openstack/heat
Code Issues Proposed changes
unmaintained/2023.1
heat/tox.ini
Takashi Kajinami 6a4c7b57b8 stable-only: Pin bandit to 1.7.4 
bandit 1.7.5 introduced the new lint rule with which current heat code
is not compliant. This pins bandit so that any new lint rule does not
affect pep8 job in stable branches.

Change-Id: Ie552e6398c10797e4df4afe757760c48ca7f80af
2023-03-13 18:15:56 +09:00

158 lines
5.1 KiB
INI
Raw Permalink Blame History

[tox]
envlist = py38,py39,pep8
ignore_basepython_conflict = True
minversion = 3.18.0
[testenv]
basepython = python3
setenv = VIRTUAL_ENV={envdir}
PYTHONWARNINGS=default::DeprecationWarning
OS_TEST_PATH=heat/tests
usedevelop = True
deps = -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/2023.1}
-r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
commands =
stestr run {posargs}
stestr slowest
passenv =
http_proxy
https_proxy
no_proxy
[testenv:pep8]
commands =
flake8 heat bin/heat-api bin/heat-api-cfn bin/heat-engine bin/heat-manage contrib heat_integrationtests doc/source
python tools/custom_guidelines.py --exclude heat/engine/resources/aws
# The following bandit tests are being skipped:
# B101: Test for use of assert
# B104: Test for binding to all interfaces
# B107: Test for use of hard-coded password argument defaults
# B110: Try, Except, Pass detected.
# B310: Audit url open for permitted schemes
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
# B404: Import of subprocess module
# B410: Import of lxml module
# B504: Test for SSL use with no version specified
# B506: Test for use of yaml load
# B603: Test for use of subprocess with shell equals true
# B607: Test for starting a process with a partial path
bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B410,B504,B506,B603,B607
doc8 {posargs}
[testenv:venv]
commands = {posargs}
[testenv:cover]
setenv =
PYTHON=coverage run --source heat --parallel-mode
commands =
coverage erase
stestr run {posargs}
coverage combine
coverage html -d cover
coverage xml -o cover/coverage.xml
coverage report
[testenv:docs]
allowlist_externals =
rm
deps =
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/2023.1}
-r{toxinidir}/requirements.txt
-r{toxinidir}/doc/requirements.txt
commands =
rm -rf doc/build
sphinx-build -W --keep-going -b html doc/source doc/build/html
[testenv:pdf-docs]
deps = {[testenv:docs]deps}
allowlist_externals =
make
commands =
sphinx-build -W -b latex doc/source doc/build/pdf
make -C doc/build/pdf
[testenv:api-ref]
# This environment is called from CI scripts to test and publish
# the API Ref to docs.openstack.org.
deps = -r{toxinidir}/doc/requirements.txt
allowlist_externals = rm
commands =
rm -rf api-ref/build
sphinx-build -W --keep-going -b html -d api-ref/build/doctrees api-ref/source api-ref/build/html
[testenv:genconfig]
commands =
oslo-config-generator --config-file=config-generator.conf
[testenv:genpolicy]
commands =
oslopolicy-sample-generator --config-file etc/heat/heat-policy-generator.conf
[testenv:bandit]
deps =
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/2023.1}
-r{toxinidir}/test-requirements.txt
# The following bandit tests are being skipped:
# B101: Test for use of assert
# B104: Test for binding to all interfaces
# B107: Test for use of hard-coded password argument defaults
# B110: Try, Except, Pass detected.
# B310: Audit url open for permitted schemes
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
# B404: Import of subprocess module
# B410: Import of lxml module
# B504: Test for SSL use with no version specified
# B506: Test for use of yaml load
# B603: Test for use of subprocess with shell equals true
# B607: Test for starting a process with a partial path
commands = bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B410,B504,B506,B603,B607
[flake8]
show-source = true
# E123 closing bracket does not match indentation of opening bracket's line
# W503 line break before binary operator
# W504 line break after binary operator
ignore = E123,W503,W504
exclude=.*,dist,*lib/python*,*egg,build,*convergence/scenarios/*
max-complexity=23
[doc8]
ignore = D001
ignore-path = .venv,.git,.tox,.tmp,*heat/locale*,*lib/python*,openstack_heat.egg*,doc/build,releasenotes/*
[hacking]
import_exceptions = heat.common.i18n
[flake8:local-plugins]
extension =
Heat301 = checks:no_log_warn
Heat302 = checks:check_python3_no_iteritems
Heat303 = checks:check_python3_no_iterkeys
Heat304 = checks:check_python3_no_itervalues
paths = ./heat/hacking
[testenv:debug]
commands = oslo_debug_helper {posargs}
[testenv:releasenotes]
allowlist_externals =
rm
deps = -r{toxinidir}/doc/requirements.txt
commands =
rm -rf releasenotes/build
sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html
[testenv:bindep]
# Do not install any requirements. We want this to be fast and work even if
# system dependencies are missing, since it's used to tell you what system
# dependencies are missing! This also means that bindep must be installed
# separately, outside of the requirements files, and develop mode disabled
# explicitly to avoid unnecessarily installing the checked-out repo too (this
# further relies on "tox.skipsdist = True" above).
deps = bindep
commands = bindep test
usedevelop = False
View Git Blame Copy Permalink