pegleg/tox.ini
Alexander Hughes 766e53dfb4 Update safety check for Python dependencies
This patch:
1. Updates the `tox -e safety` command to run the Safety tool [0]
   against both the Pegleg requirements.txt and the
   doc/requirements.txt file used only when `tox -e docs` is run.
2. Updates doc/requirements.txt with pinned dependencies so that
   Safety can check those dependencies.

At the time of this patch it is expected for the non-voting Safety
gate to fail, because the Promenade version used by Pegleg requires
an insecure version of kubernetes, 3.0.0.  This version of Kubernetes
is impacted by [1] due to the urllib version being used.

[0] https://pypi.org/project/safety/
[1] https://nvd.nist.gov/vuln/detail/CVE-2018-20060

Change-Id: I64fb4b1ae7c2814ad0ae11222bf8be531d4f40a5
Signed-off-by: Alexander Hughes <Alexander.Hughes@pm.me>
2020-06-25 19:38:01 +00:00

124 lines
2.9 KiB
INI

[tox]
envlist = py36,py37,pep8,docs,cover
minversion = 2.3.1
skipsdist = True
[testenv]
usedevelop = True
setenv =
VIRTUAL_ENV={envdir}
LANGUAGE=en_US
LC_ALL=en_US.utf-8
PIPENV_VERBOSITY=-1
PIPENV_IGNORE_PIPFILE=1
deps =
pipenv
passenv = http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY PBR_VERSION
whitelist_externals =
bash
find
commands =
pipenv install --dev
find . -type f -name "*.pyc" -delete
bash -c "{toxinidir}/tools/install-cfssl.sh"
{toxinidir}/tools/gate/run-unit-tests.sh '{posargs}'
[testenv:fmt]
basepython = python3
deps =
pipenv
commands =
pipenv install --dev
yapf -ir {toxinidir}/pegleg {toxinidir}/tests
[testenv:pep8]
basepython = python3
deps =
pipenv
safety
commands =
pipenv install --dev
bash -c "{toxinidir}/tools/gate/whitespace-linter.sh"
bandit -r pegleg -n 5
flake8 {toxinidir}/pegleg
yapf -dr {toxinidir}/pegleg {toxinidir}/tests
whitelist_externals =
bash
[testenv:docs]
basepython = python3
deps =
pipenv
-r{toxinidir}/doc/requirements.txt
commands =
pipenv install --dev
bash -c "{toxinidir}/tools/gate/build-docs.sh"
whitelist_externals =
bash
[testenv:bandit]
basepython = python3
commands = bandit -r pegleg -n 5
[testenv:safety]
basepython = python3
deps =
pipenv
safety
commands =
pipenv check
safety check -r {toxinidir}/requirements.txt -r {toxinidir}/doc/requirements.txt --full-report
[testenv:cover]
basepython = python3
deps =
pipenv
commands =
pipenv install --dev
{toxinidir}/tools/install-cfssl.sh
bash -c 'PATH=$PATH:~/.local/bin; pytest --cov=pegleg --cov-report \
html:cover --cov-report xml:cover/coverage.xml --cov-report term \
--cov-fail-under 87 tests/'
whitelist_externals =
bash
[testenv:update-requirements]
deps =
pipenv
commands =
pipenv lock --clear
bash -c "pipenv lock -r > {toxinidir}/requirements.txt"
whitelist_externals =
bash
[testenv:releasenotes]
basepython = python3
deps = -r{toxinidir}/doc/requirements.txt
commands =
rm -rf releasenotes/build
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
whitelist_externals =
rm
[testenv:venv]
commands = {posargs}
[flake8]
filename = *.py
show-source = true
# [H106] Don't put vim configuration in source files.
# [H201] No 'except:' at least use 'except Exception:'
# [H904] Delay string interpolations at logging calls.
enable-extensions = H106,H201,H904
# TODO(lamt) Clean up these docstring violations if possible
# [H403] multi line docstrings should end on a new line
# [H404] multi line docstring should start without a leading new line
# [H405] multi line docstring summary not separated with an empty line
# [W503] line break before binary operator
ignore = H403,H404,H405,W503
exclude=.venv,.git,.tox,build,dist,*lib/python*,*egg,tools,*.ini,*.po,*.pot
max-complexity = 24
application-import-names = pegleg
application-package-names = deckhand,promenade,shipyard
import-order-style = pep8