{"id":18400639,"url":"https://github.com/databricks/run-notebook","last_synced_at":"2026-03-01T07:34:00.809Z","repository":{"id":38050728,"uuid":"472383988","full_name":"databricks/run-notebook","owner":"databricks","description":null,"archived":false,"fork":false,"pushed_at":"2024-04-15T14:19:27.000Z","size":96,"stargazers_count":61,"open_issues_count":18,"forks_count":20,"subscribers_count":6,"default_branch":"main","last_synced_at":"2026-02-13T08:43:18.838Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/databricks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-21T14:52:33.000Z","updated_at":"2025-12-06T15:52:56.000Z","dependencies_parsed_at":"2024-06-18T17:28:19.647Z","dependency_job_id":"8567de4b-ca8e-40dc-8149-06d6376aacbf","html_url":"https://github.com/databricks/run-notebook","commit_stats":{"total_commits":25,"total_committers":5,"mean_commits":5.0,"dds":0.28,"last_synced_commit":"84d336e0f385da65f3244f0a669fc4b55eb0811b"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/databricks/run-notebook","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databricks%2Frun-notebook","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databricks%2Frun-notebook/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databricks%2Frun-notebook/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databricks%2Frun-notebook/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/databricks","download_url":"https://codeload.github.com/databricks/run-notebook/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/databricks%2Frun-notebook/sbom","scorecard":{"id":324235,"data":{"date":"2024-06-17","repo":{"name":"github.com/databricks/run-notebook","commit":"84d336e0f385da65f3244f0a669fc4b55eb0811b"},"scorecard":{"version":"v5.0.0-rc2-62-gda0f2b4e","commit":"da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8"},"score":3.8,"checks":[{"name":"Code-Review","score":8,"reason":"Found 20/25 approved changesets -- score normalized to 8","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#branch-protection"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/check-dist.yml:1","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/databricks/run-notebook/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/databricks/run-notebook/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/check-dist.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/databricks/run-notebook/check-dist.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/databricks/run-notebook/test.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/test.yml:15","Info:   0 out of   4 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   2 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#pinned-dependencies"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#fuzzing"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#security-policy"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 22 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":1,"reason":"9 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/da0f2b4ebca563a6f7f1ca2f4099c336f7ce8bd8/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T02:05:50.123Z","repository_id":38050728,"created_at":"2025-08-18T02:05:50.123Z","updated_at":"2025-08-18T02:05:50.123Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29964145,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T06:55:38.174Z","status":"ssl_error","status_checked_at":"2026-03-01T06:53:04.810Z","response_time":124,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T02:35:36.594Z","updated_at":"2026-03-01T07:34:00.787Z","avatar_url":"https://github.com/databricks.png","language":"TypeScript","readme":"# databricks/run-notebook v0\n\n# Overview\nGiven a Databricks notebook and cluster specification, this Action runs the notebook as a one-time Databricks Job\nrun (docs: \n[AWS](https://docs.databricks.com/dev-tools/api/latest/jobs.html#operation/JobsRunsSubmit) |\n[Azure](https://redocly.github.io/redoc/?url=https://docs.microsoft.com/azure/databricks/_static/api-refs/jobs-2.1-azure.yaml#operation/JobsRunsSubmit) |\n[GCP](https://docs.gcp.databricks.com/dev-tools/api/latest/jobs.html#operation/JobsRunsSubmit)) and