fix getting remote url

Author: mwojtyczka

.build-constraints.txt

@@ -0,0 +1,23 @@
+hatch-fancy-pypi-readme==25.1.0 \
+    --hash=sha256:9c58ed3dff90d51f43414ce37009ad1d5b0f08ffc9fc216998a06380f01c0045 \
+    --hash=sha256:ce0134c40d63d874ac48f48ccc678b8f3b62b8e50e9318520d2bffc752eedaf3
+hatchling==1.29.0 \
+    --hash=sha256:50af9343281f34785fab12da82e445ed987a6efb34fd8c2fc0f6e6630dbcc1b0 \
+    --hash=sha256:793c31816d952cee405b83488ce001c719f325d9cda69f1fc4cd750527640ea6
+    # via hatch-fancy-pypi-readme
+packaging==26.0 \
+    --hash=sha256:00243ae351a257117b6a241061796684b084ed1c516a08c48a3f7e147a9d80b4 \
+    --hash=sha256:b36f1fef9334a5588b4166f8bcd26a14e521f2b55e6b9de3aaa80d3ff7a37529
+    # via hatchling
+pathspec==1.0.4 \
+    --hash=sha256:0210e2ae8a21a9137c0d470578cb0e595af87edaa6ebf12ff176f14a02e0e645 \
+    --hash=sha256:fb6ae2fd4e7c921a165808a552060e722767cfa526f99ca5156ed2ce45a5c723
+    # via hatchling
+pluggy==1.6.0 \
+    --hash=sha256:7dcc130b76258d33b90f61b658791dede3486c3e6bfb003ee5c9bfb396dd22f3 \
+    --hash=sha256:e920276dd6813095e9377c0bc5566d94c932c33b27a3e3945d8389c374dd4746
+    # via hatchling
+trove-classifiers==2026.1.14.14 \
+    --hash=sha256:00492545a1402b09d4858605ba190ea33243d361e2b01c9c296ce06b5c3325f3 \
+    --hash=sha256:1f9553927f18d0513d8e5ff80ab8980b8202ce37ecae0e3274ed2ef11880e74d
+    # via hatchling

.codegen.json

@@ -3,8 +3,9 @@
     "src/databricks/labs/dqx/__about__.py": "__version__ = \"$VERSION\""
   },
   "toolchain": {
-    "required": ["python3", "hatch"],
-    "pre_setup": ["hatch env create"],
-    "prepend_path": ".venv/bin"
+    "required": ["make", "uv"],
+    "pre_setup": ["make dev"],
+    "prepend_path": ".venv/bin",
+    "test": ["make test"]
   }
-}
+}

.github/ISSUE_TEMPLATE/bug.yml

@@ -20,7 +20,7 @@ body:
       label: Current Behavior
       description: |
         A concise description of what you're experiencing.
-        **Do not paste links to attachments with logs and/or images, as all issues will attachments will get deleted.**
+        **Do not paste links to attachments with logs and/or images, as all issues with attachments will get deleted.**
         Use the `Relevant log output` field to paste redacted log output without personal identifying information (PII).
         You can Ctrl/Cmd+V the screenshot, which would appear as a rendered image if it doesn't contain any PII.
     validations:
@@ -67,6 +67,6 @@ body:
   - type: textarea
     id: logs
     attributes:
-      label: Relevant log output
-      description: Please copy and paste any relevant log output. This will be automatically formatted into code, so no need for backticks.
+      label: Relevant log output, error message and full stacktrace
+      description: Please copy and paste any relevant log output, error message and full stacktrace. This will be automatically formatted into code, so no need for backticks.
       render: shell

