Add sheet2docs automation script and workflow

.github/workflows/sync-sheets-keyless.yml

@@ -0,0 +1,177 @@
+name: Sync Google Sheets to CSV (Keyless Auth)
+
+on:
+  # Scheduled trigger - daily at 2 AM UTC
+  schedule:
+    - cron: '0 2 * * *'
+  # NOTE: for testing this
+  push:
+    branches: ['add-sheet2csv-automation']
+
+  # Manual trigger
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: 'Dry run (skip PR creation)'
+        required: false
+        default: false
+        type: boolean
+
+# Required permissions
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write  # Required for OIDC token authentication
+
+jobs:
+  sync-sheet:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0  # Full history for better diffs
+
+      - name: Set up Python
+        uses: actions/setup-python@v6
+        with:
+          python-version: '3.13'
+          cache: 'pip'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r scripts/sheet2docs/requirements.txt
+
+      # Keyless authentication using Workload Identity Federation
+      - name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
+        with:
+          workload_identity_provider: ${{ vars.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+          service_account: ${{ vars.GCP_SERVICE_ACCOUNT }}
+
+      # The auth action sets GOOGLE_APPLICATION_CREDENTIALS automatically
+      - name: Run sync script
+        env:
+          GOOGLE_SHEET_URL: ${{ secrets.GOOGLE_SHEET_URL }}
+        run: |
+          python scripts/sheet2docs/sync_sheet.py --config scripts/sheet2docs/config.yml --verbose
+
+      - name: Check for changes
+        id: check_changes
+        run: |
+          CSV_PATH="explore-analyze/ai-features/agent-builder/models.csv"
+          if git diff --quiet "$CSV_PATH" 2>/dev/null; then
+            echo "changed=false" >> $GITHUB_OUTPUT
+            echo "No changes detected in CSV file"
+          else
+            echo "changed=true" >> $GITHUB_OUTPUT
+            echo "Changes detected in CSV file"
+
+            # Get row count from CSV (subtract 1 for header)
+            if [ -f "$CSV_PATH" ]; then
+              row_count=$(($(wc -l < "$CSV_PATH") - 1))
+              echo "row_count=${row_count}" >> $GITHUB_OUTPUT
+            fi
+          fi
+
+      - name: Create Pull Request
+        if: steps.check_changes.outputs.changed == 'true' && github.event.inputs.dry_run != 'true'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          # Configure git
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          # Create branch with timestamp
+          branch_name="sheets-update-$(date +%Y-%m-%d-%H%M%S)"
+          git checkout -b "$branch_name"
+
+          # Stage and commit changes
+          CSV_PATH="explore-analyze/ai-features/agent-builder/models.csv"
+          git add "$CSV_PATH"
+          git commit -m "Update CSV from Google Sheets
+
+          Generated: $(date -u +'%Y-%m-%d %H:%M:%S UTC')
+          Workflow run: ${{ github.run_number }}
+
+          [skip ci]"
+
+          # Push branch
+          git push origin "$branch_name"
+
+          # Get CSV filename
+          csv_file="$CSV_PATH"
+          csv_filename=$(basename "$csv_file")
+
+          # Get row count
+          row_count=${{ steps.check_changes.outputs.row_count }}
+          col_count=$(head -n 1 "$csv_file" | awk -F',' '{print NF}')
+
+          # Create PR with gh CLI
+          gh pr create \
+            --title "Update CSV from Google Sheets - $(date +%Y-%m-%d)" \
+            --body "## Summary
+
+          This PR updates the CSV file with the latest data from Google Sheets.
+
+          **File:** \`${csv_filename}\`
+          **Rows:** ${row_count}
+          **Columns:** ${col_count}
+          **Generated:** $(date -u +'%Y-%m-%d %H:%M:%S UTC')
+
+          ### Changes
+
+          Please review the changes in the Files tab to ensure the data looks correct.
+
+          ### Next Steps
+
+          - [ ] Review the CSV changes
+          - [ ] Verify data accuracy
+          - [ ] Merge when ready
+
+          ---
+
+          🤖 Automated update from [sync-sheets workflow](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})" \
+            --head "$branch_name" \
+            --base main
+
+      - name: Upload CSV artifact
+        if: always()
+        uses: actions/upload-artifact@v6
+        with:
+          name: generated-csv-${{ github.run_number }}
+          path: explore-analyze/ai-features/agent-builder/models.csv
+          retention-days: 30
+          if-no-files-found: warn
+
+      - name: Generate job summary
+        if: always()
+        run: |
+          CSV_PATH="explore-analyze/ai-features/agent-builder/models.csv"
+          echo "## Sync Summary" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Status:** ${{ job.status }}" >> $GITHUB_STEP_SUMMARY
+          echo "**Changes Detected:** ${{ steps.check_changes.outputs.changed }}" >> $GITHUB_STEP_SUMMARY
+          echo "**Dry Run:** ${{ github.event.inputs.dry_run }}" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          if [ -f "$CSV_PATH" ]; then
+            echo "### Generated Files" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+            ls -lh "$CSV_PATH" >> $GITHUB_STEP_SUMMARY
+            echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+
+            # Show first few rows as preview
+            echo "### Preview (first 5 rows)" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "\`\`\`csv" >> $GITHUB_STEP_SUMMARY
+            head -n 6 "$CSV_PATH" >> $GITHUB_STEP_SUMMARY
+            echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "⚠️ No CSV file found" >> $GITHUB_STEP_SUMMARY
+          fi

