expanded-analytics (#597)

Summary:

- `postgres` analytics dev and test pattern.
- Harden analytics against regressions.
- Added robot test `Materialized View of Filtered Multi Level Table Valued Function In Subquery Returns Expected Results`.
- Upgraded `macos` runners to `15`.

Author: general-kroll-4-life

.github/actionlint.yaml

@@ -5,5 +5,5 @@ self-hosted-runner:
     - ubuntu-22-04-m
     - ubuntu-22-04-arm64-m
     - arm-ubuntu-22-04-runner-one
-    - macos-13 # should not be necessary
-    - macos-14 # should not be necessary
+    - macos-14 # should not be necessary
+    - macos-15 # should not be necessary

.github/workflows/build.yml

@@ -1207,7 +1207,7 @@ jobs:
 
   macosbuild:
     name: MacOS Build
-    runs-on: macos-13
+    runs-on: macos-15
     timeout-minutes: ${{ vars.DEFAULT_JOB_TIMEOUT_MIN == '' && 120 || vars.DEFAULT_JOB_TIMEOUT_MIN }}
     steps:
     - name: Check out code into the Go module directory
@@ -1347,7 +1347,7 @@ jobs:
 
   macosarmbuild:
     name: MacOS ARM Build
-    runs-on: macos-13
+    runs-on: macos-15
     timeout-minutes: ${{ vars.DEFAULT_JOB_TIMEOUT_MIN == '' && 120 || vars.DEFAULT_JOB_TIMEOUT_MIN }}
     steps:
 

cicd/scripts/context.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-CUR_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+CUR_DIR="$(cd "$(dirname "${BASH_SOURCE[0]:-${(%):-%x}}")" && pwd)"
 
 export REPOSITORY_ROOT="$(realpath ${CUR_DIR}/../..)"
 

cicd/scripts/testing-env.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-CUR_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+CUR_DIR="$(cd "$(dirname "${BASH_SOURCE[0]:-${(%):-%x}}")" && pwd)"
 
 source "${CUR_DIR}/context.sh"
 

cicd/util/01-build-robot-lib.sh

@@ -8,7 +8,7 @@ checkPoetry () {
     fi
 }
 
-CURDIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+CURDIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]:-${(%):-%x}}" )" &> /dev/null && pwd )"
 
 REPOSITORY_ROOT="$(realpath ${CURDIR}/../..)"
 

cicd/util/02-install-robot-lib.sh

@@ -1,14 +1,14 @@
 #! /usr/bin/env bash
 
-CURDIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+CURDIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]:-${(%):-%x}}" )" &> /dev/null && pwd )"
 
 REPOSITORY_ROOT="$(realpath ${CURDIR}/../..)"
 
 PACKAGE_ROOT="${REPOSITORY_ROOT}/test"
 
 venv_path="${REPOSITORY_ROOT}/.venv"
 
-CURDIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+CURDIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]:-${(%):-%x}}" )" &> /dev/null && pwd )"
 
 REPOSITORY_ROOT="$(realpath ${CURDIR}/../..)"
 

cicd/vol/stackql-data/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

cicd/vol/vendor-secrets/.gitignore

@@ -0,0 +1,2 @@
+*
+!.gitignore

docker-compose-live.yml

@@ -0,0 +1,35 @@
+version: "3.9"
+   
+services:
+  postgres_stackql:
+    image: postgres:14.5-bullseye
+    hostname: postgres_stackql
+    volumes:
+      - ./cicd/vol/postgres/setup:/docker-entrypoint-initdb.d:ro
+    environment:
+      - POSTGRES_PASSWORD=stackql
+    ports:
+      - "7632:5432/tcp"
+  stackql:
+    # Update image tag as needed
+    image: stackql/stackql:latest
+    hostname: stackql
+    restart: no
+    volumes:
+      - ./cicd/vol/vendor-secrets:/opt/stackql/vendor-secrets:ro
+      - ./cicd/vol/stackql-data:/opt/stackql/.stackql:rw
+    ports:
+      - "8632:8432/tcp"
+    command: 
+      - bash
+      - -c
+      - |
+        while ! nc -z postgres_stackql 5432; do sleep 1; done;
+        source /opt/stackql/vendor-secrets/secrets.sh
+        stackql srv \
+          --http.log.enabled=true \
+          --pgsrv.port=8432 \
+          --pgsrv.address=0.0.0.0 \
+          --export.alias=stackql_export \
+          --auth='{ "github": { "credentialsenvvar": "STACKQL_GITHUB_TOKEN", "type": "api_key", "valuePrefix": "Bearer " }, "googleadmin": { "type": "service_account", "credentialsenvvar": "GOOGLEADMIN_CREDENTIALS" } }' \
+          --sqlBackend='{ "dbEngine": "postgres_tcp", "sqlDialect": "postgres", "dsn": "postgres://stackql:stackql@postgres_stackql:5432" }'

