Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
dbt is a data transformation workflow tool that lets teams quickly and collaboratively deploy analytics code, following software engineering best practices like modularity, CI/CD, testing, and documentation. It enables anyone who knows SQL to build production-grade data pipelines.
One frequently asked question in the context of using dbt
tool is:
Can I connect my dbt project to two databases?
(see the answered question on the dbt website).
TL;DR dbt
stands for transformation as in T
within ELT
pipelines, it doesn't move data from source to a warehouse.
dbt-trino
adapter uses Trino as a underlying query engine to perform query federation across disperse data sources. Trino connects to multiple and diverse data sources (available connectors) via one dbt connection and process SQL queries at scale. Transformations defined in dbt are passed to Trino which handles these SQL transformation queries and translates them to queries specific to the systems it connects to create tables or views and manipulate data.
This repository represents a fork of the dbt-presto with adaptations to make it work with Trino.
This dbt plugin has been tested against Trino
version 455
, Starburst Enterprise
version 443-e.10
and Starburst Galaxy
.
For information on installing and configuring your profile to authenticate to Trino or Starburst, please refer to Starburst and Trino Setup in the dbt docs.
For Trino- and Starburst-specific configuration, you can refer to Starburst (Trino) configurations on the dbt docs site.
First 5 steps are ONLY relevant for bumping minor version:
1.x.latest
branch from the latest tag corresponding to current minor version, e.g. git checkout -b 1.6.latest v1.6.2
(when bumping to 1.7). Push branch to remote. This branch will be used for potential backports.1.x.latest
). Add a new entry in .changes/0.0.0.md
that points to the newly created latest branch.changie merge
to update README.md
. After that, remove changie files and folders related to current minor version. Commit.dbt-tests-adapter
. Commit.Skip Changlelog
label to the PR.Continue with the next steps for a minor version bump. Start from this point for a patch version bump:
Version Bump
workflow. The major and minor part of the dbt version are used to associate dbt-trino's version with the dbt version.dbt-trino release
workflow to release dbt-trino
to PyPi and GitHub.Sometimes it is necessary to backport some changes to some older versions. In that case, create branch from x.x.latest
branch. There is a x.x.latest
for each minor version, e.g. 1.3.latest
. Make a fix and open PR back to x.x.latest
. Create changelog by changie new
as ususal, as separate changlog for each minor version is kept on every x.x.latest
branch.
After merging, to make a release of that version, just follow instructions from Release process section, but run every workflow on x.x.latest
branch.
Everyone interacting in the dbt project's codebases, issue trackers, chat rooms, and mailing lists is expected to follow the PyPA Code of Conduct.
FAQs
The trino adapter plugin for dbt (data build tool)
We found that dbt-trino demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.