Analyst sees that GTFS-RT scraping is enqueued in PubSub

ohrite · ohrite · commit b9bf1f53fa1f · 2025-11-10T15:22:57.000-08:00
diff --git a/iac/cal-itp-data-infra-staging/gtfs-rt-archiver/us/workflow.tf b/iac/cal-itp-data-infra-staging/gtfs-rt-archiver/us/workflow.tf
@@ -1,22 +1,29 @@
-resource "google_workflows_workflow" "gtfs-rt-feed-archiver" {
-  name            = "gtfs-rt-feed-archiver"
-  region          = "us-west2"
-  project         = "cal-itp-data-infra-staging"
-  description     = "GTFS-RT Feed Archiver"
+resource "google_pubsub_topic" "gtfs-rt-feed-archiver" {
+  name    = "gtfs-rt-feed-archiver"
+  project = "cal-itp-data-infra-staging"
+}
+
+resource "google_eventarc_trigger" "gtfs-rt-feed-archiver" {
+  name     = "gtfs-rt-feed-archiver"
+  location = "us-west2"
+  project  = "cal-itp-data-infra-staging"
+
   service_account = data.terraform_remote_state.iam.outputs.google_service_account_workflow-service-account_email
-  source_contents = templatefile("${local.workflow_path}/gtfs-rt-feed-archiver.yaml", {})
 
-  call_log_level          = "LOG_ALL_CALLS"
-  execution_history_level = "EXECUTION_HISTORY_DETAILED"
+  matching_criteria {
+    attribute = "type"
+    value     = "google.cloud.pubsub.topic.v1.messagePublished"
+  }
 
-  user_env_vars = {
-    "CALITP_BUCKET__GTFS_RT_RAW" = data.terraform_remote_state.gcs.outputs.google_storage_bucket_calitp-staging-gtfs-rt-raw-v2_name
+  destination {
+    workflow = google_workflows_workflow.gtfs-rt-feed-archiver.id
   }
-}
 
-resource "google_cloud_tasks_queue" "gtfs-rt-feed-archiver" {
-  name     = "gtfs-rt-feed-archiver-1"
-  location = "us-west2"
+  transport {
+    pubsub {
+      topic = google_pubsub_topic.gtfs-rt-feed-archiver.id
+    }
+  }
 }
 
 resource "google_workflows_workflow" "gtfs-rt-archiver" {
@@ -31,9 +38,7 @@ resource "google_workflows_workflow" "gtfs-rt-archiver" {
   execution_history_level = "EXECUTION_HISTORY_DETAILED"
 
   user_env_vars = {
-    "GTFS_RT_ARCHIVER__TASK_QUEUE"      = google_cloud_tasks_queue.gtfs-rt-feed-archiver.id,
-    "GTFS_RT_ARCHIVER__CHILD_WORKFLOW"  = google_workflows_workflow.gtfs-rt-feed-archiver.name,
-    "GTFS_RT_ARCHIVER__SERVICE_ACCOUNT" = data.terraform_remote_state.iam.outputs.google_service_account_workflow-service-account_email,
+    "GTFS_RT_ARCHIVER__TOPIC" = google_pubsub_topic.gtfs-rt-feed-archiver.id
   }
 }
 
@@ -49,15 +54,26 @@ resource "google_cloud_scheduler_job" "gtfs-rt-archiver" {
   http_target {
     http_method = "POST"
     uri         = "https://workflowexecutions.googleapis.com/v1/${google_workflows_workflow.gtfs-rt-archiver.id}/executions"
-    body = base64encode(
-      jsonencode({
-        argument     = jsonencode({ limit = 1 }),
-        callLogLevel = "CALL_LOG_LEVEL_UNSPECIFIED"
-      })
-    )
+    body        = base64encode(jsonencode({ argument = jsonencode({ limit = 1 }) }))
 
