exasol · ArBridgeman · Dec 23, 2025 · Dec 23, 2025 · Dec 23, 2025 · Dec 23, 2025
diff --git a/.github/workflows/build-and-publish.yml b/.github/workflows/build-and-publish.yml
@@ -15,10 +15,10 @@ jobs:
       contents: write
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
 
       - name: Build Artifacts
         run: poetry build

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -4,6 +4,7 @@ on:
   push:
     tags:
       - '**'
+      - '!v*'
 
 jobs:
 
@@ -14,6 +15,7 @@ jobs:
       contents: read
 
   cd-job:
+    needs: [ check-tag-version-job ]
     name: Continuous Delivery
     uses: ./.github/workflows/build-and-publish.yml
     permissions:
@@ -29,4 +31,3 @@ jobs:
       contents: read
       pages: write
       id-token: write
-
diff --git a/.github/workflows/check-release-tag.yml b/.github/workflows/check-release-tag.yml
@@ -12,10 +12,10 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
 
       - name: Check Tag Version
         # make sure the pushed/created tag matched the project version

diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -11,12 +11,12 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
 
       - name: Check Version(s)
         run: poetry run -- nox -s version:check
@@ -29,10 +29,10 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
 
       - name: Build Documentation
         run: |
@@ -56,10 +56,10 @@ jobs:
     if: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/master' }}
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
 
       - name: Run changelog update check
         run: poetry run -- nox -s changelog:updated
@@ -75,18 +75,18 @@ jobs:
       matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
         with:
           python-version: ${{ matrix.python-version }}
 
       - name: Run lint
         run: poetry run -- nox -s lint:code
 
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v4.6.2
+        uses: actions/upload-artifact@v5
         with:
           name: lint-python${{ matrix.python-version }}
           path: |
@@ -106,10 +106,10 @@ jobs:
 
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -128,18 +128,18 @@ jobs:
 
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
         with:
           python-version: ${{ matrix.python-version }}
 
       - name: Run security linter
         run: poetry run -- nox -s lint:security
 
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v4.6.2
+        uses: actions/upload-artifact@v5
         with:
           name: security-python${{ matrix.python-version }}
           path: .security.json
@@ -152,40 +152,54 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
 
       - name: Run format check
-        run: poetry run -- nox -s project:format
+        run: poetry run -- nox -s format:check
+
+  Build-Packages:
+    name: Build Package Check
+    needs: [ Documentation, Lint, Type-Check, Security, Format ]
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v5
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
+
+      - name: Run Distribution Check
+        run: poetry run -- nox -s package:check
 
   Tests:
     name: Unit-Tests (Python-${{ matrix.python-version }})
-    needs: [ Documentation, Lint, Type-Check, Security, Format, build-matrix ]
+    needs: [ Build-Packages, build-matrix ]
     runs-on: ubuntu-24.04
     permissions:
       contents: read
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
 
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
         with:
           python-version: ${{ matrix.python-version }}
 
       - name: Run Tests and Collect Coverage
         run: poetry run -- nox -s test:unit -- --coverage
 
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v4.6.2
+        uses: actions/upload-artifact@v5
         with:
           name: coverage-python${{ matrix.python-version }}-fast
           path: .coverage

diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml
@@ -12,12 +12,12 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
 
       - name: Build Documentation
         run: |

diff --git a/.github/workflows/matrix-all.yml b/.github/workflows/matrix-all.yml
@@ -0,0 +1,30 @@
+name: Build Matrix (All Versions)
+
+on:
+  workflow_call:
+    outputs:
+      matrix:
+        description: "Generates the all versions build matrix"
+        value: ${{ jobs.all_versions.outputs.matrix }}
+
+jobs:
+  all_versions:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v5
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
+
+      - name: Generate matrix
+        run: poetry run -- nox -s matrix:all
+
+      - id: set-matrix
+        run: |
+          echo "matrix=$(poetry run -- nox -s matrix:all)" >> $GITHUB_OUTPUT
+
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
diff --git a/.github/workflows/matrix-python.yml b/.github/workflows/matrix-python.yml
@@ -14,10 +14,10 @@ jobs:
       contents: read
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
 
