Add toolbox workflows (#167)

.github/workflows/build-and-publish.yml

@@ -0,0 +1,38 @@
+name: Build & Publish
+
+on:
+  workflow_call:
+    secrets:
+      PYPI_TOKEN:
+          required: true
+
+jobs:
+
+  cd-job:
+    name: Continuous Delivery
+    runs-on: ubuntu-22.04
+    steps:
+
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+
+      - name: Build Artifacts
+        run: poetry build
+
+      - name: PyPi Release
+        env:
+          POETRY_HTTP_BASIC_PYPI_USERNAME: "__token__"
+          POETRY_HTTP_BASIC_PYPI_PASSWORD: "${{ secrets.PYPI_TOKEN }}"
+        run: poetry publish
+
+      - name: GitHub Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: >
+          gh release create ${GITHUB_REF_NAME}
+          --title ${GITHUB_REF_NAME}
+          --notes-file ./doc/changes/changes_${GITHUB_REF_NAME}.md
+          dist/*

.github/workflows/cd.yml

@@ -0,0 +1,24 @@
+name: CD
+
+on:
+  push:
+    tags:
+      - '**'
+
+jobs:
+
+  check-tag-version-job:
+    name: Check Release Tag
+    uses: ./.github/workflows/check-release-tag.yml
+
+  cd-job:
+    name: Continuous Delivery
+    uses: ./.github/workflows/build-and-publish.yml
+    secrets:
+      PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
+
+  publish-docs:
+    needs: [ cd-job ]
+    name: Publish Documentation
+    uses: ./.github/workflows/gh-pages.yml
+

.github/workflows/check-release-tag.yml

@@ -0,0 +1,21 @@
+name: Check Release Tag
+
+on: workflow_call
+
+jobs:
+
+  check-tag-version-job:
+
+    name: Check Tag Version
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+
+      - name: Check Tag Version
+        # make sure the pushed/created tag matched the project version
+        run: "[[ `poetry version --short` == ${{ github.ref_name }} ]]"

.github/workflows/checks.yml

@@ -1,55 +1,167 @@
-name: CI Checks
+name: Checks
 
-on: 
+on:
   workflow_call:
-
+    secrets:
+      ALTERNATIVE_GITHUB_TOKEN:
+        required: false
 
 jobs:
 
-  unit-tests:
-    name: Unit Tests
+  Version-Check:
+    name: Version
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+
+      - name: Check Version(s)
+        run: poetry run version-check `poetry run python -c "from noxconfig import PROJECT_CONFIG; print(PROJECT_CONFIG.version_file)"`
+
+  Documentation:
+    name: Docs
+    needs: [ Version-Check ]
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+
+      - name: Build Documentation
+        run: |
+          poetry run python -m nox -s docs:build
+
+  build-matrix:
+    name: Generate Build Matrix
+    uses: ./.github/workflows/matrix-python.yml
+
+  Lint:
+    name: Linting (Python-${{ matrix.python-version }})
+    needs: [ Version-Check, build-matrix ]
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Run lint
+        run: poetry run nox -s lint:code
+
+      - name: Upload Artifacts
+        uses: actions/[email protected]
+        with:
+          name: lint-python${{ matrix.python-version }}
+          path: .lint.txt
+          include-hidden-files: true
+
+  Type-Check:
+    name: Type Checking (Python-${{ matrix.python-version }})
+    needs: [ Version-Check, build-matrix ]
+    runs-on: ubuntu-22.04
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Run type-check
+        run: poetry run nox -s lint:typing
+
+  Security:
+    name: Security Checks (Python-${{ matrix.python-version }})
+    needs: [ Version-Check, build-matrix ]
     runs-on: ubuntu-22.04
     strategy:
-      fail-fast: true
-      matrix:
-        python-version: [ "3.9", "3.10", "3.11", "3.12" ]
+      fail-fast: false
+      matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
 
     steps:
-    - name: SCM Checkout
-      uses: actions/checkout@v4
+      - name: SCM Checkout
+        uses: actions/checkout@v4
 
-    - name: Setup Python & Poetry Environment
-      uses: exasol/python-toolbox/.github/actions/python-environment@0.13.0
-      with:
-        python-version: ${{ matrix.python-version }} 
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/python-environment@0.20.0
+        with:
+          python-version: ${{ matrix.python-version }}
 
-    - name: "Install all extras"
-      run: poetry install --all-extras
+      - name: Run security linter
+        run: poetry run nox -s lint:security
 
-    - name: Run Tests
-      run: |
-        poetry run nox -s test:unit
+      - name: Upload Artifacts
+        uses: actions/[email protected]
+        with:
+          name: security-python${{ matrix.python-version }}
+          path: .security.json
+          include-hidden-files: true
 
-  integration-tests:
-    name: Integration Tests
+  Format:
+    name: Format Check
     runs-on: ubuntu-22.04
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+        with:
+          python-version: "3.9"
+
+      - name: Run format check
+        run: poetry run nox -s project:format
+
+  Tests:
+    name: Unit-Tests (Python-${{ matrix.python-version }}, Exasol-${{ matrix.exasol-version}})
+    needs: [ Documentation, Lint, Type-Check, Security, Format, build-matrix ]
+    runs-on: ubuntu-22.04
+    env:
+      GITHUB_TOKEN: ${{ secrets.ALTERNATIVE_GITHUB_TOKEN ||  secrets.GITHUB_TOKEN }}
     strategy:
-      fail-fast: true
-      matrix:
-        python-version: [ "3.9", "3.10", "3.11", "3.12" ]
+      fail-fast: false
+      matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
 
     steps:
-    - name: SCM Checkout
-      uses: actions/checkout@v4
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+        with:
+          python-version: ${{ matrix.python-version }}
 
-    - name: Setup Python & Poetry Environment
-      uses: exasol/python-toolbox/.github/actions/[email protected]
-      with:
-        python-version: ${{ matrix.python-version }} 
+      - name: "Install all extras"
+        run: poetry install --all-extras
 
-    - name: "Install all extras"
-      run: poetry install --all-extras
+      - name: Run Tests and Collect Coverage
+        run: poetry run nox -s test:unit -- -- --coverage
 
-    - name: Run Tests
-      run: |
-        poetry run nox -s test:integration
+      - name: Upload Artifacts
+        uses: actions/[email protected]
+        with:
+          name: coverage-python${{ matrix.python-version }}-fast
+          path: .coverage
+          include-hidden-files: true

.github/workflows/ci.yml

@@ -0,0 +1,24 @@
+name: CI
+
+on:
+  push:
+    branches-ignore:
+      - "github-pages/*"
+      - "gh-pages/*"
+      - "main"
+      - "master"
+  pull_request:
+    types: [opened, reopened]
+  schedule:
+    # “At 00:00 on every 7th day-of-month from 1 through 31.” (https://crontab.guru)
+    - cron: "0 0 1/7 * *"
+
+jobs:
+
+  CI:
+    uses: ./.github/workflows/merge-gate.yml
+    secrets: inherit
+
+  Metrics:
+    needs: [ CI ]
+    uses: ./.github/workflows/report.yml