diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml index 28e3ded..68f51ad 100644 --- a/.github/workflows/build-and-publish.yml +++ b/.github/workflows/build-and-publish.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 9.0.0. +# Last generated with exasol-toolbox version 10.0.0. name: Build & Publish on: @@ -23,7 +23,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -37,7 +37,7 @@ jobs: env: POETRY_HTTP_BASIC_PYPI_USERNAME: "__token__" POETRY_HTTP_BASIC_PYPI_PASSWORD: "${{ secrets.PYPI_TOKEN }}" - run: poetry publish + run: poetry publish # zizmor: ignore[use-trusted-publishing] - Trusted Publishing is not usable from this reusable workflow yet; see https://github.com/exasol/python-toolbox/issues/871 - name: Publish Release to GitHub id: publish-release-to-github diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index de36187..97000b5 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 9.0.0. +# Last generated with exasol-toolbox version 10.0.0. name: CD on: diff --git a/.github/workflows/check-release-tag.yml b/.github/workflows/check-release-tag.yml index 2191c30..d3d50e8 100644 --- a/.github/workflows/check-release-tag.yml +++ b/.github/workflows/check-release-tag.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 9.0.0. +# Last generated with exasol-toolbox version 10.0.0. name: Check Release Tag on: @@ -21,7 +21,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 56a4d7f..87d0071 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 9.0.0. +# Last generated with exasol-toolbox version 10.0.0. name: Checks on: @@ -20,7 +20,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -48,7 +48,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -75,7 +75,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -113,7 +113,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -141,7 +141,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" @@ -173,7 +173,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -196,7 +196,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -219,7 +219,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -227,3 +227,26 @@ jobs: - name: Check Workflows id: check-workflows run: poetry run -- nox -s workflow:check -- all + + audit-workflows: + name: Audit Workflows + runs-on: "ubuntu-24.04" + permissions: + contents: read + steps: + - name: Check out Repository + id: check-out-repository + uses: actions/checkout@v6 + with: + persist-credentials: false + + - name: Set up Python & Poetry Environment + id: set-up-python-and-poetry-environment + uses: exasol/python-toolbox/.github/actions/python-environment@v10 + with: + python-version: "3.10" + poetry-version: "2.3.0" + + - name: Audit Workflows + id: audit-workflows + run: poetry run -- nox -s workflow:audit diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index eed76e9..282e90b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 9.0.0. +# Last generated with exasol-toolbox version 10.0.0. name: CI on: @@ -10,7 +10,8 @@ jobs: merge-gate: name: Merge Gate uses: ./.github/workflows/merge-gate.yml - secrets: inherit + secrets: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} permissions: contents: read diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 9aa73b3..1a94d97 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 9.0.0. +# Last generated with exasol-toolbox version 10.0.0. name: Dependency Update on: @@ -35,7 +35,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" @@ -112,6 +112,7 @@ jobs: PR_URL=$(gh pr create \ --base "$BASE_BRANCH" \ + --label "security" \ --title "Update dependencies to fix vulnerabilities ($(date '+%Y-%m-%d'))" \ --body "$PR_BODY") diff --git a/.github/workflows/fast-tests.yml b/.github/workflows/fast-tests.yml index 8afa9d9..7f3fc87 100644 --- a/.github/workflows/fast-tests.yml +++ b/.github/workflows/fast-tests.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 9.0.0. +# Last generated with exasol-toolbox version 10.0.0. name: Fast-Tests on: @@ -25,7 +25,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: ${{ matrix.python-versions }} poetry-version: "2.3.0" diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 134be7f..1094159 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 9.0.0. +# Last generated with exasol-toolbox version 10.0.0. name: Publish Documentation on: @@ -22,7 +22,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/matrix.yml b/.github/workflows/matrix.yml index c0476ae..1471362 100644 --- a/.github/workflows/matrix.yml +++ b/.github/workflows/matrix.