From 4ad86e0728611c2fc580c4f9f658d6883a1721e6 Mon Sep 17 00:00:00 2001
From: Scott Hussey <sh8121@att.com>
Date: Thu, 31 May 2018 11:54:51 -0500
Subject: [PATCH] Basic zuul gates

- Pep8, bandit and unit tests
- Document build (no publish)

Change-Id: I2ca67e69f80aff63576bebd14da412e2f138f54a
---
 .zuul.yaml                                | 49 ++++++++++++++++++++++-
 Makefile                                  |  8 ++++
 src/bin/pegleg/test-requirements.txt      |  3 ++
 src/bin/pegleg/tox.ini                    |  3 ++
 tools/gate/playbooks/doc-build.yaml       | 20 +++++++++
 tools/gate/playbooks/pep8-linter.yaml     | 20 +++++++++
 tools/gate/playbooks/security-bandit.yaml | 20 +++++++++
 tools/gate/playbooks/unit-py35.yaml       | 20 +++++++++
 tools/gate/playbooks/vars.yaml            | 15 +++++++
 tools/gate/playbooks/zuul-linter.yaml     |  2 +-
 10 files changed, 158 insertions(+), 2 deletions(-)
 create mode 100644 tools/gate/playbooks/doc-build.yaml
 create mode 100644 tools/gate/playbooks/pep8-linter.yaml
 create mode 100644 tools/gate/playbooks/security-bandit.yaml
 create mode 100644 tools/gate/playbooks/unit-py35.yaml
 create mode 100644 tools/gate/playbooks/vars.yaml

diff --git a/.zuul.yaml b/.zuul.yaml
index d856c8b7..b840b4c0 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -14,13 +14,60 @@
     check:
       jobs:
         - airship-pegleg-linter
+        - airship-pegleg-doc-build
+        - airship-pegleg-lint-pep8
+        - airship-pegleg-unit-py35
+        - airship-pegleg-security-bandit
+
     gate:
       jobs:
         - airship-pegleg-linter
+        - airship-pegleg-doc-build
+        - airship-pegleg-lint-pep8
+        - airship-pegleg-unit-py35
+        - airship-pegleg-security-bandit
+
+- nodeset:
+    name: airship-pegleg-single-node
+    nodes:
+      - name: primary
+        label: ubuntu-xenial
 
 - job:
     name: airship-pegleg-linter
     description: |
       Lints all files by checking them for whitespace.
     run: tools/gate/playbooks/zuul-linter.yaml
-    nodeset: openstack-helm-single-node
+    nodeset: airship-pegleg-single-node
+
+- job:
+    name: airship-pegleg-lint-pep8
+    description: |
+      Lints Python files against the PEP8 standard
+    run: tools/gate/playbooks/pep8-linter.yaml
+    timeout: 300
+    nodeset: airship-pegleg-single-node
+
+- job:
+    name: airship-pegleg-unit-py35
+    description: |
+      Executes unit tests under Python 3.5
+    run: tools/gate/playbooks/unit-py35.yaml
+    timeout: 300
+    nodeset: airship-pegleg-single-node
+
+- job:
+    name: airship-pegleg-security-bandit
+    description: |
+      Executes the Bandit security scanner against Python files
+    run: tools/gate/playbooks/security-bandit.yaml
+    timeout: 300
+    nodeset: airship-pegleg-single-node
+
+- job:
+    name: airship-pegleg-doc-build
+    description: |
+      Locally build the documentation to check for errors
+    run: tools/gate/playbooks/doc-build.yaml
+    timeout: 300
+    nodeset: airship-pegleg-single-node
diff --git a/Makefile b/Makefile
index 885c9643..af69f167 100644
--- a/Makefile
+++ b/Makefile
@@ -41,6 +41,10 @@ run_pegleg: build_pegleg
 .PHONY: tests
 tests: run_tests
 
+.PHONY: security
+security:
+	tox -c src/bin/pegleg/tox.ini -e bandit
+
 # Run all unit tests under src/bin/pegleg
 .PHONY: run_tests
 run_tests:
@@ -65,6 +69,10 @@ ifeq ($(PUSH_IMAGE), true)
 	docker push $(IMAGE)
 endif
 
