Skip to content

Test LobSizeLatestIT#2480

Draft
sfc-gh-rkowalski wants to merge 8 commits intomasterfrom
NO-SNOW-reproduce-s3-issue
Draft

Test LobSizeLatestIT#2480
sfc-gh-rkowalski wants to merge 8 commits intomasterfrom
NO-SNOW-reproduce-s3-issue

Conversation

@sfc-gh-rkowalski
Copy link
Copy Markdown
Collaborator

@sfc-gh-rkowalski sfc-gh-rkowalski commented Feb 6, 2026

Overview

SNOW-XXXXX

Pre-review self checklist

  • PR branch is updated with all the changes from master branch
  • The code is correctly formatted (run mvn -P check-style validate)
  • New public API is not unnecessary exposed (run mvn verify and inspect target/japicmp/japicmp.html)
  • The pull request name is prefixed with SNOW-XXXX:
  • Code is in compliance with internal logging requirements

External contributors - please answer these questions before submitting a pull request. Thanks!

  1. What GitHub issue is this PR addressing? Make sure that there is an accompanying issue to your PR.

    Issue: #NNNN

  2. Fill out the following pre-review checklist:

    • I am adding a new automated test(s) to verify correctness of my new code
    • I am adding new logging messages
    • I am modifying authorization mechanisms
    • I am adding new credentials
    • I am modifying OCSP code
    • I am adding a new dependency or upgrading an existing one
    • I am adding new public/protected component not marked with @SnowflakeJdbcInternalApi (note that public/protected methods/fields in classes marked with this annotation are already internal)

  3. Please describe how your code solves the related issue.

    Please write a short description of how your code change solves the related issue.

@sfc-gh-rkowalski sfc-gh-rkowalski force-pushed the NO-SNOW-reproduce-s3-issue branch 5 times, most recently from 008172b to bbb1eb0 Compare February 6, 2026 13:07
@sfc-gh-rkowalski sfc-gh-rkowalski force-pushed the NO-SNOW-reproduce-s3-issue branch from bbb1eb0 to 3b5fa45 Compare February 6, 2026 13:18
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 12, 2026
View reviewed changes
.github/workflows/build-test.yml
Comment on lines +43 to +212
needs: build
name: "AWS LOB upload repro iteration ${{ matrix.iteration }} ${{ matrix.runConfig.javaVersion }}"
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
image: [ 'jdbc-centos7-openjdk8', 'jdbc-centos7-openjdk11', 'jdbc-centos7-openjdk17', 'jdbc-centos7-openjdk21' ]
category: [{suites: 'StatementTestSuite', name: 'TestCategoryStatement'}]
iteration: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50]
steps:
- uses: actions/checkout@v5
- name: Run testPutAndGetLargeFileRepeated on AWS
shell: bash
env:
PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
JDBC_PRIVATE_KEY_SECRET: ${{ secrets.JDBC_PRIVATE_KEY_SECRET }}
CLOUD_PROVIDER: AWS
TARGET_DOCKER_TEST_IMAGE: ${{ matrix.image }}
JDBC_TEST_SUITES: ${{ matrix.category.suites }}
JAVA_TOOL_OPTIONS: "-Xms1g -Xmx4g"
run: ./ci/test.sh

