Integrate `bandit` into the unittest and mypy action

SuffolkLITLab / ALActions

A github repo with all of the shared actions used in Assembly Line Projects

1 stars 0 forks source link

Integrate `bandit` into the unittest and mypy action #13

Open BryceStevenWilley opened 11 months ago

BryceStevenWilley commented 11 months ago

https://bandit.readthedocs.io/en/latest/

Runs quickly, and gives IMO okay suggestions (not critical, but still good coding practices). But, it's an easy lift, and good to have. If you don't want them, you can adjust what warnings you want to see in your pyproject.toml, which we essentially already require for mypy.

[tool.bandit]
exclude_dirs = ["tests", "path/to/file"]
tests = ["B201", "B301"]
skips = ["B101", "B601"]

Or to skip everything:

[tool.bandit]
exclude_dirs=["docassemble"]

michaelhofrichter commented 11 months ago

I've modified my github action steps to include the following:

      - run: pip install bandit
        shell: bash
      - run: bandit -r ./docassemble
        shell: bash

That then runs within just the docassemble package directory (as opposed to the entire virtual environment). If it finds something it errors and ends the action.