SNOW-2272485: CICD reconfiguration (#2485)

Author: sfc-gh-pcyrek

.github/workflows/build_test.yml

@@ -196,9 +196,9 @@ jobs:
       - name: Setup private key file
         shell: bash
         env:
-          PYTHON_PRIVATE_KEY_SECRET: ${{ secrets.PYTHON_PRIVATE_KEY_SECRET }}
+          PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
         run: |
-          gpg --quiet --batch --yes --decrypt --passphrase="$PYTHON_PRIVATE_KEY_SECRET" \
+          gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" \
           .github/workflows/parameters/public/rsa_keys/rsa_key_python_${{ matrix.cloud-provider }}.p8.gpg > test/rsa_key_python_${{ matrix.cloud-provider }}.p8
       - name: Download wheel(s)
         uses: actions/download-artifact@v4
@@ -274,9 +274,9 @@ jobs:
       - name: Setup private key file
         shell: bash
         env:
-          PYTHON_PRIVATE_KEY_SECRET: ${{ secrets.PYTHON_PRIVATE_KEY_SECRET }}
+          PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
         run: |
-          gpg --quiet --batch --yes --decrypt --passphrase="$PYTHON_PRIVATE_KEY_SECRET" \
+          gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" \
           .github/workflows/parameters/public/rsa_keys/rsa_key_python_${{ matrix.cloud-provider }}.p8.gpg > test/rsa_key_python_${{ matrix.cloud-provider }}.p8
       - name: Upgrade setuptools, pip and wheel
         run: python -m pip install -U setuptools pip wheel
@@ -342,9 +342,9 @@ jobs:
       - name: Setup private key file
         shell: bash
         env:
-          PYTHON_PRIVATE_KEY_SECRET: ${{ secrets.PYTHON_PRIVATE_KEY_SECRET }}
+          PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
         run: |
-          gpg --quiet --batch --yes --decrypt --passphrase="$PYTHON_PRIVATE_KEY_SECRET" \
+          gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" \
           .github/workflows/parameters/public/rsa_keys/rsa_key_python_${{ matrix.cloud-provider }}.p8.gpg > test/rsa_key_python_${{ matrix.cloud-provider }}.p8
       - name: Download wheel(s)
         uses: actions/download-artifact@v4
@@ -402,9 +402,9 @@ jobs:
       - name: Setup private key file
         shell: bash
         env:
-          PYTHON_PRIVATE_KEY_SECRET: ${{ secrets.PYTHON_PRIVATE_KEY_SECRET }}
+          PARAMETERS_SECRET: ${{ secrets.PARAMETERS_SECRET }}
         run: |
-          gpg --quiet --batch --yes --decrypt --passphrase="$PYTHON_PRIVATE_KEY_SECRET" \
+          gpg --quiet --batch --yes --decrypt --passphrase="$PARAMETERS_SECRET" \
           .github/workflows/parameters/public/rsa_keys/rsa_key_python_${{ matrix.cloud-provider }}.p8.gpg > test/rsa_key_python_${{ matrix.cloud-provider }}.p8
       - name: Download wheel(s)
         uses: actions/download-artifact@v4

.github/workflows/parameters/public/jenkins_test_parameters.py.gpg

@@ -33,7 +33,8 @@ timestamps {
         string(name: 'client_git_commit', value: scmInfo.GIT_COMMIT),
         string(name: 'client_git_branch', value: scmInfo.GIT_BRANCH),
         string(name: 'parent_job', value: env.JOB_NAME),
-        string(name: 'parent_build_number', value: env.BUILD_NUMBER)
+        string(name: 'parent_build_number', value: env.BUILD_NUMBER),
+        string(name: 'USE_PASSWORD', value: 'true')
       ]
       parallel(
       'Test': {

.github/workflows/parameters/public/rsa_keys/rsa_key_python_aws.p8.gpg

@@ -14,11 +14,14 @@ export JUNIT_REPORT_DIR=${SF_REGRESS_LOGS:-$CONNECTOR_DIR}
 export COV_REPORT_DIR=${CONNECTOR_DIR}
 
 # Decrypt parameters file
-PARAMS_FILE="${PARAMETERS_DIR}/jenkins_test_parameters.py.gpg"
+PARAMS_FILE="${PARAMETERS_DIR}/parameters_aws.py.gpg"
 [ ${cloud_provider} == azure ] && PARAMS_FILE="${PARAMETERS_DIR}/parameters_azure.py.gpg"
 [ ${cloud_provider} == gcp ] && PARAMS_FILE="${PARAMETERS_DIR}/parameters_gcp.py.gpg"
 gpg --quiet --batch --yes --decrypt --passphrase="${PARAMETERS_SECRET}" ${PARAMS_FILE} > test/parameters.py
 
+# Decrypt private key file
+gpg --quiet --batch --yes --decrypt --passphrase="${PARAMETERS_SECRET}" "${CONNECTOR_DIR}/.github/workflows/parameters/public/rsa_keys/rsa_key_python_${cloud_provider}.p8.gpg" > "test/rsa_key_python_${cloud_provider}.p8"
+
 rm -rf venv
 python3.12 -m venv venv
 . venv/bin/activate

.github/workflows/parameters/public/rsa_keys/rsa_key_python_azure.p8.gpg

@@ -45,6 +45,7 @@ docker run --network=host \
     -e JENKINS_HOME \
     -e is_old_driver \
     -e GITHUB_ACTIONS \
+    -e USE_PASSWORD=true \
     --mount type=bind,source="${CONNECTOR_DIR}",target=/home/user/snowflake-connector-python \
     ${CONTAINER_NAME}:1.0 \
     /home/user/snowflake-connector-python/ci/test_linux.sh ${PYTHON_ENV}

.github/workflows/parameters/public/rsa_keys/rsa_key_python_gcp.p8.gpg

@@ -1,8 +1,19 @@
 #!/bin/bash -e
 #
-# Test Snowflake Connector
-# Note this is the script that test_docker.sh runs inside of the docker container
+# Test Snowflake Connector (FIPS)
+# Note this is the script that test_fips_docker.sh runs inside of the docker container
 #
+
+# Export USE_PASSWORD only on Jenkins (not on GitHub Actions)
+# Jenkins FIPS tests run against mocked Snowflake with password auth
+# GitHub Actions FIPS tests run against real Snowflake with key-pair auth
+if [[ "${JENKINS_HOME}" != "false" && -n "${JENKINS_HOME}" ]]; then
+    export USE_PASSWORD=true
+    echo "[Info] Jenkins detected: Using password authentication for FIPS tests"
+else
+    echo "[Info] GitHub Actions detected: Using key-pair authentication for FIPS tests"
+fi
+
 THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 # shellcheck disable=SC1090
 CONNECTOR_DIR="$( dirname "${THIS_DIR}")"

Jenkinsfile

@@ -6,6 +6,7 @@
 #   - This script assumes that ../dist/repaired_wheels has the wheel(s) built for all versions to be tested
 #   - This is the script that test_docker.sh runs inside of the docker container
 
+
 PYTHON_VERSIONS="${1:-3.9 3.10 3.11 3.12 3.13}"
 THIS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 CONNECTOR_DIR="$( dirname "${THIS_DIR}")"