Merge "Use pre-commit for lint jobs"

2025-10-03 13:01:43 +00:00
parent 3b9e9591e9 d54efa9f58
commit ad0063a211
7 changed files with 62 additions and 46 deletions
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,10 +1,7 @@
 ---
-default_language_version:
-  # force all unspecified python hooks to run python3
-  python: python3
 repos:
  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.1.0
+    rev: v5.0.0
    hooks:
      - id: trailing-whitespace
      - id: mixed-line-ending
@@ -16,17 +13,18 @@ repos:
      - id: check-yaml
        files: .*\.(yaml|yml)$
  - repo: https://github.com/Lucas-C/pre-commit-hooks
-    rev: v1.1.13
+    rev: v1.5.5
    hooks:
      - id: remove-tabs
        exclude: '.*\.(svg)$'
-  - repo: local
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.8.5
    hooks:
-      - id: flake8
-        name: flake8
-        additional_dependencies:
-          - hacking>=6.1.0,<6.2.0
-        language: python
-        entry: flake8
-        files: '^.*\.py$'
+      - id: bandit
+        exclude: '^novaclient/tests/.*$'
+  - repo: https://opendev.org/openstack/hacking
+    rev: 7.0.0
+    hooks:
+      - id: hacking
+        additional_dependencies: []
        exclude: '^(doc|releasenotes|tools)/.*$'
--- a/novaclient/crypto.py
+++ b/novaclient/crypto.py
@@ -14,7 +14,7 @@
 #    under the License.

 import base64
-import subprocess
+import subprocess  # nosec: B404


 class DecryptionFailure(Exception):
@@ -30,7 +30,7 @@ def decrypt_password(private_key, password):
    cmd = ['openssl', 'rsautl', '-decrypt', '-inkey', private_key]
    proc = subprocess.Popen(cmd, stdin=subprocess.PIPE,
                            stdout=subprocess.PIPE,
-                            stderr=subprocess.PIPE)
+                            stderr=subprocess.PIPE)  # nosec: B603
    out, err = proc.communicate(unencoded)
    proc.stdin.close()
    if proc.returncode:
--- a/novaclient/v2/shell.py
+++ b/novaclient/v2/shell.py
@@ -4208,7 +4208,7 @@ def do_ssh(cs, args):
    cmd = "ssh -%d -p%d %s %s@%s %s" % (version, args.port, identity,
                                        args.login, ip_address, args.extra)
    logger.debug("Executing cmd '%s'", cmd)
-    os.system(cmd)
+    os.system(cmd)  # nosec: B605


 # NOTE(mriedem): In the 2.50 microversion, the os-quota-class-sets API
--- a/releasenotes/notes/remove_api_v_1_1-88b3f18ce1423b46.yaml
+++ b/releasenotes/notes/remove_api_v_1_1-88b3f18ce1423b46.yaml
@@ -2,4 +2,3 @@
 upgrade:
  - remove version 1.1 API support as we only support v2 and v2.1
    API in nova side now.
-    
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,5 +1,3 @@
-hacking>=6.1.0,<6.2.0  # Apache-2.0
-bandit>=1.1.0 # Apache-2.0
 coverage>=4.4.1 # Apache-2.0
 ddt>=1.0.1 # MIT
 fixtures>=3.0.0 # Apache-2.0/BSD
--- a/tools/nova.bash_completion
+++ b/tools/nova.bash_completion
@@ -3,25 +3,25 @@ _nova_flags="" # lazy init
 _nova_opts_exp="" # lazy init
 _nova()
 {
-	local cur prev nbc cflags
-	COMPREPLY=()
-	cur="${COMP_WORDS[COMP_CWORD]}"
-	prev="${COMP_WORDS[COMP_CWORD-1]}"
+    local cur prev nbc cflags
+    COMPREPLY=()
+    cur="${COMP_WORDS[COMP_CWORD]}"
+    prev="${COMP_WORDS[COMP_CWORD-1]}"

-	if [ "x$_nova_opts" == "x" ] ; then
-		nbc="`nova bash-completion | sed -e "s/  *-h  */ /" -e "s/  *-i  */ /"`"
-		_nova_opts="`echo "$nbc" | sed -e "s/--[a-z0-9_-]*//g" -e "s/  */ /g"`"
-		_nova_flags="`echo " $nbc" | sed -e "s/ [^-][^-][a-z0-9_-]*//g" -e "s/  */ /g"`"
-		_nova_opts_exp="`echo "$_nova_opts" | tr ' ' '|'`"
-	fi
+    if [ "x$_nova_opts" == "x" ] ; then
+        nbc="`nova bash-completion | sed -e "s/  *-h  */ /" -e "s/  *-i  */ /"`"
+        _nova_opts="`echo "$nbc" | sed -e "s/--[a-z0-9_-]*//g" -e "s/  */ /g"`"
+        _nova_flags="`echo " $nbc" | sed -e "s/ [^-][^-][a-z0-9_-]*//g" -e "s/  */ /g"`"
+        _nova_opts_exp="`echo "$_nova_opts" | tr ' ' '|'`"
+    fi

