heat/tox.ini
Hervé Beraud c9eaca9e59 Prepare the six and python 2.7 support dropping
With python 3 the input function is safe.
The six dropping will re-introduce the usage of the input function
and bandit checks will fails.

We drop python 2.7 support so we ignore the bandit check B322 [1] before
starting to drop six support.

[1] https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b322-input

Change-Id: Ie956a65ebc4c781c5e661e8021f674833be8b323
2020-04-22 12:23:44 +02:00

165 lines
5.5 KiB
INI

[tox]
envlist = py36,py37,pep8
ignore_basepython_conflict = True
minversion = 3.1.0
skipsdist = True
[testenv]
basepython = python3
setenv = VIRTUAL_ENV={envdir}
PYTHONWARNINGS=default::DeprecationWarning
OS_TEST_PATH=heat/tests
usedevelop = True
deps = -c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
-r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
commands =
stestr run {posargs}
stestr slowest
passenv = http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY
[testenv:pep8]
commands =
flake8 heat bin/heat-api bin/heat-api-cfn bin/heat-engine bin/heat-manage contrib heat_integrationtests doc/source
python tools/custom_guidelines.py --exclude heat/engine/resources/aws
# The following bandit tests are being skipped:
# B101: Test for use of assert
# B104: Test for binding to all interfaces
# B107: Test for use of hard-coded password argument defaults
# B110: Try, Except, Pass detected.
# B310: Audit url open for permitted schemes
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
# B322: The input method is safe in Python 3.
# B404: Import of subprocess module
# B410: Import of lxml module
# B504: Test for SSL use with no version specified
# B506: Test for use of yaml load
# B603: Test for use of subprocess with shell equals true
# B607: Test for starting a process with a partial path
bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B322,B404,B410,B504,B506,B603,B607
doc8 {posargs}
[testenv:venv]
commands = {posargs}
[testenv:cover]
setenv =
PYTHON=coverage run --source heat --parallel-mode
commands =
coverage erase
stestr run {posargs}
coverage combine
coverage html -d cover
coverage xml -o cover/coverage.xml
coverage report
[testenv:docs]
whitelist_externals =
rm
deps = -r{toxinidir}/doc/requirements.txt
commands =
rm -rf doc/build
sphinx-build -W --keep-going -b html doc/source doc/build/html
[testenv:pdf-docs]
deps = {[testenv:docs]deps}
whitelist_externals =
make
commands =
sphinx-build -W -b latex doc/source doc/build/pdf
make -C doc/build/pdf
[testenv:api-ref]
# This environment is called from CI scripts to test and publish
# the API Ref to docs.openstack.org.
deps = -r{toxinidir}/doc/requirements.txt
whitelist_externals = rm
commands =
rm -rf api-ref/build
sphinx-build -W --keep-going -b html -d api-ref/build/doctrees api-ref/source api-ref/build/html
[testenv:genconfig]
commands =
oslo-config-generator --config-file=config-generator.conf
[testenv:genpolicy]
commands =
oslopolicy-sample-generator --config-file etc/heat/heat-policy-generator.conf
[testenv:bandit]
deps =
-c{env:UPPER_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
-r{toxinidir}/test-requirements.txt
# The following bandit tests are being skipped:
# B101: Test for use of assert
# B104: Test for binding to all interfaces
# B107: Test for use of hard-coded password argument defaults
# B110: Try, Except, Pass detected.
# B310: Audit url open for permitted schemes
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
# B404: Import of subprocess module
# B410: Import of lxml module
# B504: Test for SSL use with no version specified
# B506: Test for use of yaml load
# B603: Test for use of subprocess with shell equals true
# B607: Test for starting a process with a partial path
commands = bandit -r heat -x tests --skip B101,B104,B107,B110,B310,B311,B404,B410,B504,B506,B603,B607
[flake8]
show-source = true
# E123 closing bracket does not match indentation of opening bracket's line
# E226 missing whitespace around arithmetic operator
# E241 multiple spaces after ','
# E305 expected 2 blank lines after class or function definition, found 1
# E402 module level import not at top of file
# W503 line break before binary operator
# W504 line break after binary operator
ignore = E123,E226,E241,E402,W503,W504
exclude=.*,dist,*lib/python*,*egg,build,*convergence/scenarios/*
max-complexity=23
[doc8]
ignore = D001
ignore-path = .venv,.git,.tox,.tmp,*heat/locale*,*lib/python*,openstack_heat.egg*,doc/build,releasenotes/*
[hacking]
import_exceptions = heat.common.i18n
[flake8:local-plugins]
extension =
Heat301 = checks:no_log_warn
Heat302 = checks:check_python3_no_iteritems
Heat303 = checks:check_python3_no_iterkeys
Heat304 = checks:check_python3_no_itervalues
paths = ./heat/hacking
[testenv:debug]
commands = oslo_debug_helper {posargs}
[testenv:releasenotes]
whitelist_externals =
rm
deps = -r{toxinidir}/doc/requirements.txt
commands =
rm -rf releasenotes/build
sphinx-build -a -E -W -d releasenotes/build/doctrees --keep-going -b html releasenotes/source releasenotes/build/html
[testenv:bindep]
# Do not install any requirements. We want this to be fast and work even if
# system dependencies are missing, since it's used to tell you what system
# dependencies are missing! This also means that bindep must be installed
# separately, outside of the requirements files, and develop mode disabled
# explicitly to avoid unnecessarily installing the checked-out repo too (this
# further relies on "tox.skipsdist = True" above).
deps = bindep
commands = bindep test
usedevelop = False
[testenv:lower-constraints]
install_command = pip install {opts} {packages}
deps =
-c{toxinidir}/lower-constraints.txt
-r{toxinidir}/test-requirements.txt
-r{toxinidir}/requirements.txt