From c425353d348a722696ef799dd376dd67c3e2a863 Mon Sep 17 00:00:00 2001 From: Yunchu Lee Date: Mon, 10 Apr 2023 14:27:21 +0900 Subject: [PATCH 1/5] Updated code_scan workflow to use tox (#924) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Summary ### How to test ### Checklist - [ ] I have added unit tests to cover my changes.​ - [ ] I have added integration tests to cover my changes.​ - [ ] I have added the description of my changes into [CHANGELOG](https://github.com/openvinotoolkit/datumaro/blob/develop/CHANGELOG.md).​ - [ ] I have updated the [documentation](https://github.com/openvinotoolkit/datumaro/tree/develop/docs) accordingly ### License - [ ] I submit _my code changes_ under the same [MIT License](https://github.com/openvinotoolkit/datumaro/blob/develop/LICENSE) that covers the project. Feel free to contact the maintainers if that's a concern. - [ ] I have updated the license header for each file (see an example below). ```python # Copyright (C) 2023 Intel Corporation # # SPDX-License-Identifier: MIT ``` --- .github/workflows/code_scan.yml | 7 ++----- tox.ini | 10 ++++++++-- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/.github/workflows/code_scan.yml b/.github/workflows/code_scan.yml index ff2aad459d..cf003d71e3 100644 --- a/.github/workflows/code_scan.yml +++ b/.github/workflows/code_scan.yml @@ -16,11 +16,8 @@ jobs: uses: actions/setup-python@v4 with: python-version: 3.8 - - name: Run checks - run: | - pip install --user -r tests/requirements-linters.txt - echo "Bandit version: "`bandit --version | head -1` - bandit -r -c ipas_default.config ./ -f txt -o bandit-report.txt + - name: Bandit Scanning + run: run: tox -e bandit-scan - name: Upload Bandit artifact uses: actions/upload-artifact@v3 with: diff --git a/tox.ini b/tox.ini index 4cba16d43e..ce6b4b336a 100644 --- a/tox.ini +++ b/tox.ini @@ -1,11 +1,17 @@ [tox] isolated_build = true skip_missing_interpreters = true -envlist = - pre-commit + [testenv:pre-commit] basepython = python3 deps = pre-commit commands = pre-commit run --show-diff-on-failure --color=always --all-files + + +[testenv:bandit-scan] +deps = + bandit +commands = + - bandit -r -c ipas_default.config ./ -f txt -o {toxworkdir}/bandit-report.txt From 72d116df5f396f21a207eec1ed63b6a64c679daa Mon Sep 17 00:00:00 2001 From: Yunchu Lee Date: Mon, 10 Apr 2023 14:32:02 +0900 Subject: [PATCH 2/5] Update code_scan.yml --- .github/workflows/code_scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code_scan.yml b/.github/workflows/code_scan.yml index cf003d71e3..af992de6c2 100644 --- a/.github/workflows/code_scan.yml +++ b/.github/workflows/code_scan.yml @@ -17,7 +17,7 @@ jobs: with: python-version: 3.8 - name: Bandit Scanning - run: run: tox -e bandit-scan + run: tox -e bandit-scan - name: Upload Bandit artifact uses: actions/upload-artifact@v3 with: From 6ad62956b3f30dd9f7e2b7dda7dbf684a8839846 Mon Sep 17 00:00:00 2001 From: Yunchu Lee Date: Mon, 10 Apr 2023 14:35:34 +0900 Subject: [PATCH 3/5] Update code_scan.yml Add dependency installation step to install tox --- .github/workflows/code_scan.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/code_scan.yml b/.github/workflows/code_scan.yml index af992de6c2..b2cb1eb041 100644 --- a/.github/workflows/code_scan.yml +++ b/.github/workflows/code_scan.yml @@ -16,6 +16,8 @@ jobs: uses: actions/setup-python@v4 with: python-version: 3.8 + - name: Install dependencies + run: python -m pip install tox - name: Bandit Scanning run: tox -e bandit-scan - name: Upload Bandit artifact From f649d06ae0932ed5bee34b7608b7aa1351cad4f6 Mon Sep 17 00:00:00 2001 From: Yunchu Lee Date: Mon, 10 Apr 2023 14:52:55 +0900 Subject: [PATCH 4/5] Update tox.ini --- tox.ini | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tox.ini b/tox.ini index ce6b4b336a..b107ad8574 100644 --- a/tox.ini +++ b/tox.ini @@ -14,4 +14,4 @@ commands = pre-commit run --show-diff-on-failure --color=always --all-files deps = bandit commands = - - bandit -r -c ipas_default.config ./ -f txt -o {toxworkdir}/bandit-report.txt + - bandit -r -c {toxinidir}/ipas_default.config {toxinidir}/ -f txt -o {toxworkdir}/bandit-report.txt From fa45a94f138ce7cdd15bdcbca8c01559082a4c4f Mon Sep 17 00:00:00 2001 From: Yunchu Lee Date: Mon, 10 Apr 2023 14:53:56 +0900 Subject: [PATCH 5/5] Update ipas_default.config added exclude dirs --- ipas_default.config | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ipas_default.config b/ipas_default.config index d7f185d9e7..ebd61dffff 100644 --- a/ipas_default.config +++ b/ipas_default.config @@ -90,6 +90,13 @@ tests: skips: [ 'B101', 'B102', 'B103', 'B104', 'B105', 'B106', 'B107', 'B108', 'B110', 'B112', 'B201', 'B501', 'B502', 'B503', 'B504', 'B505', 'B506', 'B507', 'B601', 'B602', 'B603', 'B604', 'B605', 'B606', 'B607', 'B608', 'B609', 'B610', 'B611', 'B701', 'B702', 'B703'] +# Added to exclude some path which are not actual source code for this project +exclude_dirs: [ + '.tox/', + '.vscode/', + '.git/', +] + ### (optional) plugin settings - some test plugins require configuration data ### that may be given here, per-plugin. All bandit test plugins have a built in ### set of sensible defaults and these will be used if no configuration is