Duncan Macleod · 4f7f2681 · 0f6f8bc6 · 6c728217 · 4f7f2681 · 0f6f8bc6
--- a/.gitlab/ci/analysis.yml

+ 36

− 8
+++ b/.gitlab/ci/analysis.yml

+ 36

− 8
 @@ -8,6 +8,8 @@ include:
    file:
      # https://computing.docs.ligo.org/gitlab-ci-templates/python/
      - python.yml
+  # https://docs.gitlab.com/ee/user/application_security/dependency_scanning/
+  - template: Security/Dependency-Scanning.gitlab-ci.yml

 # -- code quality -----------
 #
 @@ -21,15 +23,41 @@ flake8:
    # https://computing.docs.ligo.org/gitlab-ci-templates/python/#.python:flake8
    - .python:flake8
  needs: []
+  variables:
+    # don't fail the pipeline because of linting issues,
+    # these are presented in the code-quality box in the
+    # merge_request UI
+    FLAKE8_OPTIONS: "--exit-zero"
  before_script:
-    # pick requirements out of the setup.cfg
+    # pick requirements out of the metadata
    - |
-      REQUIREMENTS=$(python -c "
-      from configparser import ConfigParser;
-      cp = ConfigParser();
-      cp.read('setup.cfg');
-      print(cp['options.extras_require']['lint'].strip())")
+      REQUIREMENTS=$(${PYTHON} -c "
+      from setuptools import Distribution
+      dist = Distribution()
+      dist.parse_config_files()
+      for req in dist.extras_require['lint']:
+          print(req)
+      ")
    # install things
    - !reference [".python:flake8", before_script]
-  # code quality issues should present a global 'warning'
-  allow_failure: true
+
+# -- dependency scanning ----
+#
+# This job checks for dependency
+# issues
+#
+
+dependency_scanning:
+  stage: Code quality
+  needs: []
+  before_script:
+    - |
+      python -c "
+      from setuptools import Distribution
+      dist = Distribution()
+      dist.parse_config_files()
+      reqs = dist.setup_requires + dist.install_requires
+      for extra in ('test',):
+          reqs.extend(dist.extras_require[extra])
+      print('\n'.join(reqs))
+      " | sort -u > requirements.txt