Release/prepare 1.5.0 (#472)

* Update Sonar setup for private projects

* Remove mypy.xml as was only needed when testing Sonar; it is not needed yet

* Update locked dependencies

* Prepare release 1.5.0

* Fix rst spacing

* Update release date to today

Author: ArBridgeman

.github/actions/security-issues/action.yml

@@ -39,7 +39,7 @@ runs:
     - name: Install Python Toolbox / Security tool
       shell: bash
       run: |
-        pip install exasol-toolbox==1.4.0
+        pip install exasol-toolbox==1.5.0
 
     - name: Create Security Issue Report
       shell: bash

doc/changes/changelog.md

@@ -1,6 +1,7 @@
 # Changelog
 
 * [unreleased](unreleased.md)
+* [1.5.0](changes_1.5.0.md)
 * [1.4.0](changes_1.4.0.md)
 * [1.3.0](changes_1.3.0.md)
 * [1.2.0](changes_1.2.0.md)
@@ -36,6 +37,7 @@
 hidden:
 ---
 unreleased
+changes_1.5.0
 changes_1.4.0
 changes_1.3.0
 changes_1.2.0

doc/changes/changes_1.5.0.md

@@ -0,0 +1,47 @@
+# 1.5.0 - 2025-06-18
+
+## Summary
+This version of the PTB adds nox task `sonar:check`, see #451. This allows us to
+use SonarQube Cloud to analyze, visualize, & track linting, security, & coverage. To
+set it up, you'll need to execute the following instructions.
+
+### For a public project
+1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
+    ```python
+        source: Path = Path("exasol/<project-source-folder>")
+   ```
+2. Add the 'SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner)
+3. Activate the [SonarQubeCloud App](https://github.com/apps/sonarqubecloud)
+4. Create a project on SonarCloud
+5. Add the following information to the project's file `pyproject.toml`
+    ```toml
+
+        [tool.sonar]
+        projectKey = "com.exasol:<project-key>"
+        hostUrl = "https://sonarcloud.io"
+        organization = "exasol"
+   ```
+6. Post-merge, update the branch protections to include SonarQube analysis
+
+### For a private project
+1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
+    ```python
+        source: Path = Path("exasol/<project-source-folder>")
+   ```
+2. Add the 'PRIVATE_SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner)
+3. Activate the [exasonarqubeprchecks App](https://github.com/apps/exasonarqubeprchecks)
+4. Create a project on https://sonar.exasol.com
+5. Add the following information to the project's file `pyproject.toml`
+    ```toml
+        [tool.sonar]
+        projectKey = "com.exasol:<project-key>"
+        hostUrl = "https://sonar.exasol.com"
+        organization = "exasol"
+   ```
+6. Post-merge, update the branch protections to include SonarQube analysis from exasonarqubeprchecks
+
+## ✨ Features
+* #451: Added nox task to execute pysonar & added Sonar to the CI
+
+## ⚒️ Refactorings
+* #451: Reduced scope of nox tasks `lint:code` (pylint) and `lint:security` (bandit) to analyze only the package code

doc/changes/unreleased.md

@@ -1,29 +1 @@
 # Unreleased
-
-## Summary
-This version of the PTB adds nox task `sonar:check`, see #451. This allows us to
-use SonarQube Cloud to analyze, visualize, & track linting, security, & coverage. In
-order to properly set it up, you'll need to do the following instruction for each **public** project.
-At this time, PTB currently does not support setting up SonarQube for a **private** project.
-
-1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
-    ```python
-        source: Path = Path("exasol/toolbox")
-    ```
-2. Add the 'SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner).
-3. Activate the SonarQubeCloud App
-4. Create a project on SonarCloud
-5. Add the following information to the project's file `pyproject.toml`
-    ```toml
-        [tool.sonar]
-        projectKey = "com.exasol:<project-key>"
-        hostUrl = "https://sonarcloud.io"
-        organization = "exasol"
-    ```
-6. Post-merge, update the branch protections to include SonarQube analysis
-
-## ✨ Features
-* #451: Added nox task to execute pysonar & added Sonar to the CI
-
-## ⚒️ Refactorings
-* #451: Reduced scope of nox tasks `lint:code` (pylint) and `lint:security` (bandit) to analyze only the package code

doc/user_guide/getting_started.rst

@@ -202,16 +202,16 @@ We also need to configure settings for github-pages environment:
 8. Set up for Sonar
 +++++++++++++++++++
 PTB supports using SonarQube Cloud to analyze, visualize, & track linting, security, &
-coverage. In order to properly set it up, you'll need to do the following instructions
-for each **public** project. At this time, PTB currently does not support setting up
-SonarQube for a **private** project.
+coverage. In order to set it up, you'll need to do the following instructions.
 
+For a **public** project
+^^^^^^^^^^^^^^^^^^^^^^^^
 1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
     .. code-block:: python
 
-        source: Path = Path("exasol/toolbox")
-2. Add the 'SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner).
-3. Activate the SonarQubeCloud App
+        source: Path = Path("exasol/<project-source-folder>")
+2. Add the 'SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner)
+3. Activate the `SonarQubeCloud App <https://github.com/apps/sonarqubecloud>`_
 4. Create a project on SonarCloud
 5. Add the following information to the project's file `pyproject.toml`
     .. code-block:: toml
@@ -222,7 +222,23 @@ SonarQube for a **private** project.
         organization = "exasol"
 6. Post-merge, update the branch protections to include SonarQube analysis
 
+For a **private** project
+^^^^^^^^^^^^^^^^^^^^^^^^^
+1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
+    .. code-block:: python
+
+        source: Path = Path("exasol/<project-source-folder>")
+2. Add the 'PRIVATE_SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner)
+3. Activate the `exasonarqubeprchecks App <https://github.com/apps/exasonarqubeprchecks>`_
+4. Create a project on https://sonar.exasol.com
+5. Add the following information to the project's file `pyproject.toml`
+    .. code-block:: toml
 
+        [tool.sonar]
+        projectKey = "com.exasol:<project-key>"
+        hostUrl = "https://sonar.exasol.com"
+        organization = "exasol"
+6. Post-merge, update the branch protections to include SonarQube analysis from exasonarqubeprchecks
 
 9. Go 🥜
 +++++++++++++

exasol/toolbox/templates/github/workflows/build-and-publish.yml

@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Build Artifacts
         run: poetry build

exasol/toolbox/templates/github/workflows/check-release-tag.yml

@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Check Tag Version
         # make sure the pushed/created tag matched the project version

exasol/toolbox/templates/github/workflows/checks.yml

@@ -16,7 +16,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Check Version(s)
         run: poetry run -- nox -s version:check
@@ -32,7 +32,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Build Documentation
         run: |
@@ -55,7 +55,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Run changelog update check
         run: poetry run -- nox -s changelog:updated
@@ -74,7 +74,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -105,7 +105,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -127,7 +127,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -151,7 +151,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Run format check
         run: poetry run -- nox -s project:format
@@ -173,7 +173,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
         with:
           python-version: ${{ matrix.python-version }}
 

exasol/toolbox/templates/github/workflows/gh-pages.yml

@@ -17,7 +17,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Build Documentation
         run: |

exasol/toolbox/templates/github/workflows/matrix-all.yml

@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Generate matrix
         run: poetry run -- nox -s matrix:all