From e6aa810937e7c3174d26ff6f54b36e8ec876081f Mon Sep 17 00:00:00 2001 From: jana-selva Date: Thu, 18 Jun 2026 15:10:50 +0530 Subject: [PATCH 1/5] Experiment : adding security label and Integration Kanban to PRs --- .github/workflows/dependency-update.yml | 2 ++ doc/changes/unreleased.md | 4 ++++ .../toolbox/templates/github/workflows/dependency-update.yml | 2 ++ 3 files changed, 8 insertions(+) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 9aa73b3ec..3407dfa81 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -112,6 +112,8 @@ jobs: PR_URL=$(gh pr create \ --base "$BASE_BRANCH" \ + --label "security" \ + --project "Integration Kanban" \ --title "Update dependencies to fix vulnerabilities ($(date '+%Y-%m-%d'))" \ --body "$PR_BODY") diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md index dcc829b04..58f977d3c 100644 --- a/doc/changes/unreleased.md +++ b/doc/changes/unreleased.md @@ -5,6 +5,10 @@ Updated the nox DB-version default to come from `BaseConfig` instead of the hardcoded `7.1.9`, so ITDE-related test flows use the configured Exasol baseline and unit-test help no longer advertises `--db-version`. +## Feature + +* #874: Added the `security` label and `Integration Kanban` project to dependency update PR creation + ## Bug * #744: Updated nox DB-version handling to use `BaseConfig.minimum_exasol_version` instead hardcoded `7.1.9` diff --git a/exasol/toolbox/templates/github/workflows/dependency-update.yml b/exasol/toolbox/templates/github/workflows/dependency-update.yml index 2b19eba2c..ca69996fa 100644 --- a/exasol/toolbox/templates/github/workflows/dependency-update.yml +++ b/exasol/toolbox/templates/github/workflows/dependency-update.yml @@ -111,6 +111,8 @@ jobs: PR_URL=$(gh pr create \ --base "$BASE_BRANCH" \ + --label "security" \ + --project "Integration Kanban" \ --title "Update dependencies to fix vulnerabilities ($(date '+%Y-%m-%d'))" \ --body "$PR_BODY") From 3d0fbac86a3d20afa25db49a2413095038ee6fb7 Mon Sep 17 00:00:00 2001 From: jana-selva Date: Thu, 18 Jun 2026 15:36:50 +0530 Subject: [PATCH 2/5] removed 'Fail if not running on the default branch' --- .github/workflows/dependency-update.yml | 16 ++++++++-------- poetry.lock | 18 +++++++++--------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 3407dfa81..9a31e756b 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -24,14 +24,14 @@ jobs: persist-credentials: true fetch-depth: 0 - - name: Fail if not running on the default branch - id: check-branch - if: github.ref != format('refs/heads/{0}', github.event.repository.default_branch) - env: - CURRENT_BRANCH: ${{ github.ref }} - run: | - echo "Not running on the default branch. Current ref is: $CURRENT_BRANCH" - exit 1 +# - name: Fail if not running on the default branch +# id: check-branch +# if: github.ref != format('refs/heads/{0}', github.event.repository.default_branch) +# env: +# CURRENT_BRANCH: ${{ github.ref }} +# run: | +# echo "Not running on the default branch. Current ref is: $CURRENT_BRANCH" +# exit 1 - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment diff --git a/poetry.lock b/poetry.lock index 7c8438b37..b5c688074 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 2.4.1 and should not be changed by hand. +# This file is automatically @generated by Poetry 2.3.2 and should not be changed by hand. [[package]] name = "accessible-pygments" @@ -2650,8 +2650,8 @@ astroid = ">=4.0.2,<=4.1.dev0" colorama = {version = ">=0.4.5", markers = "sys_platform == \"win32\""} dill = [ {version = ">=0.2", markers = "python_version < \"3.11\""}, - {version = ">=0.3.6", markers = "python_version == \"3.11\""}, {version = ">=0.3.7", markers = "python_version >= \"3.12\""}, + {version = ">=0.3.6", markers = "python_version == \"3.11\""}, ] isort = ">=5,<5.13 || >5.13,<9" mccabe = ">=0.6,<0.8" @@ -2712,21 +2712,21 @@ tomli = ">=2.0,<3" [[package]] name = "pytest" -version = "9.1.0" +version = "8.4.2" description = "pytest: simple powerful testing with Python" optional = false -python-versions = ">=3.10" +python-versions = ">=3.9" groups = ["main"] files = [ - {file = "pytest-9.1.0-py3-none-any.whl", hash = "sha256:8ebb0e7888bdf2bdfc602ec51f8f62d50200af37356c74e503c79a94f5c81f32"}, - {file = "pytest-9.1.0.tar.gz", hash = "sha256:41dd9148c08072446394cefd3d79701701335a9f4cae69ba92e39f6c7f5c061c"}, + {file = "pytest-8.4.2-py3-none-any.whl", hash = "sha256:872f880de3fc3a5bdc88a11b39c9710c3497a547cfa9320bc3c5e62fbf272e79"}, + {file = "pytest-8.4.2.tar.gz", hash = "sha256:86c0d0b93306b961d58d62a4db4879f27fe25513d4b969df351abdddb3c30e01"}, ] [package.dependencies] colorama = {version = ">=0.4", markers = "sys_platform == \"win32\""} exceptiongroup = {version = ">=1", markers = "python_version < \"3.11\""} -iniconfig = ">=1.0.1" -packaging = ">=22" +iniconfig = ">=1" +packaging = ">=20" pluggy = ">=1.5,<2" pygments = ">=2.7.2" tomli = {version = ">=1", markers = "python_version < \"3.11\""} @@ -4087,4 +4087,4 @@ files = [ [metadata] lock-version = "2.1" python-versions = ">=3.10,<4.0" -content-hash = "a0c2776376a043679e656b301d640e4b13835be4910ee122da54fd8ef37ed85f" +content-hash = "d5b9f6c384f458a52c76f52f52bebe200e6220ddcb7356e7d1eb6fe8022f5162" From 37f0089726d916a298ba5f42c0b5fa462c86dd82 Mon Sep 17 00:00:00 2001 From: jana-selva Date: Thu, 18 Jun 2026 15:39:44 +0530 Subject: [PATCH 3/5] poetry lock --- poetry.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poetry.lock b/poetry.lock index b5c688074..d6b402547 100644 --- a/poetry.lock +++ b/poetry.lock @@ -4087,4 +4087,4 @@ files = [ [metadata] lock-version = "2.1" python-versions = ">=3.10,<4.0" -content-hash = "d5b9f6c384f458a52c76f52f52bebe200e6220ddcb7356e7d1eb6fe8022f5162" +content-hash = "a0c2776376a043679e656b301d640e4b13835be4910ee122da54fd8ef37ed85f" From 6868d01c99896a7e435c43249fd99d19eae58fcb Mon Sep 17 00:00:00 2001 From: jana-selva Date: Thu, 18 Jun 2026 20:06:31 +0530 Subject: [PATCH 4/5] remove `--project CLI` --- .github/workflows/dependency-update.yml | 17 ++++++++--------- doc/changes/unreleased.md | 2 +- .../github/workflows/dependency-update.yml | 1 - 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 9a31e756b..62cbc9c53 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -24,14 +24,14 @@ jobs: persist-credentials: true fetch-depth: 0 -# - name: Fail if not running on the default branch -# id: check-branch -# if: github.ref != format('refs/heads/{0}', github.event.repository.default_branch) -# env: -# CURRENT_BRANCH: ${{ github.ref }} -# run: | -# echo "Not running on the default branch. Current ref is: $CURRENT_BRANCH" -# exit 1 + - name: Fail if not running on the default branch + id: check-branch + if: github.ref != format('refs/heads/{0}', github.event.repository.default_branch) + env: + CURRENT_BRANCH: ${{ github.ref }} + run: | + echo "Not running on the default branch. Current ref is: $CURRENT_BRANCH" + exit 1 - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment @@ -113,7 +113,6 @@ jobs: PR_URL=$(gh pr create \ --base "$BASE_BRANCH" \ --label "security" \ - --project "Integration Kanban" \ --title "Update dependencies to fix vulnerabilities ($(date '+%Y-%m-%d'))" \ --body "$PR_BODY") diff --git a/doc/changes/unreleased.md b/doc/changes/unreleased.md index 70917ffbf..63b459a93 100644 --- a/doc/changes/unreleased.md +++ b/doc/changes/unreleased.md @@ -7,7 +7,7 @@ so ITDE-related test flows use the configured Exasol baseline and unit-test help ## Feature -* #874: Added the `security` label and `Integration Kanban` project to dependency update PR creation +* #874: Added the `security` label to dependency update PR creation ## Bug diff --git a/exasol/toolbox/templates/github/workflows/dependency-update.yml b/exasol/toolbox/templates/github/workflows/dependency-update.yml index ca69996fa..9979a99e8 100644 --- a/exasol/toolbox/templates/github/workflows/dependency-update.yml +++ b/exasol/toolbox/templates/github/workflows/dependency-update.yml @@ -112,7 +112,6 @@ jobs: PR_URL=$(gh pr create \ --base "$BASE_BRANCH" \ --label "security" \ - --project "Integration Kanban" \ --title "Update dependencies to fix vulnerabilities ($(date '+%Y-%m-%d'))" \ --body "$PR_BODY") From c39c867700704ce54b18063e04641cc42fbbe57d Mon Sep 17 00:00:00 2001 From: Ariel Schulz Date: Fri, 19 Jun 2026 09:06:13 +0200 Subject: [PATCH 5/5] Need to remove to test --- .github/workflows/dependency-update.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/.github/workflows/dependency-update.yml b/.github/workflows/dependency-update.yml index 62cbc9c53..288025a17 100644 --- a/.github/workflows/dependency-update.yml +++ b/.github/workflows/dependency-update.yml @@ -24,15 +24,6 @@ jobs: persist-credentials: true fetch-depth: 0 - - name: Fail if not running on the default branch - id: check-branch - if: github.ref != format('refs/heads/{0}', github.event.repository.default_branch) - env: - CURRENT_BRANCH: ${{ github.ref }} - run: | - echo "Not running on the default branch. Current ref is: $CURRENT_BRANCH" - exit 1 - - name: Set up Python & Poetry Environment id: set-up-python-and-poetry-environment uses: exasol/python-toolbox/.github/actions/python-environment@v9