GitHub Action

Using the GitHub action

To add the Titan Core GitHub action to your repository, follow these steps:

Create a Titan workflow file

Create a file in the GitHub workflows directory of your repo (.github/workflows/titan.yml)

-- .github/workflows/titan.yml
name: Deploy to Snowflake with Titan
on:
  push:
    branches: [ main ]
    paths:
    - 'titan/**'

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Deploy to Snowflake
        uses: Titan-Systems/titan-core-action@main
        with:
          run-mode: 'create-or-update'
          resource-path: './titan'
          allowlist: 'warehouse,role,grant'
          dry-run: 'false'
        env:
          SNOWFLAKE_ACCOUNT: ${{ secrets.SNOWFLAKE_ACCOUNT }}
          SNOWFLAKE_USER: ${{ secrets.SNOWFLAKE_USER }}
          SNOWFLAKE_PASSWORD: ${{ secrets.SNOWFLAKE_PASSWORD }}
          SNOWFLAKE_ROLE: ${{ secrets.SNOWFLAKE_ROLE }}
          SNOWFLAKE_WAREHOUSE: ${{ secrets.SNOWFLAKE_WAREHOUSE }}

Configure your Snowflake connection

Go to your GitHub repository settings, navigate to Secrets. There, add a secret for SNOWFLAKE_ACCOUNT, SNOWFLAKE_USER, and whatever other connection settings you need.

Create a `titan` directory in your repository

Add YAML resource configs to the titan directory.

# titan/warehouses.yml
warehouses:
  - name: reporting
    warehouse_size: XSMALL
    auto_suspend: 60
    auto_resume: true

# titan/rbac.yml

roles:
  - name: reporter
    comment: "Has permissions on the analytics database..."

grants:
  - to_role: reporter
    priv: usage
    on_warehouse: reporting
  - to_role: reporter
    priv: usage
    on_database: analytics

role_grants:
  - role: reporter
    roles:
      - SYSADMIN

Commit and push your changes

When you push to main changes to files in the titan/ directory, the Github Action will deploy them to Snowflake.

Configuration options

run-mode string

Defines how the blueprint interacts with the Snowflake account

Default: "create-or-update"
create-or-update
- Resources are either created or updated, no resources are destroyed
sync:
- ⚠️ WARNING Sync mode will drop resources.
- Titan will update Snowflake to match the blueprint exactly. Must be used with allowlist.

resource-path string

Defines the file or directory where Titan will look for the resource configs

Default: "."

allowlist list[string] or "all"

Defines which resource types are allowed

Default: "all"

dry_run bool

vars dict

vars_spec list[dict]

scope str

database str

schema str

Ignore files with `.titanignore`

If you specify a directory as the resource-path, Titan will recursively look for all files with a .yaml or .yml file extension. You can tell Titan to exclude files or directories with a .titanignore file. This file uses gitignore syntax.

`.titanignore` example

# .titanignore

# Ignore dbt config
dbt_project.yml

PreviousBlueprint NextAPIAuthenticationSecurityIntegration

Last updated 1 year ago