diff --git a/.gitattributes b/.gitattributes
index bd17542..ec64578 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -9,6 +9,7 @@ dependencies.md linguist-generated=true
doc/changes/changelog.md linguist-generated=true
extension/package-lock.json linguist-generated=true
pk_generated_parent.pom linguist-generated=true
+.github/zizmor.yml linguist-generated=true
.settings/org.eclipse.jdt.core.prefs linguist-generated=true
.settings/org.eclipse.jdt.ui.prefs linguist-generated=true
diff --git a/.github/workflows/broken_links_checker.yml b/.github/workflows/broken_links_checker.yml
index 5b14f64..22c6b80 100644
--- a/.github/workflows/broken_links_checker.yml
+++ b/.github/workflows/broken_links_checker.yml
@@ -21,10 +21,11 @@ jobs:
cancel-in-progress: true
}
steps:
- - {
- id: checkout,
+ - id: checkout
uses: actions/checkout@v6
- }
+ with: {
+ persist-credentials: false
+ }
- id: configure-broken-links-checker
name: Configure broken links checker
run: |
@@ -36,7 +37,7 @@ jobs:
'{"pattern": "^https?://projects.eclipse.org"}' \
']}' > ./target/broken_links_checker.json
- id: run-broken-links-checker
- uses: tcort/github-action-markdown-link-check@v1
+ uses: tcort/github-action-markdown-link-check@e7c7a18363c842693fadde5d41a3bd3573a7a225
with: {
use-quiet-mode: yes,
use-verbose-mode: yes,
diff --git a/.github/workflows/ci-build.yml b/.github/workflows/ci-build.yml
index 366cc7b..e3b9603 100644
--- a/.github/workflows/ci-build.yml
+++ b/.github/workflows/ci-build.yml
@@ -51,7 +51,8 @@ jobs:
id: checkout
uses: actions/checkout@v6
with: {
- fetch-depth: 0
+ fetch-depth: 0,
+ persist-credentials: false
}
- name: Set up JDKs
id: setup-java
@@ -62,9 +63,6 @@ jobs:
11
17
cache: maven
- server-id: ossindex
- server-username: OSSINDEX_USERNAME
- server-password: OSSINDEX_API_TOKEN
- name: Cache SonarCloud packages
id: cache-sonar
uses: actions/cache@v5
@@ -87,19 +85,38 @@ jobs:
id: build-pk-verify
run: |
mvn --batch-mode clean verify \
+ -DossindexSkip=true \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
-DtrimStackTrace=false \
-Dcom.exasol.dockerdb.image=${{ matrix.exasol_db_version }}
env: {
- OSSINDEX_USERNAME: '${{ secrets.OSSINDEX_USERNAME }}',
- OSSINDEX_API_TOKEN: '${{ secrets.OSSINDEX_API_TOKEN }}',
EXASOL_DB_VERSION: '${{ matrix.exasol_db_version }}'
}
+ - name: Collect DB logs
+ if: ${{ always() }}
+ id: collect-db-logs
+ run: |
+ df -h
+ docker ps
+ CONTAINER_NAME=$(docker ps --filter "ancestor=exasol/docker-db:${{ matrix.exasol_db_version }}" --format "{{.Names}}")
+ mkdir -p /tmp/db-log/
+ docker cp "$CONTAINER_NAME:/exa/logs/" /tmp/db-log/
+ - name: Upload DB logs
+ if: ${{ always() }}
+ id: upload-db-logs
+ uses: actions/upload-artifact@v7
+ with: {
+ path: /tmp/db-log/,
+ name: 'exasol-db-log-${{ matrix.exasol_db_version }}',
+ retention-days: 3,
+ if-no-files-found: error
+ }
- name: Sonar analysis
id: sonar-analysis
if: ${{ env.SONAR_TOKEN != null && matrix.exasol_db_version == env.DEFAULT_EXASOL_DB_VERSION }}
run: |
mvn --batch-mode org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
+ -DossindexSkip=true \
