Skip to content

Commit eacae04

Browse files
committed
Move JFrog proxy setup to shared setup-build-environment action
This ensures all test jobs that use the shared action get the JFrog Go module proxy configured on hardened runners. Co-authored-by: Isaac
1 parent 9fca8f3 commit eacae04

File tree

2 files changed

+28
-16
lines changed

2 files changed

+28
-16
lines changed

.github/actions/setup-build-environment/action.yml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,14 @@ runs:
1212
- name: Checkout repository and submodules
1313
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1414

15+
- name: Setup JFrog CLI with OIDC
16+
if: runner.os != 'macOS'
17+
uses: jfrog/setup-jfrog-cli@279b1f629f43dd5bc658d8361ac4802a7ef8d2d5 # v4.9.1
18+
env:
19+
JF_URL: https://databricks.jfrog.io
20+
with:
21+
oidc-provider-name: github-actions
22+
1523
- name: Create cache identifier
1624
run: echo "${{ inputs.cache-key }}" > cache.txt
1725
shell: bash
@@ -24,6 +32,14 @@ runs:
2432
go.sum
2533
cache.txt
2634
35+
- name: Download Go modules via JFrog
36+
if: runner.os != 'macOS'
37+
shell: bash
38+
run: |
39+
jf goc --repo-resolve=db-golang
40+
jf go mod download
41+
jf go mod download -modfile=tools/go.mod
42+
2743
- name: Setup Python
2844
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
2945
with:

.github/workflows/push.yml

Lines changed: 12 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -125,27 +125,11 @@ jobs:
125125
- name: Checkout repository and submodules
126126
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
127127

128-
- name: Setup JFrog CLI with OIDC
129-
if: matrix.os.name != 'macos'
130-
uses: jfrog/setup-jfrog-cli@279b1f629f43dd5bc658d8361ac4802a7ef8d2d5 # v4.9.1
131-
env:
132-
JF_URL: https://databricks.jfrog.io
133-
with:
134-
oidc-provider-name: github-actions
135-
136128
- name: Setup build environment
137129
uses: ./.github/actions/setup-build-environment
138130
with:
139131
cache-key: test-${{ matrix.deployment }}
140132

141-
- name: Download Go modules via JFrog
142-
if: matrix.os.name != 'macos'
143-
shell: bash
144-
run: |
145-
jf goc --repo-resolve=db-golang
146-
jf go mod download
147-
jf go mod download -modfile=tools/go.mod
148-
149133
- name: Run tests without coverage
150134
# We run tests without coverage on PR, merge_group, and schedule because we don't make use of coverage information
151135
# and would like to run the tests as fast as possible. We run it on schedule as well, because that is what
@@ -183,6 +167,10 @@ jobs:
183167
name: "make test-exp-aitools"
184168
runs-on: ${{ matrix.os }}
185169

170+
permissions:
171+
id-token: write
172+
contents: read
173+
186174
strategy:
187175
fail-fast: false
188176
matrix:
@@ -215,6 +203,10 @@ jobs:
215203
name: "make test-exp-ssh"
216204
runs-on: ${{ matrix.os }}
217205

206+
permissions:
207+
id-token: write
208+
contents: read
209+
218210
strategy:
219211
fail-fast: false
220212
matrix:
@@ -246,6 +238,10 @@ jobs:
246238
name: "make test-pipelines"
247239
runs-on: ${{ matrix.os }}
248240

241+
permissions:
242+
id-token: write
243+
contents: read
244+
249245
strategy:
250246
fail-fast: false
251247
matrix:

0 commit comments

Comments
 (0)