#418: Introducing python toolbox (#421)

closes #418

.github/workflows/cd.yml

@@ -0,0 +1,24 @@
+name: CD
+
+on:
+  push:
+    tags:
+      - '**'
+
+jobs:
+
+  check-tag-version-job:
+    name: Check Release Tag
+    uses: ./.github/workflows/check-release-tag.yml
+
+  cd-job:
+    name: Continuous Delivery
+    uses: ./.github/workflows/build-and-publish.yml
+    secrets:
+      PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
+
+  publish-docs:
+    needs: [ cd-job ]
+    name: Publish Documentation
+    uses: ./.github/workflows/gh-pages.yml
+

.github/workflows/check-release-tag.yml

@@ -0,0 +1,21 @@
+name: Check Release Tag
+
+on: workflow_call
+
+jobs:
+
+  check-tag-version-job:
+
+    name: Check Tag Version
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+
+      - name: Check Tag Version
+        # make sure the pushed/created tag matched the project version
+        run: "[[ `poetry version --short` == ${{ github.ref_name }} ]]"

.github/workflows/checks.yml

@@ -0,0 +1,123 @@
+name: Checks
+
+on:
+  workflow_call:
+    secrets:
+      ALTERNATIVE_GITHUB_TOKEN:
+        required: false
+
+jobs:
+
+  Version-Check:
+    name: Version
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+
+      - name: Check Version(s)
+        run: |
+          poetry run version-check `poetry run python -c "from noxconfig import PROJECT_CONFIG; print(PROJECT_CONFIG.version_file)"`
+
+  Documentation:
+    name: Docs
+    needs: [ Version-Check ]
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+
+      - name: Build Documentation
+        run: |
+          poetry run python -m nox -s docs:build
+
+  Lint:
+    name: Linting (Python-${{ matrix.python-version }})
+    needs: [ Version-Check ]
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.9", "3.10", "3.11"]
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Run lint
+        run: poetry run nox -s lint:code
+
+      - name: Upload Artifacts
+        uses: actions/[email protected]
+        with:
+          name: lint-python${{ matrix.python-version }}
+          path: .lint.txt
+          include-hidden-files: true
+
+  Type-Check:
+    name: Type Checking (Python-${{ matrix.python-version }})
+    needs: [ Version-Check ]
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: ["3.9", "3.10", "3.11"]
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Run type-check
+        run: poetry run nox -s lint:typing || echo ignoring...
+
+  Security:
+    name: Security Checks (Python-${{ matrix.python-version }})
+    needs: [ Version-Check ]
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: [ "3.9", "3.10", "3.11" ]
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Run security linter
+        run: poetry run nox -s lint:security || echo ignoring...
+
+      - name: Upload Artifacts
+        uses: actions/[email protected]
+        with:
+          name: security-python${{ matrix.python-version }}
+          path: .security.json
+          include-hidden-files: true
+
+  Tests:
+    name: Tests
+    uses: ./.github/workflows/tests_with_coverage.yml

.github/workflows/ci.yml

@@ -0,0 +1,24 @@
+name: CI
+
+on:
+  push:
+    branches-ignore:
+      - "github-pages/*"
+      - "gh-pages/*"
+      - "main"
+      - "master"
+  pull_request:
+    types: [opened, reopened]
+  schedule:
+    # “At 00:00 on every 7th day-of-month from 1 through 31.” (https://crontab.guru)
+    - cron: "0 0 1/7 * *"
+
+jobs:
+
+  CI:
+    uses: ./.github/workflows/merge-gate.yml
+    secrets: inherit
+
+  Metrics:
+    needs: [ CI ]
+    uses: ./.github/workflows/report.yml

.github/workflows/get_exasol_versions.yml

@@ -8,8 +8,13 @@ jobs:
   get_exasol_versions:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/prepare_poetry_env
+      - uses: actions/checkout@v4
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+        with:
+          python-version: "3.10"
+          poetry-version: '1.8.2'
+
       - name: Print matrix
         run: poetry run nox --non-interactive -s "get-all-db-versions"
       - id: set-matrix

.github/workflows/gh-pages.yml

@@ -0,0 +1,31 @@
+name: Publish Documentation
+
+on: 
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+
+  documentation-job:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+
+      - name: Build Documentation
+        run: |
+          poetry run sphinx-multiversion doc/ .html-documentation 
+
+      - name: Deploy
+        uses: JamesIves/[email protected]
+        with:
+          branch: gh-pages
+          folder: .html-documentation
+          git-config-name: Github Action
+          git-config-email: [email protected]

.github/workflows/merge-gate.yml

@@ -0,0 +1,26 @@
+name: Merge-Gate
+
+on:
+  workflow_call:
+    secrets:
+      ALTERNATIVE_GITHUB_TOKEN:
+        required: false
+
+jobs:
+
+  checks:
+    name: Checks
+    uses: ./.github/workflows/checks.yml
+
+  # This job ensures inputs have been executed successfully.
+  approve-merge:
+    name: Allow Merge
+    runs-on: ubuntu-latest
+    # If you need additional jobs to be part of the merge gate, add them below
+    needs: [ checks ]
+
+    # Each job requires a step, so we added this dummy step.
+    steps:
+      - name: Approve
+        run: |
+          echo "Merge Approved"

.github/workflows/pr-merge.yml

@@ -0,0 +1,25 @@
+name: PR-Merge
+
+on:
+  push:
+    branches:
+      - 'main'
+      - 'master'
+
+jobs:
+
+  # This job can be removed if certain preconditions are met. See
+  # https://exasol.github.io/python-toolbox/user_guide/workflows.html#pr-merge-workflow
+
+  ci-job:
+    name: Checks
+    uses: ./.github/workflows/checks.yml
+    secrets: inherit
+
+  publish-docs:
+    name: Publish Documentation
+    uses: ./.github/workflows/gh-pages.yml
+
+  metrics:
+    needs: [ ci-job ]
+    uses: ./.github/workflows/report.yml

.github/workflows/publish_docker_runner.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     environment: publish
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Build new Docker image
       run: bash ./starter_scripts/build_docker_runner_image.sh
     - name: Docker login