-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathtox.ini
169 lines (155 loc) · 6.68 KB
/
tox.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
[tox]
envlist = linters,pep8,pylint
minversion = 2.3
skipsdist = True
sitepackages=False
[testenv]
install_command = pip install -U {opts} {packages}
setenv =
VIRTUAL_ENV={envdir}
OS_STDOUT_CAPTURE=1
OS_STDERR_CAPTURE=1
OS_DEBUG=1
OS_LOG_CAPTURE=1
deps =
-r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
allowlist_externals =
bash
[testenv:shellcheck]
basepython = python3
# The following are currently suppressed:
# SC1083: This '{' or '}' is literal. Check expression (missing ;/\n?) or quote it.
# SC2002: Useless cat. Consider 'cmd < file | ..' or 'cmd file | ..' instead.
# SC2004: $/${} is unnecessary on arithmetic variables.
# SC2005: Useless echo? Instead of 'echo $(cmd)', just use 'cmd'.
# SC2006: Use $(...) notation instead of legacy backticked `...`.
# SC2012: Use find instead of ls to better handle non-alphanumeric filenames.
# SC2034: variable appears unused. Verify use (or export if used externally).
# SC2044: For loops over find output are fragile. Use find -exec or a while read loop.
# SC2046: Quote this to prevent word splitting
# SC2068: Double quote array expansions to avoid re-splitting elements.
# SC2076: Remove quotes from right-hand side of =~ to match as a regex rather than literally.
# SC2086: Double quote to prevent globbing and word splitting
# SC2091: Remove surrounding $() to avoid executing output (or use eval if intentional).
# SC2115: Use "${var:?}" to ensure this never expands to /* .
# SC2148: Tips depend on target shell and yours is unknown. Add a shebang or a 'shell' directive.
# SC2154: i is referenced but not assigned.
# SC2155: Declare and assign separately to avoid masking return values.
# SC2162: read without -r will mangle backslashes
# SC2166: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.
# SC2181: Check exit code directly with e.g. if mycmd; not indirectly with $?
# SC2199: Arrays implicitly concatenate in [[ ]]. Use a loop (or explicit * instead of @).
# SC2206: Quote to prevent word splitting/globbing, or use mapfile or read -a.
# SC2207: Prefer mapfile or read -a to split command output (or quote to avoid splitting)
# SC2219: Instead of 'let expr', prefer (( expr ))
# SC2254: Quote expansions in case patterns to match literally rather than as a glob.
# SC2317: Command appears to be unreachable. Check usage (or ignore if invoked indirectly).
# shellcheck is called twice, to handle shell scripts that do not end in .sh
commands =
bash -c "find {toxinidir} \
-not \( -type d -name .?\* -prune \) \
-type f \
-not -name \*~ \
-not -name \*.md \
-name \*.sh \
-print0 | xargs -r -n 1 -0 shellcheck \
-eSC1083 -eSC2002 -eSC2004 -eSC2005 -eSC2006 -eSC2012 -eSC2034 \
-eSC2044 -eSC2046 -eSC2068 -eSC2076 -eSC2086 -eSC2091 -eSC2115 \
-eSC2148 -eSC2154 -eSC2155 -eSC2162 -eSC2166 -eSC2181 -eSC2199 \
-eSC2206 -eSC2207 -eSC2219 -eSC2254 -eSC2317"
bash -c "find {toxinidir} \
-not \( -type d -name .?\* -prune \) \
-type f \
-not -name \*~ \
-not -name \*.md \
\( -exec bash -c 'file \{\} | grep -q shell' \; \
-a ! -name '*.sh' \) \
-print0 | xargs -r -n 1 -0 shellcheck \
-eSC1083 -eSC2002 -eSC2004 -eSC2005 -eSC2006 -eSC2012 -eSC2034 \
-eSC2044 -eSC2046 -eSC2068 -eSC2076 -eSC2086 -eSC2091 -eSC2115 \
-eSC2148 -eSC2154 -eSC2155 -eSC2162 -eSC2166 -eSC2181 -eSC2199 \
-eSC2206 -eSC2207 -eSC2219 -eSC2254"
[testenv:bashate]
# Treat all E* codes as Errors rather than warnings using: -e 'E*'
# The following codes are being suppressed:
# E006 Line too long
# E011 Then keyword is not on same line as if or elif keyword
# bashate is called twice, to handle shell scripts that do not end in .sh
# the suppression lists are different (eventually nothing will be suppressed)
commands =
bash -c "find {toxinidir} \
-not \( -type d -name .?\* -prune \) \
-type f \
-not -name \*~ \
-not -name \*.md \
-name \*.sh \
-print0 | xargs -r -n 1 -0 bashate -v \
-i E006 \
-e 'E*'"
bash -c "find {toxinidir} \
-not \( -type d -name .?\* -prune \) \
-type f \
-not -name \*~ \
-not -name \*.md \
-not -name \*.ldif \
\( -exec bash -c 'file \{\} | grep -q shell' \; \
-a ! -name '*.sh' \) \
-print0 | xargs -r -n 1 -0 bashate -v \
-i E006,E011 \
-e 'E*'"
[testenv:bindep]
# Do not install any requirements. We want this to be fast and work even if
# system dependencies are missing, since it's used to tell you what system
# dependencies are missing! This also means that bindep must be installed
# separately, outside of the requirements files.
deps = bindep
commands = bindep test
[testenv:linters]
basepython = python3
# Note: centos developer env requires ruby-devel
# Ubuntu developer env requires ruby-dev
allowlist_externals =
gem
bash
setenv =
GEM_HOME = {envdir}
GEM_PATH = {envdir}
skip_tests = \
--no-autoloader_layout-check \
--no-documentation-check
commands =
gem install --no-document json:2.5.1 puppet-lint:2.3.6
bash -c "find {toxinidir}/puppet-manifests {toxinidir}/modules \
-name \*.pp -print0 \
| xargs -0 puppet-lint --fail-on-warnings {[testenv:linters]skip_tests}"
{[testenv:bashate]commands}
{[testenv:shellcheck]commands}
[testenv:pep8]
basepython = python3
usedevelop = False
description =
Run style checks.
commands =
flake8 puppet-manifests/src/modules/platform/files
[testenv:pylint]
basepython = python3
sitepackages = False
deps = {[testenv]deps}
requests
pylint<2.5.0
commands =
pylint {posargs} --rcfile=./pylint.rc puppet-manifests
[flake8]
# E123, E125 skipped as they are invalid PEP-8.
# E501 skipped because some of the code files include templates
# that end up quite wide
# H405: multi line docstring summary not separated with an empty line
show-source = True
ignore = E123,E125,E501,H405,W504
exclude = .venv,.git,.tox,dist,doc,*lib/python*,*egg,build,release-tag-*
[testenv:bandit]
basepython = python3
description = Bandit code scan for *.py files under config folder
deps = -r{toxinidir}/test-requirements.txt
commands = bandit -r {toxinidir}/ -x '**/.tox/**,**/.eggs/**' -lll