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
-DtrimStackTrace=false \
-Dsonar.token=$SONAR_TOKEN
@@ -131,7 +148,7 @@ jobs:
'{"pattern": "^https?://(www.)?eclipse.org"}' \
'{"pattern": "^https?://projects.eclipse.org"}' \
']}' > ./target/broken_links_checker.json
- - uses: tcort/github-action-markdown-link-check@v1
+ - uses: tcort/github-action-markdown-link-check@e7c7a18363c842693fadde5d41a3bd3573a7a225
id: run-link-check
with: {
use-quiet-mode: yes,
@@ -156,7 +173,8 @@ jobs:
id: checkout
uses: actions/checkout@v6
with: {
- fetch-depth: 0
+ fetch-depth: 0,
+ persist-credentials: false
}
- name: Set up JDK 17
id: setup-java
@@ -164,22 +182,91 @@ jobs:
with: {
distribution: temurin,
java-version: '17',
- cache: maven,
- server-id: ossindex,
- server-username: OSSINDEX_USERNAME,
- server-password: OSSINDEX_API_TOKEN
+ cache: maven
}
- name: Run tests and build with Maven 17
id: build-next-java
- run: mvn --batch-mode clean package -DtrimStackTrace=false -Djava.version=17
+ run: |
+ mvn --batch-mode clean package -DtrimStackTrace=false -Djava.version=17 \
+ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn \
+ -DossindexSkip=true
+ ossindex:
+ runs-on: ubuntu-latest
+ defaults:
+ run: {
+ shell: bash
+ }
+ permissions: {
+ contents: read
+ }
+ concurrency: {
+ group: '${{ github.workflow }}-ossindex-${{ github.ref }}',
+ cancel-in-progress: true
+ }
+ steps:
+ - name: Checkout the repository
+ id: checkout
+ uses: actions/checkout@v6
+ with: {
+ persist-credentials: false
+ }
+ - name: Set up JDKs
+ id: setup-java
+ uses: actions/setup-java@v5
+ with:
+ distribution: temurin
+ java-version: |-
+ 11
+ 17
+ cache: maven
+ server-id: ossindex
+ server-username: OSSINDEX_USERNAME
+ server-password: OSSINDEX_API_TOKEN
+ - name: Run Ossindex
+ id: ossindex
+ run: |
+ mvn --batch-mode test-compile \
+ org.sonatype.ossindex.maven:ossindex-maven-plugin:audit \
+ org.sonatype.ossindex.maven:ossindex-maven-plugin:audit-aggregate \
+ -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn
env: {
OSSINDEX_USERNAME: '${{ secrets.OSSINDEX_USERNAME }}',
OSSINDEX_API_TOKEN: '${{ secrets.OSSINDEX_API_TOKEN }}'
}
+ lint-github-actions:
+ runs-on: ubuntu-latest
+ defaults:
+ run: {
+ shell: bash
+ }
+ permissions: {
+ security-events: write,
+ contents: read,
+ actions: read
+ }
+ concurrency: {
+ group: '${{ github.workflow }}-github-actions-linter-${{ github.ref }}',
+ cancel-in-progress: true
+ }
+ steps:
+ - name: Checkout the repository
+ id: checkout
+ uses: actions/checkout@v6
+ with: {
+ persist-credentials: false
+ }
+ - name: Lint GitHub actions with Zizmore
+ id: lint-github-actions
+ uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e
+ with: {
+ advanced-security: false
+ }
build:
needs: [
matrix-build,
- next-java-compatibility
+ next-java-compatibility,
+ ossindex,
+ lint-github-actions
]
runs-on: ubuntu-latest
defaults:
@@ -198,7 +285,8 @@ jobs:
id: checkout
uses: actions/checkout@v6
with: {
- fetch-depth: 0
+ fetch-depth: 0,
+ persist-credentials: false
}
- name: Set up JDKs
id: setup-java
