exasol
diff --git a/‎.github/workflows/build-and-publish.yml‎
Lines changed: 3 additions & 5 deletions b/‎.github/workflows/build-and-publish.yml‎
Lines changed: 3 additions & 5 deletions
diff --git a/‎.github/workflows/cd.yml‎
Lines changed: 13 additions & 0 deletions b/‎.github/workflows/cd.yml‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎.github/workflows/check-release-tag.yml‎
Lines changed: 5 additions & 4 deletions b/‎.github/workflows/check-release-tag.yml‎
Lines changed: 5 additions & 4 deletions
diff --git a/‎.github/workflows/checks.yml‎
Lines changed: 44 additions & 17 deletions b/‎.github/workflows/checks.yml‎
Lines changed: 44 additions & 17 deletions
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 8 additions & 1 deletion b/‎.github/workflows/ci.yml‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎.github/workflows/gh-pages.yml‎
Lines changed: 45 additions & 0 deletions b/‎.github/workflows/gh-pages.yml‎
Lines changed: 45 additions & 0 deletions
diff --git a/‎.github/workflows/matrix-python.yml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/matrix-python.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/merge-gate.yml‎
Lines changed: 6 additions & 0 deletions b/‎.github/workflows/merge-gate.yml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎.github/workflows/pr-merge.yml‎
Lines changed: 16 additions & 1 deletion b/‎.github/workflows/pr-merge.yml‎
Lines changed: 16 additions & 1 deletion
@@ -11,16 +11,14 @@ jobs:
   cd-job:
     name: Continuous Delivery
     runs-on: ubuntu-24.04
+    permissions:
+      contents: write
     steps:
-
       - name: SCM Checkout
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
-        with:
-          python-version: '3.10'
-          poetry-version: '2.1.2'
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
 
       - name: Build Artifacts
         run: poetry build
 
@@ -10,9 +10,22 @@ jobs:
   check-tag-version-job:
     name: Check Release Tag
     uses: ./.github/workflows/check-release-tag.yml
+    permissions:
+      contents: read
 
   cd-job:
     name: Continuous Delivery
     uses: ./.github/workflows/build-and-publish.yml
+    permissions:
+      contents: write
     secrets:
       PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
+
+  publish-docs:
+    needs: [ cd-job ]
+    name: Publish Documentation
+    uses: ./.github/workflows/gh-pages.yml
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
@@ -1,20 +1,21 @@
 name: Check Release Tag
 
-on: workflow_call
+on:
+  workflow_call:
 
 jobs:
 
   check-tag-version-job:
-
     name: Check Tag Version
     runs-on: ubuntu-24.04
-
+    permissions:
+      contents: read
     steps:
       - name: SCM Checkout
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
 
       - name: Check Tag Version
         # make sure the pushed/created tag matched the project version
 
@@ -4,39 +4,58 @@ on:
   workflow_call:
 
 jobs:
-
   Version-Check:
     name: Version
     runs-on: ubuntu-24.04
-
+    permissions:
+      contents: read
     steps:
       - name: SCM Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
 
       - name: Check Version(s)
+        run: poetry run -- nox -s version:check
+
+  Documentation:
+    name: Docs
+    needs: [ Version-Check ]
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+
+      - name: Build Documentation
         run: |
-          poetry run -- nox -s version:check
+          poetry run -- nox -s docs:build
 
   build-matrix:
     name: Generate Build Matrix
     uses: ./.github/workflows/matrix-python.yml
+    permissions:
+      contents: read
 
   Changelog:
     name: Changelog Update Check
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     if: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/master' }}
-
     steps:
       - name: SCM Checkout
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
 
       - name: Run changelog update check
         run: poetry run -- nox -s changelog:updated
@@ -45,24 +64,25 @@ jobs:
     name: Linting (Python-${{ matrix.python-version }})
     needs: [ Version-Check, build-matrix ]
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
-
     steps:
       - name: SCM Checkout
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
         with:
           python-version: ${{ matrix.python-version }}
 