awaits its completion:\n\n- optionally installing libraries on the cluster before running the notebook\n- optionally configuring permissions on the notebook run (e.g. granting other users permission to view results)\n- optionally triggering the Databricks job run with a timeout\n- optionally using a Databricks job run name\n- setting the notebook output,\n  job run ID, and job run page URL as Action output\n- failing if the Databricks job run fails\n\nYou can use this Action to trigger code execution on Databricks for CI (e.g. on pull requests) or CD (e.g. on pushes\nto master).  \n\n# Prerequisites\nTo use this Action, you need a Databricks REST API token to trigger notebook execution and await completion. The API\ntoken must be associated with a principal with the following permissions:\n* Cluster permissions ([AWS](https://docs.databricks.com/security/access-control/cluster-acl.html#types-of-permissions) |\n[Azure](https://docs.microsoft.com/en-us/azure/databricks/security/access-control/cluster-acl#types-of-permissions) |\n[GCP](https://docs.gcp.databricks.com/security/access-control/cluster-acl.html)): Allow unrestricted cluster creation entitlement,\nif running the notebook against a new cluster (recommended), or \"Can restart\" permission, if running the notebook\nagainst an existing cluster.\n* Workspace permissions ([AWS](https://docs.databricks.com/security/access-control/workspace-acl.html#folder-permissions) |\n[Azure](https://docs.microsoft.com/en-us/azure/databricks/security/access-control/workspace-acl#--folder-permissions) |\n[GCP](https://docs.gcp.databricks.com/security/access-control/workspace-acl.html#folder-permissions)):\n  * If supplying `local-notebook-path` with one of the `git-commit`, `git-tag`, or `git-branch` parameters, no workspace\n    permissions are required. However, your principal must have Git integration configured ([AWS](https://docs.databricks.com/dev-tools/api/latest/gitcredentials.html#operation/create-git-credential) | [Azure](https://docs.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/gitcredentials) | [GCP](https://docs.gcp.databricks.com/dev-tools/api/latest/gitcredentials.html#operation/create-git-credential)). You can associate git credentials with your principal by creating a git credential entry using your principal's API token.\n  * If supplying the `local-notebook-path` parameter, \"Can manage\" permissions on the directory specified by the\n    `workspace-temp-dir` parameter (the `/tmp/databricks-github-actions` directory if `workspace-temp-dir` is unspecified).\n  * If supplying the `workspace-notebook-path`  parameter, \"Can read\" permissions on the specified notebook.\n\nWe recommend that you store the Databricks REST API token in [GitHub Actions secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets)\nto pass it into your GitHub Workflow. The following section lists recommended approaches for token creation by cloud.\n\nNote: we recommend that you do not run this Action against workspaces with IP restrictions. GitHub-hosted action runners have a [wide range of IP addresses](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#ip-addresses), making it difficult to whitelist.\n\n## AWS\nFor security reasons, we recommend creating and using a Databricks service principal API token. You can\n[create a service principal](https://docs.databricks.com/dev-tools/api/latest/scim/scim-sp.html#create-service-principal),\ngrant the Service Principal\n[token usage permissions](https://docs.databricks.com/administration-guide/access-control/tokens.html#control-who-can-use-or-create-tokens),\nand [generate an API token](https://docs.databricks.com/dev-tools/api/latest/token-management.html#operation/create-obo-token) on its behalf.\n\n## Azure\nFor security reasons, we recommend using a Databricks service principal AAD token.