-	if [[ " ${COMP_WORDS[@]} " =~ " "($_nova_opts_exp)" " && "$prev" != "help" ]] ; then
-		COMPLETION_CACHE=~/.novaclient/*/*-cache
-		cflags="$_nova_flags "$(cat $COMPLETION_CACHE 2> /dev/null | tr '\n' ' ')
-		COMPREPLY=($(compgen -W "${cflags}" -- ${cur}))
-	else
-		COMPREPLY=($(compgen -W "${_nova_opts}" -- ${cur}))
-	fi
-	return 0
+    if [[ " ${COMP_WORDS[@]} " =~ " "($_nova_opts_exp)" " && "$prev" != "help" ]] ; then
+        COMPLETION_CACHE=~/.novaclient/*/*-cache
+        cflags="$_nova_flags "$(cat $COMPLETION_CACHE 2> /dev/null | tr '\n' ' ')
+        COMPREPLY=($(compgen -W "${cflags}" -- ${cur}))
+    else
+        COMPREPLY=($(compgen -W "${_nova_opts}" -- ${cur}))
+    fi
+    return 0
 }
 complete -F _nova nova
--- a/tox.ini
+++ b/tox.ini
@@ -1,12 +1,11 @@
 [tox]
 envlist = py3,pep8,docs
-minversion = 3.18.0
-ignore_basepython_conflict = true
+minversion = 4.6.0

 [testenv]
-basepython = python3
+description =
+  Run unit tests.
 usedevelop = true
-# tox is silly... these need to be separated by a newline....
 allowlist_externals =
  find
  rm
@@ -23,10 +22,20 @@ commands =
  stestr run {posargs}

 [testenv:pep8]
-commands = flake8 {posargs}
+description =
+  Run style checks.
+deps =
+  pre-commit
+commands =
+  pre-commit run --all-files --show-diff-on-failure

 [testenv:bandit]
-commands = bandit -r novaclient -n5 -x tests
+description =
+  Run security checks.
+deps =
+  pre-commit
+commands =
+  pre-commit run --all-files --show-diff-on-failure bandit

 [testenv:venv]
 deps =
@@ -37,6 +46,8 @@ deps =
 commands = {posargs}

 [testenv:docs]
+description =
+  Build documentation in HTML format.
 deps =
  -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
  -r{toxinidir}/doc/requirements.txt
@@ -47,6 +58,8 @@ commands =
  whereto doc/build/html/.htaccess doc/test/redirect-tests.txt

 [testenv:pdf-docs]
+description =
+  Build documentation in PDF format.
 deps = {[testenv:docs]deps}
 commands =
  rm -rf doc/build/pdf
@@ -54,6 +67,8 @@ commands =
  make -C doc/build/pdf

 [testenv:releasenotes]
+description =
+  Build release notes.
 deps =
  -c{env:TOX_CONSTRAINTS_FILE:https://releases.openstack.org/constraints/upper/master}
  -r{toxinidir}/doc/requirements.txt
@@ -61,12 +76,17 @@ commands =
  sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html

 [testenv:functional{,-py39,-py310,-py311,-py312}]
-passenv = OS_*
+description =
+  Run functional tests.
+passenv =
+  OS_*
 commands =
  stestr --test-path=./novaclient/tests/functional run --concurrency=1 {posargs}
  python novaclient/tests/functional/hooks/check_resources.py

 [testenv:cover]
+description =
+  Run unit tests and print coverage information.
 setenv =
  PYTHON=coverage run --source novaclient --parallel-mode
 commands =
@@ -93,11 +113,12 @@ exclude=.venv,.git,.tox,dist,*lib/python*,*egg,build,doc/source/conf.py,releasen
 import_exceptions = novaclient.i18n

 [testenv:bindep]
+description =
+  Check for installed binary dependencies.
 # Do not install any requirements. We want this to be fast and work even if
 # system dependencies are missing, since it's used to tell you what system
 # dependencies are missing! This also means that bindep must be installed
 # separately, outside of the requirements files.
 deps = bindep
-skipsdist=True
-usedevelop=False
+skip_install = true
 commands = bindep test