[tox]
envlist = ansible, security
skipsdist = true
[testenv]
require_locked_deps = true
require_poetry = true
setenv =
ANSIBLE_CONFIG = {toxinidir}/ansible.cfg
whitelist_externals =
bash
[testenv:ansible]
description = Lint ansible resources
locked_deps =
ansible-core
ansible-lint
yamllint
pre-commit
pre-commit-hooks
mdformat
mdformat-gfm
commands =
yamllint --config-file {toxinidir}/.yamllintrc.yaml \
{toxinidir}/skylab/ \
{toxinidir}/inventory.yaml \
{toxinidir}/requirements.yaml
bash -c "ansible-lint -c {toxinidir}/.ansible-lint.yaml \
{toxinidir}/skylab/*/playbooks/"
pre-commit run --all-files
[testenv:security]
description = Check security parameters
ignore_errors = true
poetry
safety
poetry export --format requirements.txt --without-hashes --with dev --output {envtmpdir}/req.txt
safety check --output text --file {envtmpdir}/req.txt \
# Ignore unfixed CVE-2021-3532 from ansible \
--ignore 42923 \
# https://github.com/pytest-dev/py/issues/287#issuecomment-1283567565
--ignore 51457