diff --git a/.gitattributes b/.gitattributes index 60f95cd..e735211 100644 --- a/.gitattributes +++ b/.gitattributes @@ -10,8 +10,7 @@ /.github/workflows/dependency-update.yml linguist-generated=true /.github/workflows/fast-tests.yml linguist-generated=true /.github/workflows/gh-pages.yml linguist-generated=true -/.github/workflows/matrix-exasol.yml linguist-generated=true -/.github/workflows/matrix-python.yml linguist-generated=true +/.github/workflows/matrix.yml linguist-generated=true /.github/workflows/merge-gate.yml linguist-generated=true /.github/workflows/periodic-validation.yml linguist-generated=true /.github/workflows/pr-merge.yml linguist-generated=true diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index db9b478..68f51ad 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. +# Last generated with exasol-toolbox version 10.0.0. name: Build & Publish on: @@ -18,10 +18,12 @@ jobs: - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -35,7 +37,7 @@ jobs: env: POETRY_HTTP_BASIC_PYPI_USERNAME: "__token__" POETRY_HTTP_BASIC_PYPI_PASSWORD: "${{ secrets.PYPI_TOKEN }}" - run: poetry publish + run: poetry publish # zizmor: ignore[use-trusted-publishing] - Trusted Publishing is not usable from this reusable workflow yet; see https://github.com/exasol/python-toolbox/issues/871 - name: Publish Release to GitHub id: publish-release-to-github diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 2703e43..97000b5 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. +# Last generated with exasol-toolbox version 10.0.0. name: CD on: @@ -25,6 +25,7 @@ jobs: secrets: PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }} + publish-docs: needs: - build-and-publish diff --git a/.github/workflows/check-release-tag.yml b/.github/workflows/check-release-tag.yml index 0fc45ef..d3d50e8 100644 --- a/.github/workflows/check-release-tag.yml +++ b/.github/workflows/check-release-tag.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. +# Last generated with exasol-toolbox version 10.0.0. name: Check Release Tag on: @@ -16,10 +16,12 @@ jobs: - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -27,4 +29,7 @@ jobs: - name: Check Release Tag id: check-release-tag # make sure the pushed/created tag matched the project version - run: "[[ `poetry version --short` == ${{ github.ref_name }} ]]" + env: + GITHUB_REF_NAME: ${{ github.ref_name }} + run: |- + [[ "$(poetry version --short)" == "$GITHUB_REF_NAME" ]] diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 701bc9a..87d0071 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. +# Last generated with exasol-toolbox version 10.0.0. name: Checks on: @@ -15,10 +15,12 @@ jobs: - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -36,15 +38,17 @@ jobs: runs-on: "ubuntu-24.04" permissions: contents: read - if: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/master' }} + if: github.ref != format('refs/heads/{0}', github.event.repository.default_branch) steps: - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -66,10 +70,12 @@ jobs: - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -102,10 +108,12 @@ jobs: - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -128,10 +136,12 @@ jobs: - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -158,10 +168,12 @@ jobs: - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -179,10 +191,12 @@ jobs: - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -190,3 +204,49 @@ jobs: - name: Build Package id: build-package run: poetry run -- nox -s package:check + + check-workflows: + name: Check Workflows + runs-on: "ubuntu-24.04" + permissions: + contents: read + steps: + - name: Check out Repository + id: check-out-repository + uses: actions/checkout@v6 + with: + persist-credentials: false + + - name: Set up Python & Poetry Environment + id: set-up-python-and-poetry-environment + uses: exasol/python-toolbox/.github/actions/python-environment@v10 + with: + python-version: "3.10" + poetry-version: "2.3.0" + + - name: Check Workflows + id: check-workflows + run: poetry run -- nox -s workflow:check -- all + + audit-workflows: + name: Audit Workflows + runs-on: "ubuntu-24.04" + permissions: + contents: read + steps: + - name: Check out Repository + id: check-out-repository + uses: actions/checkout@v6 + with: + persist-credentials: false + + - name: Set up Python & Poetry Environment + id: set-up-python-and-poetry-environment + uses: exasol/python-toolbox/.github/actions/python-environment@v10 + with: + python-version: "3.10" + poetry-version: "2.3.0" + + - name: Audit Workflows + id: audit-workflows + run: poetry run -- nox -s workflow:audit diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e44f4b0..9deb020 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. +# Last generated with exasol-toolbox version 10.0.0. name: CI on: @@ -10,7 +10,11 @@ jobs: merge-gate: name: Merge Gate uses: ./.github/workflows/merge-gate.yml - secrets: inherit + secrets: + INTEGRATION_TEAM_SAAS_STAGING_HOST: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_HOST }} + INTEGRATION_TEAM_SAAS_STAGING_ACCOUNT_ID: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_ACCOUNT_ID }} + INTEGRATION_TEAM_SAAS_STAGING_PAT: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_PAT }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} permissions: contents: read @@ -24,6 +28,7 @@ jobs: needs.merge-gate.result != 'skipped' && needs.merge-gate.result != 'cancelled' uses: ./.github/workflows/report.yml - secrets: inherit + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} permissions: contents: read diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 99b6ae4..1a94d97 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. +# Last generated with exasol-toolbox version 10.0.0. name: Dependency Update on: @@ -21,19 +21,21 @@ jobs: id: check-out-repository uses: actions/checkout@v6 with: + persist-credentials: true fetch-depth: 0 - name: Fail if not running on the default branch id: check-branch if: github.ref != format('refs/heads/{0}', github.event.repository.default_branch) - uses: actions/github-script@v8 - with: - script: | - core.setFailed('Not running on the default branch. github.ref is ${{ github.ref }}') + env: + CURRENT_BRANCH: ${{ github.ref }} + run: | + echo "Not running on the default branch. Current ref is: $CURRENT_BRANCH" + exit 1 - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -110,6 +112,7 @@ jobs: PR_URL=$(gh pr create \ --base "$BASE_BRANCH" \ + --label "security" \ --title "Update dependencies to fix vulnerabilities ($(date '+%Y-%m-%d'))" \ --body "$PR_BODY") @@ -118,7 +121,7 @@ jobs: - name: Report New Pull Request to Slack Channel id: report-pr-slack if: ${{ steps.create-pr.outputs.pr_url }} - uses: ravsamhq/notify-slack-action@v2 + uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2 # 2.5.0 with: status: '${{ job.status }}' token: '${{ secrets.GITHUB_TOKEN }}' diff --git a/.github/workflows/fast-tests.yml b/.github/workflows/fast-tests.yml index 647414d..7f3fc87 100644 --- a/.github/workflows/fast-tests.yml +++ b/.github/workflows/fast-tests.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. +# Last generated with exasol-toolbox version 10.0.0. name: Fast-Tests on: @@ -20,10 +20,12 @@ jobs: - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index dd62c83..1094159 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. +# Last generated with exasol-toolbox version 10.0.0. name: Publish Documentation on: @@ -18,10 +18,11 @@ jobs: uses: actions/checkout@v6 with: fetch-depth: 0 + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -34,7 +35,7 @@ jobs: - name: Upload Artifact id: upload-artifact - uses: actions/upload-pages-artifact@v5.0.0 + uses: actions/upload-pages-artifact@v5 with: path: html-documentation diff --git a/.github/workflows/matrix-all.yml b/.github/workflows/matrix-all.yml deleted file mode 100644 index ce5f01d..0000000 --- a/.github/workflows/matrix-all.