     oauth_token {
       service_account_email = data.terraform_remote_state.iam.outputs.google_service_account_workflow-service-account_email
     }
   }
 }
+
+resource "google_workflows_workflow" "gtfs-rt-feed-archiver" {
+  name            = "gtfs-rt-feed-archiver"
+  region          = "us-west2"
+  project         = "cal-itp-data-infra-staging"
+  description     = "GTFS-RT Feed Archiver"
+  service_account = data.terraform_remote_state.iam.outputs.google_service_account_workflow-service-account_email
+  source_contents = templatefile("${local.workflow_path}/gtfs-rt-feed-archiver.yaml", {})
+
+  call_log_level          = "LOG_ALL_CALLS"
+  execution_history_level = "EXECUTION_HISTORY_DETAILED"
+
+  user_env_vars = {
+    "CALITP_BUCKET__GTFS_RT_RAW" = data.terraform_remote_state.gcs.outputs.google_storage_bucket_calitp-staging-gtfs-rt-raw-v2_name
+  }
+}
diff --git a/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf b/iac/cal-itp-data-infra-staging/iam/us/project_iam_member.tf
@@ -299,10 +299,10 @@ resource "google_project_iam_member" "workflow-service-account" {
     "roles/storage.objectUser",
     "roles/bigquery.dataViewer",
     "roles/bigquery.jobUser",
-    "roles/cloudtasks.enqueuer",
+    "roles/pubsub.publisher",
     "roles/secretmanager.secretAccessor",
     "roles/workflows.invoker",
-    "roles/iam.serviceAccountUser"
+    "roles/iam.serviceAccountTokenCreator"
   ])
   role    = each.key
   member  = "serviceAccount:${google_service_account.workflow-service-account.email}"
diff --git a/workflows/gtfs-rt-archiver.yaml b/workflows/gtfs-rt-archiver.yaml
@@ -5,13 +5,12 @@ main:
         assign:
           - projectId: $${sys.get_env("GOOGLE_CLOUD_PROJECT_ID")}
           - location: $${sys.get_env("GOOGLE_CLOUD_LOCATION")}
-          - taskQueue: $${sys.get_env("GTFS_RT_ARCHIVER__TASK_QUEUE")}
-          - serviceAccount: $${sys.get_env("GTFS_RT_ARCHIVER__SERVICE_ACCOUNT")}
-          - childWorkflow: $${sys.get_env("GTFS_RT_ARCHIVER__CHILD_WORKFLOW")}
+          - topic: $${sys.get_env("GTFS_RT_ARCHIVER__TOPIC")}
           - dataset: staging
           - table: int_transit_database__gtfs_datasets_dim
           - limit: $${int(default(map.get(args, "limit"), "-1"))}
-          - startAt: $${time.format(sys.now())}
+          - startTime: $${sys.now()}
+          - startAt: $${time.format(startTime)}
     - runQuery:
         call: googleapis.bigquery.v2.jobs.query
         args:
@@ -21,39 +20,49 @@ main:
             useQueryCache: true
             timeoutMs: 30000
             query: $${
-              "SELECT pipeline_url, type, base64_url, authorization_header_parameter_name, header_secret_key_name, authorization_url_parameter_name, url_secret_key_name " +
+              "SELECT type, pipeline_url, authorization_header_parameter_name, header_secret_key_name, authorization_url_parameter_name, url_secret_key_name, base64_url " +
               "FROM `" + projectId + "." + dataset + "." + table + "` " +
               "WHERE _is_current = true " +
               "AND type IN ('service_alerts', 'trip_updates', 'vehicle_positions') " +
               if(limit < 0, "", "LIMIT " + limit)
               }
         result: queryResult
-    - dispatchChildren:
-        for:
-          value: row
-          in: $${queryResult.rows}
-          steps:
-            - prepareChildArgs:
-                assign:
-                  - data:
-                      startAt: $${startAt}
-                      pipelineUrl: $${row.f[0].v}
-                      type: $${row.f[1].v}
-                      base64Url: $${row.f[2].v}
-                      authorizationHeaderParameterName: $${row.f[3].v}
-                      headerSecretKeyName: $${row.f[4].v}
-                      authorizationUrlParameterName: $${row.f[5].v}
-                      urlSecretKeyName: $${row.f[6].v}
-                  - exec:
-                      argument: $${json.encode_to_string(data)}
-            - enqueueChild:
-                call: googleapis.cloudtasks.v2.projects.locations.queues.tasks.create
-                args:
-                    parent: $${taskQueue}
+    - publishMessages:
+        parallel:
+          for:
+            value: delay
+            in: [0, 20, 40]
+            steps:
+              - sleep:
+                  call: sys.sleep
+                  args:
+                    seconds: $${delay}
+              - prepareArgs:
+                  assign:
+                    - messages: []
+              - prepareMessages:
+                  for:
+                    value: row
+                    in: $${queryResult.rows}
+                    steps:
+                      - prepareChildArgs:
+                          assign:
+                            - data: {}
+                            - data.startAt: $${startAt}
+                            - data.fetchSecond: $${delay}
+                            - data.type: $${row.f[0].v}
+                            - data.pipelineUrl: $${row.f[1].v}
+                            - data.authorizationHeaderParameterName: $${row.f[2].v}
+                            - data.headerSecretKeyName: $${row.f[3].v}
+                            - data.authorizationUrlParameterName: $${row.f[4].v}
+                            - data.urlSecretKeyName: $${row.f[5].v}
+                            - data.base64Url: $${row.f[6].v}
+                            - message: {}
+                            - message.data: $${base64.encode(json.encode(data))}
+                            - messages: $${list.concat(messages, message)}
+              - publish:
+                  call: googleapis.pubsub.v1.projects.topics.publish
+                  args:
+                    topic: $${topic}
                     body:
-                      task:
-                        httpRequest:
