Skip to content

Use shared setup-maven action in Security Scan workflow#1504

Open
gopalldb wants to merge 1 commit into
databricks:mainfrom
gopalldb:fix/security-scan-maven-proxy
Open

Use shared setup-maven action in Security Scan workflow#1504
gopalldb wants to merge 1 commit into
databricks:mainfrom
gopalldb:fix/security-scan-maven-proxy

Conversation

@gopalldb

@gopalldb gopalldb commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Replace inline JFrog OIDC + Maven proxy setup in securityScan.yml with the shared .github/actions/setup-maven composite action, consistent with prCheck.yml, coverageReport.yml, prIntegrationTests.yml, and all other workflows.
  • The inline setup diverged from the shared action: when proxy steps were skipped (fork PRs), Maven fell through to repo.maven.apache.org which is now blocked by supply chain security policy, causing the build step to fail.
  • Also removes the redundant cache: maven from setup-java since setup-maven handles cache restoration.

Test plan

  • Security Scan CI passes on this PR (Maven resolves through JFrog proxy)
  • Verify scheduled/manual dispatch triggers still work (non-fork path uses JFrog OIDC)

NO_CHANGELOG=true

This pull request and its description were written by Isaac.

@gopalldb
Use shared setup-maven action in Security Scan workflow
19458ee 
The Security Scan workflow had inline JFrog OIDC + Maven proxy setup
that diverged from all other workflows. When the proxy steps were
skipped (e.g. fork PRs), Maven fell through to repo.maven.apache.org
which is blocked by supply chain security policy. Replace with the
shared .github/actions/setup-maven action which handles JFrog auth,
cache restoration, and offline fallback for forks consistently.

Co-authored-by: Isaac
Signed-off-by: Gopal Lal <gopal.lal@databricks.com>
@gopalldb gopalldb requested a review from a team as a code owner June 23, 2026 11:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sreekanth-db sreekanth-db sreekanth-db approved these changes
@madhav-db madhav-db Awaiting requested review from madhav-db madhav-db is a code owner automatically assigned from databricks/eng-oss-sql-driver
@deeksha-db deeksha-db Awaiting requested review from deeksha-db deeksha-db is a code owner automatically assigned from databricks/eng-oss-sql-driver
@msrathore-db msrathore-db Awaiting requested review from msrathore-db msrathore-db is a code owner automatically assigned from databricks/eng-oss-sql-driver

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gopalldb @sreekanth-db