[checkmk-commits] Extracted python file finding from bandit test target

Module: check_mk Branch: master Commit: da14fb485f9069a452cf15e48bdec535c51006a8 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=da14fb485f9069… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Mon Nov 12 13:56:38 2018 +0100 Extracted python file finding from bandit test target * Moved python file searching to separate tests/find-python-files script * Exclude .venv files from tests/static/.venv * Moved bandit.ini creation to separate phony target Change-Id: Ie4e02f22ee76b63c83c2a4abbf421774a7d598bf --- tests/Makefile | 33 +++++---------------------------- tests/find-python-files | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 28 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index af85575..0ba7f03 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -23,7 +23,7 @@ help: # This target needs to be phony so it is run every time because only the other # makefile can determine that there's nothing to be done. # TODO: Move everything to top level makefile? -.PHONY: ../.venv +.PHONY: ../.venv bandit.ini ../.venv: $(MAKE) -C .. .venv @@ -53,33 +53,10 @@ test-docker: ../.venv $(MAKE) -C ../docker test-lint-dockerfile test-lint-entrypoint $(PYTEST) -T docker -test-bandit: ../.venv -# Finding all the Python stuff in our project is a bit tricky/ugly... - ( cd .. ; \ - echo '[bandit]'; \ - echo -n 'targets: '; \ - for i in $$(find $$(realpath active_checks \ - agents \ - bin \ - checks \ - cmk \ - cmk_base \ - doc \ - enterprise \ - inventory \ - livestatus \ - managed \ - notifications \ - omd/packages/cma \ - omd/packages/maintenance \ - omd/packages/omd \ - scripts \ - tests \ - web/app \ - werk ) \ - -type f | sort ); do \ - { [[ "$$i" == *.py ]] || { head -n 1 "$$i" | grep -q '^#!.*python$$'; } ; } && echo -n "$$i,"; \ - done ) | sed 's/,$$//' > bandit.ini +bandit.ini: + echo -e "[bandit]\ntargets: $$(./find-python-files | tr '\n' ',' | sed 's/,$$//')" > bandit.ini + +test-bandit: ../.venv bandit.ini # Currently only care about high severity reported issues. Once this is reached, # go and enable the medium/low checks. $(BANDIT) -c ../bandit.yaml -r -lll --ini bandit.ini $(BANDIT_OUTPUT_ARGS) diff --git a/tests/find-python-files b/tests/find-python-files new file mode 100755 index 0000000..19d0056 --- /dev/null +++ b/tests/find-python-files @@ -0,0 +1,39 @@ +#!/bin/bash +# Find and print the absolute paths of all python source code files +set -e + +REPO_PATH=$(dirname $(dirname $(realpath "$0"))) +cd "$REPO_PATH" + +SEARCH= +SEARCH+=" active_checks" +SEARCH+=" agents" +SEARCH+=" bin" +SEARCH+=" checks" +SEARCH+=" cmk" +SEARCH+=" cmk_base" +SEARCH+=" doc" +SEARCH+=" enterprise" +SEARCH+=" inventory" +SEARCH+=" livestatus" +SEARCH+=" managed" +SEARCH+=" notifications" +# Do not search whole omd/ because it may contain unpacked sub-packages +SEARCH+=" omd/packages/cma" +SEARCH+=" omd/packages/maintenance" +SEARCH+=" omd/packages/omd" + +SEARCH+=" scripts" +SEARCH+=" tests" +SEARCH+=" web/app" +SEARCH+=" werk" + +# Resolve search paths to real paths before the search for performance reasons +REAL_SEARCH=$(realpath $SEARCH) + +# while read F is used to deal with files containing whitespaces +find $REAL_SEARCH -name .venv -prune -o -type f -print | while read F; do + if [[ "$F" == *.py ]] || head -n 1 "$F" | grep -q '^#!.*python$' >/dev/null 2>&1; then + echo "$F" + fi +done