\n\n### Create an Azure Service Principal\nHere are two ways that you can create an Azure Service Principal. \n\nThe first way is via the Azure Portal UI. See the [Azure Databricks documentation](https://docs.microsoft.com/en-us/azure/databricks/administration-guide/users-groups/service-principals#create-a-service-principal). Record the Application (client) Id, Directory (tenant) Id, and client secret values generated by the steps.\n\nThe second way is via the Azure CLI. You can follow the instructions below:\n* Install the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)\n* Run `az login` to authenticate with Azure\n* Run `az ad sp create-for-rbac -n \u003cyour-service-principal-name\u003e --sdk-auth --scopes /subscriptions/\u003cazure-subscription-id\u003e/resourceGroups/\u003cresource-group-name\u003e --sdk-auth --role contributor`,\n  specifying the subscription and resource group of your Azure Databricks workspace, to create a service principal and client secret.\n\nFrom the resulting JSON output, record the following values:\n* `clientId`: this is the client or application Id of your service principal.\n* `clientSecret`: this is the client service of your service princiapl.\n* `tenantId`: this is the tenant or directory Id of your service principal.\n\nAfter you create an Azure Service Principal, you should add it to your Azure Databricks workspace using the [SCIM API](https://docs.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/scim/scim-sp#add-service-principal). Use the client or application Id of your service principal as the `applicationId` of the service principal in the `add-service-principal` payload.\n\n### Use the Service Principal in your GitHub Workflow\n* Store your service principal credentials into your GitHub repository secrets. The Application (client) Id should be stored as `AZURE_SP_APPLICATION_ID`, Directory (tenant) Id as `AZURE_SP_TENANT_ID`, and client secret as `AZURE_SP_CLIENT_SECRET`.\n* Add the following step at the start of your GitHub workflow.\n  This will create a new AAD token for your Azure Service Principal and save its value in the `DATABRICKS_TOKEN`\n  environment variable for use in subsequent steps.\n\n  ```yaml\n  - name: Generate AAD Token\n    run: |\n      echo \"DATABRICKS_TOKEN=$(curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \\\n        https://login.microsoftonline.com/${{ secrets.AZURE_SP_TENANT_ID }}/oauth2/v2.0/token \\\n        -d 'client_id=${{ secrets.AZURE_SP_APPLICATION_ID }}' \\\n        -d 'grant_type=client_credentials' \\\n        -d 'scope=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d%2F.default' \\\n        -d 'client_secret=${{ secrets.AZURE_SP_CLIENT_SECRET }}' |  jq -r  '.access_token')\" \u003e\u003e $GITHUB_ENV\n  ```\n**Notes**:\n  * The generated Azure token has a default life span of **60 minutes**.\n  If you expect your Databricks notebook to take longer than 60 minutes to finish executing, then you must create a [token lifetime policy](https://docs.microsoft.com/en-us/azure/active-directory/develop/configure-token-lifetimes)\n  and attach it to your service principal.\n  * The generated Azure token will work across all workspaces that the Azure Service Principal is added to. You do not need to generate a token for each workspace.\n\n## GCP\nFor security reasons, we recommend inviting a service user to your Databricks workspace and using their API token.\nYou can invite a [service user to your workspace](https://docs.gcp.databricks.com/administration-guide/users-groups/users.html#add-a-user),\nlog into the workspace as the service user, and [create a personal access token](https://docs.gcp.databricks.com/dev-tools/api/latest/authentication.html) \nto pass into your GitHub Workflow.\n  \n# Usage\n\nSee [action.yml](action.yml) for the latest interface and docs.\n\n### (Recommended) Run notebook within a temporary checkout of the current Repo\nThe workflow below runs a notebook as a one-time job within a temporary repo checkout, enabled by\nspecifying the  `git-commit`, `git-branch`, or `git-tag` parameter. You can use this to run notebooks that\ndepend on other notebooks or files (e.g. Python modules in `.py` files) within the same repo.