openstack/heat
Code Issues Proposed changes
5d3ce78d54
heat/tox.ini
Takashi Kajinami 4fcbe94338 Disable B113 rule of bandit 
The new release of bandit just came out which introduced the new rule,
with which unfortunately heat is not compliant now.

This disables the rule temporally so that we can avoid adapting our
stable branches to new lint rules by backporting this.

Change-Id: I4a27049d40760ad8da6fda24e1195e26ef9c6c17
2023-03-10 18:08:08 +09:00

160 lines
5.2 KiB
INI
Raw Blame History

[tox]
envlist = py38,py39,pep8
ignore_basepython_conflict = True
minversion = 3.18.0
[testenv]
basepython = python3
setenv = VIRTUAL_ENV={envdir}
PYTHONWARNINGS=default::DeprecationWarning
OS_TEST_PATH=heat/tests
usedevelop = True
deps = -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
-r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
commands =
stestr run {posargs}
stestr slowest
passenv =
http_proxy
https_proxy
no_proxy
[testenv:pep8]
commands =
flake8 heat bin/heat-api bin/heat-api-cfn bin/heat-engine bin/heat-manage contrib heat_integrationtests doc/source
python tools/custom_guidelines.py --exclude heat/engine/resources/aws
# The following bandit tests are being skipped:
# B101: Test for use of assert
# B104: Test for binding to all interfaces
# B107: Test for use of hard-coded password argument defaults
# B110: Try, Except, Pass detected.
# B113: Requests call without timeout
# B310: Audit url open for permitted schemes
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
# B404: Import of subprocess module
# B410: Import of lxml module
# B504: Test for SSL use with no version specified
# B506: Test for use of yaml load
# B603: Test for use of subprocess with shell equals true
# B607: Test for starting a process with a partial path
bandit -r heat -x tests --skip B101,B104,B107,B110,B113,B310,B311,B404,B410,B504,B506,B603,B607
doc8 {posargs}
[testenv:venv]
commands = {posargs}
[testenv:cover]
setenv =
PYTHON=coverage run --source heat --parallel-mode
commands =
coverage erase
stestr run {posargs}
coverage combine
coverage html -d cover
coverage xml -o cover/coverage.xml
coverage report
[testenv:docs]
allowlist_externals =
rm
deps =
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
-r{toxinidir}/requirements.txt
-r{toxinidir}/doc/requirements.txt
commands =
rm -rf doc/build
sphinx-build -W --keep-going -b html doc/source doc/build/html
[testenv:pdf-docs]
deps = {[testenv:docs]deps}
allowlist_externals =
make
commands =
sphinx-build -W -b latex doc/source doc/build/pdf
make -C doc/build/pdf
[testenv:api-ref]
# This environment is called from CI scripts to test and publish
# the API Ref to docs.openstack.org.
deps = -r{toxinidir}/doc/requirements.txt
allowlist_externals = rm
commands =
rm -rf api-ref/build
sphinx-build -W --keep-going -b html -d api-ref/build/doctrees api-ref/source api-ref/build/html
[testenv:genconfig]
commands =
oslo-config-generator --config-file=config-generator.conf
[testenv:genpolicy]
commands =
oslopolicy-sample-generator --config-file etc/heat/heat-policy-generator.conf
[testenv:bandit]
deps =
-c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
-r{toxinidir}/test-requirements.txt
# The following bandit tests are being skipped:
# B101: Test for use of assert
# B104: Test for binding to all interfaces
# B107: Test for use of hard-coded password argument defaults
# B110: Try, Except, Pass detected.
# B113: Requests call without timeout
# B310: Audit url open for permitted schemes
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
# B404: Import of subprocess module
# B410: Import of lxml module
# B504: Test for SSL use with no version specified
# B506: Test for use of yaml load
# B603: Test for use of subprocess with shell equals true
# B607: Test for starting a process with a partial path
commands = bandit -r heat -x tests --skip B101,B104,B107,B110,B113,B310,B311,B404,B410,B504,B506,B603,B607
[flake8]
show-source = true
# E123 closing bracket does not match indentation of opening bracket's line
# W503 line break before binary operator
# W504 line break after binary operator
ignore = E123,W503,W504
exclude=.*,dist,*lib/python*,*egg,build,*convergence/scenarios/*
max-complexity=23
[doc8]
ignore = D001
ignore-path = .venv,.git,.tox,.tmp,*heat/locale*,*lib/python*,openstack_heat.egg*,doc/build,releasenotes/*
[hacking]
import_exceptions = heat.common.i18n
[flake8:local-plugins]
extension =
Heat301 = checks:no_log_warn
Heat302 = checks:check_python3_no_iteritems
Heat303 = checks:check_python3_no_iterkeys
Heat304 = checks:check_python3_no_itervalues
paths = ./heat/hacking
[testenv:debug]
commands = oslo_debug_helper {posargs}
[testenv:releasenotes]
allowlist_externals =
rm
deps = -r{toxinidir}/doc/requirements.txt
commands =
rm -rf releasenotes/build
sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html
[testenv:bindep]
# Do not install any requirements. We want this to be fast and work even if
# system dependencies are missing, since it's used to tell you what system
# dependencies are missing! This also means that bindep must be installed
# separately, outside of the requirements files, and develop mode disabled
# explicitly to avoid unnecessarily installing the checked-out repo too (this
# further relies on "tox.skipsdist = True" above).
deps = bindep
commands = bindep test
usedevelop = False
View Git Blame Copy Permalink