exasol · ArBridgeman · Jun 18, 2025 · Jun 17, 2025 · Jun 17, 2025 · Jun 17, 2025
diff --git a/.github/actions/security-issues/action.yml b/.github/actions/security-issues/action.yml
@@ -39,7 +39,7 @@ runs:
     - name: Install Python Toolbox / Security tool
       shell: bash
       run: |
-        pip install exasol-toolbox==1.4.0
+        pip install exasol-toolbox==1.5.0
 
     - name: Create Security Issue Report
       shell: bash

diff --git a/doc/changes/changelog.md b/doc/changes/changelog.md
@@ -1,6 +1,7 @@
 # Changelog
 
 * [unreleased](unreleased.md)
+* [1.5.0](changes_1.5.0.md)
 * [1.4.0](changes_1.4.0.md)
 * [1.3.0](changes_1.3.0.md)
 * [1.2.0](changes_1.2.0.md)
@@ -36,6 +37,7 @@
 hidden:
 ---
 unreleased
+changes_1.5.0
 changes_1.4.0
 changes_1.3.0
 changes_1.2.0

diff --git a/doc/changes/changes_1.5.0.md b/doc/changes/changes_1.5.0.md
@@ -0,0 +1,47 @@
+# 1.5.0 - 2025-06-18
+
+## Summary
+This version of the PTB adds nox task `sonar:check`, see #451. This allows us to
+use SonarQube Cloud to analyze, visualize, & track linting, security, & coverage. To
+set it up, you'll need to execute the following instructions.
+
+### For a public project
+1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
+    ```python
+        source: Path = Path("exasol/<project-source-folder>")
+   ```
+2. Add the 'SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner)
+3. Activate the [SonarQubeCloud App](https://github.com/apps/sonarqubecloud)
+4. Create a project on SonarCloud
+5. Add the following information to the project's file `pyproject.toml`
+    ```toml
+
+        [tool.sonar]
+        projectKey = "com.exasol:<project-key>"
+        hostUrl = "https://sonarcloud.io"
+        organization = "exasol"
+   ```
+6. Post-merge, update the branch protections to include SonarQube analysis
+
+### For a private project
+1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
+    ```python
+        source: Path = Path("exasol/<project-source-folder>")
+   ```
+2. Add the 'PRIVATE_SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner)
+3. Activate the [exasonarqubeprchecks App](https://github.com/apps/exasonarqubeprchecks)
+4. Create a project on https://sonar.exasol.com
+5. Add the following information to the project's file `pyproject.toml`
+    ```toml
+        [tool.sonar]
+        projectKey = "com.exasol:<project-key>"
+        hostUrl = "https://sonar.exasol.com"
+        organization = "exasol"
+   ```
+6. Post-merge, update the branch protections to include SonarQube analysis from exasonarqubeprchecks
+
+## ✨ Features
+* #451: Added nox task to execute pysonar & added Sonar to the CI
+
+## ⚒️ Refactorings
+* #451: Reduced scope of nox tasks `lint:code` (pylint) and `lint:security` (bandit) to analyze only the package code
diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md
@@ -1,29 +1 @@
 # Unreleased
-
-## Summary
-This version of the PTB adds nox task `sonar:check`, see #451. This allows us to
-use SonarQube Cloud to analyze, visualize, & track linting, security, & coverage. In
-order to properly set it up, you'll need to do the following instruction for each **public** project.
-At this time, PTB currently does not support setting up SonarQube for a **private** project.
-
-1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
-    ```python
-        source: Path = Path("exasol/toolbox")
-    ```
-2. Add the 'SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner).
-3. Activate the SonarQubeCloud App
-4. Create a project on SonarCloud
-5. Add the following information to the project's file `pyproject.toml`
-    ```toml
-        [tool.sonar]
-        projectKey = "com.exasol:<project-key>"
-        hostUrl = "https://sonarcloud.io"
-        organization = "exasol"
-    ```
-6. Post-merge, update the branch protections to include SonarQube analysis
-
-## ✨ Features
-* #451: Added nox task to execute pysonar & added Sonar to the CI
-
-## ⚒️ Refactorings
-* #451: Reduced scope of nox tasks `lint:code` (pylint) and `lint:security` (bandit) to analyze only the package code
diff --git a/doc/user_guide/getting_started.rst b/doc/user_guide/getting_started.rst
@@ -202,16 +202,16 @@ We also need to configure settings for github-pages environment:
 8. Set up for Sonar
 +++++++++++++++++++
 PTB supports using SonarQube Cloud to analyze, visualize, & track linting, security, &
-coverage. In order to properly set it up, you'll need to do the following instructions
-for each **public** project. At this time, PTB currently does not support setting up
-SonarQube for a **private** project.
+coverage. In order to set it up, you'll need to do the following instructions.
 