       - name: Generate matrix
         run: poetry run -- nox -s matrix:python

diff --git a/.github/workflows/merge-gate.yml b/.github/workflows/merge-gate.yml
@@ -11,8 +11,23 @@ jobs:
     permissions:
       contents: read
 
+  run-slow-tests:
+    name: Run Slow Tests
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+
+    # Even though the environment "manual-approval" will be created automatically,
+    # it still needs to be configured to require interactive review.
+    # See project settings on GitHub (Settings / Environments / manual-approval).
+    environment: manual-approval
+    steps:
+      - name: Tests
+        run: echo "Slow tests approved"
+
   slow-checks:
     name: Slow
+    needs: [ run-slow-tests ]
     uses: ./.github/workflows/slow-checks.yml
     secrets: inherit
     permissions:

diff --git a/.github/workflows/report.yml b/.github/workflows/report.yml
@@ -14,15 +14,15 @@ jobs:
 
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
 
       - name: Download Artifacts
-        uses: actions/download-artifact@v4.2.1
+        uses: actions/download-artifact@v6
         with:
           path: ./artifacts
 
@@ -41,7 +41,7 @@ jobs:
         run: poetry run -- nox -s project:report -- --format json | tee metrics.json
 
       - name: Upload Artifacts
-        uses: actions/upload-artifact@v4.6.2
+        uses: actions/upload-artifact@v5
         with:
           name: metrics.json
           path: metrics.json

diff --git a/.github/workflows/slow-checks.yml b/.github/workflows/slow-checks.yml
@@ -4,35 +4,42 @@ on:
   workflow_call:
 
 jobs:
+  build-matrix:
+    name: Generate Build Matrix
+    uses: ./.github/workflows/matrix-all.yml
+    permissions:
+      contents: read
 
-  slow-checks:
-    name: Slow
+  tests:
+    name: Integration-Tests (Python-${{ matrix.python-version }}, Exasol-${{ matrix.exasol-version}})
+    needs: [ build-matrix ]
     runs-on: ubuntu-24.04
-    environment: slow-tests
     permissions:
       contents: read
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     strategy:
-      matrix:
-        python-version: ["3.10"]
+      fail-fast: false
+      matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
+
     steps:
       - name: SCM Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.6.0
+        uses: exasol/python-toolbox/.github/actions/python-environment@v4
         with:
           python-version: ${{ matrix.python-version }}
+
+      - name: Allow unprivileged user namespaces
+        run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
 
-      - name: Tests
-        env:
-          SAAS_HOST: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_HOST }}
-          SAAS_ACCOUNT_ID: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_ACCOUNT_ID }}
-          SAAS_PAT: ${{ secrets.INTEGRATION_TEAM_SAAS_STAGING_PAT }}
-        run: poetry run -- pytest --backend=onprem test/integration
+      - name: Run Tests and Collect Coverage
+        run: poetry run -- nox -s test:integration -- -s --coverage --db-version ${{ matrix.exasol-version }} --backend=onprem
 
-#      - name: Upload Artifacts
-#        uses: actions/upload-artifact@v4.6.2
-#        with:
-#          name: coverage-python${{ matrix.python-version }}-slow
-#          path: .coverage
-#          include-hidden-files: true
+      - name: Upload Artifacts
+        uses: actions/upload-artifact@v5
+        with:
+          name: coverage-python${{ matrix.python-version }}-exasol${{ matrix.exasol-version }}-slow
+          path: .coverage
+          include-hidden-files: true
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -8,7 +8,7 @@ repos:
         types: [ python ]
         pass_filenames: false
         language: system
-        entry: poetry run -- nox -s project:fix
+        entry: poetry run -- nox -s format:fix
 
   - repo: local
     hooks:

diff --git a/doc/changes/changes_0.8.0.md b/doc/changes/changes_0.8.0.md
@@ -10,7 +10,7 @@ Dependency updates
 
   Security vulnerabilities have been addressed, hence we advise users of
   our library to update and check the security of their own dependency tree.
-  E.g. by using a vulnerability scanner like [trivy](https://trivy.dev/v0.17.2/).
+  E.g. by using a vulnerability scanner like [trivy](https://trivy.dev/docs/latest/scanner/vulnerability/).
 
 * Updated dependencies to address security issue (internal: poetry.lock)
   * CVE-2023-0286