[all][stable] bandit 1.6.3 drops py2 support

Sean Mooney smooney at redhat.com
Thu Dec 10 18:50:06 UTC 2020

On Thu, 2020-12-10 at 18:41 +0000, Sean Mooney wrote:
> On Thu, 2020-12-10 at 17:04 +0000, Jeremy Stanley wrote:
> > On 2020-12-10 15:42:13 +0100 (+0100), Bernard Cafarelli wrote:
> > [...]
> > > This may get complicated to sort out, checking neutron cap [1], it failed
> > > in grenade job when checking out bandit per swift requirements.
> > > So it seems this one will need to be backported from the oldest affected
> > > stable to train, with some "correct order" on packages - though if we need
> > > it on 2 packages at same time to pass gates it may need overall capping?
> > > 
> > > [1] https://review.opendev.org/c/openstack/neutron/+/766218
> > 
> > Oh wow, this is the first I've realized devstack installed
> > test-requirements.txt for every project.
> > 
> yep i have tried to stop it doing that a few times but apparently some project
> rely on that which causes issue. eventually https://review.opendev.org/c/openstack/devstack/+/715469/
> did make that change and where we can backport it i would be in favor of that but
> this is not the first time that installing test requiremetn has broken dpeloyment due to linters.
> in partical it has broken the compliation of dpdk and ovs where the  default linter configruution
> broke make sicne it ran the test and style check failed.
is what i was refering too.
when we added flake8-import-order  to novas test-requiremtns.txt it broke networking-ovs-dpdk and would have broken the neutorn ovn jobs if they
exsited at that time. this broke compliation of ovs as they dont enforce the same import ordering and this cause the build test to then fail.

> >  That's a total mess since
> > projects are totally encouraged to use different versions of test
> > requirements where things like linters and static analyzers are
> > concerned. Can't https://review.opendev.org/715469 be backported?

More information about the openstack-discuss mailing list