diff --git a/.github/workflows/dependencies_check.yml b/.github/workflows/dependencies_check.yml
index 4307252..b006a34 100644
--- a/.github/workflows/dependencies_check.yml
+++ b/.github/workflows/dependencies_check.yml
@@ -4,7 +4,7 @@ on:
workflow_dispatch: null
schedule:
- {
- cron: 0 2 * * *
+ cron: 42 22 * * 0
}
jobs:
report_security_issues:
@@ -25,11 +25,12 @@ jobs:
cancel-in-progress: true
}
steps:
- - {
- name: Checkout,
- id: checkout,
+ - name: Checkout
+ id: checkout
uses: actions/checkout@v6
- }
+ with: {
+ persist-credentials: false
+ }
- name: Set up JDKs
id: setup-jdks
uses: actions/setup-java@v5
diff --git a/.github/workflows/dependencies_update.yml b/.github/workflows/dependencies_update.yml
index 1fd1e1f..73478fe 100644
--- a/.github/workflows/dependencies_update.yml
+++ b/.github/workflows/dependencies_update.yml
@@ -37,7 +37,8 @@ jobs:
- uses: actions/checkout@v6
id: checkout
with: {
- fetch-depth: 0
+ fetch-depth: 0,
+ persist-credentials: true
}
- name: Set up JDKs
id: setup-jdks
@@ -61,7 +62,11 @@ jobs:
uses: actions/github-script@v9
with:
script: |
- core.setFailed('Not running on a branch, github.ref is ${{ github.ref }}. Please start this workflow only on main or a branch')
+ const ref = process.env.GITHUB_REF
+ core.setFailed(`Not running on a branch, github.ref is '${ref}'. Please start this workflow only on main or a branch`)
+ env: {
+ GITHUB_REF: '${{ github.ref }}'
+ }
- name: Update dependencies
id: update-dependencies
run: |
@@ -159,7 +164,7 @@ jobs:
- name: Report failure Status to Slack channel
id: report-failure-slack
if: ${{ always() }}
- uses: ravsamhq/notify-slack-action@v2
+ uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2
with: {
status: '${{ job.status }}',
token: '${{ secrets.GITHUB_TOKEN }}',
@@ -173,7 +178,7 @@ jobs:
- name: Report new Pull Request to Slack channel
id: report-pr-slack
if: ${{ steps.create-pr.outputs.pr_url }}
- uses: ravsamhq/notify-slack-action@v2
+ uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2
with: {
status: '${{ job.status }}',
token: '${{ secrets.GITHUB_TOKEN }}',
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5e2b148..5baca97 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -77,7 +77,8 @@ jobs:
id: checkout
uses: actions/checkout@v6
with: {
- fetch-depth: 0
+ fetch-depth: 0,
+ persist-credentials: true
}
- name: Set up Maven Central Repository
id: configure-maven-central-credentials
@@ -88,7 +89,6 @@ jobs:
java-version: |-
11
17
- cache: maven
server-id: maven-central-portal
server-username: MAVEN_USERNAME
server-password: MAVEN_PASSWORD
@@ -110,7 +110,11 @@ jobs:
uses: actions/github-script@v9
with:
script: |
- core.setFailed('Not running on main or release branch, github.ref is ${{ github.ref }}. Please start this workflow only on main or a branch starting with release/')
+ const ref = process.env.GITHUB_REF
+ core.setFailed(`Not running on main or release branch, github.ref is '${ref}'. Please start this workflow only on main or a branch starting with release/`)
+ env: {
+ GITHUB_REF: '${{ github.ref }}'
+ }
- name: Check CI build of this commit succeeded
id: check-ci-build-status
