From 8349197be8b6c4a43fcfcb52ebe2b6508824dc38 Mon Sep 17 00:00:00 2001
From: Ian H Pittwood <pittwoodian@gmail.com>
Date: Fri, 19 Jul 2019 14:19:01 -0500
Subject: [PATCH] Move safety checks to new Zuul job

The pyup.io database that is used to check dependencies for
vulnerabilities in Spyglass is currently down. When first implemented,
this check was placed in the tox pep8 job. This change moves the
vulnerability check into its own Zuul job so it can be disabled in
instances such as this where the database is down.

Specifies basepython to python3 for safety and bandit jobs.

Change-Id: I4e13c5341a9e62095587ec1820be79a621380f09
---
 .zuul.yaml | 11 +++++++++++
 tox.ini    |  6 +++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/.zuul.yaml b/.zuul.yaml
index 70992e1..32cb24e 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -21,12 +21,14 @@
     check:
       jobs:
         - openstack-tox-pep8
+        - spyglass-dependency-vulnerability-check
         - spyglass-docker-build-gate-ubuntu_xenial
         - spyglass-docker-build-gate-ubuntu_bionic
         - spyglass-docker-build-gate-opensuse
     gate:
       jobs:
         - openstack-tox-pep8
+        - spyglass-dependency-vulnerability-check
         - spyglass-docker-build-gate-ubuntu_xenial
         - spyglass-docker-build-gate-ubuntu_bionic
         - spyglass-docker-build-gate-opensuse
@@ -43,6 +45,15 @@
       - name: primary
         label: ubuntu-xenial
 
+- job:
+    name: spyglass-dependency-vulnerability-check
+    parent: openstack-tox
+    voting: false
+    timeout: 600
+    nodeset: spyglass-single-node
+    vars:
+      tox_envlist: safety
+
 - job:
     name: spyglass-docker-build-gate-ubuntu_xenial
     timeout: 1800
diff --git a/tox.ini b/tox.ini
index 2a308b1..de170df 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,5 +1,5 @@
 [tox]
-envlist = py36, py37, pep8, docs, cover
+envlist = py36, py37, pep8, safety, docs, cover
 minversion = 2.3.1
 skipsdist = True
 
@@ -39,12 +39,11 @@ commands =
   yapf -dr {toxinidir}/spyglass {toxinidir}/setup.py {toxinidir}/tests
   flake8 {toxinidir}/spyglass {toxinidir}/tests
   bandit -r spyglass -n 5
-  pipenv check
-  safety check -r {toxinidir}/doc/requirements.txt --bare
 whitelist_externals =
   bash
 
 [testenv:safety]
+basepython = python3
 deps =
   pipenv
   safety
@@ -54,6 +53,7 @@ commands =
   safety check -r {toxinidir}/doc/requirements.txt --full-report
 
 [testenv:bandit]
+basepython = python3
 deps =
     pipenv
 commands =