43 lines
1.0 KiB
INI
43 lines
1.0 KiB
INI
[tox]
|
|
envlist = ansible, python, security
|
|
skipsdist = true
|
|
|
|
[testenv]
|
|
require_locked_deps = true
|
|
require_poetry = true
|
|
setenv =
|
|
ANSIBLE_CONFIG = {toxinidir}/ansible.cfg
|
|
whitelist_externals =
|
|
bash
|
|
|
|
[testenv:ansible]
|
|
description = Lint ansible resources
|
|
locked_deps =
|
|
ansible-core
|
|
ansible-lint
|
|
yamllint
|
|
pre-commit
|
|
pre-commit-hooks
|
|
mdformat
|
|
mdformat-gfm
|
|
commands =
|
|
yamllint --config-file {toxinidir}/.yamllintrc.yaml \
|
|
{toxinidir}/skylab/ \
|
|
{toxinidir}/inventory.yaml \
|
|
{toxinidir}/requirements.yaml
|
|
bash -c "ansible-lint -c {toxinidir}/.ansible-lint.yaml \
|
|
{toxinidir}/skylab/*/playbooks/"
|
|
pre-commit run --all-files
|
|
|
|
[testenv:security]
|
|
description = Check security parameters
|
|
ignore_errors = true
|
|
locked_deps =
|
|
poetry
|
|
safety
|
|
commands =
|
|
poetry export --format requirements.txt --without-hashes --dev --output {envtmpdir}/req.txt
|
|
safety check --json --file {envtmpdir}/req.txt \
|
|
# Ignore unfixed CVE-2021-3532 from ansible \
|
|
--ignore 42923
|