.github/actions/jfrog-auth/action.yml

@@ -0,0 +1,50 @@
+name: 'Authenticate for JFrog'
+description: 'Authenticate with JFrog using OIDC based on the GitHub repository.'
+# TODO: Factor out into an external action, once releases are allowed.
+outputs:
+  jfrog-access-token:
+    description: "Access token for JFrog"
+    value: "${{ steps.jfrog-auth.outputs.jfrog-access-token }}"
+runs:
+  using: "composite"
+  steps:
+    - id: jfrog-auth
+      name: Authenticate against JFrog
+      shell: bash
+      run: |
+        "${GITHUB_ACTION_PATH}/jfrog-auth" "${ACTIONS_ID_TOKEN_REQUEST_URL}" "${ACTIONS_ID_TOKEN_REQUEST_TOKEN}"
+
+    - id: detect-cmds
+      name: Detecting python package/project managers.
+      shell: bash
+      run: |
+        for cmd in pip3 uv
+        do
+          command -v "${cmd}" > /dev/null && found=true || found=false
+          printf '::debug::%s\n' "Found ${cmd}: ${found}"
+          printf '%s=%s\n' "command_${cmd}" "${found}" >> "${GITHUB_OUTPUT}"
+        done
+
+    - name: Configure pip for JFrog
+      if: "${{ steps.detect-cmds.outputs.command_pip3 == 'true' }}"
+      shell: bash
+      env:
+        JFROG_ACCESS_TOKEN: "${{ steps.jfrog-auth.outputs.jfrog-access-token }}"
+      run: |
+        umask 077
+        cat > "$RUNNER_TEMP/.pip.conf" <<EOF
+        [global]
+        index-url = https://gha-service-account:${JFROG_ACCESS_TOKEN}@databricks.jfrog.io/artifactory/api/pypi/db-pypi/simple
+        EOF
+        printf '%s=%s\n' 'PIP_CONFIG_FILE' "${RUNNER_TEMP}/.pip.conf" >> "${GITHUB_ENV}"
+
+    - name: Configure uv for JFrog
+      if: "${{ steps.detect-cmds.outputs.command_uv == 'true' }}"
+      shell: bash
+      env:
+        JFROG_ACCESS_TOKEN: "${{ steps.jfrog-auth.outputs.jfrog-access-token }}"
+        UV_INDEX_URL: 'https://databricks.jfrog.io/artifactory/api/pypi/db-pypi/simple'
+      run: |
+        uv auth login "${UV_INDEX_URL}" --username gha-service-account --password "${JFROG_ACCESS_TOKEN}"
+        printf "%s=%s\n" 'UV_INDEX_URL' "${UV_INDEX_URL}" >> "${GITHUB_ENV}"
+        printf "%s=%s\n" 'UV_FROZEN' '1' >> "${GITHUB_ENV}"

.github/actions/jfrog-auth/jfrog-auth

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+#
+# Obtain a JFrog access token, assuming GitHub OIDC.
+#
+set -eu
+
+_request_url="$1"
+_request_token="$2"
+
+#
+# Step 1: Obtain the OIDC identifier token from GitHub.
+#
+printf '::debug::%s\n' "Fetching OIDC identifier token from GitHub..."
+_id_token="$(curl -sLS \
+    -H 'User-Agent: actions/oidc-client' \
+    -H "Authorization: Bearer ${_request_token}" \
+    "${_request_url}&audience=jfrog-github" |
+    jq -r .value)"
+printf '::add-mask::%s\n' "${_id_token}"
+
+#
+# Step 2: Exchange it for the JFrog access token.
+#
+printf '::debug::%s\n' "Exchanging OIDC identifier token for JFrog access token..."
+_access_token=$(curl -sLS \
+    --json "{\"grant_type\": \"urn:ietf:params:oauth:grant-type:token-exchange\", \"subject_token_type\":\"urn:ietf:params:oauth:token-type:id_token\", \"subject_token\": \"${_id_token}\", \"provider_name\": \"github-actions\"}" \
+    "https://databricks.jfrog.io/access/api/v1/oidc/token" |
+    jq -r .access_token)
+printf '::add-mask::%s\n' "${_access_token}"
+
+if [ -z "${_access_token}" ] || [ "${_access_token}" = 'null' ]
+then
+    printf '::error::%s\n' "Could not fetch JFrog access token."
+    exit 1
+fi
+
+printf '%s=%s\n' 'jfrog-access-token' "${_access_token}" >> "${GITHUB_OUTPUT}"