if: ${{ ! inputs.started-from-ci }}
@@ -142,7 +146,7 @@ jobs:
- {
name: Build project,
id: build,
- run: mvn --batch-mode -DskipTests -Dossindex.skip=true clean verify
+ run: mvn --batch-mode -DskipTests -DossindexSkip=true clean verify
}
- {
name: List secret GPG keys,
@@ -155,7 +159,7 @@ jobs:
if: ${{ false && (! inputs.skip-maven-central) }}
run: |
echo "#### Maven Central Release" >> "$GITHUB_STEP_SUMMARY"
- mvn --batch-mode -Dgpg.skip=false -DskipTests -Dossindex.skip=true deploy \
+ mvn --batch-mode -Dgpg.skip=false -DskipTests -DossindexSkip=true deploy \
-Dcentral-publishing.deploymentName="Auto release of repo ${{ github.repository }} using PK release.yml" \
-Dcentral-publishing.autoPublish=${{ inputs.maven-central-auto-publish }}
if [[ "${{ inputs.maven-central-auto-publish }}" == "true" ]]; then
@@ -236,7 +240,7 @@ jobs:
- name: Report failure Status to Slack channel
id: report-failure-status-slack
if: ${{ always() }}
- uses: ravsamhq/notify-slack-action@v2
+ uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2
with: {
status: '${{ job.status }}',
token: '${{ github.token }}',
@@ -250,7 +254,7 @@ jobs:
- name: Report new release to Slack channel
id: report-new-release-slack
if: ${{ steps.create-github-release.outputs.release-url }}
- uses: ravsamhq/notify-slack-action@v2
+ uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2
with: {
status: '${{ job.status }}',
token: '${{ github.token }}',
diff --git a/.github/zizmor.yml b/.github/zizmor.yml
new file mode 100644
index 0000000..bd1b52d
--- /dev/null
+++ b/.github/zizmor.yml
@@ -0,0 +1,31 @@
+# Generated by Project Keeper
+# https://github.com/exasol/project-keeper/blob/main/project-keeper/src/main/resources/templates/.github/zizmor.yml
+# See https://docs.zizmor.sh/configuration/#settings
+rules:
+ unpinned-uses:
+ config:
+ policies:
+ "actions/*": ref-pin
+ "exasol/python-toolbox/.github/actions/security-issues": ref-pin
+ "*": hash-pin
+ cache-poisoning:
+ ignore:
+ # Enabling caching is OK for non-release workflows
+ - ci-build.yml
+ - ci-build-native-build.yml
+ - ci-build-db-version-matrix.yml
+ - project-keeper-verify.yml
+ - test_on_windows.yml
+ - test_linux_build_on_windows.yml
+ obfuscation:
+ ignore:
+ # Generated workflows use boolean conditions like ${{ false }}
+ - ci-build.yml
+ - release.yml
+ secrets-inherit:
+ ignore:
+ # Required for passing slack webhooks
+ - ci-build.yml
+ - ci-build-db-version-matrix.yml
+ - dependencies_check.yml
+ - release.yml
diff --git a/.project-keeper.yml b/.project-keeper.yml
index 759b12a..b7aa1a4 100644
--- a/.project-keeper.yml
+++ b/.project-keeper.yml
@@ -30,3 +30,30 @@ build:
name: Fix VM Crash in UDFs
id: fix-vm-crash
run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+ - action: INSERT_AFTER
+ job: matrix-build
+ stepId: build-pk-verify
+ content:
+ name: Collect DB logs
+ if: ${{ always() }}
+ id: collect-db-logs
+ run: |
+ df -h
+ docker ps
+ CONTAINER_NAME=$(docker ps --filter "ancestor=exasol/docker-db:${{ matrix.exasol_db_version }}" --format "{{.Names}}")
+ mkdir -p /tmp/db-log/
+ docker cp "$CONTAINER_NAME:/exa/logs/" /tmp/db-log/
