Merge pull request #42 from cagov/sf_key_variable

bump sqfluff version; move snowflake private key to env variable

.github/workflows/test.yml

@@ -10,10 +10,9 @@ permissions:
 
 env:
   DBT_PROFILES_DIR: ci
-  PRIVATE_KEY: ${{ SECRETS.SNOWFLAKE_PRIVATE_KEY }}
+  SNOWFLAKE_PRIVATE_KEY: ${{ SECRETS.SNOWFLAKE_PRIVATE_KEY }}
   SNOWFLAKE_USER: ${{ SECRETS.SNOWFLAKE_USER }}
   SNOWFLAKE_ACCOUNT: ${{ SECRETS.SNOWFLAKE_ACCOUNT }}
-  SNOWFLAKE_PRIVATE_KEY_PATH: /tmp/private_key.p8
 
 defaults:
   run:
@@ -46,9 +45,5 @@ jobs:
         run: |
           pip install copier poetry
           poetry config virtualenvs.in-project true
-        # TODO: once we are on dbt-snowflake 1.5, no need to pipe to a file, we can
-        # just use $SNOWFLAKE_PRIVATE_KEY
-      - name: Set up private key
-        run: echo "$PRIVATE_KEY" > $SNOWFLAKE_PRIVATE_KEY_PATH
       - name: Test template
         run: ./caldata-infrastructure-template/ci/test.sh

{{project_name}}/.github/workflows/docs.yml.jinja

@@ -12,11 +12,10 @@ env:
 {% raw %}
   DBT_RAW_DB: RAW_PRD
   DBT_ANALYTICS_DB: ANALYTICS_PRD
-  PRIVATE_KEY: ${{ SECRETS.SNOWFLAKE_PRIVATE_KEY_PRD }}
+  SNOWFLAKE_PRIVATE_KEY: ${{ SECRETS.SNOWFLAKE_PRIVATE_KEY_PRD }}
   SNOWFLAKE_USER: ${{ SECRETS.SNOWFLAKE_USER_PRD }}
   SNOWFLAKE_ACCOUNT: ${{ SECRETS.SNOWFLAKE_ACCOUNT }}
 {% endraw %}
-  SNOWFLAKE_PRIVATE_KEY_PATH: /tmp/private_key.p8
 {% endif %}
 
 jobs:
@@ -42,11 +41,6 @@ jobs:
           credentials_json: ${{ secrets.GOOGLE_CREDENTIALS }}
 {% endraw %}
           export_environment_variables: true
-{% elif dbt_target == 'Snowflake' %}
-        # TODO: once we are on dbt-snowflake 1.5, no need to pipe to a file, we can
-        # just use $SNOWFLAKE_PRIVATE_KEY
-      - name: Set up private key
-        run: echo "$PRIVATE_KEY" > $SNOWFLAKE_PRIVATE_KEY_PATH
 {% endif %}
       - uses: actions/cache@v2
         with:

{{project_name}}/.github/workflows/pre-commit.yml.jinja

@@ -9,11 +9,10 @@ env:
   DBT_PROFILES_DIR: ci
 {% if dbt_target == 'Snowflake' %}
 {% raw %}
-  PRIVATE_KEY: ${{ SECRETS.SNOWFLAKE_PRIVATE_KEY_DEV }}
+  SNOWFLAKE_PRIVATE_KEY: ${{ SECRETS.SNOWFLAKE_PRIVATE_KEY_DEV }}
   SNOWFLAKE_USER: ${{ SECRETS.SNOWFLAKE_USER_DEV }}
   SNOWFLAKE_ACCOUNT: ${{ SECRETS.SNOWFLAKE_ACCOUNT }}
 {% endraw %}
-  SNOWFLAKE_PRIVATE_KEY_PATH: /tmp/private_key.p8
 {% endif %}
 
 defaults:
@@ -40,11 +39,6 @@ jobs:
           credentials_json: ${{ secrets.GOOGLE_CREDENTIALS }}
 {% endraw %}
           export_environment_variables: true
-{% elif dbt_target == 'Snowflake' %}
-        # TODO: once we are on dbt-snowflake 1.5, no need to pipe to a file, we can
-        # just use $SNOWFLAKE_PRIVATE_KEY
-      - name: Set up private key
-        run: echo "$PRIVATE_KEY" > $SNOWFLAKE_PRIVATE_KEY_PATH
 {% endif %}
       - uses: actions/setup-python@v4
         with:

{{project_name}}/pyproject.toml.jinja

@@ -18,8 +18,8 @@ dbt-snowflake = "~1.8.0"
 
 [tool.poetry.group.dev.dependencies]
 pre-commit = "^3.3.1"
-sqlfluff = "3.0.7"
-sqlfluff-templater-dbt = "3.0.7"
+sqlfluff = "~3.1.0"
+sqlfluff-templater-dbt = "~3.1.0"
 
 [build-system]
 requires = ["poetry-core"]

{{project_name}}/transform/ci/profiles.yml.jinja

@@ -7,7 +7,7 @@
 {% raw %}
       account: "{{ env_var('SNOWFLAKE_ACCOUNT') }}"
       user: "{{ env_var('SNOWFLAKE_USER') }}"
-      private_key_path: "{{ env_var('SNOWFLAKE_PRIVATE_KEY_PATH') }}"
+      private_key: "{{ env_var('SNOWFLAKE_PRIVATE_KEY') }}"
 {% endraw %}
       role: READER_DEV
       warehouse: REPORTING_XS_DEV
@@ -21,7 +21,7 @@
 {% raw %}
       account: "{{ env_var('SNOWFLAKE_ACCOUNT') }}"
       user: "{{ env_var('SNOWFLAKE_USER') }}"
-      private_key_path: "{{ env_var('SNOWFLAKE_PRIVATE_KEY_PATH') }}"
+      private_key: "{{ env_var('SNOWFLAKE_PRIVATE_KEY') }}"
 {% endraw %}
       role: READER_PRD
       warehouse: REPORTING_XS_PRD