[tox] envlist = linters,pep8,pylint minversion = 2.3 skipsdist = True sitepackages=False [testenv] install_command = pip install -U {opts} {packages} setenv = VIRTUAL_ENV={envdir} OS_STDOUT_CAPTURE=1 OS_STDERR_CAPTURE=1 OS_DEBUG=1 OS_LOG_CAPTURE=1 deps = -r{toxinidir}/requirements.txt -r{toxinidir}/test-requirements.txt whitelist_externals = bash [testenv:shellcheck] basepython = python3 # The following are currently suppressed: # SC1083: This '{' or '}' is literal. Check expression (missing ;/\n?) or quote it. # SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead. # SC2004: $/${} is unnecessary on arithmetic variables. # SC2005: Useless echo? Instead of 'echo $(cmd)', just use 'cmd'. # SC2006: Use $(...) notation instead of legacy backticked `...`. # SC2012: Use find instead of ls to better handle non-alphanumeric filenames. # SC2034: variable appears unused. Verify use (or export if used externally). # SC2044: For loops over find output are fragile. Use find -exec or a while read loop. # SC2046: Quote this to prevent word splitting # SC2068: Double quote array expansions to avoid re-splitting elements. # SC2076: Remove quotes from right-hand side of =~ to match as a regex rather than literally. # SC2086: Double quote to prevent globbing and word splitting # SC2091: Remove surrounding $() to avoid executing output (or use eval if intentional). # SC2115: Use "${var:?}" to ensure this never expands to /* . # SC2148: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive. # SC2154: i is referenced but not assigned. # SC2155: Declare and assign separately to avoid masking return values. # SC2162: read without -r will mangle backslashes # SC2166: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined. # SC2181: Check exit code directly with e.g. if mycmd; not indirectly with $? # SC2199: Arrays implicitly concatenate in [[ ]]. Use a loop (or explicit * instead of @). # SC2206: Quote to prevent word splitting/globbing, or use mapfile or read -a. # SC2207: Prefer mapfile or read -a to split command output (or quote to avoid splitting) # SC2219: Instead of 'let expr', prefer (( expr )) # SC2254: Quote expansions in case patterns to match literally rather than as a glob. # shellcheck is called twice, to handle shell scripts that do not end in .sh commands = bash -c "find {toxinidir} \ -not \( -type d -name .?\* -prune \) \ -type f \ -not -name \*~ \ -not -name \*.md \ -name \*.sh \ -print0 | xargs -r -n 1 -0 shellcheck \ -eSC1083 -eSC2002 -eSC2004 -eSC2005 -eSC2006 -eSC2012 -eSC2034 \ -eSC2044 -eSC2046 -eSC2068 -eSC2076 -eSC2086 -eSC2091 -eSC2115 \ -eSC2148 -eSC2154 -eSC2155 -eSC2162 -eSC2166 -eSC2181 -eSC2199 \ -eSC2206 -eSC2207 -eSC2219 -eSC2254" bash -c "find {toxinidir} \ -not \( -type d -name .?\* -prune \) \ -type f \ -not -name \*~ \ -not -name \*.md \ \( -exec bash -c 'file \{\} | grep -q shell' \; \ -a ! -name '*.sh' \) \ -print0 | xargs -r -n 1 -0 shellcheck \ -eSC1083 -eSC2002 -eSC2004 -eSC2005 -eSC2006 -eSC2012 -eSC2034 \ -eSC2044 -eSC2046 -eSC2068 -eSC2076 -eSC2086 -eSC2091 -eSC2115 \ -eSC2148 -eSC2154 -eSC2155 -eSC2162 -eSC2166 -eSC2181 -eSC2199 \ -eSC2206 -eSC2207 -eSC2219 -eSC2254" [testenv:bashate] # Treat all E* codes as Errors rather than warnings using: -e 'E*' # The following codes are being suppressed: # E006 Line too long # E011 Then keyword is not on same line as if or elif keyword # bashate is called twice, to handle shell scripts that do not end in .sh # the suppression lists are different (eventually nothing will be suppressed) commands = bash -c "find {toxinidir} \ -not \( -type d -name .?\* -prune \) \ -type f \ -not -name \*~ \ -not -name \*.md \ -name \*.sh \ -print0 | xargs -r -n 1 -0 bashate -v \ -i E006 \ -e 'E*'" bash -c "find {toxinidir} \ -not \( -type d -name .?\* -prune \) \ -type f \ -not -name \*~ \ -not -name \*.md \ -not -name \*.ldif \ \( -exec bash -c 'file \{\} | grep -q shell' \; \ -a ! -name '*.sh' \) \ -print0 | xargs -r -n 1 -0 bashate -v \ -i E006,E011 \ -e 'E*'" [testenv:bindep] # Do not install any requirements. We want this to be fast and work even if # system dependencies are missing, since it's used to tell you what system # dependencies are missing! This also means that bindep must be installed # separately, outside of the requirements files. deps = bindep commands = bindep test [testenv:linters] basepython = python3 # Note: centos developer env requires ruby-devel # Ubuntu developer env requires ruby-dev whitelist_externals = gem bash setenv = GEM_HOME = {envdir} GEM_PATH = {envdir} skip_tests = \ --no-autoloader_layout-check \ --no-documentation-check commands = gem install --no-document json puppet-lint:2.3.6 bash -c "find {toxinidir}/puppet-manifests {toxinidir}/modules \ -name \*.pp -print0 \ | xargs -0 puppet-lint --fail-on-warnings {[testenv:linters]skip_tests}" {[testenv:bashate]commands} {[testenv:shellcheck]commands} [testenv:pep8] basepython = python3 usedevelop = False description = Run style checks. commands = flake8 puppet-manifests/src/modules/platform/files [testenv:pylint] basepython = python3 sitepackages = False deps = {[testenv]deps} ruamel.yaml pylint<2.5.0 commands = pylint {posargs} --rcfile=./pylint.rc puppet-manifests [flake8] # E123, E125 skipped as they are invalid PEP-8. # E501 skipped because some of the code files include templates # that end up quite wide # H405: multi line docstring summary not separated with an empty line show-source = True ignore = E123,E125,E501,H405,W504 exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build,release-tag-* [testenv:bandit] basepython = python3 description = Bandit code scan for *.py files under config folder deps = -r{toxinidir}/test-requirements.txt commands = bandit -r {toxinidir}/ -x '**/.tox/**,**/.eggs/**' -lll