Enable py3-bandit and py3-flake8 zuul jobs
This reverts commit 4146e2a859
.
Removed the calls to tox from within tox, and setup the
top level tox.ini for bandit and flake8 for the sub folders.
Change-Id: I682869c8e839f4f59cdce48cd0b97b4a4324f4a7
Story: 2004515
Task: 40232
Signed-off-by: albailey <Al.Bailey@windriver.com>
This commit is contained in:
parent
551de77c61
commit
2302b0fe2e
|
@ -7,8 +7,8 @@
|
||||||
check:
|
check:
|
||||||
jobs:
|
jobs:
|
||||||
- openstack-tox-linters
|
- openstack-tox-linters
|
||||||
# - py3-bandit
|
- py3-bandit
|
||||||
# - py3-flake8
|
- py3-flake8
|
||||||
- patch-tox-pylint
|
- patch-tox-pylint
|
||||||
- patch-tox-py27
|
- patch-tox-py27
|
||||||
- patch-tox-py36
|
- patch-tox-py36
|
||||||
|
@ -18,8 +18,8 @@
|
||||||
gate:
|
gate:
|
||||||
jobs:
|
jobs:
|
||||||
- openstack-tox-linters
|
- openstack-tox-linters
|
||||||
# - py3-bandit
|
- py3-bandit
|
||||||
# - py3-flake8
|
- py3-flake8
|
||||||
- patch-tox-pylint
|
- patch-tox-pylint
|
||||||
- patch-tox-py27
|
- patch-tox-py27
|
||||||
- patch-tox-py36
|
- patch-tox-py36
|
||||||
|
|
|
@ -2,6 +2,7 @@ hacking>=2.0<2.1
|
||||||
|
|
||||||
pycodestyle>=2.0.0 # MIT License
|
pycodestyle>=2.0.0 # MIT License
|
||||||
mock>=2.0.0 # BSD
|
mock>=2.0.0 # BSD
|
||||||
|
bandit!=1.6.0,>=1.1.0,<2.0.0
|
||||||
bashate >= 0.2
|
bashate >= 0.2
|
||||||
PyYAML >= 3.1.0
|
PyYAML >= 3.1.0
|
||||||
yamllint >= 0.5.2
|
yamllint >= 0.5.2
|
||||||
|
|
57
tox.ini
57
tox.ini
|
@ -67,6 +67,29 @@ commands =
|
||||||
filename=
|
filename=
|
||||||
*.preapply
|
*.preapply
|
||||||
*.preremove
|
*.preremove
|
||||||
|
*.py
|
||||||
|
# ignore below errors , will fix flake8 errors in future
|
||||||
|
# H101 Use TODO(NAME)
|
||||||
|
# H102 Apache 2.0 license header not found
|
||||||
|
# H105 Don't use author tags
|
||||||
|
# H306 imports not in alphabetical order
|
||||||
|
# H401 docstring should not start with a space
|
||||||
|
# H404 multi line docstring should start without a leading new line
|
||||||
|
# H405 multi line docstring summary not separated with an empty line
|
||||||
|
# Note: W503 and W504 are mutually exclusive. Must select one of them to suppress.
|
||||||
|
# W504 line break after binary operator
|
||||||
|
# E501 line too long. skipped because some of the code files include templates
|
||||||
|
# that end up quite wide
|
||||||
|
# F401 'XXXXX' imported but unused
|
||||||
|
show-source = True
|
||||||
|
ignore = H101,H102,H105,H306,H401,H404,H405,
|
||||||
|
W504,E501,F401
|
||||||
|
exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build,release-tag-*
|
||||||
|
# H106: Don't put vim configuration in source files (off by default).
|
||||||
|
# H203: Use assertIs(Not)None to check for None (off by default).
|
||||||
|
# enable: H904 Delay string interpolations at logging calls (off by default).
|
||||||
|
enable-extensions = H106 H203 H904
|
||||||
|
max-line-length = 120
|
||||||
|
|
||||||
[testenv:flake8]
|
[testenv:flake8]
|
||||||
basepython = python3
|
basepython = python3
|
||||||
|
@ -75,8 +98,8 @@ whitelist_externals = cp
|
||||||
tox
|
tox
|
||||||
recreate = True
|
recreate = True
|
||||||
commands = {[testenv]commands}
|
commands = {[testenv]commands}
|
||||||
tox -c cgcs-patch/cgcs-patch -e flake8
|
flake8 cgcs-patch/cgcs-patch/cgcs_patch
|
||||||
tox -c patch-alarm/patch-alarm -e flake8
|
flake8 patch-alarm/patch-alarm/patch_alarm
|
||||||
flake8 {toxinidir}/patch-scripts/kube-upgrade
|
flake8 {toxinidir}/patch-scripts/kube-upgrade
|
||||||
|
|
||||||
[testenv:venv]
|
[testenv:venv]
|
||||||
|
@ -108,15 +131,31 @@ commands = {[testenv]commands}
|
||||||
tox -c cgcs-patch/cgcs-patch -e py36
|
tox -c cgcs-patch/cgcs-patch -e py36
|
||||||
tox -c patch-alarm/patch-alarm -e py36
|
tox -c patch-alarm/patch-alarm -e py36
|
||||||
|
|
||||||
|
|
||||||
|
[bandit]
|
||||||
|
# B101: Test for use of assert
|
||||||
|
# B104: Test for binding to all interfaces
|
||||||
|
# B110: Try, Except, Pass detected.
|
||||||
|
# B303: Use of insecure MD2, MD4, MD5, or SHA1 hash function.
|
||||||
|
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
|
||||||
|
# B314: Blacklisted calls to xml.etree.ElementTree
|
||||||
|
# B318: Blacklisted calls to xml.dom.minidom
|
||||||
|
# B404: Import of subprocess module
|
||||||
|
# B405: import xml.etree
|
||||||
|
# B408: import xml.minidom
|
||||||
|
# B413: import pyCrypto
|
||||||
|
# B506: Test for use of yaml load
|
||||||
|
# B602: Test for use of popen with shell equals true
|
||||||
|
# B603: Test for use of subprocess without shell equals true
|
||||||
|
# B607: Test for starting a process with a partial path
|
||||||
|
skips = B101,B104,B110,B303,B311,B314,B318,B404,B405,B408,B413,B506,B602,B603,B607
|
||||||
|
exclude = tests
|
||||||
|
|
||||||
[testenv:bandit]
|
[testenv:bandit]
|
||||||
basepython = python3
|
basepython = python3
|
||||||
commands = {[testenv]commands}
|
description = Bandit code scan for *.py files source code folders
|
||||||
tox -c cgcs-patch/cgcs-patch -e bandit
|
deps = -r{toxinidir}/test-requirements.txt
|
||||||
tox -c patch-alarm/patch-alarm -e bandit
|
commands = bandit --ini tox.ini -r {toxinidir}/ -x '**/.tox/**,**/.eggs/**' -lll
|
||||||
deps = {[testenv]deps}
|
|
||||||
recreate = True
|
|
||||||
whitelist_externals = find
|
|
||||||
tox
|
|
||||||
|
|
||||||
[testenv:pylint]
|
[testenv:pylint]
|
||||||
basepython = python2.7
|
basepython = python2.7
|
||||||
|
|
Loading…
Reference in New Issue