scripts/sheet2docs/config.yml

@@ -0,0 +1,39 @@
+# Google Sheets to CSV Configuration
+#
+# This file defines which Google Sheet to sync and how to transform the data
+
+# Google Sheet source
+source:
+  # Google Sheets URL or spreadsheet ID
+  # SECURITY: For public repos, use environment variable substitution
+  # to avoid exposing the sheet URL
+  #
+  # Option 1: Environment variable (recommended for public repos)
+  # Set GOOGLE_SHEET_URL as a GitHub Secret
+  # sheet_url: "${GOOGLE_SHEET_URL}"
+  #
+  # Option 2: Direct value (for testing/private repos)
+  sheet_url: "${GOOGLE_SHEET_URL}"
+
+  # Name of the tab/sheet within the spreadsheet
+  # Can also use environment variable if needed
+  tab_name: "Models"
+
+# Column configuration
+# Define which columns to include in the CSV and optionally rename them
+columns:
+  - source: "Type"
+  - source: "Author"
+  - source: "Name"
+  - source: "ID"
+
+# Output configuration
+output:
+  # Output CSV filename
+  filename: "models.csv"
+
+  # Output directory (relative to repo root)
+  directory: "explore-analyze/ai-features/agent-builder"
+
+  # CSV delimiter (default: comma)
+  delimiter: ","

scripts/sheet2docs/requirements.txt

@@ -0,0 +1,7 @@
+# Google Sheets API
+gspread==6.1.2
+google-auth==2.35.0
+requests>=2.31.0
+
+# Configuration parsing
+PyYAML==6.0.2

