Setup CodeQL analysis as a part of CI checks

mwgamble · Oct 13, 2022 · 88b39d3 · 88b39d3
1 parent 1443142
commit 88b39d3
Show file tree

Hide file tree

Showing 3 changed files with 80 additions and 15 deletions.
diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml
@@ -1,20 +1,64 @@
 name: Check Python Package
+
 on:
   push:
   pull_request:
     branches: [ master ]
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
 jobs:
-  build:
+
+  check:
+    strategy:
+      fail-fast: false
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
     - uses: actions/setup-python@v4
       with:
         python-version: '3.x'
-    - name: Lint with flake8
+    - name: Run Tests
+      run: python setup.py pytest
+
+  code-ql:
+    strategy:
+      fail-fast: false
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: python
+        queries: security-and-quality
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+
+  doc8-lint:
+    strategy:
+      fail-fast: false
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Run reStructuredText Linter
+      uses: deep-entertainment/doc8-action@v4
+      with:
+        scanPaths: ${{ github.workspace }}
+
+  flake8-lint:
+    strategy:
+      fail-fast: false
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/setup-python@v4
+      with:
+        python-version: '3.x'
+    - name: Run flake8 Linter
       run: |
         pip install flake8
         flake8 --count --show-source --statistics src test
-    - name: Test with pytest
-      run: |
-        python setup.py pytest
diff --git a/src/flake8_requirements/checker.py b/src/flake8_requirements/checker.py
@@ -18,7 +18,7 @@
 from .modules import STDLIB_PY3
 
 # NOTE: Changing this number will alter package version as well.
-__version__ = "1.7.1"
+__version__ = "1.7.2"
 __license__ = "MIT"
 
 LOG = getLogger('flake8.plugin.requirements')
@@ -397,13 +397,13 @@ def parse_options(cls, options):
     @staticmethod
     def discover_host_3rd_party_modules():
         """Scan host site-packages for 3rd party modules."""
+        mapping = {}
         try:
-            site_packages_dirs = site.getsitepackagess()
+            site_packages_dirs = site.getsitepackages()
             site_packages_dirs.append(site.getusersitepackages())
         except AttributeError as e:
             LOG.error("Couldn't get site packages: %s", e)
-            return
-        mapping = {}
+            return mapping
         for site_dir in site_packages_dirs:
             try:
                 dir_entries = os.listdir(site_dir)
@@ -423,7 +423,7 @@ def discover_host_3rd_party_modules():
                 with open(modules_path) as f:
                     modules = list(yield_lines(f.readlines()))
                 mapping[project2module(name)] = modules
-            return mapping
+        return mapping
 
     @staticmethod
     def discover_project_root_dir(path):
@@ -714,25 +714,28 @@ def get_mods_3rd_party_requirements(cls, is_setup_py):
     def check_I900(self, node):
         """Run missing requirement checker."""
         if node.module[0] in STDLIB:
-            return
+            return None
         is_setup_py = self.is_project_setup_py(self.root_dir, self.filename)
         if node.module in self.get_mods_3rd_party(is_setup_py):
-            return
+            return None
         if node.module in self.get_mods_1st_party():
-            return
+            return None
         # When processing setup.py file, forcefully add setuptools to the
         # project requirements. Setuptools might be required to build the
         # project, even though it is not listed as a requirement - this
         # package is required to run setup.py, so listing it as a setup
         # requirement would be pointless.
         if (is_setup_py and
                 node.module[0] in KNOWN_3RD_PARTIES["setuptools"]):
-            return
+            return None
         return ERRORS['I900'].format(pkg=node.module[0])
 
     def check_I901(self, node):
         """Run not-used requirement checker."""
-        return
+        if node.module[0] in STDLIB:
+            return None
+        # TODO: Implement this check.
+        return None
 
     def run(self):
         """Run checker."""

diff --git a/test/test_checker.py b/test/test_checker.py
@@ -113,6 +113,24 @@ def test_relative(self):
         errors = check("from ..local import local")
         self.assertEqual(len(errors), 0)
 
+    def test_discover_host_3rd_party_modules(self):
+        class Options(Flake8Options):
+            scan_host_site_packages = True
+        Flake8Checker.parse_options(Options)
+        self.assertEqual(
+            type(Flake8Checker.known_host_3rd_parties),
+            dict,
+        )
+        # Since flake8-requirements (this package) is a plugin for flake8,
+        # it is very likely that onc will have flake8 installed in the host
+        # site-packages. However, that is not the case for all our GitHub
+        # Actions runners, so we can not enforce this assertion.
+        if 'flake8' in Flake8Checker.known_host_3rd_parties:
+            self.assertEqual(
+                Flake8Checker.known_host_3rd_parties['flake8'],
+                ['flake8'],
+            )
+
     def test_custom_mapping_parser(self):
         class Options(Flake8Options):
             known_modules = ":[pydrmcodec],mylib:[mylib.drm,mylib.ex]"