#98: Updated saas-api to version >1.0,<2.0 and pytest-backend (#100)

* #98: Updated saas-api to version >1.0,<2.0 and pytest-backend
* Updated PTB generated workflows
* Fixed type hints
* Inherit secrets

Author: ckunki

.github/workflows/build-and-publish.yml

@@ -11,13 +11,14 @@ jobs:
   cd-job:
     name: Continuous Delivery
     runs-on: ubuntu-24.04
+    permissions:
+      contents: write
     steps:
-
       - name: SCM Checkout
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
 
       - name: Build Artifacts
         run: poetry build

.github/workflows/cd.yml

@@ -10,15 +10,23 @@ jobs:
   check-tag-version-job:
     name: Check Release Tag
     uses: ./.github/workflows/check-release-tag.yml
+    permissions:
+      contents: read
 
   cd-job:
     name: Continuous Delivery
     uses: ./.github/workflows/build-and-publish.yml
+    permissions:
+      contents: write
     secrets:
       PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
 
   publish-docs:
     needs: [ cd-job ]
     name: Publish Documentation
     uses: ./.github/workflows/gh-pages.yml
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
 

.github/workflows/check-release-tag.yml

@@ -1,20 +1,21 @@
 name: Check Release Tag
 
-on: workflow_call
+on:
+  workflow_call:
 
 jobs:
 
   check-tag-version-job:
-
     name: Check Tag Version
     runs-on: ubuntu-24.04
-
+    permissions:
+      contents: read
     steps:
       - name: SCM Checkout
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
 
       - name: Check Tag Version
         # make sure the pushed/created tag matched the project version

.github/workflows/checks.yml

@@ -4,34 +4,35 @@ on:
   workflow_call:
 
 jobs:
-
   Version-Check:
     name: Version
     runs-on: ubuntu-24.04
-
+    permissions:
+      contents: read
     steps:
       - name: SCM Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
 
       - name: Check Version(s)
-        run: poetry run -- version-check version.py
+        run: poetry run -- nox -s version:check
 
   Documentation:
     name: Docs
     needs: [ Version-Check ]
     runs-on: ubuntu-24.04
-
+    permissions:
+      contents: read
     steps:
       - name: SCM Checkout
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
 
       - name: Build Documentation
         run: |
@@ -40,18 +41,21 @@ jobs:
   build-matrix:
     name: Generate Build Matrix
     uses: ./.github/workflows/matrix-python.yml
+    permissions:
+      contents: read
 
   Changelog:
     name: Changelog Update Check
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     if: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/master' }}
-
     steps:
       - name: SCM Checkout
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
 
       - name: Run changelog update check
         run: poetry run -- nox -s changelog:updated
@@ -60,24 +64,25 @@ jobs:
     name: Linting (Python-${{ matrix.python-version }})
     needs: [ Version-Check, build-matrix ]
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
-
     steps:
       - name: SCM Checkout
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
         with:
           python-version: ${{ matrix.python-version }}
 
       - name: Run lint
         run: poetry run -- nox -s lint:code
 
       - name: Upload Artifacts
-        uses: actions/[email protected].0
+        uses: actions/[email protected].2
         with:
           name: lint-python${{ matrix.python-version }}
           path: |
@@ -89,6 +94,8 @@ jobs:
     name: Type Checking (Python-${{ matrix.python-version }})
     needs: [ Version-Check, build-matrix ]
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
@@ -98,7 +105,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
         with:
           python-version: ${{ matrix.python-version }}
 
@@ -109,6 +116,8 @@ jobs:
     name: Security Checks (Python-${{ matrix.python-version }})
     needs: [ Version-Check, build-matrix ]
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
       matrix: ${{ fromJson(needs.build-matrix.outputs.matrix) }}
@@ -118,15 +127,15 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
         with:
           python-version: ${{ matrix.python-version }}
 
