tox.ini

[tox]
envlist = py3{7-11}, static, static-tests, security
isolated_build = true
skip_missing_interpreters = true

[testenv]
description = Run the tests
require_locked_deps = true
require_poetry = true
extras =
    ansible
poetry_dep_groups =
    test
commands =
    pytest {toxinidir}/tests/ \
      --cov vault2vault \
      --cov-config {toxinidir}/.coveragerc \
      --cov-report term-missing

[testenv:static]
description = Static formatting and quality enforcement
basepython = python3.10
platform = linux
ignore_errors = true
poetry_dep_groups =
    dev
commands =
    pre-commit run \
      --all-files
    pylint {toxinidir}/vault2vault.py \
      --rcfile {toxinidir}/.pylintrc
    mypy {toxinidir}/vault2vault.py \
      --ignore-missing-imports \
      --no-strict-optional

[testenv:static-tests]
description = Static formatting and quality enforcement for the tests
basepython = python3.10
platform = linux
ignore_errors = true
locked_deps =
    pylint
    pytest
    mypy
    types-toml
commands =
    pylint {toxinidir}/tests/ \
      --rcfile {toxinidir}/.pylintrc
    mypy {toxinidir}/tests/ \
      --ignore-missing-imports \
      --no-strict-optional

[testenv:security]
description = Security checks
basepython = python3.10
platform = linux
ignore_errors = true
skip_install = true
poetry_dep_groups =
    security
commands =
    bandit {toxinidir}/vault2vault.py \
      --recursive \
      --quiet
    bandit {toxinidir}/tests/ \
      --recursive \
      --quiet \
      --skip B101
    poetry export \
      --format requirements.txt \
      --output {envtmpdir}/requirements.txt \
      --without-hashes
# For now these groups are disabled until this bug is resolved
# in poetry-plugin-export:
# https://github.com/python-poetry/poetry-plugin-export/issues/176
#      --with dev \
#      --with ci \
#      --with security \
#      --with test
    safety check \
      --file {envtmpdir}/requirements.txt \
      --json