\n\n```yaml\nname: Run a notebook within its repo on PRs\n\non:\n  pull_request\n\nenv:\n  DATABRICKS_HOST: https://adb-XXXX.XX.azuredatabricks.net\n\njobs:\n  build:\n    runs-on: ubuntu-latest\n\n    steps:\n      - name: Checks out the repo\n        uses: actions/checkout@v2\n      # The step below does the following:\n      # 1. Sends a POST request to generate an Azure Active Directory token for an Azure service principal\n      # 2. Parses the token from the request response and then saves that in as DATABRICKS_TOKEN in the\n      # GitHub enviornment.\n      # Note: if the API request fails, the request response json will not have an \"access_token\" field and\n      # the DATABRICKS_TOKEN env variable will be empty.\n      - name: Generate and save AAD Token\n        run: |\n          echo \"DATABRICKS_TOKEN=$(curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \\\n            https://login.microsoftonline.com/${{ secrets.AZURE_SP_TENANT_ID }}/oauth2/v2.0/token \\\n            -d 'client_id=${{ secrets.AZURE_SP_APPLICATION_ID }}' \\\n            -d 'grant_type=client_credentials' \\\n            -d 'scope=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d%2F.default' \\\n            -d 'client_secret=${{ secrets.AZURE_SP_CLIENT_SECRET }}' |  jq -r  '.access_token')\" \u003e\u003e $GITHUB_ENV\n      - name: Trigger model training notebook from PR branch\n        uses: databricks/run-notebook@v0\n        with:\n          local-notebook-path: notebooks/deployments/MainNotebook\n          # If the current workflow is triggered from a PR,\n          # run notebook code from the PR's head commit, otherwise use github.sha.\n          git-commit: ${{ github.event.pull_request.head.sha || github.sha }}\n          # The cluster JSON below is for Azure Databricks. On AWS and GCP, set\n          # node_type_id to an appropriate node type, e.g. \"i3.xlarge\" for\n          # AWS or \"n1-highmem-4\" for GCP\n          new-cluster-json: \u003e\n            {\n              \"num_workers\": 1,\n              \"spark_version\": \"11.3.x-scala2.12\",\n              \"node_type_id\": \"Standard_D3_v2\"\n            }\n          # Grant all users view permission on the notebook results\n          access-control-list-json: \u003e\n            [\n              {\n                \"group_name\": \"users\",\n                \"permission_level\": \"CAN_VIEW\"\n              }\n            ]\n```\n\n### Run a self-contained notebook\nThe workflow below runs a self-contained notebook as a one-time job.\n\nPython library dependencies are declared in the notebook itself using\nnotebook-scoped libraries\n([AWS](https://docs.databricks.com/libraries/notebooks-python-libraries.html) | \n[Azure](https://docs.microsoft.com/en-us/azure/databricks/libraries/notebooks-python-libraries) | \n[GCP](https://docs.gcp.databricks.com/libraries/notebooks-python-libraries.html)) \n \n```yaml\nname: Run a notebook in the current repo on PRs\n\non:\n  pull_request\n\nenv:\n  DATABRICKS_HOST: https://adb-XXXX.XX.azuredatabricks.net\n\njobs:\n  build:\n    runs-on: ubuntu-latest\n\n    steps:\n      - name: Checkout repo\n        uses: actions/checkout@v2\n      # The step below does the following:\n      # 1. Sends a POST request to generate an Azure Active Directory token for an Azure service principal\n      # 2. Parses the token from the request response and then saves that in as DATABRICKS_TOKEN in the\n      # GitHub enviornment.\n      # Note: if the API request fails, the request response json will not have an \"access_token\" field and\n      # the DATABRICKS_TOKEN env variable will be empty.\n      - name: Generate and save AAD Token\n        run: |\n          echo \"DATABRICKS_TOKEN=$(curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \\\n            https://login.microsoftonline.com/${{ secrets.AZURE_SP_TENANT_ID }}/oauth2/v2.0/token \\\n            -d 'client_id=${{ secrets.AZURE_SP_APPLICATION_ID }}' \\\n            -d 'grant_type=client_credentials' \\\n            -d 'scope=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d%2F.default' \\\n            -d 'client_secret=${{ secrets.AZURE_SP_CLIENT_SECRET }}' |  jq -r  '.access_token')\" \u003e\u003e $GITHUB_ENV\n      - name: Trigger notebook from PR branch\n        uses: databricks/run-notebook@v0\n        with:\n          local-notebook-path: notebooks/MainNotebook.py\n          # Alternatively, specify an existing-cluster-id to run against an existing cluster.