[tox] envlist = ansible, python, security skipsdist = true [testenv] require_locked_deps = true require_poetry = true setenv = ANSIBLE_CONFIG = {toxinidir}/ansible.cfg whitelist_externals = bash [testenv:ansible] description = Lint ansible resources locked_deps = ansible-core ansible-lint yamllint pre-commit pre-commit-hooks mdformat mdformat-gfm commands = yamllint --config-file {toxinidir}/.yamllintrc.yaml \ {toxinidir}/skylab/ \ {toxinidir}/inventory.yaml \ {toxinidir}/requirements.yaml bash -c "ansible-lint -c {toxinidir}/.ansible-lint.yaml \ {toxinidir}/skylab/*/playbooks/" pre-commit run --all-files [testenv:security] description = Check security parameters ignore_errors = true locked_deps = poetry safety commands = poetry export --format requirements.txt --without-hashes --dev --output {envtmpdir}/req.txt safety check --json --file {envtmpdir}/req.txt \ # Ignore unfixed CVE-2021-3532 from ansible \ --ignore 42923