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Build Matrix (All) - -on: - workflow_call: - outputs: - matrix: - description: "Generates the full build matrix for Python & Exasol versions" - value: ${{ jobs.set-matrix-all.outputs.matrix }} - -jobs: - set-matrix-all: - runs-on: "ubuntu-24.04" - permissions: - contents: read - steps: - - name: Check out Repository - id: check-out-repository - uses: actions/checkout@v6 - - - name: Set up Python & Poetry Environment - id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 - with: - python-version: "3.10" - poetry-version: "2.3.0" - - - name: Generate Matrix - id: generate-matrix - run: poetry run -- nox -s matrix:all - - - name: Set Matrix - id: set-matrix - run: | - echo "matrix=$(poetry run -- nox -s matrix:all)" >> $GITHUB_OUTPUT - - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} diff --git a/.github/workflows/matrix-exasol.yml b/.github/workflows/matrix-exasol.yml deleted file mode 100644 index 24c4c4d..0000000 --- a/.github/workflows/matrix-exasol.yml +++ /dev/null @@ -1,39 +0,0 @@ -# Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. -name: Build Matrix (Exasol) - -on: - workflow_call: - outputs: - matrix: - description: "Generates the exasol version build matrix" - value: ${{ jobs.set-matrix-exasol.outputs.matrix }} - -jobs: - set-matrix-exasol: - runs-on: "ubuntu-24.04" - permissions: - contents: read - steps: - - name: Check out Repository - id: check-out-repository - uses: actions/checkout@v6 - - - name: Set up Python & Poetry Environment - id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 - with: - python-version: "3.10" - poetry-version: "2.3.0" - - - name: Generate Matrix - id: generate-matrix - run: poetry run -- nox -s matrix:exasol - - - name: Set Matrix - id: set-matrix - run: | - echo "matrix=$(poetry run -- nox -s matrix:exasol)" >> $GITHUB_OUTPUT - - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} diff --git a/.github/workflows/matrix-python.yml b/.github/workflows/matrix-python.yml deleted file mode 100644 index b859eb7..0000000 --- a/.github/workflows/matrix-python.yml +++ /dev/null @@ -1,39 +0,0 @@ -# Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. -name: Build Matrix (Python) - -on: - workflow_call: - outputs: - matrix: - description: "Generates the python version build matrix" - value: ${{ jobs.set-matrix-python.outputs.matrix }} - -jobs: - set-matrix-python: - runs-on: "ubuntu-24.04" - permissions: - contents: read - steps: - - name: Check out Repository - id: check-out-repository - uses: actions/checkout@v6 - - - name: Set up Python & Poetry Environment - id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 - with: - python-version: "3.10" - poetry-version: "2.3.0" - - - name: Generate Matrix - id: generate-matrix - run: poetry run -- nox -s matrix:python - - - name: Set Matrix - id: set-matrix - run: | - echo "matrix=$(poetry run -- nox -s matrix:python)" >> $GITHUB_OUTPUT - - outputs: - matrix: ${{ steps.set-matrix.outputs.matrix }} diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml new file mode 100644 index 0000000..1471362 --- /dev/null +++ b/.github/workflows/matrix.yml @@ -0,0 +1,48 @@ +# Generated and maintained by the exasol-toolbox. +# Last generated with exasol-toolbox version 10.0.0. +name: Build Matrix + +on: + workflow_call: + inputs: + matrix_keys_json: + description: "JSON array of BaseConfig keys to include in the generated matrix output." + required: true + type: string + outputs: + matrix: + description: "Generates the requested build matrix" + value: ${{ jobs.set-matrix.outputs.matrix }} + +jobs: + set-matrix: + runs-on: "ubuntu-24.04" + permissions: + contents: read + steps: + - name: Check out Repository + id: check-out-repository + uses: actions/checkout@v6 + with: + persist-credentials: false + + - name: Set up Python & Poetry Environment + id: set-up-python-and-poetry-environment + uses: exasol/python-toolbox/.github/actions/python-environment@v10 + with: + python-version: "3.10" + poetry-version: "2.3.0" + + - name: Generate Matrix + id: set-matrix + env: + MATRIX_KEYS_JSON: ${{ inputs.matrix_keys_json }} + run: | + readarray -t matrix_keys < <(jq -r '.