distcloud/tox.ini
Sharath Kumar K c1da0762d5 Tox and Zuul job for the bandit code scan in stx/distributedcloud
Setting up the bandit tool for the scanning of HIGH severity issues
in the python codes under Starlingx/distributedcloud folder.
Expecting this merge will enable zuul job for CI/CD of bandit scan.

Configuration files:
1. tox.ini for adding bandit environment and command.
2. test-requirements.txt for adding bandit version.
3. .zuul.yaml file for adding bandit job and configuring under
   check job to run code scan every time before code commit.

Test:
Run tox -e bandit command inside the fault folder to validate the
bandit scan and result.

Please note:
Changes will be implemented in batches and  this is Batch6 change.

Story: 2007541
Task: 39648
Depends-On: https://review.opendev.org/#/c/721294/

Change-Id: I6fdfeacdb000faafc73c44eef352bf2abd38a9a2
Signed-off-by: Sharath Kumar K <sharath.kumar@intel.com>
2020-06-16 04:02:59 +00:00

91 lines
2.4 KiB
INI

[tox]
envlist = linters
minversion = 2.3
skipsdist = True
[testenv]
install_command = pip install \
-c https://opendev.org/openstack/requirements/raw/branch/stable/stein/upper-constraints.txt \
{opts} {packages}
setenv =
VIRTUAL_ENV={envdir}
OS_STDOUT_CAPTURE=1
OS_STDERR_CAPTURE=1
OS_TEST_TIMEOUT=60
CURRENT_CFG_FILE={toxinidir}/.current.cfg
commands = find {toxinidir} -type f -not -path '{toxinidir}/.tox/*' -not -path '*/__pycache__/*' -name '*.py[c|o]' -delete
deps = -r{toxinidir}/test-requirements.txt
-r{toxinidir}/requirements.txt
keyring
whitelist_externals =
rm
find
reno
[testenv:venv]
basepython = python3
commands = {posargs}
[testenv:flake8]
basepython = python3
description = Dummy environment to allow flake8 to be run in subdir tox
[testenv:pep8]
basepython = python3
description = Dummy environment to allow pep8 to be run in subdir tox
[testenv:pylint]
basepython = python3
description = Dummy environment to allow pylint to be run in subdir tox
[testenv:linters]
basepython = python3
whitelist_externals = bash
commands =
bash -c "find {toxinidir} \
\( -name .tox -prune \) \
-o -type f -name '*.yaml' \
-print0 | xargs -r -0 yamllint"
[testenv:docs]
basepython = python3
deps = -r{toxinidir}/doc/requirements.txt
commands =
rm -rf doc/build
sphinx-build -a -E -W -d doc/build/doctrees -b html doc/source doc/build/html
whitelist_externals = rm
[testenv:releasenotes]
basepython = python3
deps = -r{toxinidir}/doc/requirements.txt
commands =
rm -rf releasenotes/build
sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html
whitelist_externals =
rm
reno
[testenv:newnote]
basepython = python3
# Re-use the releasenotes venv
envdir = {toxworkdir}/releasenotes
deps = -r{toxinidir}/doc/requirements.txt
commands = reno --rel-notes-dir {toxinidir}/releasenotes new {posargs}
[testenv:api-ref]
basepython = python3
deps =
-r{toxinidir}/doc/requirements.txt
commands =
rm -rf api-ref/build
sphinx-build -W -b html -d api-ref/build/doctrees api-ref/source api-ref/build/html
whitelist_externals = rm
[testenv:bandit]
basepython = python3
description = Bandit code scan for *.py files under config folder
deps = -r{toxinidir}/test-requirements.txt
commands = bandit -r {toxinidir}/ -x '**/.tox/**,**/.eggs/**' -lll