We want to default to running all tox environments under python 3, so
set the basepython value in each environment.
We do not want to specify a minor version number, because we do not
want to have to update the file every time we upgrade python.
We do not want to set the override once in testenv, because that
breaks the more specific versions used in default environments like
py35 and py36.
Signed-off-by: Doug Hellmann <email@example.com>
Bandit was not running in all directories
due missing -r parameter.
Also, this change fix bandit errors.
* Add nosec to subprocess module
* Change /tmp/releases to .releases
* Change /tmp/ to tmp/, tmp/ is not checked
and in unittest is not an issue, simpler that mocking tempfile
and make more complex tests.
Some of the available checks are disabled by default, like:
[H106] Don’t put vim configuration in source files
[H203] Use assertIs(Not)None to check for None
At the moment, deploy_aio.sh is called with sudo which results
in the environment being wiped. This means that all Zuul
environment variables are removed and therefore when zuul-cloner
runs to checkout the branch of kolla-ansible, it will always
fallback to master as ZUUL_BRANCH is unset.
This patch removes the global usage of sudo in the tox.ini file
as there is existing usage of sudo in the bash script itself. This
will mean that we will only escalate privileges when needed rather
for the whole script and the environment variables should be passed
on properly resulting in the matching release of kolla-ansible being
This patch add the coverage tool package to test-requirements.txt
which was missing, while kolla support coverage. In addtion to this
tox.ini coverage command is modified to reflect the coverage report
in standard output whenever "tox -e cover" command run for better
representation of coverage report.
Partially-Implements: blueprint coverage-increment-for-kolla
bandit is a security linter and can be made voting now. Instead of
starting another virtual machine, run it as part of the generic linting
target which is pep8.
* Inspected each error and fixed / added nosec where appropriate.
* build-swift-ring.py which was throwing sec errors is no longer used so
* Removed the dev/ directory from being checked.
This will test all rst files inside the doc directory for style issues with
doc8 (an opinionated style checker for rst styles of documentation).
This will fix all syntax issues identified by doc8 and will improve
Now that there is a passing gate job, we can claim support for
Python 3.5 in the classifier. This patch also adds the convenience
A recent change related to sudo securepath broke how sudo -E
works. Now the PATH is reset by sudo as set by tox. As a result
we can no longer rely on sudo -E anywhere in our gating system
relating to path inheritence from the parent shell.
This patch uses a shell operation in the setup_nodes.yml code
to chmod the docker socket to 666 so docker containers can build
properly. Now docker operations don't return a permission denied
and we no longer require the sudo -E operation in any of our tox
scripts. This isn't a security vulnerability because our gate
scripts are only meant to be run in OpenStack infrastructure.
To make this more clear I recommend moving these shell scripts to
According to the PTI (=Python Test Interface,
is the interface for codestyle checks. Move all tests from linters to
This change will be followed by a change to project-config to use pep8
for testing in the gate.
The existing gate partitioned a disk for use with docker, depending
on the gate it would use the swap disk (RAX) or a spare disk (HP).
However, with the new gates (Bluebox + OVH) there is neither a spare
disk nor a swap disk. This leaves us with one choice: File based loop
This patch creates a file at /swapfile to ensure we have swap. It
creates a file at /docker to ensure we have a loop device for Docker.
Right now the /docker file is 10GB and the /swapfile is 4GB due to
size limitations in the gate across all servers and types. This has
proven to be enough space for all our current tests.
Additionally, reduce the number of threads the gate uses to 4 to
prevent the lockup and hour timeout we have been seeing as more
recently in the gate.
The scripts that setup the gate are moved to the tools directory
rather than the tests directory to match the structure of the other
Partially-Implements: blueprint functional-testing-gate