pull_request_target: main by @mikealfare #11752
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # **what?** | |
| # This workflow runs all integration tests for supported OS | |
| # and python versions and core adapters. If triggered by PR, | |
| # the workflow will only run tests for adapters related | |
| # to code changes. Use the `test all` and `test ${adapter}` | |
| # label to run all or additional tests. Use `ok to test` | |
| # label to mark PRs from forked repositories that are safe | |
| # to run integration tests for. Requires secrets to run | |
| # against different warehouses. | |
| # **why?** | |
| # This checks the functionality of dbt from a user's perspective | |
| # and attempts to catch functional regressions. | |
| # **when?** | |
| # This workflow will run on every push to a protected branch | |
| # and when manually triggered. It will also run for all PRs, including | |
| # PRs from forks. The workflow will be skipped until there is a label | |
| # to mark the PR as safe to run. | |
| name: Adapter Integration Tests | |
| run-name: "${{ (contains(github.event_name, 'workflow_') && inputs.name) || github.event_name }}: ${{ (contains(github.event_name, 'workflow_') && inputs.adapter_branch) || github.ref_name }} by @${{ github.actor }}" | |
| on: | |
| # pushes to release branches | |
| push: | |
| branches: | |
| - "main" | |
| - "develop" | |
| - "*.latest" | |
| - "releases/*" | |
| # all PRs, important to note that `pull_request_target` workflows | |
| # will run in the context of the target branch of a PR | |
| pull_request_target: | |
| # manual trigger | |
| workflow_dispatch: | |
| inputs: | |
| name: | |
| description: "Name to associate with run (example: 'dbt-adapters-242')" | |
| required: false | |
| type: string | |
| default: "Adapter Integration Tests" | |
| adapter_branch: | |
| description: "The branch of this adapter repository to use" | |
| type: string | |
| required: false | |
| default: "main" | |
| dbt_adapters_branch: | |
| description: "The branch of dbt-adapters to use" | |
| type: string | |
| required: false | |
| default: "main" | |
| dbt_core_branch: | |
| description: "The branch of dbt-core to use" | |
| type: string | |
| required: false | |
| default: "main" | |
| dbt_common_branch: | |
| description: "The branch of dbt-common to use" | |
| type: string | |
| required: false | |
| default: "main" | |
| # explicitly turn off permissions for `GITHUB_TOKEN` | |
| permissions: read-all | |
| # will cancel previous workflows triggered by the same event and for the same ref for PRs or same SHA otherwise | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event_name }}-${{ contains(github.event_name, 'pull_request') && github.event.pull_request.head.ref || github.sha }} | |
| cancel-in-progress: true | |
| # sets default shell to bash, for all operating systems | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| # generate test metadata about what files changed and the testing matrix to use | |
| test-metadata: | |
| # run if not a PR from a forked repository or has a label to mark as safe to test | |
| if: >- | |
| github.event_name != 'pull_request_target' || | |
| github.event.pull_request.head.repo.full_name == github.repository || | |
| contains(github.event.pull_request.labels.*.name, 'ok to test') | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.generate-matrix.outputs.result }} | |
| steps: | |
| - name: Check out the repository (non-PR) | |
| if: github.event_name != 'pull_request_target' | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Check out the repository (PR) | |
| if: github.event_name == 'pull_request_target' | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Check if relevant files changed | |
| if: github.event_name == 'pull_request_target' | |
| # https://github.com/marketplace/actions/paths-changes-filter | |
| # For each filter, it sets output variable named by the filter to the text: | |
| # 'true' - if any of changed files matches any of filter rules | |
| # 'false' - if none of changed files matches any of filter rules | |
| # also, returns: | |
| # `changes` - JSON array with names of all filters matching any of the changed files | |
| uses: dorny/paths-filter@v3 | |
| id: get-changes | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| filters: | | |
| snowflake: | |
| - '.github/**/*.yml' | |
