Add WorkloadIdentity Secret #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Azure (cloud) functional tests | |
on: [push, repository_dispatch] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || '' }}-${{ github.base_ref || '' }}-${{ github.ref != 'refs/heads/main' || github.sha }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
azure-tests-linux: | |
name: Azure tests (Linux) | |
runs-on: ubuntu-latest | |
env: | |
VCPKG_TARGET_TRIPLET: x64-linux | |
VCPKG_TOOLCHAIN_PATH: ${{ github.workspace }}/vcpkg/scripts/buildsystems/vcpkg.cmake | |
GEN: Ninja | |
DUCKDB_PLATFORM: linux_amd64 | |
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true | |
steps: | |
- name: Install required ubuntu packages | |
run: | | |
sudo apt-get update -y -qq | |
sudo apt-get install -y -qq software-properties-common | |
sudo add-apt-repository ppa:git-core/ppa | |
sudo apt-get update -y -qq | |
sudo apt-get install -y -qq ninja-build make gcc-multilib g++-multilib zip unzip build-essential checkinstall curl libz-dev openssh-client | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
submodules: 'true' | |
- name: Setup Ccache | |
uses: hendrikmuhs/[email protected] # Note: pinned due to GLIBC incompatibility in later releases | |
with: | |
key: ${{ github.job }}-${{ matrix.duckdb_arch }} | |
- name: Setup vcpkg | |
uses: lukka/[email protected] | |
with: | |
vcpkgGitCommitId: a1a1cbc975abf909a6c8985a6a2b8fe20bbd9bd6 | |
- name: Build extension | |
env: | |
GEN: ninja | |
run: | | |
make release | |
- name: Test with Service Principal (SPN) in env vars | |
env: | |
AZURE_CLIENT_ID: ${{secrets.AZURE_CLIENT_ID}} | |
AZURE_CLIENT_SECRET: ${{secrets.AZURE_CLIENT_SECRET}} | |
AZURE_TENANT_ID: ${{secrets.AZURE_TENANT_ID}} | |
AZURE_STORAGE_ACCOUNT: ${{secrets.AZURE_STORAGE_ACCOUNT}} | |
run: | | |
python3 duckdb/scripts/run_tests_one_by_one.py ./build/release/test/unittest "*test/sql/cloud/*" | |
- name: Test with SPN logged in in azure-cli | |
env: | |
AZURE_STORAGE_ACCOUNT: ${{secrets.AZURE_STORAGE_ACCOUNT}} | |
DUCKDB_AZ_CLI_LOGGED_IN: 1 | |
run: | | |
az login --service-principal -u ${{secrets.AZURE_CLIENT_ID}} -p ${{secrets.AZURE_CLIENT_SECRET}} --tenant ${{secrets.AZURE_TENANT_ID}} | |
python3 duckdb/scripts/run_tests_one_by_one.py ./build/release/test/unittest "*test/sql/cloud/*" | |
- name: Test with access token | |
env: | |
AZURE_STORAGE_ACCOUNT: ${{secrets.AZURE_STORAGE_ACCOUNT}} | |
run: | | |
az login --service-principal -u ${{secrets.AZURE_CLIENT_ID}} -p ${{secrets.AZURE_CLIENT_SECRET}} --tenant ${{secrets.AZURE_TENANT_ID}} | |
export AZURE_ACCESS_TOKEN=`az account get-access-token --resource https://storage.azure.com --query accessToken --output tsv` | |
python3 duckdb/scripts/run_tests_one_by_one.py ./build/release/test/unittest "*test/sql/cloud/*" | |
- name: Log out azure-cli | |
if: always() | |
run: | | |
az logout | |
- name: Tests that focus on public non-authenticated requests | |
env: | |
AZURE_STORAGE_ACCOUNT: ${{secrets.AZURE_STORAGE_ACCOUNT}} | |
DUCKDB_AZURE_PUBLIC_CONTAINER_AVAILABLE: 1 | |
run: | | |
python3 duckdb/scripts/run_tests_one_by_one.py ./build/release/test/unittest "*test/sql/cloud/*" | |
- name: Run test data integrity check | |
run: | | |
./build/release/duckdb -c "CREATE PERSISTENT SECRET s1 (TYPE AZURE,PROVIDER SERVICE_PRINCIPAL, TENANT_ID '${{secrets.AZURE_TENANT_ID}}', CLIENT_ID '${{secrets.AZURE_CLIENT_ID}}', CLIENT_SECRET '${{secrets.AZURE_CLIENT_SECRET}}',ACCOUNT_NAME '${{secrets.AZURE_STORAGE_ACCOUNT}}')" | |
DUCKDB_AZURE_PERSISTENT_SECRET_AVAILABLE=1 ./build/release/test/unittest "*test/sql/test_data_integrity.test" |