pre-commit: Integrate bandit

We also remove these unnecessary linter dependencies from
test-requirements.txt.

Change-Id: I6c3c5fcc329c46054a144557a79c4b3c6ca383b5
Signed-off-by: Stephen Finucane <sfinucan@redhat.com>

.pre-commit-config.yaml

@@ -24,3 +24,8 @@ repos:
       - id: hacking
         additional_dependencies: []
         exclude: '^(doc|releasenotes|tools)/.*$'
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.6
+    hooks:
+      - id: bandit
+        args: ['-x', 'tests', '--skip', 'B411']

requirements.txt

@@ -1,7 +1,3 @@
-# The order of packages is significant, because pip processes them in the order
-# of appearance. Changing the order has an impact on the overall integration
-# process, which may cause wedges in the gate later.
-
 # NOTE(harlowja): Because oslo.serialization is used by the client libraries,
 # we do not want to add a lot of dependencies to it. If you find that
 # adding a new feature to oslo.serialization means adding a new dependency,

test-requirements.txt

@@ -1,15 +1,5 @@
-# The order of packages is significant, because pip processes them in the order
-# of appearance. Changing the order has an impact on the overall integration
-# process, which may cause wedges in the gate later.
-hacking>=3.0.1,<3.1.0 # Apache-2.0
 netaddr>=0.7.18 # BSD
 stestr>=2.0.0 # Apache-2.0
-
 oslotest>=3.2.0 # Apache-2.0
 oslo.i18n>=3.15.3 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0
-
-# Bandit security code scanner
-bandit>=1.7.0,<1.8.0 # Apache-2.0
-
-pre-commit>=2.6.0 # MIT

tox.ini

@@ -10,10 +10,10 @@ deps =
 commands = stestr run --slowest {posargs}
 
 [testenv:pep8]
+deps =
+  pre-commit
 commands =
   pre-commit run -a
-  # Run security linter
-  bandit -r oslo_serialization tests -n5 --skip B411
 
 [testenv:venv]
 commands = {posargs}