Initial CI/CD scripts

.github/workflows/build-test.yml

@@ -0,0 +1,110 @@
+name: Build and Test
+
+on:
+  push:
+    branches:
+      - master
+    tags:
+      - v*
+  pull_request:
+    branches:
+      - master
+      - prep-**
+  workflow_dispatch:
+    inputs:
+      logLevel:
+        default: warning
+        description: "Log level"
+        required: true
+      tags:
+        description: "Test scenario tags"
+
+concurrency:
+  # older builds for the same pull request numer or branch should be cancelled
+  cancel-in-progress: true
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build
+        shell: bash
+        env:
+          WHITESOURCE_API_KEY: ${{ secrets.WHITESOURCE_API_KEY }}
+        run: ./ci/build.sh
+
+  test-windows:
+    needs: build
+    name: ${{ matrix.runConfig.cloud }} Windows java ${{ matrix.runConfig.javaVersion }}
+    runs-on: windows-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        runConfig: [ {cloud: 'AWS', javaVersion: '8'}, {cloud: 'GCP', javaVersion: '11'}, {cloud: 'AZURE', javaVersion: '17'}, {cloud: 'AWS', javaVersion: '21'}]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
+        with:
+          java-version: ${{ matrix.runConfig.javaVersion }}
+          distribution: 'temurin'
+          cache: maven
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.7'
+          architecture: 'x64'
+      - name: Tests
+        shell: cmd
+        env:
+          PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
+          CLOUD_PROVIDER: ${{ matrix.runConfig.cloud }}
+        run: ci\\test_windows.bat
+
+  test-mac:
+    needs: build
+    name: ${{ matrix.runConfig.cloud }} Mac java ${{ matrix.runConfig.javaVersion }}
+    runs-on: macos-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        runConfig: [ {cloud: 'AWS', javaVersion: '8'}, {cloud: 'GCP', javaVersion: '11'}, {cloud: 'AZURE', javaVersion: '17'}, {cloud: 'AWS', javaVersion: '21'}]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-java@v4
+        with:
+          java-version: ${{ matrix.runConfig.javaVersion }}
+          distribution: 'temurin'
+          cache: maven
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.7'
+      - name: Install Homebrew Bash
+        shell: bash
+        run: brew install bash
+      - name: Tests
+        shell: bash
+        env:
+          PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
+          CLOUD_PROVIDER: ${{ matrix.runConfig.cloud }}
+        run: /usr/local/bin/bash ./ci/test_mac.sh
+
+  test-linux:
+    needs: build
+    name: ${{ matrix.cloud }} Linux java on ${{ matrix.image }}
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        image: [ 'jdbc-centos7-openjdk8', 'jdbc-centos7-openjdk11', 'jdbc-centos7-openjdk17', 'jdbc-centos7-openjdk21' ]
+        cloud: [ 'AWS', 'AZURE', 'GCP' ]
+    steps:
+      - uses: actions/checkout@v4
+      - name: Tests
+        shell: bash
+        env:
+          PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
+          CLOUD_PROVIDER: ${{ matrix.cloud }}
+          TARGET_DOCKER_TEST_IMAGE: ${{ matrix.image }}
+        run: ./ci/test.sh

.github/workflows/cla_bot.yml

@@ -0,0 +1,29 @@
+name: "CLA Assistant"
+on:
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened,closed,synchronize]
+
+jobs:
+  CLAAssistant:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      contents: write
+      pull-requests: write
+      statuses: write
+    steps:
+      - name: "CLA Assistant"
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        uses: contributor-assistant/github-action/@master
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PERSONAL_ACCESS_TOKEN : ${{ secrets.CLA_BOT_TOKEN }}
+        with:
+          path-to-signatures: 'signatures/version1.json'
+          path-to-document: 'https://github.com/snowflakedb/CLA/blob/main/README.md'
+          branch: 'main'
+          allowlist: 'dependabot[bot],github-actions,Jenkins User,_jenkins,sfc-gh-snyk-sca-sa,snyk-bot'
+          remote-organization-name: 'snowflakedb'
+          remote-repository-name: 'cla-db'

.github/workflows/parameters_azure.json.gpg

@@ -0,0 +1,3 @@
+�	ɂ��TH^����?
[�Lm��r�
l1{��t�قYE����m�}��:�!��e���Y/I�~,�kA-)��������g��
�x��?DڒKk/hq)�3�яNB\�I
$t���<ʟ��2��|S��#�[���Rc�MY�;�9�n�4�1��������(۷�����xA��3
+��
+��ȆҰ�_���K3�R�b����ea����O�1�.T?6O�x�"Hqc6L[_���M]I��^*�*�\��W99�F`

