I have developed an app for Pull based data ingestion in snowflake based on this using Python [.html][1]

And in the app there are three files deploy.sql, install.sql and Makefile along with the setup.sql. These are generally used to run in the local terminal and this will execute a series of sql queries and commands within the context of the app and create necessary DBs, Schemas and much more like granting permissions (Attached the contents of the file below).

But if I am to publish this as a marketplace app the users cannot run the scripts in a terminal and how can this be executed and how does the customer be able to use the application in their Snowflake account, if running scripts manually is the only way are the other apps running in this way ?

Any architecture on how this works or should I be asking my clients to run something manually ( I am worried about the user experience here)

Attaching the codes

deploy.sql

-- Copyright (c) 2024 Snowflake Inc.
!set variable_substitution=true;

-- Create stage
CREATE OR REPLACE DATABASE "&{STAGE_DB}";
CREATE STAGE IF NOT EXISTS "&{STAGE_DB}".PUBLIC.ARTIFACTS;

-- Use relative stage path for PUT command
PUT 'file://sf_build/*' @"&{STAGE_DB}".PUBLIC.ARTIFACTS/"&{APP_VERSION}" AUTO_COMPRESS = FALSE overwrite=true;

-- App setup
DROP APPLICATION PACKAGE IF EXISTS "&{APP_NAME}";
CREATE APPLICATION PACKAGE IF NOT EXISTS "&{APP_NAME}";
ALTER APPLICATION PACKAGE "&{APP_NAME}" ADD VERSION "&{APP_VERSION}" USING @"&{STAGE_DB}".PUBLIC.ARTIFACTS/"&{APP_VERSION}";

install.sql

-- Copyright (c) 2024 Snowflake Inc.
!set variable_substitution=true;

-- Set variables
SET APP_NAME = '&{APP_NAME}';
SET WAREHOUSE = '&{WAREHOUSE}';

SET APP_INSTANCE_NAME = $APP_NAME || '_INSTANCE';
SET SECRETS_DB = $APP_NAME || '_SECRETS';
SET SECRETS_SCHEMA = $SECRETS_DB || '.public';
SET SECRET_NAME = $SECRETS_DB || '.public.github_token';

USE ROLE ACCOUNTADMIN;

CREATE OR REPLACE DATABASE IDENTIFIER($SECRETS_DB);
USE DATABASE IDENTIFIER($SECRETS_DB);

CREATE OR REPLACE NETWORK RULE GH_RULE
MODE = EGRESS
TYPE = HOST_PORT
VALUE_LIST=('api.github:443');

CREATE OR REPLACE SECRET IDENTIFIER($SECRET_NAME) TYPE=GENERIC_STRING SECRET_STRING='&{token}';

set CREATE_INTEGRATION = 'CREATE OR REPLACE EXTERNAL ACCESS INTEGRATION GITHUB_INTEGRATION
ALLOWED_NETWORK_RULES = (GH_RULE)
ALLOWED_AUTHENTICATION_SECRETS = (''' || $SECRET_NAME || ''')
ENABLED = TRUE';

select $CREATE_INTEGRATION;
execute immediate $CREATE_INTEGRATION;

-- Dev: install the app
DROP APPLICATION IF EXISTS IDENTIFIER($APP_INSTANCE_NAME) CASCADE;
CREATE APPLICATION IDENTIFIER($APP_INSTANCE_NAME) FROM APPLICATION PACKAGE IDENTIFIER($APP_NAME) USING VERSION &{APP_VERSION};

GRANT USAGE ON INTEGRATION GITHUB_INTEGRATION TO APPLICATION IDENTIFIER($APP_INSTANCE_NAME);

GRANT USAGE ON DATABASE IDENTIFIER($SECRETS_DB) TO APPLICATION IDENTIFIER($APP_INSTANCE_NAME);
GRANT USAGE ON SCHEMA IDENTIFIER($SECRETS_SCHEMA) TO APPLICATION IDENTIFIER($APP_INSTANCE_NAME);
GRANT READ ON SECRET IDENTIFIER($SECRET_NAME) TO APPLICATION IDENTIFIER($APP_INSTANCE_NAME);

MakeFile

APP_NAME=EXAMPLE_GITHUB_PYTHON_CONNECTOR
APP_VERSION=V_1_0_0
STAGE_DB=${APP_NAME}_STAGE
STAGE_NAME=${STAGE_DB}.PUBLIC.ARTIFACTS
WAREHOUSE=XS

.PHONY: build
build:
    python -m build

.PHONY: dev_deploy
deploy:
    snowsql -f sql/deploy.sql -c $(CONNECTION) -D APP_NAME=${APP_NAME} -D STAGE_DB=${STAGE_DB} -D STAGE_NAME=${STAGE_NAME} -D APP_VERSION=${APP_VERSION}

install:
    snowsql -f sql/install.sql -c $(CONNECTION) -D token=${GITHUB_TOKEN}  -D APP_NAME=${APP_NAME} -D WAREHOUSE=${WAREHOUSE} -D APP_VERSION=${APP_VERSION} -D STAGE_NAME=${STAGE_NAME}

setup.sql

-- Copyright (c) 2024 Snowflake Inc.
create or alter versioned schema public;
create schema if not exists state;
create schema if not exists tasks;

create application role app_user;
grant usage on schema public to application role app_user;
grant usage on schema tasks to application role app_user;

... # intentionally removing the later part of this code