.github/dependabot.yml

@@ -1,10 +1,10 @@
 version: 2
 updates:
-  - package-ecosystem: "pip"
+  - package-ecosystem: "uv"
     directory: "/"
+    cooldown:
+      default-days: 7
+      exclude:
+        - "databricks*"
     schedule:
       interval: "daily"
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "daily"

.github/workflows/acceptance.yml

@@ -10,9 +10,7 @@ on:
       - main
 
 permissions:
-  id-token: write
   contents: read
-  pull-requests: write
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -27,21 +25,25 @@ jobs:
     if: github.event_name == 'pull_request' && !github.event.pull_request.draft && !github.event.pull_request.head.repo.fork
     environment: tool
     runs-on: larger
+    permissions:
+      # Access to the integration testing infrastructure.
+      id-token: write
+      # Write test results to the PR.
+      pull-requests: write
     steps:
       - name: Checkout Code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
 
-      - name: Install Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+      - name: Setup uv
+        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098  # v7.3.1
         with:
-          cache: 'pip'
-          cache-dependency-path: '**/pyproject.toml'
-          python-version: '3.12'
+          version: "0.11.2"
+          checksum: "7ac2ca0449c8d68dae9b99e635cd3bc9b22a4cb1de64b7c43716398447d42981"
 
-      - name: Install hatch
-        run: pip install hatch==1.16.5
+      - name: Setup for JFrog
+        uses: ./.github/actions/jfrog-auth
 
       - name: Run unit tests and generate test coverage report
         run: make test
@@ -72,8 +74,7 @@ jobs:
           COVERAGE_FILE: ${{ github.workspace }}/.coverage  # make sure the coverage report is preserved
 
       - name: Merge coverage reports and convert them to XML
-        run: |
-          hatch run combine_coverage
+        run: make combine-coverage
 
       # Recursively search the entire workspace directory for all coverage reports.
       # All uploaded test coverage reports will be used even if publish is done multiple time.
@@ -89,6 +90,9 @@ jobs:
     if: github.event_name == 'pull_request' && !github.event.pull_request.draft && !github.event.pull_request.head.repo.fork
     environment: tool
     runs-on: larger
+    permissions:
+      id-token: write
+      pull-requests: write
     env:
       DATABRICKS_SERVERLESS_COMPUTE_ID: auto
     steps:
@@ -97,15 +101,14 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Install Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+      - name: Setup uv
+        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098  # v7.3.1
         with:
-          cache: 'pip'
-          cache-dependency-path: '**/pyproject.toml'
-          python-version: '3.12'
+          version: "0.11.2"
+          checksum: "7ac2ca0449c8d68dae9b99e635cd3bc9b22a4cb1de64b7c43716398447d42981"
 
-      - name: Install hatch
-        run: pip install hatch==1.16.5
+      - name: Setup for JFrog
+        uses: ./.github/actions/jfrog-auth
 
       # Integration tests are run from within tests/integration folder.
       # Create .coveragerc with correct relative path to source code.
@@ -131,8 +134,7 @@ jobs:
           COVERAGE_FILE: ${{ github.workspace }}/.coverage  # make sure the coverage report is preserved
 
       - name: Merge coverage reports and convert them to XML
-        run: |
-          hatch run combine_coverage
+        run: make combine-coverage
 
       # collects all coverage reports
       - name: Publish test coverage
@@ -144,43 +146,27 @@ jobs:
     if: github.event_name == 'pull_request' && !github.event.pull_request.draft && !github.event.pull_request.head.repo.fork
     environment: tool
     runs-on: larger
+    permissions:
+      id-token: write
+      pull-requests: write
     steps:
       - name: Checkout Code
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
 
-      - name: Install Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+      - name: Setup uv
+        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098  # v7.3.1
         with:
-          cache: 'pip'
-          cache-dependency-path: '**/pyproject.toml'
-          python-version: '3.12'
+          version: "0.11.2"
+          checksum: "7ac2ca0449c8d68dae9b99e635cd3bc9b22a4cb1de64b7c43716398447d42981"
 
