exasol · ArBridgeman · Jun 12, 2025 · May 28, 2025 · Jun 3, 2025 · Jun 3, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -4,7 +4,7 @@ on:
   pull_request:
       types: [opened, synchronize, reopened]
   schedule:
-    # “At 00:00 on every 7th day-of-month from 1 through 31.” (https://crontab.guru)
+    # At 00:00 on every 7th day-of-month from 1 through 31. (https://crontab.guru)
     - cron: "0 0 1/7 * *"
 
 jobs:

diff --git a/.github/workflows/pr-merge.yml b/.github/workflows/pr-merge.yml
@@ -25,5 +25,6 @@ jobs:
   metrics:
     needs: [ ci-job ]
     uses: ./.github/workflows/report.yml
+    secrets: inherit
     permissions:
       contents: read
diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md
@@ -1,23 +1,29 @@
 # Unreleased
 
 ## Summary
+This version of the PTB adds nox task `artifacts:sonar`, see #451. This allows us to
+use SonarQube Cloud to analyze, visualize, & track linting, security, & coverage. In
+order to properly set it up, you'll need to do the following instruction for each **public** project.
+At this time, we do not currently support setting up SonarQube for a **private** project.
 
-This version of the PTB adds nox task `artifacts:sonar`, see #451.
-This requires the following changes for each public project:
-1. specify in the `noxconfig.py` the path to its source code in `Config.source`
-2. add the 'SONAR_TOKEN' to the 'Organization secrets' 
+1. specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
+    ```python
+        source: Path = Path("exasol/toolbox")
+    ```
+2. add the 'SONAR_TOKEN' to the 'Organization secrets'
 3. activate the SonarQubeCloud App
 4. create a project on SonarCloud
-5. add the following information to their `pyproject.toml`
+5. add the following information to the project's `pyproject.toml`
+    ```toml
+        [tool.sonar]
+        projectKey = "com.exasol:<project-key>"
+        hostUrl = "https://sonarcloud.io"
+        organization = "exasol"
+    ```
 6. post-merge, update the branch protections to include SonarQube analysis
-```toml
-[tool.sonar]
-projectKey = "com.exasol:<project-key>"
-hostUrl = "https://sonarcloud.io"
-organization = "exasol"
-```
 
 ## ✨ Features
+* #451: Added nox task to execute pysonar & added Sonar to the CI
 
-* #426: Allowed configuring the python version used for coverage
-* #451: Added nox task to execute pysonar & added Sonar to the PTB CI
+## ⚒️ Refactorings
+* #451: Reduced scope of nox tasks `lint:code` (pylint) and `lint:security` (bandit) to analyze only the package code
diff --git a/doc/user_guide/getting_started.rst b/doc/user_guide/getting_started.rst
@@ -202,21 +202,26 @@ We also need to configure settings for github-pages environment:
 8. Set up for Sonar
 +++++++++++++++++++
 We use SonarQube Cloud to analyze, visualize, & track linting, security, & coverage. In
-order to properly set it up, you'll need to do the following for each public project:
+order to properly set it up, you'll need to do the following instructions for each **public** project.
+At this time, we do not currently support setting up SonarQube for a **private** project.
 
-1. specify in the `noxconfig.py` the path to the project's source code in `Config.source`
+1. specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
+    .. code-block:: python
+
+        source: Path = Path("exasol/toolbox")
 2. add the 'SONAR_TOKEN' to the 'Organization secrets'
 3. activate the SonarQubeCloud App
 4. create a project on SonarCloud
 5. add the following information to the project's `pyproject.toml`
+    .. code-block:: toml
+
+        [tool.sonar]
+        projectKey = "com.exasol:<project-key>"
+        hostUrl = "https://sonarcloud.io"
+        organization = "exasol"
 6. post-merge, update the branch protections to include SonarQube analysis
 
-.. code-block:: toml
 
-    [tool.sonar]
-    projectKey = "com.exasol:<project-key>"
-    hostUrl = "https://sonarcloud.io"
-    organization = "exasol"
 
 9. Go 🥜
 +++++++++++++

diff --git a/exasol/toolbox/nox/_lint.py b/exasol/toolbox/nox/_lint.py
@@ -119,7 +119,7 @@ def report_illegal(illegal: dict[str, list[str]], console: rich.console.Console)
 @nox.session(name="lint:code", python=False)
 def lint(session: Session) -> None:
     """Runs the static code analyzer on the project"""
-    py_files = python_files(PROJECT_CONFIG.root)
+    py_files = python_files(PROJECT_CONFIG.root / PROJECT_CONFIG.source)
     _pylint(session, py_files)
 
 

diff --git a/exasol/toolbox/templates/github/workflows/ci.yml b/exasol/toolbox/templates/github/workflows/ci.yml
@@ -4,7 +4,7 @@ on:
   pull_request:
       types: [opened, synchronize, reopened]
   schedule:
-    # “At 00:00 on every 7th day-of-month from 1 through 31.” (https://crontab.guru)
+    # At 00:00 on every 7th day-of-month from 1 through 31. (https://crontab.guru)
     - cron: "0 0 1/7 * *"
 
 jobs:

diff --git a/exasol/toolbox/templates/github/workflows/pr-merge.yml b/exasol/toolbox/templates/github/workflows/pr-merge.yml
@@ -28,5 +28,6 @@ jobs:
   metrics:
     needs: [ ci-job ]
     uses: ./.github/workflows/report.yml
+    secrets: inherit
     permissions:
       contents: read
diff --git a/poetry.lock b/poetry.lock