docs(trino): add note about specifying RBAC role with Starburst #15780
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docs/Linting/Benchmarks | |
on: | |
push: | |
branches: | |
- master | |
- "*.x.x" | |
pull_request: | |
branches: | |
- master | |
- "*.x.x" | |
merge_group: | |
concurrency: | |
group: ${{ github.repository }}-${{ github.head_ref || github.sha }}-${{ github.workflow }} | |
cancel-in-progress: true | |
permissions: | |
# increase the rate limit for nix operations hitting github, but limit the | |
# permissions to reading things | |
contents: read | |
jobs: | |
commitlint: | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: install nix | |
uses: cachix/install-nix-action@v23 | |
with: | |
nix_path: nixpkgs=channel:nixos-unstable-small | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: lint commits | |
run: nix run 'nixpkgs#commitlint' -- --from=${{ github.event.pull_request.base.sha }} --to=${{ github.sha }} --verbose | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: install nix | |
uses: cachix/install-nix-action@v23 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: setup cachix | |
uses: cachix/cachix-action@v12 | |
with: | |
name: ibis | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
extraPullNames: nix-community,poetry2nix | |
# run against the full shell.nix on push so it gets pushed to cachix | |
- name: pre-commit checks | |
run: nix develop '.#preCommit' --ignore-environment --keep-going -c pre-commit run --all-files --show-diff-on-failure --color=always | |
release_notes_spellcheck: | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: install nix | |
uses: cachix/install-nix-action@v23 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: setup cachix | |
uses: cachix/cachix-action@v12 | |
with: | |
name: ibis | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
extraPullNames: nix-community,poetry2nix | |
- name: check generated release notes spelling | |
run: nix run '.#check-release-notes-spelling' | |
benchmarks: | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: install python | |
uses: actions/setup-python@v4 | |
id: install_python | |
with: | |
python-version: "3.11" | |
- name: install system dependencies | |
run: sudo apt-get install -qq -y build-essential libgeos-dev freetds-dev libkrb5-dev krb5-config | |
- uses: syphar/restore-virtualenv@v1 | |
with: | |
requirement_files: poetry.lock | |
custom_cache_key_element: benchmarks | |
- uses: syphar/restore-pip-download-cache@v1 | |
with: | |
requirement_files: poetry.lock | |
custom_cache_key_element: benchmarks-${{ steps.install_python.outputs.python-version }} | |
- run: python -m pip install --upgrade pip 'poetry==1.6.1' | |
- name: install ibis | |
run: poetry install --without dev --without docs --all-extras | |
- name: make benchmark output dir | |
run: mkdir .benchmarks | |
- name: benchmark | |
run: poetry run pytest --benchmark-enable --benchmark-json .benchmarks/output.json ibis/tests/benchmarks | |
- uses: tibdex/github-app-token@v2 | |
id: generate-token | |
with: | |
app_id: ${{ secrets.SQUAWK_BOT_APP_ID }} | |
private_key: ${{ secrets.SQUAWK_BOT_APP_PRIVATE_KEY }} | |
- uses: benchmark-action/github-action-benchmark@v1 | |
with: | |
tool: pytest | |
github-token: ${{ steps.generate-token.outputs.token }} | |
output-file-path: .benchmarks/output.json | |
benchmark-data-dir-path: ./bench | |
auto-push: false | |
comment-on-alert: false | |
- uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: ${{ secrets.GCP_CREDENTIALS }} | |
- uses: google-github-actions/setup-gcloud@v1 | |
- name: show gcloud info | |
run: gcloud info | |
- name: copy benchmark data to gcs | |
run: | | |
# remove whitespace and compress | |
jq -rcM < ./.benchmarks/output.json | gzip -c > output.json.gz | |
timestamp="$(date --iso-8601=ns --utc | tr ',' '.')" | |
gsutil cp output.json.gz "gs://ibis-benchmark-data/ci/${timestamp}.json.gz" | |
docs_pr: | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' | |
concurrency: docs_pr-${{ github.repository }}-${{ github.head_ref || github.sha }} | |
steps: | |
- name: install nix | |
uses: cachix/install-nix-action@v23 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: setup cachix | |
uses: cachix/cachix-action@v12 | |
with: | |
name: ibis | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
extraPullNames: nix-community,poetry2nix | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: run doctest | |
# keep HOME because duckdb (which we use for doctests) wants to use | |
# that for extensions | |
run: nix develop --ignore-environment --keep HOME -c just doctest | |
- name: generate api docs | |
run: nix develop --ignore-environment -c just docs-apigen --verbose | |
- name: build docs | |
run: nix develop --ignore-environment --keep HOME -c just docs-render | |
- name: check that all frozen computations were done before push | |
run: git diff --exit-code --stat | |
- name: verify internal links | |
run: nix develop --ignore-environment '.#links' -c just checklinks --offline --no-progress | |
docs_push: | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' | |
concurrency: docs-${{ github.repository }} | |
steps: | |
- name: install nix | |
uses: cachix/install-nix-action@v23 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: setup cachix | |
uses: cachix/cachix-action@v12 | |
with: | |
name: ibis | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
extraPullNames: nix-community,poetry2nix | |
- name: checkout | |
uses: actions/checkout@v4 | |
- name: run doctests | |
# keep HOME because duckdb (which we use for doctests) wants to use | |
# that for extensions | |
run: nix develop --ignore-environment --keep HOME -c just doctest | |
- name: build api docs | |
run: nix develop --ignore-environment -c just docs-apigen --verbose | |
- name: build docs | |
run: nix develop --ignore-environment --keep HOME -c just docs-render | |
- name: check that all frozen computations were done before push | |
run: git diff --exit-code --stat | |
- name: verify internal links | |
run: nix develop --ignore-environment '.#links' -c just checklinks --offline --no-progress | |
- name: build and push quarto docs | |
run: nix develop --ignore-environment --keep NETLIFY_AUTH_TOKEN -c just docs-deploy | |
env: | |
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN }} | |
simulate_release: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: cachix/install-nix-action@v23 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- uses: cachix/cachix-action@v12 | |
with: | |
name: ibis | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
extraPullNames: nix-community,poetry2nix | |
- name: Configure git info | |
run: | | |
set -euo pipefail | |
# not incredibly important what user we use here | |
# | |
# we're making a commit in a temporary worktree that is thrown away | |
# if the process exits successfully | |
# | |
# git requires user information to make commits | |
git config user.name 'ibis-squawk-bot[bot]' | |
git config user.email 'ibis-squawk-bot[bot]@users.noreply.github.com' | |
- name: run semantic-release | |
run: ./ci/release/dry_run.sh |