Merge "Move safety checks to new Zuul job"

.zuul.yaml

@@ -17,6 +17,16 @@
     check:
       jobs:
         - openstack-tox-pep8
+        - spyglass-plugin-xls-dependency-vulnerability-check
     gate:
       jobs:
         - openstack-tox-pep8
+        - spyglass-plugin-xls-dependency-vulnerability-check
+
+- job:
+    name: spyglass-plugin-xls-dependency-vulnerability-check
+    parent: openstack-tox
+    voting: false
+    timeout: 600
+    vars:
+      tox_envlist: safety

tox.ini

@@ -35,13 +35,11 @@ commands =
   yapf -dr {toxinidir}/spyglass_plugin_xls {toxinidir}/setup.py {toxinidir}/tests
   flake8 {toxinidir}/spyglass_plugin_xls {toxinidir}/tests
   bandit -r spyglass_plugin_xls -n 5
-  safety check -r {toxinidir}/requirements.txt \
-               -r {toxinidir}/test-requirements.txt \
-               -r {toxinidir}/doc/requirements.txt --bare
 whitelist_externals =
   bash
 
 [testenv:safety]
+basepython = python3
 deps =
     safety
 commands =
@@ -50,6 +48,7 @@ commands =
     safety check -r {toxinidir}/doc/requirements.txt --full-report
 
 [testenv:bandit]
+basepython = python3
 deps =
     bandit
 commands = bandit -r spyglass_plugin_xls -n 5