-                          body: $${base64.encode(json.encode(exec))}
-                          url: $${"https://workflowexecutions.googleapis.com/v1/projects/" + projectId + "/locations/" + location + "/workflows/" + childWorkflow + "/executions"}
-                          oauthToken:
-                            serviceAccountEmail: $${serviceAccount}
+                      messages: $${messages}
diff --git a/workflows/gtfs-rt-feed-archiver.yaml b/workflows/gtfs-rt-feed-archiver.yaml
@@ -1,81 +1,71 @@
 main:
-  params: [args]
+  params: [event]
   steps:
     - init:
         assign:
           - projectId: $${sys.get_env("GOOGLE_CLOUD_PROJECT_ID")}
           - bucket: $${sys.get_env("CALITP_BUCKET__GTFS_RT_RAW")}
-          - base64Url: $${args.base64Url}
-          - pipelineUrl: $${args.pipelineUrl}
-          - startAt: $${args.startAt}
-          - type: $${args.type}
-          - authorizationUrlParameterName: $${args.authorizationUrlParameterName}
-          - urlSecretKeyName: $${args.urlSecretKeyName}
-          - authorizationHeaderParameterName: $${args.authorizationHeaderParameterName}
-          - headerSecretKeyName: $${args.headerSecretKeyName}
-          - headers: {}
-          - query: {}
-          - fetchDate: $${text.split(startAt, "T")[0]}
-          - fetchTime: $${text.split(startAt, "T")[1]}
+          - arguments: $${json.decode(base64.decode(event.data.message.data))}
+          - fetchDate: $${text.split(arguments.startAt, "T")[0]}
+          - fetchTime: $${text.split(arguments.startAt, "T")[1]}
           - fetchHour: $${text.split(fetchTime, ":")[0]}
           - fetchMinute: $${text.split(fetchTime, ":")[1]}
+          - headers: {}
+          - query: {}
+          - userAgentHeaders:
+              User-Agent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36'
+              priority: 'u=0, i'
+              sec-ch-ua: '"Chromium";v="130", "Google Chrome";v="130", "Not?A_Brand";v="99"'
+              sec-ch-ua-mobile: '?0'
+              sec-ch-ua-platform: '"macOS"'
+
     - applySecrets:
         switch:
-          - condition: $${headerSecretKeyName != null}
+          - condition: $${arguments.headerSecretKeyName != null}
             steps:
               - headerSecret:
                   call: googleapis.secretmanager.v1.projects.secrets.versions.accessString
                   args:
                     project_id: $${projectId}
-                    secret_id: $${headerSecretKeyName}
+                    secret_id: $${arguments.headerSecretKeyName}
                   result: headerSecret
               - assignHeaders:
                   assign:
                     - headers:
-                        $${authorizationHeaderParameterName}: $${headerSecret}
-          - condition: $${urlSecretKeyName != null}
+                        $${arguments.authorizationHeaderParameterName}: $${headerSecret}
+          - condition: $${arguments.urlSecretKeyName != null}
             steps:
               - querySecret:
                   call: googleapis.secretmanager.v1.projects.secrets.versions.accessString
                   args:
                     project_id: $${projectId}
-                    secret_id: $${urlSecretKeyName}
-                  result: fetchQuerySecret
+                    secret_id: $${arguments.urlSecretKeyName}
+                  result: querySecret
               - assignQuery:
                   assign:
                     - query:
-                        $${authorizationUrlParameterName}: $${fetchQuerySecret}
-    - fetch:
-        parallel:
-          for:
-            value: fetchSecond
-            in: [0, 20, 40]
-            steps:
-              - wait:
-                  call: sys.sleep
-                  args:
-                    seconds: $${fetchSecond}
-              - fetchUrl:
-                  call: http.get
-                  args:
-                    url: $${pipelineUrl}
-                    timeout: 20
-                    headers: $${headers}
-                    query: $${query}
-                  result: result
-              - writeResult:
-                  call: http.post
-                  args:
-                    url: $${"https://storage.googleapis.com/upload/storage/v1/b/" + bucket + "/o"}
-                    auth:
-                      type: OAuth2
-                    query:
-                      name: $${
-                        type +
-                        "/dt=" + fetchDate +
-                        "/hour=" + fetchDate + "T" + fetchHour + ":00:00+00:00" +
-                        "/ts=" + fetchDate + "T" + fetchHour + ":" + fetchMinute + ":" + if(fetchSecond == 0, "00", fetchSecond) + "+00:00" +
-                        "/base64_url=" + base64Url +
-                        "/feed"
-                        }
-                    body: $${result.body}
+                        $${arguments.authorizationUrlParameterName}: $${querySecret}
+    - fetchUrl:
+        call: http.get
+        args:
+          url: $${arguments.pipelineUrl}
+          timeout: 20
+          headers: $${map.merge(userAgentHeaders, headers)}
+          query: $${query}
+        result: result
+    - writeResult:
+        call: http.post
+        args:
+          url: $${"https://storage.googleapis.com/upload/storage/v1/b/" + bucket + "/o"}
+          auth:
+            type: OAuth2
+          query:
+            name: $${
+              arguments.type +
+              "/dt=" + fetchDate +
+              "/hour=" + fetchDate + "T" + fetchHour + ":00:00+00:00" +
+              "/ts=" + fetchDate + "T" + fetchHour + ":" + fetchMinute + ":" + if(arguments.fetchSecond == 0, "00", arguments.fetchSecond) + "+00:00" +
+              "/base64_url=" + arguments.base64Url +
+              "/feed"
+              }
+          body: $${result.body}