test-linux:
needs: build
name: ${{ matrix.cloud }} Linux java on ${{ matrix.image }} JDBC${{ matrix.additionalMavenProfile }} ${{ matrix.category.name }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
image: [ 'jdbc-centos7-openjdk8', 'jdbc-centos7-openjdk11', 'jdbc-centos7-openjdk17', 'jdbc-centos7-openjdk21' ]
cloud: [ 'AWS', 'AZURE', 'GCP' ]
category: [{suites: 'ResultSetTestSuite,StatementTestSuite,LoaderTestSuite', name: 'TestCategoryResultSet,TestCategoryStatement,TestCategoryLoader'},
{suites: 'OthersTestSuite', name: 'TestCategoryOthers'},
{suites: 'ArrowTestSuite,ConnectionTestSuite,CoreTestSuite,DiagnosticTestSuite', name: 'TestCategoryArrow,TestCategoryConnection,TestCategoryCore,TestCategoryDiagnostic'},
{suites: 'FipsTestSuite', name: "TestCategoryFips"}]
additionalMavenProfile: ['', '-Dthin-jar']
steps:
- uses: actions/checkout@v5
- name: Tests
shell: bash
env:
PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
JDBC_PRIVATE_KEY_SECRET: ${{ secrets.JDBC_PRIVATE_KEY_SECRET }}
CLOUD_PROVIDER: ${{ matrix.cloud }}
TARGET_DOCKER_TEST_IMAGE: ${{ matrix.image }}
JDBC_TEST_SUITES: ${{ matrix.category.suites }}
ADDITIONAL_MAVEN_PROFILE: ${{ matrix.additionalMavenProfile }}
JAVA_TOOL_OPTIONS: "-Xms1g -Xmx4g"
run: ./ci/test.sh

