Credential-Free Model Rendering and Pre-Rendered Plan/Apply #4318
Description
Currently, rendering or evaluating models in SQLMesh requires credentials for the gateway and state store, even for operations like sqlmesh render. This poses a challenge for workflows where users (e.g., contributors or CI/CD bots like GitHub Actions) need to work on a SQLMesh project without access to sensitive production database credentials.
To improve the developer experience and enhance security, we propose adding functionality to allow model rendering and evaluation without requiring credentials. This would enable safer workflows, such as rendering models locally or in CI/CD pipelines, while deferring operations that need credentials (e.g., plan or apply) to secure environments.
Proposed Solution (high level idea):
-
Render All Models Without Credentials:
- Introduce a mode for
sqlmesh renderthat evaluates all models (including Python-based models and macros) without accessing the gateway or state store. - Save the rendered output to a local artifact for later use.
- Example command:
sqlmesh render --all --output rendered_models/
- Introduce a mode for
-
Execute Plan with Pre-Rendered Models:
- Add a
sqlmesh planoption to use pre-rendered models, bypassing the need to re-evaluate macros or access credentials during the plan phase. - This would allow secure environments with credentials to apply plans using the pre-rendered artifacts.
- Example command:
sqlmesh plan --pre-rendered rendered_models/
- Add a