       - name: Run security linter
         run: poetry run -- nox -s lint:security
 
       - name: Upload Artifacts
-        uses: actions/[email protected].0
+        uses: actions/[email protected].2
         with:
           name: security-python${{ matrix.python-version }}
           path: .security.json
@@ -135,21 +144,24 @@ jobs:
   Format:
     name: Format Check
     runs-on: ubuntu-24.04
-
+    permissions:
+      contents: read
     steps:
       - name: SCM Checkout
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
 
       - name: Run format check
         run: poetry run -- nox -s project:format
 
   Tests:
-    name: Unit-Tests (Python-${{ matrix.python-version }}, Exasol-${{ matrix.exasol-version}})
+    name: Unit-Tests (Python-${{ matrix.python-version }})
     needs: [ Documentation, Lint, Type-Check, Security, Format, build-matrix ]
     runs-on: ubuntu-24.04
+    permissions:
+      contents: read
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     strategy:
@@ -161,15 +173,15 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
         with:
           python-version: ${{ matrix.python-version }}
 
       - name: Run Tests and Collect Coverage
         run: poetry run -- nox -s test:unit -- --coverage
 
       - name: Upload Artifacts
-        uses: actions/[email protected].0
+        uses: actions/[email protected].2
         with:
           name: coverage-python${{ matrix.python-version }}-fast
           path: .coverage

.github/workflows/ci.yml

@@ -8,15 +8,19 @@ on:
       - "main"
       - "master"
   schedule:
-    # “At 00:00 on every 7th day-of-month from 1 through 31.” (https://crontab.guru)
+    # "At 00:00 on every 7th day-of-month from 1 through 31." (https://crontab.guru)
     - cron: "0 0 1/7 * *"
 
 jobs:
 
   CI:
     uses: ./.github/workflows/merge-gate.yml
     secrets: inherit
+    permissions:
+      contents: read
 
   Metrics:
     needs: [ CI ]
     uses: ./.github/workflows/report.yml
+    permissions:
+      contents: read

.github/workflows/gh-pages.yml

@@ -6,26 +6,40 @@ on:
 
 jobs:
 
-  documentation-job:
+  build-documentation:
     runs-on: ubuntu-24.04
-
+    permissions:
+      contents: read
     steps:
       - name: SCM Checkout
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
       - name: Setup Python & Poetry Environment
-        uses: exasol/python-toolbox/.github/actions/python-environment@1.0.1
+        uses: exasol/python-toolbox/.github/actions/python-environment@1.4.0
 
       - name: Build Documentation
         run: |
           poetry run -- nox -s docs:multiversion
+          rm -r .html-documentation/*/.doctrees
 
-      - name: Deploy
-        uses: JamesIves/github-pages-[email protected]
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
         with:
-          branch: gh-pages
-          folder: .html-documentation
-          git-config-name: Github Action
-          git-config-email: [email protected]
+          path: .html-documentation
+
+  deploy-documentation:
+    needs: [ build-documentation ]
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.github/workflows/matrix-all.yml

@@ -0,0 +1,30 @@
+name: Build Matrix (All Versions)
+
+on:
+  workflow_call:
+    outputs:
+      matrix:
+        description: "Generates the all versions build matrix"
+        value: ${{ jobs.all_versions.outputs.matrix }}
+
+jobs:
+  all_versions:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+
+      - name: Generate matrix
+        run: poetry run -- nox -s matrix:all
+
+      - id: set-matrix
+        run: |
+          echo "matrix=$(poetry run -- nox -s matrix:all)" >> $GITHUB_OUTPUT
+
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}

.github/workflows/matrix-exasol.yml

@@ -0,0 +1,30 @@
+name: Build Matrix (Exasol)
+
+on:
+  workflow_call:
+    outputs:
+      matrix:
+        description: "Generates the exasol version build matrix"
+        value: ${{ jobs.exasol_versions.outputs.matrix }}
+
+jobs:
+  exasol_versions:
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: SCM Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python & Poetry Environment
+        uses: exasol/python-toolbox/.github/actions/[email protected]
+
+      - name: Generate matrix
+        run: poetry run -- nox -s matrix:exasol
+
+      - id: set-matrix
+        run: |
+          echo "matrix=$(poetry run -- nox -s matrix:exasol)" >> $GITHUB_OUTPUT
+
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}