Move safety checks to new Zuul job

Moves the dependency vulnerability checks from pep8 tox check to a new Zuul job. This allows setting the job to not be voting as the database used for safety has been flaky recently. Changes basepython to python3 for safety and bandit jobs. Related change: https://review.opendev.org/#/c/671847 Change-Id: I3bbc15aec795ff901e442e17d2ab974fd5da90ef
2019-07-19 15:21:03 -05:00 · 2019-07-19 15:21:03 -05:00 · 2b585d1e40
commit 2b585d1e40
parent 8d3c35289e
2 changed files with 12 additions and 3 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -17,6 +17,16 @@
    check:
      jobs:
        - openstack-tox-pep8
+        - spyglass-plugin-xls-dependency-vulnerability-check
    gate:
      jobs:
        - openstack-tox-pep8
+        - spyglass-plugin-xls-dependency-vulnerability-check
+
+- job:
+    name: spyglass-plugin-xls-dependency-vulnerability-check
+    parent: openstack-tox
+    voting: false
+    timeout: 600
+    vars:
+      tox_envlist: safety
--- a/tox.ini
+++ b/tox.ini
@ -35,13 +35,11 @@ commands =
  yapf -dr {toxinidir}/spyglass_plugin_xls {toxinidir}/setup.py {toxinidir}/tests
  flake8 {toxinidir}/spyglass_plugin_xls {toxinidir}/tests
  bandit -r spyglass_plugin_xls -n 5
-  safety check -r {toxinidir}/requirements.txt \
-               -r {toxinidir}/test-requirements.txt \
-               -r {toxinidir}/doc/requirements.txt --bare
 whitelist_externals =
  bash

 [testenv:safety]
+basepython = python3
 deps =
    safety
 commands =
@ -50,6 +48,7 @@ commands =
    safety check -r {toxinidir}/doc/requirements.txt --full-report

 [testenv:bandit]
+basepython = python3
 deps =
    bandit
 commands = bandit -r spyglass_plugin_xls -n 5