[]' <<< "$MATRIX_KEYS_JSON") + matrix_json="$(poetry run -- nox -s matrix:generate -- "${matrix_keys[@]}")" + echo "Generated matrix JSON:" + jq . <<< "$matrix_json" + echo "matrix=$matrix_json" >> "$GITHUB_OUTPUT" + + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} diff --git a/.github/workflows/merge-gate.yml b/.github/workflows/merge-gate.yml index 47b8d62..0fbdd9e 100644 --- a/.github/workflows/merge-gate.yml +++ b/.github/workflows/merge-gate.yml @@ -1,9 +1,18 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. +# Last generated with exasol-toolbox version 10.0.0. name: Merge-Gate on: workflow_call: + secrets: + INTEGRATION_TEAM_SAAS_STAGING_HOST: + required: true + INTEGRATION_TEAM_SAAS_STAGING_ACCOUNT_ID: + required: true + INTEGRATION_TEAM_SAAS_STAGING_PAT: + required: true + SONAR_TOKEN: + required: true jobs: run-fast-checks: @@ -24,7 +33,8 @@ jobs: - run-fast-checks - run-fast-tests uses: ./.github/workflows/report.yml - secrets: inherit + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} permissions: contents: read @@ -46,7 +56,10 @@ jobs: needs: - approve-run-slow-tests uses: ./.github/workflows/slow-checks.yml - secrets: inherit + secrets: + INTEGRATION_TEAM_SAAS_STAGING_HOST: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_HOST }} + INTEGRATION_TEAM_SAAS_STAGING_ACCOUNT_ID: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_ACCOUNT_ID }} + INTEGRATION_TEAM_SAAS_STAGING_PAT: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_PAT }} permissions: contents: read @@ -61,14 +74,17 @@ jobs: # If you need additional jobs to be part of the merge gate, add them below needs: - run-fast-checks + - run-fast-tests - run-slow-checks # To prevent accidentally merges, this step is required. For more details # see: https://github.com/exasol/python-toolbox/issues/563 steps: - name: Branch Protection - failure if any ancestor failed or was cancelled if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + env: + NEEDS_JSON: ${{ toJSON(needs) }} run: | - echo '${{ toJSON(needs) }}' + echo "$NEEDS_JSON" exit 1 - name: branch protection run: echo "All required checks passed. Merge allowed." diff --git a/.github/workflows/periodic-validation.yml b/.github/workflows/periodic-validation.yml index 5f7a943..8824fc8 100644 --- a/.github/workflows/periodic-validation.yml +++ b/.github/workflows/periodic-validation.yml @@ -1,29 +1,55 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. +# Last generated with exasol-toolbox version 10.0.0. name: Periodic-Validation on: schedule: # At 00:00 on Saturday. (https://crontab.guru) - cron: "0 0 * * 6" + workflow_dispatch: jobs: + restrict-to-default-branch: + name: Restrict to Default Branch + runs-on: "ubuntu-24.04" + permissions: + contents: read + + steps: + - name: Fail if not running on the default branch + id: check-branch + if: github.ref != format('refs/heads/{0}', github.event.repository.default_branch) + env: + CURRENT_BRANCH: ${{ github.ref }} + run: | + echo "Not running on the default branch. Current ref is: $CURRENT_BRANCH" + exit 1 + run-fast-checks: name: Fast Checks uses: ./.github/workflows/checks.yml + needs: + - restrict-to-default-branch permissions: contents: read run-fast-tests: name: Fast Tests uses: ./.github/workflows/fast-tests.yml + needs: + - restrict-to-default-branch permissions: contents: read run-slow-checks: name: Slow Checks uses: ./.github/workflows/slow-checks.yml - secrets: inherit + needs: + - restrict-to-default-branch + secrets: + INTEGRATION_TEAM_SAAS_STAGING_HOST: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_HOST }} + INTEGRATION_TEAM_SAAS_STAGING_ACCOUNT_ID: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_ACCOUNT_ID }} + INTEGRATION_TEAM_SAAS_STAGING_PAT: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_PAT }} permissions: contents: read @@ -34,6 +60,7 @@ jobs: - run-fast-tests - run-slow-checks uses: ./.github/workflows/report.yml - secrets: inherit + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} permissions: contents: read diff --git a/.github/workflows/pr-merge.yml b/.github/workflows/pr-merge.yml index 9507e25..95f7eb3 100644 --- a/.github/workflows/pr-merge.yml +++ b/.github/workflows/pr-merge.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. +# Last generated with exasol-toolbox version 10.0.0. name: PR-Merge on: diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml index d6f568a..c66e6c3 100644 --- a/.github/workflows/report.yml +++ b/.github/workflows/report.yml @@ -1,9 +1,12 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 8.1.1. +# Last generated with exasol-toolbox version 10.0.0. name: Status Report on: workflow_call: + secrets: + SONAR_TOKEN: + required: true jobs: @@ -11,18 +14,17 @@ jobs: runs-on: "ubuntu-24.04" permissions: contents: read - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 with: fetch-depth: 0 + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/slow-checks-itde.yml b/.github/workflows/slow-checks-itde.yml index 4b003a7..2f76211 100644 --- a/.github/workflows/slow-checks-itde.yml +++ b/.github/workflows/slow-checks-itde.yml @@ -6,12 +6,14 @@ on: jobs: build-matrix: name: Build Matrix - uses: ./.github/workflows/matrix-all.yml + uses: ./.github/workflows/matrix.yml + with: + matrix_keys_json: '["exasol_versions", "python_versions"]' permissions: contents: read run-integration-tests: - name: Run Integration Tests (Python-${{ matrix.python-version }}, Exasol-${{ matrix.exasol-version}}) + name: Run Integration Tests (Python-${{ matrix.python_versions }}, Exasol-${{ matrix.exasol_versions}}) needs: - build-matrix runs-on: "ubuntu-24.04" @@ -20,36 +22,34 @@ jobs: strategy: fail-fast: false matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }} - steps: - name: Allow unprivileged user namespaces id: allow-unprivileged-user-namespaces run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 - - name: Free disk space - uses: jlumbroso/free-disk-space@main - with: - tool-cache: true - large-packages: false - - name: Free disk space by removing large directories run: | - sudo rm -rf /usr/local/graalvm/ - sudo rm -rf /usr/local/.ghcup/ - sudo rm -rf /usr/local/share/powershell - sudo rm -rf /usr/local/share/chromium - sudo rm -rf /usr/local/lib/node_modules - sudo rm -rf /opt/ghc + sudo rm -rf /usr/local/graalvm/ + sudo rm -rf /usr/local/.ghcup/ + sudo rm -rf /usr/local/share/powershell + sudo rm -rf /usr/local/share/chromium + sudo rm -rf /usr/local/lib/node_modules + sudo rm -rf /opt/ghc + sudo rm -rf /usr/local/lib/android + sudo rm -rf /usr/share/dotnet + - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: - python-version: ${{ matrix.python-version }} + python-version: ${{ matrix.python_versions }} poetry-version: "2.3.0" - name: Run Integration Tests @@ -57,12 +57,15 @@ jobs: run: > poetry run -- nox -s test:integration -- -s --coverage --backend=onprem - --db-version ${{ matrix.exasol-version }} + --db-version ${MATRIX_EXASOL_VERSIONS} + env: + MATRIX_EXASOL_VERSIONS: ${{ matrix.exasol_versions }} - name: Upload Artifacts id: upload-artifacts uses: actions/upload-artifact@v7 with: - name: coverage-python${{ matrix.python-version }}-exasol${{ matrix.exasol-version }}-slow-itde + name: coverage-python${{ matrix.python_versions }}-exasol${{ matrix.exasol_versions }}-slow-itde path: .coverage include-hidden-files: