Configure JFrog Artifactory as PyPI proxy for hardened runners (#1379)

## Summary

Hardened GitHub Actions runners block direct access to public registries
(PyPI, files.pythonhosted.org). This adds OIDC-based JFrog Artifactory
authentication so CI can download Python packages through the `db-pypi`
proxy.

Uses the same `jfrog/setup-jfrog-cli` action as [CLI PR
#4875](databricks/cli#4875).

## What changed

- **New composite action**
(`.github/actions/setup-jfrog-pypi/action.yml`): Uses
`jfrog/setup-jfrog-cli` for OIDC authentication (same action + SHA as
the CLI repo), then sets `UV_INDEX_URL` using the token from the
action's `oidc-token`/`oidc-user` outputs.
- **`test.yml`**: Added `id-token: write` permissions, JFrog setup step,
and `uv lock` before `make dev test`.
- **`push.yml`**: Added workflow-level `id-token: write` permissions
(needed for `workflow_call` to `test.yml`). Added JFrog setup + `uv
lock` to `fmt` and `check-manifest` jobs.
- **`Makefile`**: Added `fix-lockfile` target. All existing targets are
unchanged.

## How it works

`uv.lock` stores full registry URLs per package. Setting `UV_INDEX_URL`
to JFrog causes `uv sync --locked` to fail (stale lockfile). To work
around this, CI runs `uv lock` after JFrog setup, which rewrites the
lockfile with JFrog URLs while keeping the same versions. Then `make dev
test` / `make dev fmt` work unchanged with `--locked`. The lockfile
rewrite is ephemeral (never committed).

In the `fmt` job, `git checkout -- '*.lock'` restores the committed
lockfile after formatting, then `make fix-lockfile` normalizes any
accidentally committed proxy URLs. `git diff --exit-code` catches both
unformatted code and dirty lockfiles.

## `make fix-lockfile`

Replaces JFrog proxy URLs with their public PyPI equivalents in all
`*.lock` files. Prevents proxy URLs from being accidentally committed to
the repo.

**When to use it**: If you run `uv lock` while `UV_INDEX_URL` points to
JFrog (e.g. after sourcing CI env vars), run `make fix-lockfile` before
committing to normalize URLs back to public PyPI.

**CI enforcement**: The `fmt` job runs this before `git diff
--exit-code`, so committed proxy URLs fail CI.

## Out of scope

- **`tagging.yml`**: Generated from the Universe codegen template
(`openapi/genkit/sync/workflows/tagging.yml`). JFrog setup needs to be
upstreamed there.
- **`release.yml` / `release-test.yml`**: Need special publish runners
per the migration guide. Separate follow-up with the security team.
- **Runner migration**: Switching to hardened runner labels can be done
as a follow-up.
- **`Trigger Tests` CI failure**: Pre-existing IP allowlist issue
(DECO-26816).

NO_CHANGELOG=true

Author: mihaimitrea-db

.github/actions/setup-jfrog-pypi/action.yml

@@ -0,0 +1,21 @@
+name: Setup JFrog PyPI proxy
+description: Authenticate to JFrog via OIDC and configure uv to use the db-pypi proxy
+
+runs:
+  using: composite
+  steps:
+    - name: Setup JFrog CLI with OIDC
+      id: jfrog
+      uses: jfrog/setup-jfrog-cli@279b1f629f43dd5bc658d8361ac4802a7ef8d2d5 # v4.9.1
+      env:
+        JF_URL: https://databricks.jfrog.io
+      with:
+        oidc-provider-name: github-actions
+
+    - name: Configure uv for JFrog
+      shell: bash
+      run: |
+        # Route uv package resolution through the JFrog PyPI proxy. Hardened
+        # runners block direct access to pypi.org, so all index queries go
+        # through this authenticated mirror instead.
+        echo "UV_INDEX_URL=https://${{ steps.jfrog.outputs.oidc-user }}:${{ steps.jfrog.outputs.oidc-token }}@databricks.jfrog.io/artifactory/api/pypi/db-pypi/simple" >> "$GITHUB_ENV"

.github/workflows/push.yml

@@ -6,6 +6,10 @@ on:
   merge_group:
     types: [checks_requested]
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   tests-ubuntu:
     uses: ./.github/workflows/test.yml
@@ -39,9 +43,20 @@ jobs:
         with:
           version: "0.6.5"
 
+      - name: Setup JFrog PyPI proxy
+        uses: ./.github/actions/setup-jfrog-pypi
+
+      - name: Re-lock for JFrog
+        run: uv lock
+
       - name: Format all files
         run: make dev fmt
 
+      - name: Restore lockfiles and fix proxy URLs
+        run: |
+          git checkout -- '*.lock'
+          make fix-lockfile
+
       - name: Fail on differences
         run: git diff --exit-code
 
@@ -57,5 +72,11 @@ jobs:
         with:
           version: "0.6.5"
 
+      - name: Setup JFrog PyPI proxy
+        uses: ./.github/actions/setup-jfrog-pypi
+
+      - name: Re-lock for JFrog
+        run: uv lock
+
       - name: Check MANIFEST.in
         run: make dev && uv run check-manifest .

.github/workflows/test.yml

@@ -15,6 +15,11 @@ jobs:
     strategy:
         fail-fast: false
     runs-on: ${{ inputs.os }}
+
+    permissions:
+      id-token: write
+      contents: read
+
     steps:
       - name: Checkout
         uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
@@ -28,6 +33,15 @@ jobs:
           version: "0.6.5"
           python-version: ${{ inputs.pyVersion }}
 
+      - name: Setup JFrog PyPI proxy
+        uses: ./.github/actions/setup-jfrog-pypi
+
+      # Re-lock so uv.lock matches the JFrog-configured UV_INDEX_URL.
+      # Keeps the same versions; only registry URLs change. Ephemeral (not committed).
+      - name: Re-lock for JFrog
+        shell: bash
+        run: uv lock
+
       - name: Run tests
         run: make dev test
 

Makefile

@@ -30,5 +30,13 @@ benchmark:
 coverage: test
 	open htmlcov/index.html
 
+fix-lockfile:
+	@# Replace JFrog proxy URLs with public equivalents in lockfiles.
+	@# Prevents proxy URLs from being accidentally committed.
+	find . -type f -name '*.lock' -not -path './.github/*' \
+	  -exec sed -i 's|databricks\.jfrog\.io/artifactory/api/pypi/db-pypi/simple|pypi.org/simple|g' {} +
+	find . -type f -name '*.lock' -not -path './.github/*' \
+	  -exec sed -i 's|databricks\.jfrog\.io/artifactory/api/pypi/db-pypi/packages|files.pythonhosted.org|g' {} +
+
 clean:
 	rm -fr dist *.egg-info .pytest_cache build htmlcov .venv