From 111a41c7ca1b012eb3e6f683e6dfb368f0fd229a Mon Sep 17 00:00:00 2001 From: Jason Woltje Date: Thu, 12 Feb 2026 16:05:07 -0600 Subject: [PATCH] fix(#365): fix coordinator CI bandit config and pip upgrade Three fixes for the coordinator pipeline: 1. Use bandit.yaml config file (-c bandit.yaml) so global skips and exclude_dirs are respected in CI. 2. Upgrade pip to >=25.3 in the install step so pip-audit doesn't fail on the stale pip 24.0 bundled with python:3.11-slim. 3. Clean up nosec inline comments to bare "# nosec BXXX" format, moving explanations to a separate comment line above. This prevents bandit from misinterpreting trailing text as test IDs. Fixes #365 Co-Authored-By: Claude Opus 4.6 --- .woodpecker/coordinator.yml | 3 ++- apps/coordinator/src/config.py | 3 ++- apps/coordinator/src/telemetry.py | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.woodpecker/coordinator.yml b/.woodpecker/coordinator.yml index 6331e2b..ddfc795 100644 --- a/.woodpecker/coordinator.yml +++ b/.woodpecker/coordinator.yml @@ -29,6 +29,7 @@ steps: - cd apps/coordinator - python -m venv venv - . venv/bin/activate + - pip install --no-cache-dir --upgrade "pip>=25.3" - pip install --no-cache-dir -e ".[dev]" - pip install --no-cache-dir bandit pip-audit @@ -52,7 +53,7 @@ steps: image: *python_image commands: - *activate_venv - - bandit -r src/ -f screen + - bandit -r src/ -c bandit.yaml -f screen depends_on: - install diff --git a/apps/coordinator/src/config.py b/apps/coordinator/src/config.py index a2c6b7b..29c75c0 100644 --- a/apps/coordinator/src/config.py +++ b/apps/coordinator/src/config.py @@ -21,7 +21,8 @@ class Settings(BaseSettings): anthropic_api_key: str # Server Configuration - host: str = "0.0.0.0" # nosec B104 — Container-bound: listen on all interfaces inside Docker + # Container-bound: listen on all interfaces inside Docker + host: str = "0.0.0.0" # nosec B104 port: int = 8000 # Logging diff --git a/apps/coordinator/src/telemetry.py b/apps/coordinator/src/telemetry.py index f21f3bd..e2ec7c2 100644 --- a/apps/coordinator/src/telemetry.py +++ b/apps/coordinator/src/telemetry.py @@ -139,7 +139,8 @@ class TelemetryService: if self._tracer is None: # Initialize if not already done self.initialize() - assert self._tracer is not None # nosec B101 — Type narrowing after None guard + # Type narrowing after None guard + assert self._tracer is not None # nosec B101 return self._tracer def shutdown(self) -> None: