From b628986912f4cb312c74ff22c1a6370df81bc8d8 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dirk@dmllr.de>
Date: Sat, 4 May 2019 00:56:15 +0200
Subject: [PATCH] Add safety check output to the linters output

Currently a safety check failure is ignored, the output
is just for informational purposes. it reports known
security issues with the versions in upper-constraints.txt
so that we can determine a corrective action.

Change-Id: Ib8191602f47641eb047ebe5972ffa92bcfd08de4
---
 tox.ini | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tox.ini b/tox.ini
index 22db546649..fe1c4a9801 100644
--- a/tox.ini
+++ b/tox.ini
@@ -52,6 +52,7 @@ commands = {[testenv:linters]commands}
 deps =
     hacking>=1.0.0
     bashate>=0.5.1
+    safety
 whitelist_externals = bash
 commands =
     flake8
@@ -59,6 +60,8 @@ commands =
                  -type f                 \
                  -name \*.sh             \
                  -print0 | xargs -0 bashate -v -iE006,E010"
+    bash -c 'sed -e "s,===,==," upper-constraints.txt > {envtmpdir}/safety-check.txt'
+    -safety check --json -r {envtmpdir}/safety-check.txt
 
 [testenv:bindep]
 # Do not install any requirements. We want this to be fast and work even if