Move bandit to pre-commit

Ensure committing locally will raise bandit check errors before we push
the change by putting it into the pre-commit. Since pre-commit is
already invoked in the pep8 env we can drop bandit from there.

Change-Id: I4d9d5aa283fb6cb91d610e23c6a44e98d8df46aa
This commit is contained in:
Artem Goncharov 2024-07-20 07:57:39 +02:00
parent aaf0cc8fae
commit 204ea42232
2 changed files with 5 additions and 2 deletions

View File

@ -32,6 +32,11 @@ repos:
hooks:
- id: black
args: ['-S', '-l', '79']
- repo: https://github.com/PyCQA/bandit
rev: '1.7.9'
hooks:
- id: bandit
args: ["-x", "keystone/tests/*,devstack/*"]
# - repo: https://opendev.org/openstack/hacking
# rev: 6.1.0
# hooks:

View File

@ -29,8 +29,6 @@ commands =
# Run bash8 during pep8 runs to ensure violations are caught by
# the check and gate queues
bashate devstack/plugin.sh
# Run security linter
bandit -r keystone -x 'keystone/tests/*'
[testenv:fast8]
envdir = {toxworkdir}/pep8