scripts/sheet2docs/sync-sheets-keyless.yml

@@ -0,0 +1,171 @@
+name: Sync Google Sheets to CSV (Keyless Auth)
+
+on:
+  # Scheduled trigger - daily at 2 AM UTC
+  schedule:
+    - cron: '0 2 * * *'
+
+  # Manual trigger
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: 'Dry run (skip PR creation)'
+        required: false
+        default: false
+        type: boolean
+
+# Required permissions
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write  # Required for OIDC token authentication
+
+jobs:
+  sync-sheet:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0  # Full history for better diffs
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'pip'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
+
+      # Keyless authentication using Workload Identity Federation
+      - name: Authenticate to Google Cloud
+        uses: elastic/oblt-actions/google/auth@v1
+        with:
+          workload-identity-provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+          service-account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
+
+      # The auth action sets GOOGLE_APPLICATION_CREDENTIALS automatically
+      - name: Run sync script
+        env:
+          GOOGLE_SHEET_URL: ${{ secrets.GOOGLE_SHEET_URL }}
+        run: |
+          python sync_sheet.py --config config.yml --verbose
+
+      - name: Check for changes
+        id: check_changes
+        run: |
+          if git diff --quiet output/*.csv 2>/dev/null; then
+            echo "changed=false" >> $GITHUB_OUTPUT
+            echo "No changes detected in CSV files"
+          else
+            echo "changed=true" >> $GITHUB_OUTPUT
+            echo "Changes detected in CSV files"
+
+            # Get row count from CSV (subtract 1 for header)
+            if [ -f output/*.csv ]; then
+              row_count=$(($(wc -l < output/*.csv) - 1))
+              echo "row_count=${row_count}" >> $GITHUB_OUTPUT
+            fi
+          fi
+
+      - name: Create Pull Request
+        if: steps.check_changes.outputs.changed == 'true' && github.event.inputs.dry_run != 'true'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          # Configure git
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          # Create branch with timestamp
+          branch_name="sheets-update-$(date +%Y-%m-%d-%H%M%S)"
+          git checkout -b "$branch_name"
+
+          # Stage and commit changes
+          git add output/*.csv
+          git commit -m "Update CSV from Google Sheets
+
+          Generated: $(date -u +'%Y-%m-%d %H:%M:%S UTC')
+          Workflow run: ${{ github.run_number }}
+
+          [skip ci]"
+
+          # Push branch
+          git push origin "$branch_name"
+
+          # Get CSV filename
+          csv_file=$(ls output/*.csv | head -n 1)
+          csv_filename=$(basename "$csv_file")
+
+          # Get row count
+          row_count=${{ steps.check_changes.outputs.row_count }}
+          col_count=$(head -n 1 "$csv_file" | awk -F',' '{print NF}')
+
+          # Create PR with gh CLI
+          gh pr create \
+            --title "Update CSV from Google Sheets - $(date +%Y-%m-%d)" \
+            --body "## Summary
+
+          This PR updates the CSV file with the latest data from Google Sheets.
+
+          **File:** \`${csv_filename}\`
+          **Rows:** ${row_count}
+          **Columns:** ${col_count}
+          **Generated:** $(date -u +'%Y-%m-%d %H:%M:%S UTC')
+
+          ### Changes
+
+          Please review the changes in the Files tab to ensure the data looks correct.
+
+          ### Next Steps
+
+          - [ ] Review the CSV changes
+          - [ ] Verify data accuracy
+          - [ ] Merge when ready
+
+          ---
+
+          🤖 Automated update from [sync-sheets workflow](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }})" \
+            --head "$branch_name" \
+            --base main
+
+      - name: Upload CSV artifact
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: generated-csv-${{ github.run_number }}
+          path: output/*.csv
+          retention-days: 30
+          if-no-files-found: warn
+
+      - name: Generate job summary
+        if: always()
+        run: |
+          echo "## Sync Summary" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "**Status:** ${{ job.status }}" >> $GITHUB_STEP_SUMMARY
+          echo "**Changes Detected:** ${{ steps.check_changes.outputs.changed }}" >> $GITHUB_STEP_SUMMARY
+          echo "**Dry Run:** ${{ github.event.inputs.dry_run }}" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          if [ -f output/*.csv ]; then
+            echo "### Generated Files" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+            ls -lh output/*.csv >> $GITHUB_STEP_SUMMARY
+            echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+
+            # Show first few rows as preview
+            echo "### Preview (first 5 rows)" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "\`\`\`csv" >> $GITHUB_STEP_SUMMARY
+            head -n 6 output/*.csv >> $GITHUB_STEP_SUMMARY
+            echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "⚠️ No CSV files found" >> $GITHUB_STEP_SUMMARY
+          fi