeline
+
+            echo 'Running command: "${{ env.COMMAND }}"'
+            ${{ env.COMMAND }}

.github/workflows/start-app-job.yaml

@@ -61,9 +61,9 @@ run-batch: ## Runs job.py on Azure Batch
 		--pool_id="$(POOL)" \
 		--job_id="$(JOB)"
 
-run-prod: config run-batch ## Calls config and run-batch
+run-prod: config run-caj ## Calls config and run-caj
 
-rerun-prod: rerun-config run-batch ## Calls rerun-config and run-batch
+rerun-prod: rerun-config run-caj ## Calls rerun-config and run-caj
 
 run: ## Run pipeline from R interactively in the container
 	$(CNTR_MGR) run --mount type=bind,source=$(PWD),target=/mnt -it \

Makefile

@@ -1,6 +1,7 @@
 # CFAEpiNow2Pipeline v0.2.0
 
 ## Features
+* Scheduling `make run-prod` on Github Actions Wednesdays at 8 AM ET
 * Adds facility active proportion information for config runs and re-runs
 * Adds RSV into the makefile for configs
 * Updating EpiNow2 from version 1.4.1.9000 to version 1.6.1