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 9.0.0. +# Last generated with exasol-toolbox version 10.0.0. name: Build Matrix on: @@ -28,7 +28,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/merge-gate.yml b/.github/workflows/merge-gate.yml index b68282e..5e6e986 100644 --- a/.github/workflows/merge-gate.yml +++ b/.github/workflows/merge-gate.yml @@ -1,9 +1,12 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 9.0.0. +# Last generated with exasol-toolbox version 10.0.0. name: Merge-Gate on: workflow_call: + secrets: + SONAR_TOKEN: + required: true jobs: run-fast-checks: @@ -47,7 +50,6 @@ jobs: needs: - approve-run-slow-tests uses: ./.github/workflows/slow-checks.yml - secrets: inherit permissions: contents: read @@ -69,8 +71,10 @@ jobs: steps: - name: Branch Protection - failure if any ancestor failed or was cancelled if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }} + env: + NEEDS_JSON: ${{ toJSON(needs) }} run: | - echo '${{ toJSON(needs) }}' + echo "$NEEDS_JSON" exit 1 - name: branch protection run: echo "All required checks passed. Merge allowed." diff --git a/.github/workflows/periodic-validation.yml b/.github/workflows/periodic-validation.yml index 4d85ae3..453fd8e 100644 --- a/.github/workflows/periodic-validation.yml +++ b/.github/workflows/periodic-validation.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 9.0.0. +# Last generated with exasol-toolbox version 10.0.0. name: Periodic-Validation on: @@ -46,7 +46,6 @@ jobs: uses: ./.github/workflows/slow-checks.yml needs: - restrict-to-default-branch - secrets: inherit permissions: contents: read diff --git a/.github/workflows/pr-merge.yml b/.github/workflows/pr-merge.yml index 95672ba..95f7eb3 100644 --- a/.github/workflows/pr-merge.yml +++ b/.github/workflows/pr-merge.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 9.0.0. +# Last generated with exasol-toolbox version 10.0.0. name: PR-Merge on: diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml index 621a644..c66e6c3 100644 --- a/.github/workflows/report.yml +++ b/.github/workflows/report.yml @@ -1,5 +1,5 @@ # Generated and maintained by the exasol-toolbox. -# Last generated with exasol-toolbox version 9.0.0. +# Last generated with exasol-toolbox version 10.0.0. name: Status Report on: @@ -24,7 +24,7 @@ jobs: - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v9 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: "3.10" poetry-version: "2.3.0" diff --git a/.github/workflows/slow-checks.yml b/.github/workflows/slow-checks.yml index 8ad5dfe..23b475e 100644 --- a/.github/workflows/slow-checks.yml +++ b/.github/workflows/slow-checks.yml @@ -30,10 +30,12 @@ jobs: - name: Check out Repository id: check-out-repository uses: actions/checkout@v6 + with: + persist-credentials: false - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment - uses: exasol/python-toolbox/.github/actions/python-environment@v8 + uses: exasol/python-toolbox/.github/actions/python-environment@v10 with: python-version: ${{ matrix.python_versions }} poetry-version: "2.3.0" diff --git a/.zizmor.yml b/.zizmor.yml new file mode 100644 index 0000000..a5fab9a --- /dev/null +++ b/.zizmor.yml @@ -0,0 +1,9 @@ +rules: + unpinned-uses: + # Official GitHub actions & ones maintained by us may use a referential pin. + # Third party GitHub actions must be defined with an SHA hash. + config: + policies: + "actions/*": ref-pin + exasol/python-toolbox/.github/actions/python-environment: ref-pin + "*": hash-pin diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md index 6595465..f5a4deb 100644 --- a/doc/changes/unreleased.md +++ b/doc/changes/unreleased.md @@ -11,5 +11,6 @@ * #78: Removed unneeded requests pin as pysonar removed their pinning * #81: Replaced version.py with version from package -* #83: Updated PTB to 8.1.1 -* #85: Re-enabled `check-workflows` in `checks.yml` and updated to PTB 9.0.0 \ No newline at end of file +* #83: Updated `exasol-toolbox` to 8.1.1 +* #85: Re-enabled `check-workflows` in `checks.yml` and updated to `exasol-toolbox` 9.0.0 +* #90: Updated to `exasol-toolbox` 10.0.0 \ No newline at end of file diff --git a/poetry.lock b/poetry.lock index 4770bb3..b4acd1f 100644 --- a/poetry.lock +++ b/poetry.lock @@ -975,14 +975,14 @@ dates = ["pytz (>=2019.1)"] [[package]] name = "exasol-toolbox" -version = "9.0.0" +version = "10.0.0" description = "Your one-stop solution for managing all standard tasks and core workflows of your Python project." optional = false python-versions = "<4.0,>=3.10" groups = ["dev"] files = [ - {file = "exasol_toolbox-9.0.0-py3-none-any.whl", hash = "sha256:ffa73f36923470bdaae50137e810170b6100473c9df3b3b02566d3fbdb9e8e70"}, - {file = "exasol_toolbox-9.0.0.tar.gz", hash = "sha256:9a5eb9d7514c57d5d1c6bfb4341d51a500906cf2c3f56078d264d88270d4cd18"}, + {file = "exasol_toolbox-10.0.0-py3-none-any.whl", hash = "sha256:98c0456e7526ccffdfe74c727e74b706f9e613a0e42d6fffa8a0cbd2412299b8"}, + {file = "exasol_toolbox-10.0.0.tar.gz", hash = "sha256:c2002f4cf7e8f94c9c72289a4acb98bfe6fa123942f488ecb5c84d82e92dd770"}, ] [package.dependencies] @@ -3879,4 +3879,4 @@ files = [ [metadata] lock-version = "2.1" python-versions = ">=3.10,<4.0" -content-hash = "16a81886556ea4b55cd7912788bdd83aa1776da744eac2aefbfd2b00d918eee5" +content-hash = "28fa443895259b47a4898e20f23e2fe527451ed8be12b1a14a4ab98c74ef6316" diff --git a/pyproject.toml b/pyproject.toml index 9de9391..ef0cbd9 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -34,7 +34,7 @@ ec = "exasol.error._cli:main" [dependency-groups] dev = [ "pytest>=7.1.2,<10", - "exasol-toolbox>=9.0.0, <10", + "exasol-toolbox>=10.0.0, <11", ] [tool.poetry]