\n          # The cluster JSON below is for Azure Databricks. On AWS and GCP, set\n          # node_type_id to an appropriate node type, e.g. \"i3.xlarge\" for\n          # AWS or \"n1-highmem-4\" for GCP\n          new-cluster-json: \u003e\n            {\n              \"num_workers\": 1,\n              \"spark_version\": \"11.3.x-scala2.12\",\n              \"node_type_id\": \"Standard_D3_v2\"\n            }\n          # Grant all users view permission on the notebook results, so that they can\n          # see the result of our CI notebook \n          access-control-list-json: \u003e\n            [\n              {\n                \"group_name\": \"users\",\n                \"permission_level\": \"CAN_VIEW\"\n              }\n            ]\n```\n\n### Run a notebook using library dependencies in the current repo and on PyPI\nIn the workflow below, we build Python code in the current repo into a wheel, use ``upload-dbfs-temp`` to upload it to a\ntempfile in DBFS, then run a notebook that depends on the wheel, in addition to other libraries publicly available on\nPyPI. \n\nDatabricks supports a range of library types, including Maven and CRAN. See \nthe docs\n([Azure](https://docs.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/libraries#--library) |\n[AWS](https://docs.databricks.com/dev-tools/api/latest/libraries.html#library) |\n[GCP](https://docs.gcp.databricks.com/dev-tools/api/latest/libraries.html#library))\nfor more information.\n\n```yaml\nname: Run a single notebook on PRs\n\non:\n  pull_request\n\nenv:\n  DATABRICKS_HOST: https://adb-XXXX.XX.azuredatabricks.net\njobs:\n  build:\n    runs-on: ubuntu-latest\n\n    steps:\n      - name: Checks out the repo\n        uses: actions/checkout@v2\n      # The step below does the following:\n      # 1. Sends a POST request to generate an Azure Active Directory token for an Azure service principal\n      # 2. Parses the token from the request response and then saves that in as DATABRICKS_TOKEN in the\n      # GitHub enviornment.\n      # Note: if the API request fails, the request response json will not have an \"access_token\" field and\n      # the DATABRICKS_TOKEN env variable will be empty.\n      - name: Generate and save AAD Token\n        run: |\n          echo \"DATABRICKS_TOKEN=$(curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \\\n            https://login.microsoftonline.com/${{ secrets.AZURE_SP_TENANT_ID }}/oauth2/v2.0/token \\\n            -d 'client_id=${{ secrets.AZURE_SP_APPLICATION_ID }}' \\\n            -d 'grant_type=client_credentials' \\\n            -d 'scope=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d%2F.default' \\\n            -d 'client_secret=${{ secrets.AZURE_SP_CLIENT_SECRET }}' |  jq -r  '.access_token')\" \u003e\u003e $GITHUB_ENV\n      - name: Setup python\n        uses: actions/setup-python@v2\n      - name: Build wheel\n        run: |\n          python setup.py bdist_wheel\n      # Uploads local file (Python wheel) to temporary Databricks DBFS\n      # path and returns path. See https://github.com/databricks/upload-dbfs-tempfile\n      # for details.\n      - name: Upload Wheel\n        uses: databricks/upload-dbfs-temp@v0\n        with:\n          local-path: dist/my-project.whl\n        id: upload_wheel\n      - name: Trigger model training notebook from PR branch\n        uses: databricks/run-notebook@v0\n        with:\n          local-notebook-path: notebooks/deployments/MainNotebook\n          # Install the wheel built in the previous step as a library\n          # on the cluster used to run our notebook\n          libraries-json: \u003e\n            [\n              { \"whl\": \"${{ steps.upload_wheel.outputs.dbfs-file-path }}\" },\n              { \"pypi\": \"mlflow\" }\n            ]\n          # The cluster JSON below is for Azure Databricks. On AWS and GCP, set\n          # node_type_id to an appropriate node type, e.g. \"i3.xlarge\" for\n          # AWS or \"n1-highmem-4\" for GCP\n          new-cluster-json: \u003e\n            {\n              \"num_workers\": 1,\n              \"spark_version\": \"11.3.x-scala2.12\",\n              \"node_type_id\": \"Standard_D3_v2\"\n            }\n          # Grant all users view permission on the notebook results\n          access-control-list-json: \u003e\n            [\n              {\n                \"group_name\": \"users\",\n                \"permission_level\": \"CAN_VIEW\"\n              }\n            ]\n```\n\n### Run notebooks in different Databricks Workspaces\nIn this example, we supply the `databricks-host` and `databricks-token` inputs\nto each `databricks/run-notebook` step to trigger notebook execution against different workspaces.\nThe tokens are read from the GitHub repository secrets, `DATABRICKS_DEV_TOKEN` and `DATABRICKS_STAGING_TOKEN` and `DATABRICKS_PROD_TOKEN`.\n\nNote that for Azure workspaces, you simply need to generate an AAD token once and use it across all\nworkspaces.\n\n```yaml\nname: Run a notebook in the current repo on pushes to main\n\non:\n  push\n    branches:\n      - main\n\njobs:\n  build:\n    runs-on: ubuntu-latest\n\n    steps:\n      - name: Checkout repo\n        uses: actions/checkout@v2\n      - name: Trigger notebook in staging\n        uses: databricks/run-notebook@v0\n        with:\n          databricks-host: https://xxx-staging.cloud.databricks.com\n          databricks-token: ${{ secrets.DATABRICKS_STAGING_TOKEN }}\n          local-notebook-path: notebooks/MainNotebook.py\n          # The cluster JSON below is for AWS workspaces. On Azure and GCP, set\n          # node_type_id to an appropriate node type, e.g. \"Standard_D3_v2\" for\n          # Azure or \"n1-highmem-4\" for GCP\n          new-cluster-json: \u003e\n            {\n              \"num_workers\": 1,\n              \"spark_version\": \"11.3.x-scala2.12\",\n              \"node_type_id\": \"i3.xlarge\"\n            }\n          # Grant users in the \"devops\" group view permission on the\n          # notebook results\n          access-control-list-json: \u003e\n            [\n              {\n                \"group_name\": \"devops\",\n                \"permission_level\": \"CAN_VIEW\"\n              }\n            ]\n      - name: Trigger notebook in prod\n        uses: databricks/run-notebook@v0\n        with:\n          databricks-host: https://xxx-prod.cloud.databricks.com\n          databricks-token: ${{ secrets.DATABRICKS_PROD_TOKEN }}\n          local-notebook-path: notebooks/MainNotebook.py\n          # The cluster JSON below is for AWS workspaces. On Azure and GCP, set\n          # node_type_id to an appropriate node type, e.g. \"Standard_D3_v2\" for\n          # Azure or \"n1-highmem-4\" for GCP\n          new-cluster-json: \u003e\n            {\n              \"num_workers\": 1,\n              \"spark_version\": \"11.3.x-scala2.12\",\n              \"node_type_id\": \"i3.xlarge\"\n            }\n          # Grant users in the \"devops\" group view permission on the\n          # notebook results\n          access-control-list-json: \u003e\n            [\n              {\n                \"group_name\": \"devops\",\n                \"permission_level\": \"CAN_VIEW\"\n              }\n            ]\n```\n\n# Troubleshooting\nTo enable debug logging for Databricks REST API requests (e.g. to inspect the payload of a bad `/api/2.0/jobs/runs/submit`\nDatabricks REST API request), you can set the `ACTIONS_STEP_DEBUG` action secret to\n`true`.\nSee [Step Debug Logs](https://github.com/actions/toolkit/blob/master/docs/action-debugging.md#how-to-access-step-debug-logs) \nfor further details.\n\n# License\n\nThe scripts and documentation in this project are released under the [Apache License, Version 2.0](LICENSE).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatabricks%2Frun-notebook","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdatabricks%2Frun-notebook","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdatabricks%2Frun-notebook/lists"}