.github/workflows/snyk-issue.yml

@@ -0,0 +1,33 @@
+name: Snyk Issue
+
+on:
+  schedule:
+    - cron: '* */12 * * *'
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
+concurrency: snyk-issue
+
+jobs:
+  snyk:
+    runs-on: ubuntu-latest
+    steps:
+    - name: checkout action
+      uses: actions/checkout@v3
+      with:
+        repository: snowflakedb/whitesource-actions
+        token: ${{ secrets.WHITESOURCE_ACTION_TOKEN }}
+        path: whitesource-actions
+    - name: set-env
+      run: echo "REPO=$(basename $GITHUB_REPOSITORY)" >> $GITHUB_ENV
+    - name: Jira Creation
+      uses: ./whitesource-actions/snyk-issue
+      with:
+        snyk_org: ${{ secrets.SNYK_ORG_ID_PUBLIC_REPO }}
+        snyk_token:  ${{ secrets.SNYK_GITHUB_INTEGRATION_TOKEN_PUBLIC_REPO }}
+        jira_token: ${{ secrets.JIRA_TOKEN_PUBLIC_REPO }}
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/snyk-pr.yml

@@ -0,0 +1,37 @@
+name: snyk-pr
+on:
+  pull_request:
+    branches:
+      - master
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
+jobs:
+  snyk:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'sfc-gh-snyk-sca-sa' }}
+    steps:
+    - name: checkout
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.event.pull_request.head.ref }}
+        fetch-depth: 0
+
+    - name: checkout action
+      uses: actions/checkout@v4
+      with:
+        repository: snowflakedb/whitesource-actions
+        token: ${{ secrets.WHITESOURCE_ACTION_TOKEN }}
+        path: whitesource-actions
+
+    - name: PR
+      uses: ./whitesource-actions/snyk-pr
+      env:
+        PR_TITLE: ${{ github.event.pull_request.title }}
+      with:
+        jira_token: ${{ secrets.JIRA_TOKEN_PUBLIC_REPO }}
+        gh_token: ${{ secrets.GITHUB_TOKEN }}
+        amend: false # true if you want the commit to be amended with the JIRA number

ci/_init.sh

@@ -0,0 +1,18 @@
+#!/usr/local/bin/env bash
+set -e
+
+export PLATFORM=$(echo $(uname) | tr '[:upper:]' '[:lower:]')
+export INTERNAL_REPO=nexus.int.snowflakecomputing.com:8086
+if [[ -z "$GITHUB_ACTIONS" ]]; then
+    # Use the internal Docker Registry
+    export DOCKER_REGISTRY_NAME=$INTERNAL_REPO/docker
+    export WORKSPACE=${WORKSPACE:-/tmp}
+else
+    # Use Docker Hub
+    export DOCKER_REGISTRY_NAME=snowflakedb
+    export WORKSPACE=$GITHUB_WORKSPACE
+fi
+mkdir -p $WORKSPACE
+
+export DRIVER_NAME=hibernate-orm
+

ci/build.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -e
+
+#
+# Build Hibernate
+#
+set -o pipefail
+THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+export WORKSPACE=${WORKSPACE:=/tmp}
+"$THIS_DIR/container/build_component.sh"

ci/container/build_component.sh

@@ -0,0 +1,12 @@
+#!/bin/bash -e
+#
+# Build Hibernate
+#
+set -o pipefail
+THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+HIBERNATE_ROOT=$(cd "${THIS_DIR}/../../" && pwd)
+
+cd "$HIBERNATE_ROOT"
+rm -f lib/*.jar
+mvn clean install --batch-mode --show-version -DskipTests
+"$THIS_DIR"/upload_artifact.sh

ci/container/change_snowflake_test_pwd.py

@@ -0,0 +1,28 @@
+#!/usr/bin/env python
+#
+# Set a complex password for test user snowman
+#
+
+import os
+import sys
+import snowflake.connector
+
+params = {
+    'account': '',
+    'user': os.getenv("SNOWFLAKE_TEST_USER"),
+    'password': os.getenv("SNOWFLAKE_TEST_PASSWORD"),
+    'database': os.getenv("SNOWFLAKE_TEST_DATABASE"),
+    'role': os.getenv("SNOWFLAKE_TEST_ROLE"),
+    'host': os.getenv("SNOWFLAKE_TEST_HOST"),
+    'port': os.getenv("SNOWFLAKE_TEST_PORT"),
+    'protocol': os.getenv("SNOWFLAKE_TEST_PROTOCOL"),
+}
+
+for account in ["testaccount", "s3testaccount", "azureaccount", "gcpaccount"]:
+   params['account'] = account
+   conn = snowflake.connector.connect(**params)
+   conn.cursor().execute("use role accountadmin")
+   cmd = "alter user set password = '{}'".format(os.getenv("SNOWFLAKE_TEST_PASSWORD_NEW"))
+   print(cmd)
+   conn.cursor().execute(cmd)
+   conn.close()