+For a **public** project
+^^^^^^^^^^^^^^^^^^^^^^^^
 1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
     .. code-block:: python
 
-        source: Path = Path("exasol/toolbox")
-2. Add the 'SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner).
-3. Activate the SonarQubeCloud App
+        source: Path = Path("exasol/<project-source-folder>")
+2. Add the 'SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner)
+3. Activate the `SonarQubeCloud App <https://github.com/apps/sonarqubecloud>`_
 4. Create a project on SonarCloud
 5. Add the following information to the project's file `pyproject.toml`
     .. code-block:: toml
@@ -222,7 +222,23 @@ SonarQube for a **private** project.
         organization = "exasol"
 6. Post-merge, update the branch protections to include SonarQube analysis
 
+For a **private** project
+^^^^^^^^^^^^^^^^^^^^^^^^^
+1. Specify in the `noxconfig.py` the relative path to the project's source code in `Config.source`
+    .. code-block:: python
+
+        source: Path = Path("exasol/<project-source-folder>")
+2. Add the 'PRIVATE_SONAR_TOKEN' to the 'Organization secrets' in GitHub (this requires a person being a GitHub organization owner)
+3. Activate the `exasonarqubeprchecks App <https://github.com/apps/exasonarqubeprchecks>`_
+4. Create a project on https://sonar.exasol.com
+5. Add the following information to the project's file `pyproject.toml`
+    .. code-block:: toml
 
+        [tool.sonar]
+        projectKey = "com.exasol:<project-key>"
+        hostUrl = "https://sonar.exasol.com"
+        organization = "exasol"
+6. Post-merge, update the branch protections to include SonarQube analysis from exasonarqubeprchecks
 
 9. Go 🥜
 +++++++++++++

diff --git a/exasol/toolbox/templates/github/workflows/build-and-publish.yml b/exasol/toolbox/templates/github/workflows/build-and-publish.yml
@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Build Artifacts
         run: poetry build

diff --git a/exasol/toolbox/templates/github/workflows/check-release-tag.yml b/exasol/toolbox/templates/github/workflows/check-release-tag.yml
@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Check Tag Version
         # make sure the pushed/created tag matched the project version

diff --git a/exasol/toolbox/templates/github/workflows/checks.yml b/exasol/toolbox/templates/github/workflows/checks.yml
@@ -16,7 +16,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Check Version(s)
         run: poetry run -- nox -s version:check
@@ -32,7 +32,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Build Documentation
         run: |
@@ -55,7 +55,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Run changelog update check
         run: poetry run -- nox -s changelog:updated
@@ -74,7 +74,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -105,7 +105,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -127,7 +127,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -151,7 +151,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Run format check
         run: poetry run -- nox -s project:format
@@ -173,7 +173,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
         with:
           python-version: ${{ matrix.python-version }}
 

diff --git a/exasol/toolbox/templates/github/workflows/gh-pages.yml b/exasol/toolbox/templates/github/workflows/gh-pages.yml
@@ -17,7 +17,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Build Documentation
         run: |

diff --git a/exasol/toolbox/templates/github/workflows/matrix-all.yml b/exasol/toolbox/templates/github/workflows/matrix-all.yml
@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Generate matrix
         run: poetry run -- nox -s matrix:all

diff --git a/exasol/toolbox/templates/github/workflows/matrix-exasol.yml b/exasol/toolbox/templates/github/workflows/matrix-exasol.yml
@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Generate matrix
         run: poetry run -- nox -s matrix:exasol

diff --git a/exasol/toolbox/templates/github/workflows/matrix-python.yml b/exasol/toolbox/templates/github/workflows/matrix-python.yml
@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Generate matrix
         run: poetry run -- nox -s matrix:python

diff --git a/exasol/toolbox/templates/github/workflows/report.yml b/exasol/toolbox/templates/github/workflows/report.yml
@@ -19,7 +19,7 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
 
       - name: Download Artifacts
         uses: actions/[email protected]

diff --git a/exasol/toolbox/templates/github/workflows/slow-checks.yml b/exasol/toolbox/templates/github/workflows/slow-checks.yml
@@ -32,7 +32,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.5.0
         with:
           python-version: ${{ matrix.python-version }}
 

diff --git a/exasol/toolbox/version.py b/exasol/toolbox/version.py
@@ -5,7 +5,7 @@
 # Do not edit this file manually!
 # If you need to change the version, do so in the pyproject.toml, e.g. by using `poetry version X.Y.Z`.
 MAJOR = 1
-MINOR = 4
+MINOR = 5
 PATCH = 0
 VERSION = f"{MAJOR}.{MINOR}.{PATCH}"
 __version__ = VERSION