| - '.github/**/*.sh' | |
| - 'dbt/**' | |
| - 'tests/**' | |
| - 'hatch.toml' | |
| - 'pyproject.toml' | |
| - '*.py' | |
| - name: Generate integration test matrix | |
| id: generate-matrix | |
| uses: actions/github-script@v7 | |
| env: | |
| CHANGES: ${{ steps.get-changes.outputs.changes }} | |
| with: | |
| script: | | |
| const script = require('./.github/scripts/integration-test-matrix.js') | |
| const matrix = script({ context }) | |
| console.log(matrix) | |
| return matrix | |
| test: | |
| name: ${{ matrix.adapter }} / python ${{ matrix.python-version }} / ${{ matrix.os }} | |
| # run if not a PR from a forked repository or has a label to mark as safe to test | |
| # also checks that the matrix generated is not empty | |
| if: >- | |
| needs.test-metadata.outputs.matrix && | |
| fromJSON( needs.test-metadata.outputs.matrix ).include[0] && | |
| ( | |
| github.event_name != 'pull_request_target' || | |
| github.event.pull_request.head.repo.full_name == github.repository || | |
| contains(github.event.pull_request.labels.*.name, 'ok to test') | |
| ) | |
| runs-on: ${{ matrix.os }} | |
| needs: test-metadata | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.test-metadata.outputs.matrix) }} | |
| env: | |
| DBT_INVOCATION_ENV: github-actions | |
| DD_CIVISIBILITY_AGENTLESS_ENABLED: true | |
| DD_API_KEY: ${{ secrets.DATADOG_API_KEY }} | |
| DD_SITE: datadoghq.com | |
| DD_ENV: ci | |
| DD_SERVICE: ${{ github.event.repository.name }} | |
| steps: | |
| - name: Check out the repository | |
| if: github.event_name == 'push' | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Check out the repository (workflow_dispatch) | |
| if: github.event_name == 'workflow_dispatch' | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ inputs.adapter_branch }} | |
| # explicitly checkout the branch for the PR, | |
| # this is necessary for the `pull_request_target` event | |
| - name: Check out the repository (PR) | |
| if: github.event_name == 'pull_request_target' | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Update Adapters and Core branches (update hatch.toml) | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| run: | | |
| ./.github/scripts/update_dev_dependency_branches.sh \ | |
| ${{ inputs.dbt_adapters_branch }} \ | |
| ${{ inputs.dbt_core_branch }} \ | |
| ${{ inputs.dbt_common_branch }} | |
| cat hatch.toml | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - uses: pypa/hatch@install | |
| - run: hatch run integration-tests | |
| env: | |
| SNOWFLAKE_TEST_ACCOUNT: ${{ secrets.SNOWFLAKE_TEST_ACCOUNT }} | |
| SNOWFLAKE_TEST_PASSWORD: ${{ secrets.SNOWFLAKE_TEST_PASSWORD }} | |
| SNOWFLAKE_TEST_USER: ${{ secrets.SNOWFLAKE_TEST_USER }} | |
| SNOWFLAKE_TEST_WAREHOUSE: ${{ secrets.SNOWFLAKE_TEST_WAREHOUSE }} | |
| SNOWFLAKE_TEST_OAUTH_REFRESH_TOKEN: ${{ secrets.SNOWFLAKE_TEST_OAUTH_REFRESH_TOKEN }} | |
| SNOWFLAKE_TEST_OAUTH_CLIENT_ID: ${{ secrets.SNOWFLAKE_TEST_OAUTH_CLIENT_ID }} | |
| SNOWFLAKE_TEST_OAUTH_CLIENT_SECRET: ${{ secrets.SNOWFLAKE_TEST_OAUTH_CLIENT_SECRET }} | |
| SNOWFLAKE_TEST_PRIVATE_KEY: ${{ secrets.SNOWFLAKE_TEST_PRIVATE_KEY }} | |
| SNOWFLAKE_TEST_PRIVATE_KEY_PASSPHRASE: ${{ secrets.SNOWFLAKE_TEST_PRIVATE_KEY_PASSPHRASE }} | |
| SNOWFLAKE_TEST_ALT_DATABASE: ${{ secrets.SNOWFLAKE_TEST_ALT_DATABASE }} | |
| SNOWFLAKE_TEST_ALT_WAREHOUSE: ${{ secrets.SNOWFLAKE_TEST_ALT_WAREHOUSE }} | |
| SNOWFLAKE_TEST_DATABASE: ${{ secrets.SNOWFLAKE_TEST_DATABASE }} | |
| SNOWFLAKE_TEST_QUOTED_DATABASE: ${{ secrets.SNOWFLAKE_TEST_QUOTED_DATABASE }} | |
| SNOWFLAKE_TEST_ROLE: ${{ secrets.SNOWFLAKE_TEST_ROLE }} | |
| DBT_TEST_USER_1: dbt_test_role_1 | |
| DBT_TEST_USER_2: dbt_test_role_2 | |
| DBT_TEST_USER_3: dbt_test_role_3 | |
| require-label-comment: | |
| runs-on: ubuntu-latest | |
| needs: test | |
| permissions: | |
| pull-requests: write | |
| steps: | |
| - name: Needs permission PR comment | |
| if: >- | |
| needs.test.result == 'skipped' && | |
| github.event_name == 'pull_request_target' && | |
| github.event.pull_request.head.repo.full_name != github.repository | |
| uses: unsplash/comment-on-pr@master | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| msg: | | |
| "You do not have permissions to run integration tests, @dbt-labs/core "\ | |
| "needs to label this PR with `ok to test` in order to run integration tests!" | |
| check_for_duplicate_msg: true |