taosdata · zitsen · Feb 25, 2026 · Feb 12, 2026 · Feb 12, 2026 · Feb 12, 2026
diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
@@ -8,7 +8,8 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v1
+        uses: actions/checkout@v6
+
       - name: Poetry Setup
         uses: abatilo/actions-poetry@v2
         with:

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
       - name: Poetry Setup
         uses: abatilo/actions-poetry@v2
@@ -21,15 +21,14 @@ jobs:
       - name: Publish to PyPI
         env:
           PYPI_TOKEN: ${{ secrets.PYPI_TOKEN }}
-        run: |
-          poetry publish --build -n --username __token__ --password "$PYPI_TOKEN"
+        run: poetry publish --build -n --username __token__ --password "$PYPI_TOKEN"
 
   release:
     name: GitHub Release
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v6
 
       - name: Get CMake
         uses: lukka/get-cmake@latest
@@ -42,85 +41,82 @@ jobs:
           sudo apt-get install -y build-essential
 
       - name: Setup Python
-        run: |
-          sudo apt-get install -y python3 python3-pip python-is-python3
+        run: sudo apt-get install -y python3 python3-pip python-is-python3
 
-      - name: Poetry Setup
-        uses: abatilo/actions-poetry@v2
+      - name: Install Poetry
+        uses: snok/install-poetry@v1
         with:
-          poetry-version: 1.2
+          version: 1.8.5
+          virtualenvs-create: true
+          virtualenvs-in-project: true
+          installer-parallel: true
 
-      # Poetry cache with default ~.cache/pypoetry directory.
-      # Update it when `poetry.lock` file changed.
       - name: Cache Poetry
         id: cache-poetry
         uses: actions/cache@v4
         with:
           path: ~/.cache/pypoetry
           key: ubuntu-22.04-poetry-${{ hashFiles('**/poetry.lock') }}
 
-      #----------------------------------------------
-      # install dependencies if cache does not exist
-      #----------------------------------------------
       - name: Install dependencies
         if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
         run: |
           sudo apt install -y gnome-keyring
           pip3 install --upgrade requests
           poetry install --no-interaction --with=test --no-root
 
-      #----------------------------------------------
-      # install your root project, if required
-      #----------------------------------------------
       - name: Install library
         run: poetry install --no-interaction --with=test
 
-      - name: Set up Go
-        uses: actions/setup-go@v2
-        with:
-          go-version: 1.18
+      # - name: Set up Go
+      #   uses: actions/setup-go@v2
+      #   with:
+      #     go-version: 1.18
+
+      # - name: Build TDengine
+      #   run: |
+      #     git clone --depth 1 https://github.com/taosdata/TDengine.git -b 2.4
+      #     cd TDengine
+      #     git submodule update --depth 1 --init --recursive
+      #     mkdir build
+      #     cd build
+      #     cmake ../ -DBUILD_HTTP=false -DBUILD_DEPENDENCY_TESTS=false -DBUILD_JDBC=false -DCMAKE_INSTALL_PREFIX:PATH=`realpath ../../local/`
+      #     make -j14
+      #     cd ../../
+
+      # - name: Start TDengine
+      #   run: |
+      #     tree TDengine/build/build/
+      #     export C_INCLUDE_PATH=$PWD/TDengine/build/build/bin
+      #     export LD_LIBRARY_PATH=$PWD/TDengine/build/build/lib
+      #     mkdir -p /tmp/taos/
+      #     printf "dataDir /tmp/taos\nlogDir /tmp/taos/\n" > /tmp/taos/taos.cfg
+      #     ./TDengine/build/build/bin/taosadapter &
+      #     ./TDengine/build/build/bin/taosd -c /tmp/taos/ &
+
+      # - name: Run Tests
+      #   run: |
+      #     export LD_LIBRARY_PATH=$PWD/TDengine/build/build/lib
+      #     export TDENGINE_URL=localhost:6041
+      #     poetry run pytest tests
 