-      - name: Install hatch
-        run: pip install hatch==1.16.5
-
-      - name: Install dbt
-        run: |
-          pip install dbt-core==1.10.9 dbt-databricks==1.10.9
+      - name: Setup for JFrog
+        uses: ./.github/actions/jfrog-auth
 
+      # Required for DAB (Databricks Asset Bundle) e2e tests
       - name: Install Databricks CLI
-        run: |
-          curl -fsSL https://raw.githubusercontent.com/databricks/setup-cli/main/install.sh | sh
-          databricks --version
-
-      - name: Azure login (OIDC)
-        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
-        with:
-          client-id: ${{ secrets.ARM_CLIENT_ID }}
-          tenant-id: ${{ secrets.ARM_TENANT_ID }}
-          allow-no-subscriptions: true
-
-      - name: Set env vars for Azure CLI auth
-        run: |
-          val=$(az keyvault secret show --id "${{ secrets.VAULT_URI }}/secrets/DATABRICKS-HOST" --query value -o tsv)
-          echo "DATABRICKS_HOST=$val" >> $GITHUB_ENV
-          echo "DATABRICKS_AUTH_TYPE=azure-cli" >> $GITHUB_ENV
+        uses: databricks/setup-cli@acd0e77a1ed7f15f528faca1e1f7f5590bcfdff8 # v0.296.0
 
       - name: Run e2e tests
         uses: databrickslabs/sandbox/acceptance@3313d06ce86227537b3f37f5974f7eecb2a8e59a # acceptance/v0.4.4
@@ -198,6 +184,9 @@ jobs:
     if: github.event_name == 'pull_request' && !github.event.pull_request.draft && !github.event.pull_request.head.repo.fork
     environment: tool
     runs-on: larger
+    permissions:
+      id-token: write
+      pull-requests: write
     env:
       DATABRICKS_SERVERLESS_COMPUTE_ID: auto
     steps:
@@ -206,37 +195,18 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Install Python
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+      - name: Setup uv
+        uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098  # v7.3.1
         with:
-          cache: 'pip'
-          cache-dependency-path: '**/pyproject.toml'
-          python-version: '3.12'
-
-      - name: Install hatch
-        run: pip install hatch==1.16.5
+          version: "0.11.2"
+          checksum: "7ac2ca0449c8d68dae9b99e635cd3bc9b22a4cb1de64b7c43716398447d42981"
 
-      - name: Install dbt
-        run: |
-          pip install dbt-core==1.10.9 dbt-databricks==1.10.9
+      - name: Setup for JFrog
+        uses: ./.github/actions/jfrog-auth
 
+      # Required for DAB (Databricks Asset Bundle) e2e tests
       - name: Install Databricks CLI
-        run: |
-          curl -fsSL https://raw.githubusercontent.com/databricks/setup-cli/main/install.sh | sh
-          databricks --version
-
-      - name: Azure login (OIDC)
-        uses: azure/login@a457da9ea143d694b1b9c7c869ebb04ebe844ef5 # v2.3.0
-        with:
-          client-id: ${{ secrets.ARM_CLIENT_ID }}
-          tenant-id: ${{ secrets.ARM_TENANT_ID }}
-          allow-no-subscriptions: true
-
-      - name: Set env vars for Azure CLI auth
-        run: |
-          val=$(az keyvault secret show --id "${{ secrets.VAULT_URI }}/secrets/DATABRICKS-HOST" --query value -o tsv)
-          echo "DATABRICKS_HOST=$val" >> $GITHUB_ENV
-          echo "DATABRICKS_AUTH_TYPE=azure-cli" >> $GITHUB_ENV
+        uses: databricks/setup-cli@acd0e77a1ed7f15f528faca1e1f7f5590bcfdff8 # v0.296.0
 
       - name: Run e2e tests on serverless cluster
         uses: databrickslabs/sandbox/acceptance@3313d06ce86227537b3f37f5974f7eecb2a8e59a # acceptance/v0.4.4