mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(#365): fix coordinator CI bandit config and pip upgrade

Browse Source 
Three fixes for the coordinator pipeline:

1. Use bandit.yaml config file (-c bandit.yaml) so global skips
   and exclude_dirs are respected in CI.
2. Upgrade pip to >=25.3 in the install step so pip-audit doesn't
   fail on the stale pip 24.0 bundled with python:3.11-slim.
3. Clean up nosec inline comments to bare "# nosec BXXX" format,
   moving explanations to a separate comment line above. This
   prevents bandit from misinterpreting trailing text as test IDs.

Fixes #365

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-02-12 16:05:07 -06:00
parent a269f4b0ee
commit 111a41c7ca
3 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.woodpecker/coordinator.yml
View File

@@ -29,6 +29,7 @@ steps:
- cd apps/coordinator
- python -m venv venv
- . venv/bin/activate
- pip install --no-cache-dir --upgrade "pip>=25.3"
- pip install --no-cache-dir -e ".[dev]"
- pip install --no-cache-dir bandit pip-audit
@@ -52,7 +53,7 @@ steps:
image: *python_image
commands:
- *activate_venv
- bandit -r src/ -f screen
- bandit -r src/ -c bandit.yaml -f screen
depends_on:
- install