       - name: Run lint
         run: poetry run -- nox -s lint:code
 
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v4.6.0
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: lint-python${{ matrix.python-version }}
           path: |
@@ -74,6 +94,8 @@ jobs:
     name: Type Checking (Python-${{ matrix.python-version }})
     needs: [ Version-Check, build-matrix ]
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
@@ -83,7 +105,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -94,6 +116,8 @@ jobs:
     name: Security Checks (Python-${{ matrix.python-version }})
     needs: [ Version-Check, build-matrix ]
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
@@ -103,15 +127,15 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
         with:
           python-version: ${{ matrix.python-version }}
 
       - name: Run security linter
         run: poetry run -- nox -s lint:security
 
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v4.6.0
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: security-python${{ matrix.python-version }}
           path: .security.json
@@ -120,21 +144,24 @@ jobs:
   Format:
     name: Format Check
     runs-on: ubuntu-24.04
-
+    permissions:
+      contents: read
     steps:
       - name: SCM Checkout
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
 
       - name: Run format check
         run: poetry run -- nox -s project:format
 
   Tests:
     name: Unit-Tests (Python-${{ matrix.python-version }})
-    needs: [ Lint, Type-Check, Security, Format, build-matrix ]
+    needs: [ Documentation, Lint, Type-Check, Security, Format, build-matrix ]
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     strategy:
@@ -146,15 +173,15 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
         with:
           python-version: ${{ matrix.python-version }}
 
       - name: Run Tests and Collect Coverage
         run: poetry run -- nox -s test:unit -- --coverage
 
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v4.6.0
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: coverage-python${{ matrix.python-version }}-fast
           path: .coverage
 
@@ -10,9 +10,16 @@ on:
   schedule:
     # “At 00:00 on every 7th day-of-month from 1 through 31.” (https://crontab.guru)
     - cron: "0 0 1/7 * *"
-
 jobs:
 
   CI:
     uses: ./.github/workflows/merge-gate.yml
     secrets: inherit
+    permissions:
+      contents: read
+
+  Metrics:
+    needs: [ CI ]
+    uses: ./.github/workflows/report.yml
+    permissions:
+      contents: read
@@ -0,0 +1,45 @@
+name: Publish Documentation
+
+on:
+  workflow_call:
+  workflow_dispatch:
+
+jobs:
+
+  build-documentation:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+
+      - name: Build Documentation
+        run: |
+          poetry run -- nox -s docs:multiversion
+          rm -r .html-documentation/*/.doctrees
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: .html-documentation
+
+  deploy-documentation:
+    needs: [ build-documentation ]
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4
@@ -9,15 +9,15 @@ on:
 
 jobs:
   python_versions:
-
     runs-on: ubuntu-24.04
-
+    permissions:
+      contents: read
     steps:
       - name: SCM Checkout
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
 
       - name: Generate matrix
         run: poetry run -- nox -s matrix:python
 
@@ -12,16 +12,22 @@ jobs:
   fast-checks:
     name: Fast
     uses: ./.github/workflows/checks.yml
+    permissions:
+      contents: read
 
   slow-checks:
     name: Slow
     uses: ./.github/workflows/slow-checks.yml
     secrets: inherit
+    permissions:
+      contents: read
 
   # This job ensures inputs have been executed successfully.
   approve-merge:
     name: Allow Merge
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     # If you need additional jobs to be part of the merge gate, add them below
     needs: [ fast-checks, slow-checks ]
 
 
@@ -14,4 +14,19 @@ jobs:
   ci-job:
     name: Checks
     uses: ./.github/workflows/checks.yml
-    secrets: inherit
+    permissions:
+      contents: read
+
+  publish-docs:
+    name: Publish Documentation
+    uses: ./.github/workflows/gh-pages.yml
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
+
+  metrics:
+    needs: [ ci-job ]
+    uses: ./.github/workflows/report.yml
+    permissions:
+      contents: read