+.PHONY: docs
+docs: clean
+	tox -edocs
+
 .PHONY: clean
 clean:
 	rm -rf build
diff --git a/src/bin/pegleg/test-requirements.txt b/src/bin/pegleg/test-requirements.txt
index 4403325c..57fee1ec 100644
--- a/src/bin/pegleg/test-requirements.txt
+++ b/src/bin/pegleg/test-requirements.txt
@@ -5,3 +5,6 @@ mock==2.0.0
 
 # Linting
 flake8==3.3.0
+
+# Security
+bandit==1.4.0
diff --git a/src/bin/pegleg/tox.ini b/src/bin/pegleg/tox.ini
index c6795d50..f7327ca0 100644
--- a/src/bin/pegleg/tox.ini
+++ b/src/bin/pegleg/tox.ini
@@ -27,5 +27,8 @@ commands =
     yapf -rd {toxinidir}/pegleg {toxinidir}/tests
     flake8 {toxinidir}/pegleg
 
+[testenv:bandit]
+commands = bandit -r pegleg -n 5
+
 [flake8]
 ignore = E125,E251,W503
diff --git a/tools/gate/playbooks/doc-build.yaml b/tools/gate/playbooks/doc-build.yaml
new file mode 100644
index 00000000..b7b2aa16
--- /dev/null
+++ b/tools/gate/playbooks/doc-build.yaml
@@ -0,0 +1,20 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- hosts: primary
+  tasks:
+    - name: Build documents locally
+      make:
+        chdir: "{{ zuul.project.src_dir }}"
+        target: docs
+      register: result
+      failed_when: result.failed
diff --git a/tools/gate/playbooks/pep8-linter.yaml b/tools/gate/playbooks/pep8-linter.yaml
new file mode 100644
index 00000000..43bd7855
--- /dev/null
+++ b/tools/gate/playbooks/pep8-linter.yaml
@@ -0,0 +1,20 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- hosts: primary
+  tasks:
+    - name: Execute the make target for PEP8 linting
+      make:
+        chdir: "{{ zuul.project.src_dir }}"
+        target: py_lint
+      register: result
+      failed_when: result.failed
diff --git a/tools/gate/playbooks/security-bandit.yaml b/tools/gate/playbooks/security-bandit.yaml
new file mode 100644
index 00000000..927ea05f
--- /dev/null
+++ b/tools/gate/playbooks/security-bandit.yaml
@@ -0,0 +1,20 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- hosts: primary
+  tasks:
+    - name: Execute the make target for security scanning
+      make:
+        chdir: "{{ zuul.project.src_dir }}"
+        target: security
+      register: result
+      failed_when: result.failed
diff --git a/tools/gate/playbooks/unit-py35.yaml b/tools/gate/playbooks/unit-py35.yaml
new file mode 100644
index 00000000..4d00225f
--- /dev/null
+++ b/tools/gate/playbooks/unit-py35.yaml
@@ -0,0 +1,20 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- hosts: primary
+  tasks:
+    - name: Execute the make target for unit testing
+      make:
+        chdir: "{{ zuul.project.src_dir }}"
+        target: tests
+      register: result
+      failed_when: result.failed
diff --git a/tools/gate/playbooks/vars.yaml b/tools/gate/playbooks/vars.yaml
new file mode 100644
index 00000000..eb6ffae1
--- /dev/null
+++ b/tools/gate/playbooks/vars.yaml
@@ -0,0 +1,15 @@
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+null: null
diff --git a/tools/gate/playbooks/zuul-linter.yaml b/tools/gate/playbooks/zuul-linter.yaml
index ec0f7ea7..05ee4a63 100644
--- a/tools/gate/playbooks/zuul-linter.yaml
+++ b/tools/gate/playbooks/zuul-linter.yaml
@@ -15,6 +15,6 @@
 - hosts: primary
   tasks:
     - name: Execute a Whitespace Linter check
-      command: find . -not -path "*/\.*" -not -path "*/doc/build/*" -not -name "*.tgz" -type f -exec egrep -l " +$" {} \;
+      command: find . -not -path "*/\.*" -not -path "*/docs/build/*" -not -name "*.tgz"  -type f -exec egrep -l " +$" {} \;
       register: result
       failed_when: result.stdout != ""