diff --git a/.github/ISSUE_TEMPLATE/blank.md b/.github/ISSUE_TEMPLATE/blank.md index cdd2d6698..72aab2722 100644 --- a/.github/ISSUE_TEMPLATE/blank.md +++ b/.github/ISSUE_TEMPLATE/blank.md @@ -1,7 +1,7 @@ --- -name: 📝 Blank Issue +name: Blank Issue about: Blank Issue -title: 📝 +title: labels: assignees: '' diff --git a/.github/ISSUE_TEMPLATE/documentation.md b/.github/ISSUE_TEMPLATE/documentation.md index a40b4668c..3e99d7441 100644 --- a/.github/ISSUE_TEMPLATE/documentation.md +++ b/.github/ISSUE_TEMPLATE/documentation.md @@ -1,7 +1,7 @@ --- -name: 📚 Documentation +name: Documentation about: Add/Improve Documentation -title: 📚 +title: labels: documentation assignees: '' diff --git a/.github/ISSUE_TEMPLATE/feature.md b/.github/ISSUE_TEMPLATE/feature.md index 6599d541b..2d10f1ab2 100644 --- a/.github/ISSUE_TEMPLATE/feature.md +++ b/.github/ISSUE_TEMPLATE/feature.md @@ -1,7 +1,7 @@ --- -name: ✨ Feature +name: Feature about: Add/Implement Feature -title: ✨ +title: labels: feature assignees: '' diff --git a/.github/ISSUE_TEMPLATE/refactoring.md b/.github/ISSUE_TEMPLATE/refactoring.md index 157aba53c..d4c3e012c 100644 --- a/.github/ISSUE_TEMPLATE/refactoring.md +++ b/.github/ISSUE_TEMPLATE/refactoring.md @@ -1,7 +1,7 @@ --- -name: 🔧 Refactoring +name: Refactoring about: Refactor -title: 🔧 +title: labels: refactoring assignees: '' diff --git a/.github/ISSUE_TEMPLATE/security.md b/.github/ISSUE_TEMPLATE/security.md index b2da5b7fc..fb14d4bfd 100644 --- a/.github/ISSUE_TEMPLATE/security.md +++ b/.github/ISSUE_TEMPLATE/security.md @@ -1,7 +1,7 @@ --- -name: 🔐 Security Issue +name: Security Issue about: Fix Security Issue -title: 🔐 +title: labels: security assignees: '' diff --git a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md index 344202251..075341789 100644 --- a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md +++ b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md @@ -1,4 +1,4 @@ -# ✔ Checklist +# Checklist * [ ] Have you updated the changelog? * [ ] Have you updated the cookiecutter-template? diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml index 32e80780c..f272bbc6f 100644 --- a/.github/workflows/report.yml +++ b/.github/workflows/report.yml @@ -36,7 +36,9 @@ jobs: run: poetry run -- nox -s project:report -- --format json | tee metrics.json - name: Upload to sonar - run: poetry run -- nox -s sonar:check -- ${{ secrets.SONAR_TOKEN }} + env: + SONAR_TOKEN: "${{ secrets.SONAR_TOKEN }}" + run: poetry run -- nox -s sonar:check - name: Upload Artifacts uses: actions/upload-artifact@v4.6.2 diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md index 79e701b84..b30710bb9 100644 --- a/doc/changes/unreleased.md +++ b/doc/changes/unreleased.md @@ -1 +1,4 @@ # Unreleased + +## Security +* #477: Switched `sonar:check` to use `SONAR_TOKEN` from the environment \ No newline at end of file diff --git a/exasol/toolbox/nox/_artifacts.py b/exasol/toolbox/nox/_artifacts.py index 3f21ef2a5..332723f8b 100644 --- a/exasol/toolbox/nox/_artifacts.py +++ b/exasol/toolbox/nox/_artifacts.py @@ -1,10 +1,12 @@ import json +import os import re import shutil import sqlite3 import sys from collections.abc import Iterable from pathlib import Path +from typing import Optional import nox from nox import Session @@ -186,7 +188,9 @@ def _prepare_coverage_xml(session: Session, source: Path) -> None: session.run(*command) -def _upload_to_sonar(session: Session, sonar_token: str, config: Config) -> None: +def _upload_to_sonar( + session: Session, sonar_token: Optional[str], config: Config +) -> None: command = [ "pysonar", "--sonar-token", @@ -208,6 +212,6 @@ def _upload_to_sonar(session: Session, sonar_token: str, config: Config) -> None @nox.session(name="sonar:check", python=False) def upload_artifacts_to_sonar(session: Session) -> None: """Upload artifacts to sonar for analysis""" - sonar_token = session.posargs[0] + sonar_token = os.getenv("SONAR_TOKEN") _prepare_coverage_xml(session, PROJECT_CONFIG.source) _upload_to_sonar(session, sonar_token, PROJECT_CONFIG) diff --git a/exasol/toolbox/templates/github/workflows/report.yml b/exasol/toolbox/templates/github/workflows/report.yml index 3410e63b1..a89030c8d 100644 --- a/exasol/toolbox/templates/github/workflows/report.yml +++ b/exasol/toolbox/templates/github/workflows/report.yml @@ -33,7 +33,9 @@ jobs: run: poetry run -- nox -s artifacts:validate - name: Upload to sonar - run: poetry run -- nox -s sonar:check -- ${{ secrets.SONAR_TOKEN }} + env: + SONAR_TOKEN: "${{ secrets.SONAR_TOKEN }}" + run: poetry run -- nox -s sonar:check - name: Generate Report run: poetry run -- nox -s project:report -- --format json | tee metrics.json diff --git a/poetry.lock b/poetry.lock index fae92f6cf..771f44dd8 100644 --- a/poetry.lock +++ b/poetry.lock @@ -982,22 +982,20 @@ six = ">=1.13,<2.0" [[package]] name = "license-expression" -version = "30.4.1" +version = "30.4.2" description = "license-expression is a comprehensive utility library to parse, compare, simplify and normalize license expressions (such as SPDX license expressions) using boolean logic." optional = false python-versions = ">=3.9" groups = ["main"] files = [ - {file = "license_expression-30.4.1-py3-none-any.whl", hash = "sha256:679646bc3261a17690494a3e1cada446e5ee342dbd87dcfa4a0c24cc5dce13ee"}, - {file = "license_expression-30.4.1.tar.gz", hash = "sha256:9f02105f9e0fcecba6a85dfbbed7d94ea1c3a70cf23ddbfb5adf3438a6f6fce0"}, + {file = "license_expression-30.4.2.tar.gz", hash = "sha256:0b6e67dab0e7047c5ae61124d003baf86bd13ff9523e09c1ca81a504d8a444f9"}, ] [package.dependencies] "boolean.py" = ">=4.0" [package.extras] -docs = ["Sphinx (>=5.0.2)", "doc8 (>=0.11.2)", "sphinx-autobuild", "sphinx-copybutton", "sphinx-reredirects (>=0.1.2)", "sphinx-rtd-dark-mode (>=1.3.0)", "sphinx-rtd-theme (>=1.0.0)", "sphinxcontrib-apidoc (>=0.4.0)"] -testing = ["black", "isort", "pytest (>=6,!=7.0.0)", "pytest-xdist (>=2)", "twine"] +dev = ["Sphinx (>=5.0.2)", "doc8 (>=0.11.2)", "pytest (>=7.0.1)", "pytest-xdist (>=2)", "ruff", "sphinx-autobuild", "sphinx-copybutton", "sphinx-reredirects (>=0.1.2)", "sphinx-rtd-dark-mode (>=1.3.0)", "sphinx-rtd-theme (>=1.0.0)", "sphinxcontrib-apidoc (>=0.4.0)", "twine"] [[package]] name = "lxml" @@ -1909,26 +1907,26 @@ files = [ [[package]] name = "pyflakes" -version = "3.3.2" +version = "3.4.0" description = "passive checker of Python programs" optional = false python-versions = ">=3.9" groups = ["dev"] files = [ - {file = "pyflakes-3.3.2-py2.py3-none-any.whl", hash = "sha256:5039c8339cbb1944045f4ee5466908906180f13cc99cc9949348d10f82a5c32a"}, - {file = "pyflakes-3.3.2.tar.gz", hash = "sha256:6dfd61d87b97fba5dcfaaf781171ac16be16453be6d816147989e7f6e6a9576b"}, + {file = "pyflakes-3.4.0-py2.py3-none-any.whl", hash = "sha256:f742a7dbd0d9cb9ea41e9a24a918996e8170c799fa528688d40dd582c8265f4f"}, + {file = "pyflakes-3.4.0.tar.gz", hash = "sha256:b24f96fafb7d2ab0ec5075b7350b3d2d2218eab42003821c06344973d3ea2f58"}, ] [[package]] name = "pygments" -version = "2.19.1" +version = "2.19.2" description = "Pygments is a syntax highlighting package written in Python." optional = false python-versions = ">=3.8" groups = ["main"] files = [ - {file = "pygments-2.19.1-py3-none-any.whl", hash = "sha256:9ea1544ad55cecf4b8242fab6dd35a93bbce657034b0611ee383099054ab6d8c"}, - {file = "pygments-2.19.1.tar.gz", hash = "sha256:61c16d2a8576dc0649d9f39e089b5f02bcd27fba10d8fb4dcc28173f7a45151f"}, + {file = "pygments-2.19.2-py3-none-any.whl", hash = "sha256:86540386c03d588bb81d44bc3928634ff26449851e99741617ecb9037ee5ec0b"}, + {file = "pygments-2.19.2.tar.gz", hash = "sha256:636cb2477cec7f8952536970bc533bc43743542f70392ae026374600add5b887"}, ] [package.extras] @@ -1997,22 +1995,22 @@ typing-extensions = "*" [[package]] name = "pysonar" -version = "1.0.2.1722" +version = "1.1.0.2035" description = "Sonar Scanner for the Python Ecosystem" optional = false python-versions = ">=3.9" groups = ["main"] files = [ - {file = "pysonar-1.0.2.1722-py3-none-any.whl", hash = "sha256:abacede0e5f8ca1468ac644889e2e87e8adeae07718906fe4ad546f5feacbc5d"}, - {file = "pysonar-1.0.2.1722.tar.gz", hash = "sha256:fc024f5172b97faca6c280284a67be1bfaf8d76f4f04e37f93c86b70042bac15"}, + {file = "pysonar-1.1.0.2035-py3-none-any.whl", hash = "sha256:91b30c50d5f06565551218c7a17c076feebd0b0391edc4dbbce97d497b906a55"}, + {file = "pysonar-1.1.0.2035.tar.gz", hash = "sha256:39bde087aa5e72e8ebaf44f46c7ea69e8b1539f9d9101cba3964656d3e2fccc1"}, ] [package.dependencies] -jproperties = ">=2.1.2,<3.0.0" -pyfakefs = ">=5.7.4,<6.0.0" -requests = ">=2.32.3,<3.0.0" -responses = ">=0.25.6,<0.26.0" -tomli = ">=2.2.1,<3.0.0" +jproperties = "2.1.2" +pyfakefs = "5.8.0" +requests = "2.32.4" +responses = "0.25.6" +tomli = "2.2.1" [[package]] name = "pytest" @@ -2155,14 +2153,14 @@ use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"] [[package]] name = "responses" -version = "0.25.7" +version = "0.25.6" description = "A utility library for mocking out the `requests` Python library." optional = false python-versions = ">=3.8" groups = ["main"] files = [ - {file = "responses-0.25.7-py3-none-any.whl", hash = "sha256:92ca17416c90fe6b35921f52179bff29332076bb32694c0df02dcac2c6bc043c"}, - {file = "responses-0.25.7.tar.gz", hash = "sha256:8ebae11405d7a5df79ab6fd54277f6f2bc29b2d002d0dd2d5c632594d1ddcedb"}, + {file = "responses-0.25.6-py3-none-any.whl", hash = "sha256:9cac8f21e1193bb150ec557875377e41ed56248aed94e4567ed644db564bacf1"}, + {file = "responses-0.25.6.tar.gz", hash = "sha256:eae7ce61a9603004e76c05691e7c389e59652d91e94b419623c12bbfb8e331d8"}, ] [package.dependencies] @@ -2661,14 +2659,14 @@ typing-extensions = ">=4.12.0" [[package]] name = "urllib3" -version = "2.4.0" +version = "2.5.0" description = "HTTP library with thread-safe connection pooling, file post, and more." optional = false python-versions = ">=3.9" groups = ["main"] files = [ - {file = "urllib3-2.4.0-py3-none-any.whl", hash = "sha256:4e16665048960a0900c702d4a66415956a584919c03361cac9f1df5c5dd7e813"}, - {file = "urllib3-2.4.0.tar.gz", hash = "sha256:414bc6535b787febd7567804cc015fee39daab8ad86268f1310a9250697de466"}, + {file = "urllib3-2.5.0-py3-none-any.whl", hash = "sha256:e6b01673c0fa6a13e374b50871808eb3bf7046c4b125b216f6bf1cc604cff0dc"}, + {file = "urllib3-2.5.0.tar.gz", hash = "sha256:3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760"}, ] [package.extras]