30c66126ee
This change adds a non-voting bandit check to openstack-helm-infra similar to what is ran in the openstack-helm repo. This check will be made voting in a future change once the current failures are addressed. Similarly this check will be modified in a future change to only be ran when affected python files are changed. Change-Id: I177940f7b050fbe8882d298628c458bbd935ee89
29 lines
781 B
YAML
29 lines
781 B
YAML
- hosts: all
|
|
name: openstack-helm-infra-bandit
|
|
tasks:
|
|
|
|
- name: Install Required Packages and Setup Host
|
|
shell: |
|
|
set -xe;
|
|
./tools/deployment/common/000-install-packages.sh
|
|
./tools/deployment/common/005-deploy-k8s.sh
|
|
sudo -H pip install yq bandit
|
|
environment:
|
|
zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
|
|
args:
|
|
chdir: "{{ zuul.project.src_dir }}"
|
|
|
|
- name: Template out python files
|
|
shell: |
|
|
set -xe;
|
|
make all
|
|
mkdir -p python-files
|
|
./tools/gate/template-python.sh
|
|
args:
|
|
chdir: "{{ zuul.project.src_dir }}"
|
|
|
|
- name: Run bandit against python files
|
|
shell: bandit -r ./python-files
|
|
args:
|
|
chdir: "{{ zuul.project.src_dir }}"
|