Security hardening: migrate CI to hardened runners + JFrog proxy (Phase 1) #685

Workflow file for this run

.github/workflows/unit-tests.yml at 4acdb2a

	name: Unit Tests

	on:
	pull_request:
	types: [opened, synchronize]

	jobs:
	unit-test-extension:
	name: Run unit tests
	strategy:
	fail-fast: false
	matrix:
	arch:
	- cli_arch: linux_amd64
	runner_group: databricks-protected-runner-group
	runner_labels: linux-ubuntu-latest
	- cli_arch: windows_amd64
	runner_group: databricks-protected-runner-group
	runner_labels: windows-server-latest
	node-version: [22.x]
	vscode-version: [stable]

	runs-on:
	group: ${{ matrix.arch.runner_group }}
	labels: ${{ matrix.arch.runner_labels }}

	permissions:
	id-token: write
	contents: read

	env:
	VSCODE_TEST_VERSION: ${{ matrix.vscode-version }}
	CLI_ARCH: ${{ matrix.arch.cli_arch }}

	defaults:
	run:
	shell: bash

	steps:
	- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1

	- name: Obtain JFrog OIDC token
	run: bash .github/scripts/jfrog-oidc-token.sh

	- name: Configure JFrog npm registry
	run: bash .github/scripts/configure-npm.sh

	- name: Use Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
	with:
	node-version: ${{ matrix.node-version }}
	cache: "yarn"

	- name: Cache VSCode unit test runner
	uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
	with:
	path: /tmp/vscode-test-databricks
	key: ${{ matrix.arch.cli_arch }}-${{ matrix.vscode-version }}-vscode-test

	- run: yarn install --immutable

	- name: Prettier and Linting
	run: yarn run test:lint
	working-directory: packages/databricks-vscode

	- name: Fetching Databricks CLI
	run: yarn run package:cli:fetch
	working-directory: packages/databricks-vscode
	env:
	GH_TOKEN: ${{ github.token }}

	- name: Building packages
	run: yarn run build

	- name: Unit Tests with Coverage
	run: \|
	if [[ "$RUNNER_OS" == "Linux" ]]; then
	Xvfb :99 -screen 0 1024x768x24 >/dev/null 2>&1 &
	export DISPLAY=:99
	fi
	yarn run test:cov
	working-directory: packages/databricks-vscode

	- name: Install Python
	uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
	with:
	python-version: "3.12" # 3.13+ is not yet supported by the latest DBR

	- name: Configure JFrog pip registry
	run: bash .github/scripts/configure-pip.sh

	- name: Install Python dependencies
	run: pip install ipython==9.11.0
	working-directory: packages/databricks-vscode

	- name: Python Unit Tests
	run: yarn run test:python
	working-directory: packages/databricks-vscode

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security hardening: migrate CI to hardened runners + JFrog proxy (Phase 1) #685

Workflow file

Security hardening: migrate CI to hardened runners + JFrog proxy (Phase 1) #685

Uh oh!

Workflow file for this run