true + overwrite: false diff --git a/.github/workflows/slow-checks-saas.yml b/.github/workflows/slow-checks-saas.yml index 9481ea5..19838d8 100644 --- a/.github/workflows/slow-checks-saas.yml +++ b/.github/workflows/slow-checks-saas.yml @@ -2,14 +2,33 @@ name: Slow-Checks-SaaS on: workflow_call: + secrets: + INTEGRATION_TEAM_SAAS_STAGING_HOST: + required: true + INTEGRATION_TEAM_SAAS_STAGING_ACCOUNT_ID: + required: true + INTEGRATION_TEAM_SAAS_STAGING_PAT: + required: true jobs: + build-matrix: + name: Build Matrix + uses: ./.github/workflows/matrix.yml + with: + matrix_keys_json: '["minimum_python_version"]' + permissions: + contents: read + run-integration-tests: - name: Run Integration Tests with SaaS (Python-3.12) + name: Run Integration Tests with SaaS (Python-${{ matrix.minimum_python_version }}) runs-on: "ubuntu-24.04" permissions: contents: read - + needs: + - build-matrix + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }} steps: - name: Allow unprivileged user namespaces id: allow-unprivileged-user-namespaces @@ -18,12 +37,14 @@ jobs: - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: - python-version: "3.12" + python-version: ${{ matrix.minimum_python_version }} poetry-version: "2.3.0" - name: Run Integration Tests @@ -40,6 +61,6 @@ jobs: id: upload-artifacts uses: actions/upload-artifact@v7 with: - name: coverage-python3.12-slow-saas + name: coverage-python${{ matrix.minimum_python_version }}-slow-saas path: .coverage include-hidden-files: true diff --git a/.github/workflows/slow-checks.yml b/.github/workflows/slow-checks.yml index de34d1a..bbb3d67 100644 --- a/.github/workflows/slow-checks.yml +++ b/.github/workflows/slow-checks.yml @@ -2,18 +2,27 @@ name: Slow-Checks on: workflow_call: + secrets: + INTEGRATION_TEAM_SAAS_STAGING_HOST: + required: true + INTEGRATION_TEAM_SAAS_STAGING_ACCOUNT_ID: + required: true + INTEGRATION_TEAM_SAAS_STAGING_PAT: + required: true jobs: run-slow-checks-itde: name: Run Slow Checks with ITDE uses: ./.github/workflows/slow-checks-itde.yml - secrets: inherit permissions: contents: read run-slow-checks-saas: name: Run Slow Checks with SaaS uses: ./.github/workflows/slow-checks-saas.yml - secrets: inherit + secrets: + INTEGRATION_TEAM_SAAS_STAGING_HOST: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_HOST }} + INTEGRATION_TEAM_SAAS_STAGING_ACCOUNT_ID: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_ACCOUNT_ID }} + INTEGRATION_TEAM_SAAS_STAGING_PAT: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_PAT }} permissions: contents: read diff --git a/.workflow-patcher.yml b/.workflow-patcher.yml deleted file mode 100644 index 4bddfa2..0000000 --- a/.workflow-patcher.yml +++ /dev/null @@ -1,7 +0,0 @@ -workflows: - - name: checks - # This is needed because this project does not need `matrix-all.yml` or `matrix-exasol.yml`. - # This job will be re-activated in: - # https://github.com/exasol/python-extension-common/issues/152 - remove_jobs: - - check-workflows diff --git a/.zizmor.yml b/.zizmor.yml new file mode 100644 index 0000000..a5fab9a --- /dev/null +++ b/.zizmor.yml @@ -0,0 +1,9 @@ +rules: + unpinned-uses: + # Official GitHub actions & ones maintained by us may use a referential pin. + # Third party GitHub actions must be defined with an SHA hash. + config: + policies: + "actions/*": ref-pin + exasol/python-toolbox/.github/actions/python-environment: ref-pin + "*": hash-pin diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md index fb47370..34979f2 100644 --- a/doc/changes/unreleased.md +++ b/doc/changes/unreleased.md @@ -1,3 +1,7 @@ # Unreleased ## Summary + +## Refactoring + +* #152: Re-enabled `check-workflows` in `checks.yml` and updated to `exasol-toolbox` 10.0.0 \ No newline at end of file diff --git a/poetry.lock b/poetry.lock index a2e2f00..04d0951 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1255,14 +1255,14 @@ types-pyyaml = ">=6.0.12.20260408,<7.0.0.0" [[package]] name = "exasol-toolbox" -version = "8.2.0" +version = "10.0.0" description = "Your one-stop solution for managing all standard tasks and core workflows of your Python project." optional = false python-versions = "<4.0,>=3.10" groups = ["dev"] files = [ - {file = "exasol_toolbox-8.2.0-py3-none-any.whl", hash = "sha256:27fb716e04c76d25d347904490b077bbf92d1f40192a6ebdbeed87ba8d19f1dd"}, - {file = "exasol_toolbox-8.2.0.tar.gz", hash = "sha256:a15cba09b1390a92ad28ae22449a16e3f7cd4612830ef6f4261f858d47d73256"}, + {file = "exasol_toolbox-10.0.0-py3-none-any.whl", hash = "sha256:98c0456e7526ccffdfe74c727e74b706f9e613a0e42d6fffa8a0cbd2412299b8"}, + {file = "exasol_toolbox-10.0.0.tar.gz", hash = "sha256:c2002f4cf7e8f94c9c72289a4acb98bfe6fa123942f488ecb5c84d82e92dd770"}, ] [package.dependencies] @@ -1298,6 +1298,7 @@ sphinxcontrib-mermaid = ">=2.0.0,<3.0.0" structlog = ">=25.5.0,<26.0.0" twine = ">=6.1.0,<7" typer = {version = ">=0.7.0", extras = ["all"]} +zizmor = ">=1.25.2,<2.0.0" [[package]] name = "exceptiongroup" @@ -5612,10 +5613,31 @@ enabler = ["pytest-enabler (>=3.4)"] test = ["big-O", "jaraco.functools", "jaraco.itertools", "jaraco.test", "more_itertools", "pytest (>=6,!=8.1.*)", "pytest-ignore-flaky"] type = ["pytest-mypy (>=1.0.1) ; platform_python_implementation != \"PyPy\""] +[[package]] +name = "zizmor" +version = "1.26.1" +description = "Static analysis for GitHub Actions" +optional = false +python-versions = ">=3.10" +groups = ["dev"] +files = [ + {file = "zizmor-1.26.1-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:7ea21ca959c8e888de238fee81d73a1fdf89a82067eac75b8f1acdbd23e2eeaf"}, + {file = "zizmor-1.26.1-py3-none-macosx_11_0_arm64.whl", hash = "sha256:78083b495593f8b0b9dec14036a0836a5afcddda8a40738336ff4e399476b741"}, + {file = "zizmor-1.26.1-py3-none-manylinux_2_24_aarch64.whl", hash = "sha256:bb7ebbe565a3742eb49a590352127ad549bb122b9b4ff9424ebab7525fa3b6b6"}, + {file = "zizmor-1.26.1-py3-none-manylinux_2_28_armv7l.whl", hash = "sha256:d3049010b6bd6f849413b6d20c28e0c677b90e0a5b2bc73cbee7f7bd86dc5828"}, + {file = "zizmor-1.26.1-py3-none-manylinux_2_28_x86_64.whl", hash = "sha256:6a958d8a0941d7e1d0de8436670b5cb7fc64c8028b4d16e3f519ccc77f953cef"}, + {file = "zizmor-1.26.1-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:d2744cdf944436ca7a009ae8b626a017a40381ec990216abd6cf6b8beb23323a"}, + {file = "zizmor-1.26.1-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:44099f426af9da750ff9f548a0084e11d7d83e0158fe1a2778672398d728efdd"}, + {file = "zizmor-1.26.1-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:8313cc264dec792f00a7328eb7c8e89e7d62d54f950fc897d1e6a5a6e5762203"}, + {file = "zizmor-1.26.1-py3-none-win32.whl", hash = "sha256:c96d7787d69fb298eae939e00dfdf7f534d7dfbd9cc17ab442c0650a56851415"}, + {file = "zizmor-1.26.1-py3-none-win_amd64.whl", hash = "sha256:0a05acf6068609fb6df3b137276cf18a686226a1e0e207941cb34a85929f16cf"}, + {file = "zizmor-1.26.1.tar.gz", hash = "sha256:0c2cc575007a4db99d89d5acc6120cfa7b61504bc2394c3b50af348c73f1916e"}, +] + [extras] slc-tool = ["exasol-script-languages-container-tool"] [metadata] lock-version = "2.1" python-versions = ">=3.10,<3.14" -content-hash = "1a34e2c12b159711550cd3fe1642f1e523c9a3a1217c76abd5efc94d5d4c7f76" +content-hash = "23924b77dc145202ae85b6795b30150712a7b8b5105ce56492983d73f6e62b84" diff --git a/pyproject.toml b/pyproject.toml index 8e526d6..cfacdd4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -28,7 +28,7 @@ slc-tool = ["exasol-script-languages-container-tool>=3, <5"] [dependency-groups] dev = [ "pytest>=7.2.0,<10", - "exasol-toolbox>=8.1.1, <9", + "exasol-toolbox>=10.0.0, <11", "pytest-exasol-backend>=0.4.0,<2", "exasol-script-languages-container-tool>=3, <5", ] @@ -55,7 +55,6 @@ line-length = 100 verbose = false include = "\\.pyi?$" - [tool.isort] profile = "black" force_grid_wrap = 2