test-fat-jar:
name: ${{ matrix.cloud }} Fat Jar Test App
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
cloud: [ 'AWS', 'GCP', 'AZURE' ]
steps:
- uses: actions/checkout@v5
- uses: actions/setup-java@v5
with:
java-version: '11'
distribution: 'temurin'
cache: maven
- name: Test Fat Jar App
shell: bash
env:
PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
JDBC_PRIVATE_KEY_SECRET: ${{ secrets.JDBC_PRIVATE_KEY_SECRET }}
CLOUD_PROVIDER: ${{ matrix.cloud }}
run: ./fat-jar-test-app/run.sh
# test-windows:
# needs: build
# name: ${{ matrix.runConfig.cloud }} Windows java ${{ matrix.runConfig.javaVersion }} JDBC${{ matrix.additionalMavenProfile }} ${{ matrix.category.name }}
# runs-on: windows-latest
# strategy:
# fail-fast: false
# matrix:
# runConfig: [ {cloud: 'AWS', javaVersion: '8'}, {cloud: 'GCP', javaVersion: '11'}, {cloud: 'AZURE', javaVersion: '17'}, {cloud: 'AWS', javaVersion: '21'}]
# category: [{suites: 'ResultSetTestSuite,StatementTestSuite,LoaderTestSuite', name: 'TestCategoryResultSet,TestCategoryStatement,TestCategoryLoader'},
# {suites: 'OthersTestSuite', name: 'TestCategoryOthers'},
# {suites: 'ArrowTestSuite,ConnectionTestSuite,CoreTestSuite,DiagnosticTestSuite', name: 'TestCategoryArrow,TestCategoryConnection,TestCategoryCore,TestCategoryDiagnostic'},
# {suites: 'FipsTestSuite', name: "TestCategoryFips"}]
# additionalMavenProfile: ['']
# steps:
# - uses: actions/checkout@v5
# - uses: actions/setup-java@v5
# with:
# java-version: ${{ matrix.runConfig.javaVersion }}
# distribution: 'temurin'
# cache: maven
# - uses: actions/setup-python@v5
# with:
# python-version: '3.12'
# architecture: 'x64'
# - name: Tests
# shell: cmd
# env:
# PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
# JDBC_PRIVATE_KEY_SECRET: ${{ secrets.JDBC_PRIVATE_KEY_SECRET }}
# CLOUD_PROVIDER: ${{ matrix.runConfig.cloud }}
# JDBC_TEST_SUITES: ${{ matrix.category.suites }}
# ADDITIONAL_MAVEN_PROFILE: ${{ matrix.additionalMavenProfile }}
# JAVA_TOOL_OPTIONS: "-Xms1g -Xmx4g"
# run: ci\\test_windows.bat
#
# test-mac:
# needs: build
# name: ${{ matrix.runConfig.cloud }} Mac java ${{ matrix.runConfig.javaVersion }} JDBC${{ matrix.additionalMavenProfile }} ${{ matrix.category.name }}
# runs-on: macos-latest
# strategy:
# fail-fast: false
# matrix:
# runConfig: [ {cloud: 'AWS', javaVersion: '8'}, {cloud: 'GCP', javaVersion: '11'}, {cloud: 'AZURE', javaVersion: '17'}, {cloud: 'AWS', javaVersion: '21'}]
# category: [{suites: 'ResultSetTestSuite,StatementTestSuite,LoaderTestSuite', name: 'TestCategoryResultSet,TestCategoryStatement,TestCategoryLoader'},
# {suites: 'OthersTestSuite', name: 'TestCategoryOthers'},
# {suites: 'ArrowTestSuite,ConnectionTestSuite,CoreTestSuite,DiagnosticTestSuite', name: 'TestCategoryArrow,TestCategoryConnection,TestCategoryCore,TestCategoryDiagnostic'},
# {suites: 'FipsTestSuite', name: "TestCategoryFips"}]
# additionalMavenProfile: ['']
# steps:
# - uses: actions/checkout@v5
# - uses: actions/setup-java@v5
# with:
# java-version: ${{ matrix.runConfig.javaVersion }}
# distribution: 'zulu'
# cache: maven
# - uses: actions/setup-python@v5
# with:
# python-version: '3.12'
# - name: Install Homebrew Bash
# shell: bash
# run: brew install bash
# - name: Tests
# shell: bash
# env:
# PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
# JDBC_PRIVATE_KEY_SECRET: ${{ secrets.JDBC_PRIVATE_KEY_SECRET }}
# CLOUD_PROVIDER: ${{ matrix.runConfig.cloud }}
# JDBC_TEST_SUITES: ${{ matrix.category.suites }}
# ADDITIONAL_MAVEN_PROFILE: ${{ matrix.additionalMavenProfile }}
# JAVA_TOOL_OPTIONS: "-Xms1g -Xmx4g" # Increase surefire memory because arm64 macOS machines have not enough memory by default
# run: /opt/homebrew/bin/bash ./ci/test_mac.sh
#
# test-rocky:
# needs: build
# name: ${{ matrix.runConfig.cloud }} Rocky9 java ${{ matrix.runConfig.javaVersion }} JDBC${{ matrix.additionalMavenProfile }} ${{ matrix.category.name }}
# runs-on: ubuntu-latest
# strategy:
# fail-fast: false
# matrix:
# runConfig: [ {cloud: 'AWS', javaVersion: '8', image: 'jdbc-rockylinux9-openjdk8'}, {cloud: 'GCP', javaVersion: '11', image: 'jdbc-rockylinux9-openjdk11'}, {cloud: 'AZURE', javaVersion: '17', image: 'jdbc-rockylinux9-openjdk17'}, {cloud: 'AWS', javaVersion: '21', image: 'jdbc-rockylinux9-openjdk21'}]