ci/container/create_schema.py

@@ -0,0 +1,20 @@
+#!/usr/bin/env python
+#
+# Create test schema
+#
+import os
+import sys
+import snowflake.connector
+
+import sf_test_utils
+
+test_schema = sf_test_utils.get_test_schema()
+if not test_schema:
+    sys.exit(2)
+
+params = sf_test_utils.init_connection_params()
+
+con = snowflake.connector.connect(**params)
+con.cursor().execute("create or replace schema {0}".format(test_schema))
+
+sys.exit(0)

ci/container/download_artifact.sh

@@ -0,0 +1,30 @@
+#!/bin/bash -e
+#
+# Download Artifact
+#
+set -o pipefail
+THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+HIBERNATE_ROOT=$(cd "${THIS_DIR}/../../" && pwd)
+
+if [[ -z "$GITHUB_ACTIONS" ]] ;then
+    export GIT_BRANCH=${GIT_BRANCH:-origin/$(git rev-parse --abbrev-ref HEAD)}
+
+    BRANCH=$(basename ${GIT_BRANCH})
+
+    # Place to hold downloaded library
+    export LIB_DIR=$WORKSPACE/lib
+
+    mkdir -p $LIB_DIR
+    pushd $LIB_DIR >& /dev/null
+        base_stage=s3://sfc-eng-jenkins/repository/hibernate/${BRANCH}
+        export GIT_COMMIT=${GIT_COMMIT:-$(aws s3 cp $base_stage/latest_commit -)}
+        source_stage=$base_stage/${GIT_COMMIT}
+        echo "[INFO] downloading ${source_stage}/"
+        aws s3 cp --only-show-errors $source_stage/ . --recursive
+    popd >& /dev/null
+    mkdir -p /mnt/host/lib
+    cp -p $LIB_DIR/*.jar /mnt/host/lib
+else
+    export GIT_BRANCH=origin/$(basename ${GITHUB_REF})
+    export GIT_COMMIT=${GITHUB_SHA}
+fi

ci/container/drop_schema.py

@@ -0,0 +1,20 @@
+#!/usr/bin/env python
+#
+# Create test schema
+#
+import os
+import sys
+import snowflake.connector
+
+import sf_test_utils
+
+test_schema = sf_test_utils.get_test_schema()
+if not test_schema:
+    sys.exit(0)
+
+params = sf_test_utils.init_connection_params()
+
+con = snowflake.connector.connect(**params)
+con.cursor().execute("drop schema if exists {0}".format(test_schema))
+
+sys.exit(0)

ci/container/sf_test_utils.py

@@ -0,0 +1,33 @@
+#!/usr/bin/env python
+#
+# Snowflake test utils
+#
+import os
+import sys
+
+def get_test_schema():
+    return os.getenv("TARGET_SCHEMA_NAME", "LOCAL_reg_1")
+
+
+def init_connection_params():
+    params = {
+        'account': os.getenv("SNOWFLAKE_TEST_ACCOUNT"),
+        'user': os.getenv("SNOWFLAKE_TEST_USER"),
+        'password': os.getenv("SNOWFLAKE_TEST_PASSWORD"),
+        'database': os.getenv("SNOWFLAKE_TEST_DATABASE"),
+        'role': os.getenv("SNOWFLAKE_TEST_ROLE"),
+    }
+    host = os.getenv("SNOWFLAKE_TEST_HOST")
+    if host:
+        params['host'] = host
+    port = os.getenv("SNOWFLAKE_TEST_PORT")
+    if port:
+        params['port'] = port
+    protocol = os.getenv("SNOWFLAKE_TEST_PROTOCOL")
+    if protocol:
+        params['protocol'] = protocol
+    warehouse = os.getenv("SNOWFLAKE_TEST_WAREHOUSE")
+    if warehouse:
+        params['warehouse'] = warehouse
+
+    return params