-      - name: Build TDengine
-        run: |
-          git clone --depth 1 https://github.com/taosdata/TDengine.git -b 2.4
-          cd TDengine
-          git submodule update --depth 1 --init --recursive
-          mkdir build
-          cd build
-          cmake ../ -DBUILD_HTTP=false -DBUILD_DEPENDENCY_TESTS=false -DBUILD_JDBC=false -DCMAKE_INSTALL_PREFIX:PATH=`realpath ../../local/`
-          make -j14
-          cd ../../
-
-      - name: Start TDengine
-        run: |
-          tree TDengine/build/build/
-          export C_INCLUDE_PATH=$PWD/TDengine/build/build/bin
-          export LD_LIBRARY_PATH=$PWD/TDengine/build/build/lib
-          mkdir -p /tmp/taos/
-          printf "dataDir /tmp/taos\nlogDir /tmp/taos/\n" > /tmp/taos/taos.cfg
-          ./TDengine/build/build/bin/taosadapter &
-          ./TDengine/build/build/bin/taosd -c /tmp/taos/ &
-
-      #----------------------------------------------
-      #              run test suite
-      #----------------------------------------------
-      - name: Test
-        run: |
-          export LD_LIBRARY_PATH=$PWD/TDengine/build/build/lib
-          export TDENGINE_URL=localhost:6041
-          poetry run pytest tests
       - name: Build Artifacts
-        run: |
-          poetry build
+        run: poetry build
 
       - name: Generate Changelog
+        run: ./ci/extract-changelog.sh > ${{ github.workflow }}-CHANGELOG.txt
+
+      - name: Create SBOM
         run: |
-          ./ci/extract-changelog.sh > ${{ github.workflow }}-CHANGELOG.txt
+          pip3 install cyclonedx-bom
+          cyclonedx-py environment --output-format JSON --output-file taospy-sbom.cdx.json
+
       - name: Release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           body_path: ${{ github.workflow }}-CHANGELOG.txt
           files: |
             dist/*
+            taospy-sbom.cdx.json
diff --git a/.github/workflows/taos-ws-py-sbom.yml b/.github/workflows/taos-ws-py-sbom.yml
@@ -0,0 +1,41 @@
+name: taos-ws-py-sbom
+
+on:
+  pull_request:
+    branches:
+      - "main"
+      - "3.0"
+    paths:
+      - "taos-ws-py/**"
+      - ".github/workflows/taos-ws-py*.yml"
+  release:
+    types:
+      - published
+
+jobs:
+  sbom:
+    name: Generate and Scan SBOM
+    if: github.event_name != 'release' || startsWith(github.event.release.tag_name, 'taos-ws-py-')
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: write
+    env:
+      SBOM_FILENAME: "taos-ws-py-sbom.cdx.json"
+    steps:
+      - uses: actions/checkout@v6
+
+      - name: Create SBOM
+        uses: anchore/sbom-action@v0
+        with:
+          path: ./taos-ws-py/
+          format: cyclonedx-json
+          output-file: "${{ env.SBOM_FILENAME }}"
+          artifact-name: "${{ env.SBOM_FILENAME }}"
+
+      - name: Scan SBOM
+        uses: anchore/scan-action@v7
+        with:
+          sbom: "${{ env.SBOM_FILENAME }}"
+          cache-db: true
+          output-format: "table"
diff --git a/.grype.yaml b/.grype.yaml
@@ -0,0 +1,12 @@
+ignore:
+  - vulnerability: GHSA-4p46-pwfr-66x6
+    package:
+      name: ring
+      version: 0.17.8
+      type: rust-crate
+
+  - vulnerability: GHSA-pph8-gcv7-4qj5
+    package:
+      name: pyo3
+      version: 0.17.3
+      type: rust-crate
diff --git a/taos-ws-py/Cargo.lock b/taos-ws-py/Cargo.lock