docs/analytics.md

@@ -0,0 +1,120 @@
+
+
+# Analytics with stackql
+
+The canonical pattern is a postgres backend.  To meaningfully develop analytics capability, **real** authenticated access to providers plus a postgres backend is needed. Therefore for local development:
+
+- Ensure that all env var secrets are exported from the `.gitignore`d file `cicd/vol/vendor-secrets/secrets.sh`.
+- Run and kill development containers with `docker compose -f docker-compose-live.yml down --volumes` / `docker compose -f docker-compose-live.yml up --force-recreate`.
+- Connect and develop queries with `psql "postgresql://stackql:[email protected]:8632/stackql"`.
+
+
+## TODO
+
+Robot tests for:
+
+- Support for `current_date`.
+- Support for `current_timestamp`.
+- Support for multi-layered table valued functions in subqueries with outside filters, per Figure MLS-01.
+
+---
+
+```sql
+
+-- sqlite version
+
+CREATE OR REPLACE MATERIALIZED VIEW gcp_compute_public_ip_exposure AS
+select
+  resource_type,
+  resource_id,
+  resource_name,
+  cloud,
+  region,
+  protocol,
+  from_port,
+  to_port,
+  cidr,
+  direction,
+  public_access_type,
+  public_principal,
+  access_mechanism
+from 
+(
+SELECT
+  'compute'                          AS resource_type,
+  vms.id                                 AS resource_id,
+  vms.name                               AS resource_name,
+  'google'                              AS cloud,
+  split_part(vms.zone, '/', -1)      AS region,
+  NULL                               AS protocol,
+  NULL                               AS from_port,
+  NULL                               AS to_port,
+  NULL                               AS cidr,
+  NULL                               AS direction,
+  NULL                               AS public_access_type,
+  NULL                               AS public_principal,
+  NULL                               AS access_mechanism,
+  json_extract(ac.value, '$.natIP') as external_ip
+FROM google.compute.instances vms,
+  json_each(vms.networkInterfaces) AS ni,
+  json_each(json_extract(ni.value, '$.accessConfigs')) AS ac
+WHERE 
+  vms.project in (
+    'testing-project'
+  )
+  ) foo
+  where external_ip != ''
+;
+
+
+-- postgres version
+
+CREATE OR REPLACE MATERIALIZED VIEW gcp_compute_public_ip_exposure AS
+select
+  resource_type,
+  resource_id,
+  resource_name,
+  cloud,
+  region,
+  protocol,
+  from_port,
+  to_port,
+  cidr,
+  direction,
+  public_access_type,
+  public_principal,
+  access_mechanism
+from 
+(
+SELECT
+  'compute'                          AS resource_type,
+  vms.id                                 AS resource_id,
+  vms.name                               AS resource_name,
+  'google'                              AS cloud,
+  split_part(vms.zone, '/', -1)      AS region,
+  NULL                               AS protocol,
+  NULL                               AS from_port,
+  NULL                               AS to_port,
+  NULL                               AS cidr,
+  NULL                               AS direction,
+  NULL                               AS public_access_type,
+  NULL                               AS public_principal,
+  NULL                               AS access_mechanism,
+  json_extract_path_text(ac.value, 'natIP') as external_ip
+FROM google.compute.instances vms,
+  json_array_elements_text(vms.networkInterfaces) AS ni,
+  json_array_elements_text(json_extract_path_text(ni.value, 'accessConfigs')) AS ac
+WHERE 
+  vms.project in (
+    'stackql-interesting'
+  )
+  ) foo
+  where external_ip != ''
+;
+
+```
+
+**Figure MLS-01**: Multi-layered table valued functions in subqueries with outside filters.
+
+---
+