Importing wdls from github not working #7764
Description
I have wdls I'm trying to import from other workflows.
I have tried setting up the GithubAuthVending to get the github token, with a dummy ecm server setup via an nginx.
I get this error when trying to import a file.
Failed to import 'https://raw.githubusercontent.com/PrivateOrg/PrivateRepo/refs/heads/main/subworkflows/transfer/v1.0.0/custom_file.wdl' (reason 1 of 1): Failed to resolve 'https://raw.githubusercontent.com/PrivateOrg/PrivateRepo/refs/heads/main/subworkflows/transfer/v1.0.0/custom_file.wdl' using resolver: 'http importer (no 'relative-to' origin)' (reason 1 of 1): Failed to download https://raw.githubusercontent.com/PrivateOrg/PrivateRepo/refs/heads/main/subworkflows/transfer/v1.0.0/custom_file.wdl(reason 1 of 1): 404: Not Found
I don't see anything in the logs to indicate it's calling GithubAuthVending. I've tried adding an auth token to the url, and get the same error.
Any ideas on why this might be occuring?
My wdl tries running an import like this:
version 1.0
import https://raw.githubusercontent.com/PrivateOrg/PrivateRepo/refs/heads/main/subworkflows/transfer/v1.0.0/custom_file.wdl as custom
workflow Pipeline {
input {
String example
}
call custom.step1 as CustomStep1 {
input:
example = example
}
}
This is my cromwell configuration, it works fine to run non imported workflows. I'm using
include required(classpath("application"))
webservice {
interface = localhost
port = 8000
}
akka {
http {
server {
request-timeout = 600s
idle-timeout = 700s
}
}
}
system {
job-rate-control {
jobs = 1
per = 2 second
}
}
aws {
application-name = "cromwell"
auths = [{
name = "default"
scheme = "default"
}]
region = "eu-west-1"
}
database {
profile = "slick.jdbc.PostgresProfile$"
db {
driver = "org.postgresql.Driver"
url = "jdbc:postgresql://%%DBHost%%/cromwell?rewriteBatchedStatements=true&useSSL=false"
user = "cromwell"
password = "%%DBPassword%%"
connectionTimeout = 120000
}
}
call-caching {
enabled = true
invalidate-bad-cache-results = true
}
engine { filesystems { s3 { auth = "default" } } }
languages {
default: WDL
WDL {
http-allow-list {
enabled: true
allowed-http-hosts: ["github.com", "githubusercontent.com", "raw.githubusercontent.com"]
}
versions {
default: "draft-2"
"draft-2" {
language-factory = "languages.wdl.draft2.WdlDraft2LanguageFactory"
config {
strict-validation: false
enabled: true
}
}
"1.0" {
# WDL draft-3 was our in-progress name for what became WDL 1.0
language-factory = "languages.wdl.draft3.WdlDraft3LanguageFactory"
config {
strict-validation: true
enabled: true
}
}
"biscayne" {
# WDL biscayne is our in-progress name for what will become WDL 1.1
language-factory = "languages.wdl.biscayne.WdlBiscayneLanguageFactory"
config {
strict-validation: true
enabled: true
}
}
"cascades" {
# WDL cascades is our in-progress name for what will (probably) become WDL 2.0
language-factory = "languages.wdl.cascades.WdlCascadesLanguageFactory"
config {
strict-validation: true
enabled: true
}
}
}
}
}
backend {
# default = "AWSBATCH"
providers {
AWSBATCH {
actor-factory = "cromwell.backend.impl.aws.AwsBatchBackendLifecycleActorFactory"
config {
numSubmitAttempts = 10
numCreateDefinitionAttempts = 10
root = "s3://%%CromwellBucket%%/cromwell-execution"
auth = "default"
tagResources = true
default-runtime-attributes { queueArn = "%%DefaultBatchQueueArn%%" , scriptBucketName = "%%CromwellBucket%%" , tagResources = "true" }
filesystems {
s3 {
auth = "default"
duplication-strategy: [
"hard-link", "soft-link", "copy"
]
}
}
}
}
}
}
services {
GithubAuthVending {
class = "cromwell.services.auth.impl.GithubAuthVendingActor"
config {
enabled = true
auth.azure = false
# Set this to the service that Cromwell should retrieve Github access token associated with user's token.
ecm.base-url = "https://localhost"
}
}
}
I'm using cromwell version 87, this is the command I'm running
nginx && java -DLOG_LEVEL=INFO -Dconfig.file=cromwell.conf -XX:MaxRAMPercentage=80.0 -jar cromwell.jar server