43 lines
1.0 KiB
INI
43 lines
1.0 KiB
INI
|
[tox]
|
||
|
envlist = ansible, python, security
|
||
|
skipsdist = true
|
||
|
|
||
|
[testenv]
|
||
|
require_locked_deps = true
|
||
|
require_poetry = true
|
||
|
setenv =
|
||
|
ANSIBLE_CONFIG = {toxinidir}/ansible.cfg
|
||
|
whitelist_externals =
|
||
|
bash
|
||
|
|
||
|
[testenv:ansible]
|
||
|
description = Lint ansible resources
|
||
|
locked_deps =
|
||
|
ansible-core
|
||
|
ansible-lint
|
||
|
yamllint
|
||
|
pre-commit
|
||
|
pre-commit-hooks
|
||
|
mdformat
|
||
|
mdformat-gfm
|
||
|
commands =
|
||
|
yamllint --config-file {toxinidir}/.yamllintrc.yaml \
|
||
|
{toxinidir}/skylab/ \
|
||
|
{toxinidir}/inventory.yaml \
|
||
|
{toxinidir}/requirements.yaml
|
||
|
bash -c "ansible-lint -c {toxinidir}/.ansible-lint.yaml \
|
||
|
{toxinidir}/skylab/*/playbooks/"
|
||
|
pre-commit run --all-files
|
||
|
|
||
|
[testenv:security]
|
||
|
description = Check security parameters
|
||
|
ignore_errors = true
|
||
|
locked_deps =
|
||
|
poetry
|
||
|
safety
|
||
|
commands =
|
||
|
poetry export --format requirements.txt --without-hashes --dev --output {envtmpdir}/req.txt
|
||
|
safety check --json --file {envtmpdir}/req.txt \
|
||
|
# Ignore unfixed CVE-2021-3532 from ansible \
|
||
|
--ignore 42923
|