Skip to content

Comments

(#971) - add Argo Workflows manifests (staging)#976

Closed
arielr-lt wants to merge 16 commits intomasterfrom
971-argo-workflow-setup
Closed

(#971) - add Argo Workflows manifests (staging)#976
arielr-lt wants to merge 16 commits intomasterfrom
971-argo-workflow-setup

Conversation

@arielr-lt
Copy link
Collaborator

@arielr-lt arielr-lt commented Jan 13, 2026
edited
Loading

Summary

Adds Argo Workflows infrastructure to staging environment with workflows for CE Registry ZIP bundling and graph resource validation.

Changes

Argo Infrastructure

  • Workflow controller, server, RBAC in credreg-staging namespace
  • PostgreSQL persistence, Let's Encrypt ingress
  • Accessible at https://argo-staging.credentialengineregistry.org/workflows
  • main-app-service-account granted Argo executor permissions (workflowtaskresults)

IAM / IRSA

  • Added cer-envelope-graphs, ocn-exports, and cer-resources* buckets to the application IRSA policy (S3ObjectRW + S3BucketReadMeta)

CE Registry ZIP Bundle Workflow

  • Argo WorkflowTemplate: bundle-ce-registry-to-zip
  • Downloads all *.json files from s3://cer-envelope-graphs/ce_registry/ (310k+ files)
  • Bundles them into a ZIP using 64 parallel workers with in-worker DEFLATE compression
  • Uploads result to a configurable destination bucket (default: s3://cer-envelope-downloads/)
  • Filename follows convention: ce_registry_{unix_timestamp}_{random_hex}.zip
  • Optional Slack webhook notification on success/failure
  • Completes in ~23 minutes

Graph Resource Validation Workflow

  • Argo WorkflowTemplate: validate-graph-resources
  • Downloads a graph JSON from a given S3 path, validates @graph array and extracts resources with ceterms:ctid
  • Blank nodes and entries without ceterms:ctid are skipped
  • Uploads each resource as {ctid}.json to a configurable destination bucket (default: s3://cer-resources-prod/) using 32 parallel workers
  • Optional Slack webhook notification on success/failure

New Files

File Purpose
argo-workflow/bundle-ce-registry-workflow-template.yaml ZIP bundle WorkflowTemplate
argo-workflow/validate-graph-resources-workflow-template.yaml Graph validation WorkflowTemplate

Contributes to #971

@arielr-lt arielr-lt self-assigned this Jan 13, 2026
@arielr-lt arielr-lt changed the title (#971) - add Argo Workflows manifests (#971) - add Argo Workflows manifests (staging) Jan 13, 2026
Ariel Rolfo and others added 5 commits January 13, 2026 20:11
fix wf example
9879c60
Add S3 to Elasticsearch indexing workflow
0172f82 
- Add API endpoint POST /workflows/index-all-s3-to-es
- Add IndexS3GraphToEs service to index S3 objects to ES
- Add WorkflowPolicy for admin authorization
- Add Argo WorkflowTemplate with Keycloak auth
- Add rake task s3:index_all_to_es for manual runs
- Update README with workflow documentation
add config files
d7f7a01
implement argo workflows to zip graphs and extract resources
71f14cd
@claude
Remove S3-to-Elasticsearch indexing workflow
af25e88 
Drops the ES indexing API endpoint, service, policy, rake task, and
Argo WorkflowTemplate as this functionality is no longer needed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
excelsior
excelsior reviewed Feb 19, 2026
View reviewed changes
app/services/sync_envelope_graph_with_s3.rb Outdated
submitOptions: {
parameters: [
"graph-s3-path=#{graph_s3_path}",
"dest-bucket=#{dest_bucket}"
Copy link
Collaborator

@excelsior excelsior Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the destination bucket for here?

@arielr-lt arielr-lt closed this Feb 20, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@excelsior excelsior excelsior left review comments

Assignees

@arielr-lt arielr-lt

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arielr-lt @excelsior