Add tox for static checks

Add toxdir to gitignore Add ansible and yamllint
2022-01-08 22:16:40 -05:00
parent 14ce2dfea6
commit 1c417eda10
7 changed files with 427 additions and 40 deletions
--- a/tox.ini
+++ b/tox.ini
@@ -0,0 +1,42 @@
+[tox]
+envlist = ansible, python, security
+skipsdist = true
+
+[testenv]
+require_locked_deps = true
+require_poetry = true
+setenv =
+    ANSIBLE_CONFIG = {toxinidir}/ansible.cfg
+whitelist_externals =
+    bash
+
+[testenv:ansible]
+description = Lint ansible resources
+locked_deps =
+    ansible-core
+    ansible-lint
+    yamllint
+    pre-commit
+    pre-commit-hooks
+    mdformat
+    mdformat-gfm
+commands =
+    yamllint --config-file {toxinidir}/.yamllintrc.yaml \
+      {toxinidir}/skylab/ \
+      {toxinidir}/inventory.yaml \
+      {toxinidir}/requirements.yaml
+    bash -c "ansible-lint -c {toxinidir}/.ansible-lint.yaml \
+      {toxinidir}/skylab/*/playbooks/"
+    pre-commit run --all-files
+
+[testenv:security]
+description = Check security parameters
+ignore_errors = true
+locked_deps =
+    poetry
+    safety
+commands =
+    poetry export --format requirements.txt --without-hashes --dev --output {envtmpdir}/req.txt
+    safety check --json --file {envtmpdir}/req.txt \
+        # Ignore unfixed CVE-2021-3532 from ansible \
+        --ignore 42923