try bandit action

Signed-off-by: BAStos525 <jungle.vas@yandex.ru>

.github/workflows/pr-pytests.yml

@@ -9,58 +9,70 @@ on:
     branches: [i2/ci/py-sonar]
 
 jobs:
-  pytest:
+  # pytest:
+  #   runs-on: ubuntu-latest
+  #   strategy:
+  #     matrix:
+  #       python-version: [ 3.8 ]
+  #   steps:
+  #     - name: Set up Python ${{ matrix.python-version }}
+  #       uses: actions/setup-python@v4
+  #       with:
+  #         python-version: ${{ matrix.python-version }}
+  #     - name: Checkout code
+  #       uses: actions/checkout@v4
+  #     # - name: Install dependencies
+  #     #   run: pip install poetry tomli-w
+  #     # - name: Checkout irohad repo code
+  #     #   run: git clone --depth 1 https://github.com/hyperledger-iroha/iroha.git -b 2.0.0-rc.1 iroha_daemon
+  #     # - name: Install correct rust version
+  #     #   run: rustup install nightly-2024-09-09 && rustup component add rust-src --toolchain nightly-2024-09-09
+  #     # - name: Set toolchain
+  #     #   run: rustup default nightly-2024-09-09
+  #     # - name: Build irohad
+  #     #   run: cd iroha_daemon && cargo build --release && mkdir target/debug -p && cp target/release/irohad target/debug/irohad && cp target/release/iroha target/debug/iroha
+  #     # - name: Build kagami
+  #     #   run: cd iroha_daemon && cargo build --bin kagami
+  #     # - name: Build default executor
+  #     #   run: cd iroha_daemon && cargo run --release --bin iroha_wasm_builder -- build ./wasm_samples/default_executor --optimize --out-file ./defaults/executor.wasm
+  #     # - name: Maturin build and Run tests
+  #     #   run: bash -c "  pip install maturin &&
+  #     #                   maturin build &&
+  #     #                   cd iroha_daemon && scripts/test_env.py setup && cd .. &&
+  #     #                   python -m venv .venv &&
+  #     #                   source .venv/bin/activate &&
+  #     #                   pip install pytest faker allure-pytest pytest-cov bandit pylint &&
+  #     #                   pip install --break-system-packages target/wheels/iroha2-*.whl &&
+  #     #                   python -m pytest --cov=. --cov-report xml:coverage-reports/coverage-iroha-python.xml tests/"
+  #     - name: Run Bandit
+  #       run: |
+  #         pip install bandit
+  #         bandit -r tests/ -f json -o bandit-report.json
+  #     # - name: Run pylint
+  #     #   run: |
+  #     #     pip install pylint
+  #     #     pylint tests > pylint-report.txt
+  #     # - name: SonarQube
+  #     #   if: always()
+  #     #   uses: sonarsource/sonarqube-scan-action@master
+  #     #   env:
+  #     #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+  #     #     SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+  #     # - name: Tear down the network
+  #     #   run: cd iroha_daemon && scripts/test_env.py cleanup
+
+  analyze:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python-version: [ 3.8 ]
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     steps:
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v4
-        with:
-          python-version: ${{ matrix.python-version }}
       - name: Checkout code
         uses: actions/checkout@v4
-      # - name: Install dependencies
-      #   run: pip install poetry tomli-w
-      # - name: Checkout irohad repo code
-      #   run: git clone --depth 1 https://github.com/hyperledger-iroha/iroha.git -b 2.0.0-rc.1 iroha_daemon
-      # - name: Install correct rust version
-      #   run: rustup install nightly-2024-09-09 && rustup component add rust-src --toolchain nightly-2024-09-09
-      # - name: Set toolchain
-      #   run: rustup default nightly-2024-09-09
-      # - name: Build irohad
-      #   run: cd iroha_daemon && cargo build --release && mkdir target/debug -p && cp target/release/irohad target/debug/irohad && cp target/release/iroha target/debug/iroha
-      # - name: Build kagami
-      #   run: cd iroha_daemon && cargo build --bin kagami
-      # - name: Build default executor
-      #   run: cd iroha_daemon && cargo run --release --bin iroha_wasm_builder -- build ./wasm_samples/default_executor --optimize --out-file ./defaults/executor.wasm
-      # - name: Maturin build and Run tests
-      #   run: bash -c "  pip install maturin &&
-      #                   maturin build &&
-      #                   cd iroha_daemon && scripts/test_env.py setup && cd .. &&
-      #                   python -m venv .venv &&
-      #                   source .venv/bin/activate &&
-      #                   pip install pytest faker allure-pytest pytest-cov bandit pylint &&
-      #                   pip install --break-system-packages target/wheels/iroha2-*.whl &&
-      #                   python -m pytest --cov=. --cov-report xml:coverage-reports/coverage-iroha-python.xml tests/"
-      - name: Run Bandit
-        run: |
-          pip install bandit
-          bandit-config-generator -o config.yml
-          bandit -c config.yml -r tests/ -f json -o bandit-report.json
-      - name: ls
-        if: always()
-        run: cat bandit-report.json
-      # - name: Run pylint
-      #   run: |
-      #     pip install pylint
-      #     pylint tests > pylint-report.txt
-      # - name: SonarQube
-      #   if: always()
-      #   uses: sonarsource/sonarqube-scan-action@master
-      #   env:
-      #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-      #     SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
-      # - name: Tear down the network
-      #   run: cd iroha_daemon && scripts/test_env.py cleanup
+      - name: Perform Bandit Analysis
+        uses: PyCQA/bandit-action@v1
+        with:
+          targets: "tests/"

sonar-project.properties

@@ -1,4 +1,4 @@
 sonar.projectKey = hyperledger-iroha:iroha-python
 sonar.language = py
 sonar.python.bandit.reportPaths = bandit-report.json
-sonar.python.pylint.reportPath = pylint-report.txt
+sonar.python.pylint.reportPaths = pylint-report.txt