openstack-ansible-security/tox.ini

228 lines
7.4 KiB
INI

[tox]
minversion = 2.0
skipsdist = True
envlist = docs,linters,functional
[testenv]
usedevelop = True
install_command =
pip install -c{env:UPPER_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages}
deps =
-r{toxinidir}/test-requirements.txt
commands =
/usr/bin/find . -type f -name "*.pyc" -delete
passenv =
HOME
http_proxy
HTTP_PROXY
https_proxy
HTTPS_PROXY
no_proxy
NO_PROXY
whitelist_externals =
bash
git
rm
wget
setenv =
VIRTUAL_ENV={envdir}
PYTHONUNBUFFERED=1
[testenv:docs]
deps=
{[testenv]deps}
commands=
bash -c "rm -rf doc/build"
doc8 doc
python setup.py build_sphinx
[doc8]
# Settings for doc8:
extensions = .rst
allow-long-titles=1
[testenv:releasenotes]
commands =
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
# environment used by the -infra templated docs job
[testenv:venv]
commands =
{posargs}
[testenv:pep8]
commands =
# Run hacking/flake8 check for all python files
bash -c "grep --recursive --binary-files=without-match \
--files-with-match '^.!.*python$' \
--exclude-dir .eggs \
--exclude-dir .git \
--exclude-dir .tox \
--exclude-dir *.egg-info \
--exclude-dir doc \
{toxinidir} | xargs flake8 --verbose"
[flake8]
# Ignores the following rules due to how ansible modules work in general
# F403 'from ansible.module_utils.basic import *' used;
# unable to detect undefined names
# H303 No wildcard (*) import.
ignore=F403,H303
[testenv:bashate]
commands =
# Run bashate check for all bash scripts
# Ignores the following rules:
# E003: Indent not multiple of 4 (we prefer to use multiples of 2)
# E006: Line longer than 79 columns (as many scripts use jinja
# templating, this is very difficult)
# E040: Syntax error determined using `bash -n` (as many scripts
# use jinja templating, this will often fail and the syntax
# error will be discovered in execution anyway)
bash -c "grep --recursive --binary-files=without-match \
--files-with-match '^.!.*\(ba\)\?sh$' \
--exclude-dir .tox \
--exclude-dir .git \
{toxinidir} | xargs bashate --error . --verbose --ignore=E003,E006,E040"
[testenv:ansible]
deps =
{[testenv]deps}
ansible==2.1.1
ansible-lint>=2.7.0,<3.0.0
setenv =
{[testenv]setenv}
ANSIBLE_HOST_KEY_CHECKING = False
ANSIBLE_SSH_CONTROL_PATH = /tmp/%%h-%%r
# TODO (odyssey4me) These are only here as they are non-standard folder
# names for Ansible 1.9.x. We are using the standard folder names for
# Ansible v2.x. We can remove this when we move to Ansible 2.x.
ANSIBLE_ACTION_PLUGINS = {homedir}/.ansible/plugins/action
ANSIBLE_CALLBACK_PLUGINS = {homedir}/.ansible/plugins/callback
ANSIBLE_FILTER_PLUGINS = {homedir}/.ansible/plugins/filter
ANSIBLE_LOOKUP_PLUGINS = {homedir}/.ansible/plugins/lookup
# This is required as the default is the current path or a path specified
# in ansible.cfg
ANSIBLE_LIBRARY = {homedir}/.ansible/plugins/library
# This is required as the default is '/etc/ansible/roles' or a path
# specified in ansible.cfg
ANSIBLE_ROLES_PATH = {homedir}/.ansible/roles:{toxinidir}/..
ANSIBLE_TRANSPORT = "ssh"
commands =
# NOTE(cloudnull): Galaxy INIT it running here because there are no role deps to create the skel
ansible-galaxy init {homedir}/.ansible/roles/security --force --offline
rm -rf {homedir}/.ansible/plugins
git clone https://git.openstack.org/openstack/openstack-ansible-plugins \
{homedir}/.ansible/plugins
rm -rf {homedir}/.ansible/roles/security
bash -c "ln -s {toxinidir} {homedir}/.ansible/roles/security"
rm -rf {toxinidir}/tests/playbooks
git clone https://git.openstack.org/openstack/openstack-ansible-tests \
{toxinidir}/tests/playbooks
[testenv:ansible-syntax]
deps =
{[testenv:ansible]deps}
setenv =
{[testenv:ansible]setenv}
commands =
{[testenv:ansible]commands}
ansible-playbook -i {toxinidir}/tests/inventory \
--syntax-check \
--list-tasks \
-e "rolename={toxinidir}" \
-t ssh \
{toxinidir}/tests/test.yml
[testenv:ansible-lint]
deps =
{[testenv:ansible]deps}
commands =
{[testenv:ansible]commands}
ansible-lint {toxinidir}
[testenv:func_base]
# NOTE(odyssey4me): this target does not use constraints because
# it doesn't work in OpenStack-CI yet. Once that's fixed, we can
# drop the install_command.
install_command =
pip install -U --force-reinstall {opts} {packages}
[testenv:func_logs]
commands =
bash -c 'mkdir -p {toxinidir}/logs'
bash -c 'rsync --archive --verbose --ignore-errors /var/log/ /openstack/log/ {toxinidir}/logs/ || true'
bash -c 'find "{toxinidir}/logs/" -type f | sed "p;s|$|.txt|" | xargs -n2 mv'
bash -c 'command gzip --best --recursive "{toxinidir}/logs/"'
[testenv:functional]
# Ignore_errors is set to true so that the logs are collected at the
# end of the run. This will not produce a false positive. Any
# exception will be mark the run as failed and exit 1 after all of
# the commands have been iterated through.
ignore_errors = True
# NOTE(odyssey4me): this target does not use constraints because
# it doesn't work in OpenStack-CI yet. Once that's fixed, we can
# drop the install_command.
install_command =
{[testenv:func_base]install_command}
deps =
{[testenv:ansible]deps}
setenv =
{[testenv:ansible]setenv}
commands =
{[testenv:ansible]commands}
# NOTE(odyssey4me): We have to skip V-38462 as openstack-infra are now
# building images with apt config
# Apt::Get::AllowUnauthenticated set to true.
# NOTE(mhayden): Skipping V-38660 since openstack-infra has SNMP v1/2 in
# the images. This can be added back in once
# https://review.openstack.org/#/c/354819/ merges.
ansible-playbook --check \
-i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
-e "install_test_packages=True" \
--skip-tag V-38462,V-38660 \
{toxinidir}/tests/test_check.yml
ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
-e "install_test_packages=True" \
--skip-tag V-38462,V-38660 \
{toxinidir}/tests/test.yml
bash -c 'ansible-playbook -i {toxinidir}/tests/inventory \
-e "rolename={toxinidir}" \
-e "install_test_packages=True" \
--skip-tag V-38462,V-38660 \
{toxinidir}/tests/test.yml \
| tee /tmp/idempotence_test_output.txt'
bash -c 'grep -q "changed=0.*failed=0" /tmp/idempotence_test_output.txt \
&& (echo "Idempotence test: pass" && exit 0) \
|| (echo "Idempotence test: fail" && exit 1)'
{[testenv:func_logs]commands}
[testenv:linters]
deps =
{[testenv:ansible]deps}
setenv =
{[testenv:ansible]setenv}
commands =
{[testenv:pep8]commands}
{[testenv:bashate]commands}
{[testenv:ansible-lint]commands}
{[testenv:ansible-syntax]commands}
{[testenv:docs]commands}