Move safety checks to new Zuul job

Moves the dependency vulnerability checks from pep8 tox check to a new
Zuul job. This allows setting the job to not be voting as the database
used for safety has been flaky recently.

Changes basepython to python3 for safety and bandit jobs.

Related change: https://review.opendev.org/#/c/671847

Change-Id: I3bbc15aec795ff901e442e17d2ab974fd5da90ef
This commit is contained in:
Ian H Pittwood 2019-07-19 15:21:03 -05:00 committed by Ian H. Pittwood
parent 8d3c35289e
commit 2b585d1e40
2 changed files with 12 additions and 3 deletions

View File

@ -17,6 +17,16 @@
check: check:
jobs: jobs:
- openstack-tox-pep8 - openstack-tox-pep8
- spyglass-plugin-xls-dependency-vulnerability-check
gate: gate:
jobs: jobs:
- openstack-tox-pep8 - openstack-tox-pep8
- spyglass-plugin-xls-dependency-vulnerability-check
- job:
name: spyglass-plugin-xls-dependency-vulnerability-check
parent: openstack-tox
voting: false
timeout: 600
vars:
tox_envlist: safety

View File

@ -35,13 +35,11 @@ commands =
yapf -dr {toxinidir}/spyglass_plugin_xls {toxinidir}/setup.py {toxinidir}/tests yapf -dr {toxinidir}/spyglass_plugin_xls {toxinidir}/setup.py {toxinidir}/tests
flake8 {toxinidir}/spyglass_plugin_xls {toxinidir}/tests flake8 {toxinidir}/spyglass_plugin_xls {toxinidir}/tests
bandit -r spyglass_plugin_xls -n 5 bandit -r spyglass_plugin_xls -n 5
safety check -r {toxinidir}/requirements.txt \
-r {toxinidir}/test-requirements.txt \
-r {toxinidir}/doc/requirements.txt --bare
whitelist_externals = whitelist_externals =
bash bash
[testenv:safety] [testenv:safety]
basepython = python3
deps = deps =
safety safety
commands = commands =
@ -50,6 +48,7 @@ commands =
safety check -r {toxinidir}/doc/requirements.txt --full-report safety check -r {toxinidir}/doc/requirements.txt --full-report
[testenv:bandit] [testenv:bandit]
basepython = python3
deps = deps =
bandit bandit
commands = bandit -r spyglass_plugin_xls -n 5 commands = bandit -r spyglass_plugin_xls -n 5