# category: [{suites: 'ResultSetTestSuite,StatementTestSuite,LoaderTestSuite', name: 'TestCategoryResultSet,TestCategoryStatement,TestCategoryLoader'},
# {suites: 'OthersTestSuite', name: 'TestCategoryOthers'},
# {suites: 'ArrowTestSuite,ConnectionTestSuite,CoreTestSuite,DiagnosticTestSuite', name: 'TestCategoryArrow,TestCategoryConnection,TestCategoryCore,TestCategoryDiagnostic'},
# {suites: 'FipsTestSuite', name: "TestCategoryFips"}]
# additionalMavenProfile: ['']
# steps:
# - uses: actions/checkout@v5
# - name: Tests
# shell: bash
# env:
# PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
# JDBC_PRIVATE_KEY_SECRET: ${{ secrets.JDBC_PRIVATE_KEY_SECRET }}
# CLOUD_PROVIDER: ${{ matrix.runConfig.cloud }}
# TARGET_DOCKER_TEST_IMAGE: ${{ matrix.runConfig.image }}
# JDBC_TEST_SUITES: ${{ matrix.category.suites }}
# ADDITIONAL_MAVEN_PROFILE: ${{ matrix.additionalMavenProfile }}
# JAVA_TOOL_OPTIONS: "-Xms1g -Xmx4g"
# run: ./ci/test.sh
#
# test-linux:
# needs: build
# name: ${{ matrix.cloud }} Linux java on ${{ matrix.image }} JDBC${{ matrix.additionalMavenProfile }} ${{ matrix.category.name }}
# runs-on: ubuntu-latest
# strategy:
# fail-fast: false
# matrix:
# image: [ 'jdbc-centos7-openjdk8', 'jdbc-centos7-openjdk11', 'jdbc-centos7-openjdk17', 'jdbc-centos7-openjdk21' ]
# cloud: [ 'AWS', 'AZURE', 'GCP' ]
# category: [{suites: 'ResultSetTestSuite,StatementTestSuite,LoaderTestSuite', name: 'TestCategoryResultSet,TestCategoryStatement,TestCategoryLoader'},
# {suites: 'OthersTestSuite', name: 'TestCategoryOthers'},
# {suites: 'ArrowTestSuite,ConnectionTestSuite,CoreTestSuite,DiagnosticTestSuite', name: 'TestCategoryArrow,TestCategoryConnection,TestCategoryCore,TestCategoryDiagnostic'},
# {suites: 'FipsTestSuite', name: "TestCategoryFips"}]
# additionalMavenProfile: ['', '-Dthin-jar']
# steps:
# - uses: actions/checkout@v5
# - name: Tests
# shell: bash
# env:
# PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
# JDBC_PRIVATE_KEY_SECRET: ${{ secrets.JDBC_PRIVATE_KEY_SECRET }}
# CLOUD_PROVIDER: ${{ matrix.cloud }}
# TARGET_DOCKER_TEST_IMAGE: ${{ matrix.image }}
# JDBC_TEST_SUITES: ${{ matrix.category.suites }}
# ADDITIONAL_MAVEN_PROFILE: ${{ matrix.additionalMavenProfile }}
# JAVA_TOOL_OPTIONS: "-Xms1g -Xmx4g"
# run: ./ci/test.sh
#
# test-fat-jar:
# name: ${{ matrix.cloud }} Fat Jar Test App
# runs-on: ubuntu-latest
# strategy:
# fail-fast: false
# matrix:
# cloud: [ 'AWS', 'GCP', 'AZURE' ]
# steps:
# - uses: actions/checkout@v5
# - uses: actions/setup-java@v5
# with:
# java-version: '11'
# distribution: 'temurin'
# cache: maven
# - name: Test Fat Jar App
# shell: bash
# env:
# PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
# JDBC_PRIVATE_KEY_SECRET: ${{ secrets.JDBC_PRIVATE_KEY_SECRET }}
# CLOUD_PROVIDER: ${{ matrix.cloud }}
# run: ./fat-jar-test-app/run.sh

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI about 2 months ago

To fix the problem, explicitly declare restricted GITHUB_TOKEN permissions in the workflow. Since none of the shown jobs perform write operations against the GitHub API, the minimal contents: read permission is sufficient. Declaring this at the workflow root ensures it applies to all jobs unless they override it.

The best fix is to add a root-level permissions block right after the name: (and before on:) with contents: read. This documents the intended permission level, ensures least privilege even if repository defaults are broader, and avoids changing any existing steps. No additional imports or methods are needed; this is a pure YAML configuration change within .github/workflows/build-test.yml.

Concretely, modify .github/workflows/build-test.yml by inserting:

permissions:
  contents: read

between line 1 (name: Build and Test) and the existing on: block.

Suggested changeset 1
.github/workflows/build-test.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
--- a/.github/workflows/build-test.yml
+++ b/.github/workflows/build-test.yml
@@ -1,5 +1,8 @@
 name: Build and Test
 
+permissions:
+  contents: read
+
 on:
     push:
         branches:
EOF
@@ -1,5 +1,8 @@
name: Build and Test

permissions:
contents: read

on:
push:
branches:
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sfc-gh-rkowalski @github-advanced-security