+
+ - action: INSERT_AFTER
+ job: matrix-build
+ stepId: collect-db-logs
+ content:
+ name: Upload DB logs
+ if: ${{ always() }}
+ id: upload-db-logs
+ uses: actions/upload-artifact@v7
+ with:
+ path: /tmp/db-log/
+ name: exasol-db-log-${{ matrix.exasol_db_version }}
+ retention-days: 3
+ if-no-files-found: error
diff --git a/doc/changes/changes_5.0.0.md b/doc/changes/changes_5.0.0.md
index 6e9ff99..22eb2a5 100644
--- a/doc/changes/changes_5.0.0.md
+++ b/doc/changes/changes_5.0.0.md
@@ -1,4 +1,4 @@
-# Oracle Virtual Schema 5.0.0, released 2026-04-30
+# Oracle Virtual Schema 5.0.0, released 2026-05-05
Code name: Anonymous telemetry
@@ -44,7 +44,7 @@ Starting with this release, the Oracle Virtual Schema does not support Exasol ve
#### Plugin Dependency Updates
* Updated `com.exasol:error-code-crawler-maven-plugin:2.0.6` to `2.0.7`
-* Updated `com.exasol:project-keeper-maven-plugin:5.4.6` to `5.5.2`
+* Updated `com.exasol:project-keeper-maven-plugin:5.4.6` to `5.6.1`
* Updated `io.github.git-commit-id:git-commit-id-maven-plugin:9.0.2` to `10.0.0`
* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.5.4` to `3.5.5`
* Updated `org.apache.maven.plugins:maven-resources-plugin:3.4.0` to `3.5.0`
diff --git a/pk_generated_parent.pom b/pk_generated_parent.pom
index de6b469..43be154 100644
--- a/pk_generated_parent.pom
+++ b/pk_generated_parent.pom
@@ -13,6 +13,7 @@
exasol
https://sonarcloud.io
+ false
@@ -171,6 +172,8 @@
3.2.0
ossindex
+
+ ${ossindexSkip}
diff --git a/pom.xml b/pom.xml
index 900820a..2e98aab 100644
--- a/pom.xml
+++ b/pom.xml
@@ -170,7 +170,7 @@
com.exasol
project-keeper-maven-plugin
- 5.5.2
+ 5.6.1
diff --git a/src/test/java/com/exasol/adapter/dialects/oracle/OracleSqlDialectIT.java b/src/test/java/com/exasol/adapter/dialects/oracle/OracleSqlDialectIT.java
index 54e9d6c..ebe0561 100644
--- a/src/test/java/com/exasol/adapter/dialects/oracle/OracleSqlDialectIT.java
+++ b/src/test/java/com/exasol/adapter/dialects/oracle/OracleSqlDialectIT.java
@@ -79,6 +79,7 @@ void testDuplicateDecimalLiterals(final String schema) throws SQLException {
}
}
+ @Disabled("Tests will be reactivated in https://github.com/exasol/oracle-virtual-schema/issues/89")
@ParameterizedTest
// This only works for IMPORT_FROM_ORA=true when GENERATE_JDBC_DATATYPE_MAPPING_FOR_OCI=true
@ValueSource(strings = { VIRTUAL_SCHEMA_JDBC, VIRTUAL_SCHEMA_JDBC_NUMBER_TO_DECIMAL,
@@ -864,7 +865,8 @@ void testIntervalDay(final String virtualSchemaName) throws SQLException {
// - Col c: timestamp with time zone
@ParameterizedTest
@CsvSource(value = {
- // Actual value for column b depends on DST (daylight saving time), see https://github.com/exasol/oracle-virtual-schema/issues/86
+ // Actual value for column b depends on DST (daylight saving time), see
+ // https://github.com/exasol/oracle-virtual-schema/issues/86
"VIRTUAL_SCHEMA_JDBC ! ('2018-01-01 11:00:00.0', '2018-01-01 12:00:00.0', '2018-01-01 11:00:00.000')", //
"VIRTUAL_SCHEMA_ORACLE_JDBC_MAPPING ! ('2018-01-01 11:00:00.0', '2018-01-01 10:00:00.0', '2018-01-01 10:00:00.000')" }, //
delimiter = '!')