(zuul) Add a bandit scanning gate
- Add a gate for bandit code scanning Change-Id: I27bf7e6fb5ddc5bf854796c4d15ef0e40eebfbff
This commit is contained in:
parent
b87569abe8
commit
4d0bbb546b
25
.zuul.yaml
25
.zuul.yaml
|
@ -18,6 +18,7 @@
|
||||||
voting: false
|
voting: false
|
||||||
- airship-shipyard-tox-py35
|
- airship-shipyard-tox-py35
|
||||||
- airship-shipyard-pep8
|
- airship-shipyard-pep8
|
||||||
|
- airship-shipyard-security-bandit
|
||||||
- airship-shipyard-image
|
- airship-shipyard-image
|
||||||
gate:
|
gate:
|
||||||
jobs:
|
jobs:
|
||||||
|
@ -30,14 +31,21 @@
|
||||||
# - ^releasenotes/.*$
|
# - ^releasenotes/.*$
|
||||||
- airship-shipyard-tox-py35
|
- airship-shipyard-tox-py35
|
||||||
- airship-shipyard-pep8
|
- airship-shipyard-pep8
|
||||||
|
- airship-shipyard-security-bandit
|
||||||
- airship-shipyard-image
|
- airship-shipyard-image
|
||||||
|
|
||||||
|
- nodeset:
|
||||||
|
name: airship-shipyard-single-node
|
||||||
|
nodes:
|
||||||
|
- name: primary
|
||||||
|
label: ubuntu-xenial
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: airship-shipyard-linter
|
name: airship-shipyard-linter
|
||||||
description: |
|
description: |
|
||||||
Lints all files by checking them for whitespace.
|
Lints all files by checking them for whitespace.
|
||||||
run: tools/gate/playbooks/zuul-linter.yaml
|
run: tools/gate/playbooks/zuul-linter.yaml
|
||||||
nodeset: openstack-helm-single-node
|
nodeset: airship-shipyard-single-node
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: airship-shipyard-base
|
name: airship-shipyard-base
|
||||||
|
@ -63,7 +71,7 @@
|
||||||
- job:
|
- job:
|
||||||
name: airship-shipyard-ubuntu
|
name: airship-shipyard-ubuntu
|
||||||
parent: airship-shipyard-base
|
parent: airship-shipyard-base
|
||||||
nodeset: openstack-helm-single-node
|
nodeset: airship-shipyard-single-node
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: airship-shipyard-tox-base
|
name: airship-shipyard-tox-base
|
||||||
|
@ -90,7 +98,7 @@
|
||||||
Run tox-based tests for the Airship Shipyard project under
|
Run tox-based tests for the Airship Shipyard project under
|
||||||
cPython version 3.5.
|
cPython version 3.5.
|
||||||
parent: airship-shipyard-tox-base
|
parent: airship-shipyard-tox-base
|
||||||
nodeset: openstack-helm-single-node
|
nodeset: airship-shipyard-single-node
|
||||||
vars:
|
vars:
|
||||||
tox_envlist: py35
|
tox_envlist: py35
|
||||||
|
|
||||||
|
@ -100,10 +108,17 @@
|
||||||
Run pep8 tests for the Airship Shipyard project under
|
Run pep8 tests for the Airship Shipyard project under
|
||||||
cPython version 3.5.
|
cPython version 3.5.
|
||||||
parent: airship-shipyard-tox-base
|
parent: airship-shipyard-tox-base
|
||||||
nodeset: openstack-helm-single-node
|
nodeset: airship-shipyard-single-node
|
||||||
vars:
|
vars:
|
||||||
tox_envlist: pep8
|
tox_envlist: pep8
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: airship-shipyard-security-bandit
|
||||||
|
description: |
|
||||||
|
Run bandit code scans for the Airship Shipyard project
|
||||||
|
run: tools/gate/playbooks/security-bandit.yaml
|
||||||
|
nodeset: airship-shipyard-single-node
|
||||||
|
|
||||||
- job:
|
- job:
|
||||||
name: airship-shipyard-image-base
|
name: airship-shipyard-image-base
|
||||||
description: |
|
description: |
|
||||||
|
@ -127,4 +142,4 @@
|
||||||
description: |
|
description: |
|
||||||
Run shipyard-image build.
|
Run shipyard-image build.
|
||||||
parent: airship-shipyard-image-base
|
parent: airship-shipyard-image-base
|
||||||
nodeset: openstack-helm-single-node
|
nodeset: airship-shipyard-single-node
|
||||||
|
|
4
Makefile
4
Makefile
|
@ -57,6 +57,10 @@ dry-run: clean
|
||||||
.PHONY: docs
|
.PHONY: docs
|
||||||
docs: clean build_docs
|
docs: clean build_docs
|
||||||
|
|
||||||
|
.PHONY: security
|
||||||
|
security:
|
||||||
|
cd $(BUILD_CTX)/shipyard_airflow; tox -e bandit
|
||||||
|
cd $(BUILD_CTX)/shipyard_client; tox -e bandit
|
||||||
|
|
||||||
.PHONY: tests
|
.PHONY: tests
|
||||||
tests:
|
tests:
|
||||||
|
|
|
@ -0,0 +1,20 @@
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
- hosts: primary
|
||||||
|
tasks:
|
||||||
|
- name: Execute the make target for security scanning
|
||||||
|
make:
|
||||||
|
chdir: "{{ zuul.project.src_dir }}"
|
||||||
|
target: security
|
||||||
|
register: result
|
||||||
|
failed_when: result.failed
|
Loading…
Reference in New Issue