From 2b585d1e4082bef18fb278c8aa44d404c66daba7 Mon Sep 17 00:00:00 2001
From: Ian H Pittwood <pittwoodian@gmail.com>
Date: Fri, 19 Jul 2019 15:21:03 -0500
Subject: [PATCH] Move safety checks to new Zuul job

Moves the dependency vulnerability checks from pep8 tox check to a new
Zuul job. This allows setting the job to not be voting as the database
used for safety has been flaky recently.

Changes basepython to python3 for safety and bandit jobs.

Related change: https://review.opendev.org/#/c/671847

Change-Id: I3bbc15aec795ff901e442e17d2ab974fd5da90ef
---
 .zuul.yaml | 10 ++++++++++
 tox.ini    |  5 ++---
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/.zuul.yaml b/.zuul.yaml
index 17f6011..c9ec30d 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -17,6 +17,16 @@
     check:
       jobs:
         - openstack-tox-pep8
+        - spyglass-plugin-xls-dependency-vulnerability-check
     gate:
       jobs:
         - openstack-tox-pep8
+        - spyglass-plugin-xls-dependency-vulnerability-check
+
+- job:
+    name: spyglass-plugin-xls-dependency-vulnerability-check
+    parent: openstack-tox
+    voting: false
+    timeout: 600
+    vars:
+      tox_envlist: safety
diff --git a/tox.ini b/tox.ini
index 8669f2f..9a2959c 100644
--- a/tox.ini
+++ b/tox.ini
@@ -35,13 +35,11 @@ commands =
   yapf -dr {toxinidir}/spyglass_plugin_xls {toxinidir}/setup.py {toxinidir}/tests
   flake8 {toxinidir}/spyglass_plugin_xls {toxinidir}/tests
   bandit -r spyglass_plugin_xls -n 5
-  safety check -r {toxinidir}/requirements.txt \
-               -r {toxinidir}/test-requirements.txt \
-               -r {toxinidir}/doc/requirements.txt --bare
 whitelist_externals =
   bash
 
 [testenv:safety]
+basepython = python3
 deps =
     safety
 commands =
@@ -50,6 +48,7 @@ commands =
     safety check -r {toxinidir}/doc/requirements.txt --full-report
 
 [testenv:bandit]
+basepython = python3
 deps =
     bandit
 commands = bandit -r spyglass_plugin_xls -n 5