From 7f90f0cabdde20c537d6db78d17bec0aeaf949ab Mon Sep 17 00:00:00 2001 From: Stephen Finucane Date: Fri, 22 Dec 2023 17:54:23 +0000 Subject: [PATCH] pre-commit: Integrate bandit We also remove these unnecessary linter dependencies from test-requirements.txt. Change-Id: I6c3c5fcc329c46054a144557a79c4b3c6ca383b5 Signed-off-by: Stephen Finucane --- .pre-commit-config.yaml | 5 +++++ requirements.txt | 4 ---- test-requirements.txt | 10 ---------- tox.ini | 4 ++-- 4 files changed, 7 insertions(+), 16 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index ca3acbe..239df13 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -24,3 +24,8 @@ repos: - id: hacking additional_dependencies: [] exclude: '^(doc|releasenotes|tools)/.*$' + - repo: https://github.com/PyCQA/bandit + rev: 1.7.6 + hooks: + - id: bandit + args: ['-x', 'tests', '--skip', 'B411'] diff --git a/requirements.txt b/requirements.txt index b8be88c..93de541 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,3 @@ -# The order of packages is significant, because pip processes them in the order -# of appearance. Changing the order has an impact on the overall integration -# process, which may cause wedges in the gate later. - # NOTE(harlowja): Because oslo.serialization is used by the client libraries, # we do not want to add a lot of dependencies to it. If you find that # adding a new feature to oslo.serialization means adding a new dependency, diff --git a/test-requirements.txt b/test-requirements.txt index 941f435..7ccc454 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,15 +1,5 @@ -# The order of packages is significant, because pip processes them in the order -# of appearance. Changing the order has an impact on the overall integration -# process, which may cause wedges in the gate later. -hacking>=3.0.1,<3.1.0 # Apache-2.0 netaddr>=0.7.18 # BSD stestr>=2.0.0 # Apache-2.0 - oslotest>=3.2.0 # Apache-2.0 oslo.i18n>=3.15.3 # Apache-2.0 coverage!=4.4,>=4.0 # Apache-2.0 - -# Bandit security code scanner -bandit>=1.7.0,<1.8.0 # Apache-2.0 - -pre-commit>=2.6.0 # MIT diff --git a/tox.ini b/tox.ini index ea2f862..a6249b1 100644 --- a/tox.ini +++ b/tox.ini @@ -10,10 +10,10 @@ deps = commands = stestr run --slowest {posargs} [testenv:pep8] +deps = + pre-commit commands = pre-commit run -a - # Run security linter - bandit -r oslo_serialization tests -n5 --skip B411 [testenv:venv] commands = {posargs}