From 8610eb94421c35243eefcbf3fddcf96d4bdb8de9 Mon Sep 17 00:00:00 2001 From: Filip Pawlowski Date: Thu, 2 Jul 2026 08:39:17 +0000 Subject: [PATCH] =?UTF-8?q?ci(ud):=20baseline=20experiment=20=E2=80=94=20b?= =?UTF-8?q?uild=20UD=20from=20private=20snowflake-eng/main=20via=20App=20t?= =?UTF-8?q?oken?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Stacked on the improvements branch. Points build-ud at the new canonical PRIVATE snowflake-eng/universal-driver, authenticating with a GitHub App token via actions/create-github-app-token (the same pattern the odbc-reports early-adopter pipeline uses), pinned to eng/main HEAD (d9e7cd7). Purpose: (1) validate we can auth to the private eng repo from snowpark-python CI, and (2) capture the bare eng/main baseline. eng/main lacks the snowpark-compat shims, so expect heavy failures; the apples-to-apples comparison (eng/main + shims) is a follow-up once those commits are replayed onto eng/main. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/ud-inline-tests.yml | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ud-inline-tests.yml b/.github/workflows/ud-inline-tests.yml index 2cbb93cfd0..110b74eae7 100644 --- a/.github/workflows/ud-inline-tests.yml +++ b/.github/workflows/ud-inline-tests.yml @@ -60,7 +60,8 @@ concurrency: env: PYTHON_VERSION: ${{ inputs.python-version || '3.13' }} CLOUD_PROVIDER: ${{ inputs.cloud-provider || 'aws' }} - UD_REF: ${{ inputs.ud-ref || 'snowpark-compatibility' }} + # Baseline experiment: pin to snowflake-eng/main HEAD (private repo, App-token auth). + UD_REF: ${{ inputs.ud-ref || 'd9e7cd7d36dce5986ea2d4c2265e99ef88c9202b' }} EXTRA_PYTEST_ADDOPTS: ${{ inputs.pytest-addopts || '' }} jobs: @@ -73,15 +74,26 @@ jobs: name: "Build UD wheel py${{ inputs.python-version || '3.13' }}" runs-on: ubuntu-latest-64-cores steps: + # BASELINE EXPERIMENT vs PR #4275: build UD from the PRIVATE snowflake-eng/universal-driver + # (the new canonical repo). Auth via a GitHub App token, same pattern the odbc-reports + # early-adopter pipeline uses. NOTE: eng/main does NOT carry the snowpark-compat shims, + # so expect heavy import-time failures — this run primarily validates private-repo auth + # and gives the bare eng/main baseline. (App secrets may be snowflake-eng-org only.) + - name: Generate App token for universal-driver + id: ud-token + uses: actions/create-github-app-token@v3.0.0 + with: + app-id: ${{ secrets.SNOWFLAKE_GH_ACTIONS_APP_ID }} + private-key: ${{ secrets.SNOWFLAKE_GH_ACTIONS_TOKEN }} + owner: snowflake-eng + repositories: universal-driver + - name: Checkout universal-driver uses: actions/checkout@v4 with: - # snowflakedb/universal-driver is a PUBLIC mirror and has snowpark-compatibility. - # Do NOT pass a custom token: an empty/invalid SNOWFLAKE_GITHUB_TOKEN sets a bad - # Authorization header and GitHub 401s instead of serving the public repo. Omitting - # `token:` lets checkout use the default GITHUB_TOKEN, which reads public repos fine. - repository: snowflakedb/universal-driver + repository: snowflake-eng/universal-driver ref: ${{ env.UD_REF }} + token: ${{ steps.ud-token.outputs.token }} persist-credentials: false fetch-depth: 1