mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-10-03 17:50:11 +02:00
gitlab-ci: use latest alpine/bandit to fix CVE flagged by safety
This commit is contained in:
parent
2b21584b35
commit
022d0796d8
@ -170,19 +170,19 @@ gradlew-fdroid:
|
|||||||
|
|
||||||
# Run all the various linters and static analysis tools.
|
# Run all the various linters and static analysis tools.
|
||||||
lint_format_safety_bandit_checks:
|
lint_format_safety_bandit_checks:
|
||||||
image: alpine:3.10 # cannot upgrade until bandit supports Python 3.8
|
image: alpine:3.13
|
||||||
variables:
|
variables:
|
||||||
LANG: C.UTF-8
|
LANG: C.UTF-8
|
||||||
script:
|
script:
|
||||||
- apk add --no-cache bash build-base dash ca-certificates gcc python3 python3-dev
|
- apk add --no-cache bash build-base dash ca-certificates gcc python3 python3-dev
|
||||||
- python3 -m ensurepip
|
- python3 -m ensurepip
|
||||||
- $pip install Babel 'bandit<1.6.0' pycodestyle pyflakes pylint safety
|
- $pip install Babel bandit pycodestyle pyflakes pylint safety
|
||||||
- export EXITVALUE=0
|
- export EXITVALUE=0
|
||||||
- function set_error() { export EXITVALUE=1; printf "\x1b[31mERROR `history|tail -2|head -1|cut -b 6-500`\x1b[0m\n"; }
|
- function set_error() { export EXITVALUE=1; printf "\x1b[31mERROR `history|tail -2|head -1|cut -b 6-500`\x1b[0m\n"; }
|
||||||
- ./hooks/pre-commit || set_error
|
- ./hooks/pre-commit || set_error
|
||||||
- bandit
|
- bandit
|
||||||
-ii
|
-ii
|
||||||
-s B110,B322,B404,B408,B410,B603,B607
|
-s B110,B404,B408,B410,B603,B607
|
||||||
-r $CI_PROJECT_DIR fdroid
|
-r $CI_PROJECT_DIR fdroid
|
||||||
|| set_error
|
|| set_error
|
||||||
- safety check --full-report || set_error
|
- safety check --full-report || set_error
|
||||||
|
Loading…
Reference in New Issue
Block a user