diff --git a/.github/workflows/ci-azure.yml b/.github/workflows/ci-azure.yml new file mode 100644 index 00000000000..c3c3559c83c --- /dev/null +++ b/.github/workflows/ci-azure.yml @@ -0,0 +1,119 @@ +name: CI Azure +on: + workflow_call: + inputs: + ci_backend: + description: 'Name of the job backend/target' + default: '' + required: false + type: string + ci_option: + description: 'Name of the job option for display' + default: '' + required: false + type: string + bootstrap_args: + default: '' + required: false + type: string + matrix_image: + default: '' + required: true + type: string + +env: + bootstrap_args: "--enable-ccache --vcpkg-base-triplet=x64-${{ startsWith(inputs.matrix_image, 'ubuntu-') && 'linux' || 'osx' }} ${{ inputs.bootstrap_args }}" + VCPKG_BINARY_SOURCES: 'clear;x-gha,readwrite' + SCCACHE_GHA_ENABLED: "true" + +jobs: + build: + strategy: + matrix: + os: + - ${{ inputs.matrix_image }} + runs-on: ${{matrix.os}} + + name: ${{matrix.os}} - ${{ inputs.ci_backend }}${{ inputs.ci_option }} + steps: + - uses: actions/checkout@v3 + with: + submodules: true + fetch-depth: 0 + + # Configure required environment variables for vcpkg to use + # GitHub's Action Cache + - uses: actions/github-script@v6 + with: + script: | + core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || ''); + core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || ''); + + - name: Prevent vpckg from building debug variants + run: python ./scripts/ci/patch_vcpkg_triplets.py + + - name: Setup sccache + uses: mozilla-actions/sccache-action@v0.0.3 + + - name: 'Configure libtiledb' + id: configure + shell: bash + run: | + set -e pipefail + + # Show CMake Version + cmake --version + + source $GITHUB_WORKSPACE/scripts/ci/bootstrap_libtiledb.sh + + - name: 'Build libtiledb' + id: build + shell: bash + run: | + set -e pipefail + + ##################################################### + # Build libtiledb using previous bootstrap + + source $GITHUB_WORKSPACE/scripts/ci/build_libtiledb.sh + + - name: 'Az CLI login' + uses: azure/login@v1 + with: + client-id: ${{ secrets.AZURE_CLIENT_ID }} + tenant-id: ${{ secrets.AZURE_TENANT_ID }} + subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + + - name: 'Test libtiledb' + id: test + shell: bash + env: + VCPKG_TARGET_TRIPLET: ${{ runner.os == 'Linux' && 'x64-linux' || 'x64-osx' }} + run: | + set -e pipefail + + ##################################################### + # Jump to our build directory after starting object + # store mock servers + + cd $GITHUB_WORKSPACE/build + + ################################################### + # Run tests + + # Bypass Catch2 Framework stdout interception with awk on test output + ./tiledb/test/tiledb_unit -d yes "[ci_only][vfs][azure_entra]" | awk '/1: ::set-output/{sub(/.*1: /, ""); print; next} 1' + + - name: 'Test status check' + run: | + # tiledb_unit is configured to set a variable TILEDB_CI_SUCCESS=1 + # following the test run. If this variable is not set, the build should fail. + # see https://github.com/TileDB-Inc/TileDB/pull/1400 (5f0623f4d3) + if [[ "${{ steps.test.outputs.TILEDB_CI_SUCCESS }}" -ne 1 ]]; then + exit 1; + fi + + - name: "Print log files (failed build only)" + run: | + source $GITHUB_WORKSPACE/scripts/ci/print_logs.sh + if: ${{ failure() }} # only run this job if the build step failed diff --git a/.github/workflows/full-ci.yml b/.github/workflows/full-ci.yml index e09438bd48a..5350e078b30 100644 --- a/.github/workflows/full-ci.yml +++ b/.github/workflows/full-ci.yml @@ -129,6 +129,13 @@ jobs: ci_docker: uses: ./.github/workflows/build-dockerfile.yml + ci_real_azure: + uses: ./.github/workflows/ci-azure.yml + with: + ci_backend: AZURE + matrix_image: ubuntu-22.04 + bootstrap_args: '--enable-azure --enable-release-symbols' + # dummy job for branch protection check full_ci_passed: needs: [ @@ -145,7 +152,8 @@ jobs: ci_manylinux, ci_msvc, backward_compatibility, - standalone + standalone, + ci_real_azure ] runs-on: ubuntu-22.04 steps: diff --git a/test/src/unit-vfs.cc b/test/src/unit-vfs.cc index b1c9b8b1f54..18a4352b751 100644 --- a/test/src/unit-vfs.cc +++ b/test/src/unit-vfs.cc @@ -535,6 +535,50 @@ TEMPLATE_LIST_TEST_CASE("VFS: File I/O", "[vfs][uri][file_io]", AllBackends) { } } +TEST_CASE( + "VFS: Test Azure EntraID auth", "[.][ci_only][vfs][azure_entra][allowed]") { + URI container_path("azure://entratest/"); + URI file_path("azure://entratest/test_file"); + + ThreadPool compute_tp(4); + ThreadPool io_tp(4); + Config config; + require_tiledb_ok(config.set("vfs.azure.storage_account_name", "rbindar")); + + VFS vfs{&g_helper_stats, &compute_tp, &io_tp, config}; + if (!vfs.supports_uri_scheme(container_path)) { + return; + } + + bool exists = false; + require_tiledb_ok(vfs.is_bucket(container_path, &exists)); + CHECK(exists); + + uint64_t nbytes = 0; + require_tiledb_ok(vfs.file_size(file_path, &nbytes)); + CHECK(nbytes == 19); +} + +TEST_CASE( + "VFS: Test Azure EntraID auth", + "[.][ci_only][vfs][azure_entra][fallback]") { + URI file_path("azure://entratest/test_file_denied"); + + ThreadPool compute_tp(4); + ThreadPool io_tp(4); + Config config; + require_tiledb_ok(config.set("vfs.azure.storage_account_name", "rbindar")); + + VFS vfs{&g_helper_stats, &compute_tp, &io_tp, config}; + if (!vfs.supports_uri_scheme(file_path)) { + return; + } + + uint64_t nbytes = 0; + require_tiledb_ok(vfs.file_size(file_path, &nbytes)); + CHECK(nbytes == 19); +} + TEST_CASE("VFS: test ls_with_sizes", "[vfs][ls-with-sizes]") { ThreadPool compute_tp(4); ThreadPool io_tp(4);