refac(back): fluidattacks#1378 deprecate bandit

- Deprecate secure python with bandit as ruff replaces it - Remove jobs from pipeline - Remove documentation Signed-off-by: Daniel Salazar <[email protected]>
dsalaza4 · Dec 12, 2024 · 120f8fa · 120f8fa
1 parent 37bc7bf
commit 120f8fa
Show file tree

Hide file tree

Showing 12 changed files with 0 additions and 368 deletions.
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
@@ -397,22 +397,6 @@ jobs:
       - name: /secretsForGpgFromEnv/example
         run: nix-env -if . && m . /secretsForGpgFromEnv/example
 
-  linux_securePythonWithBandit_cli:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
-      - uses: docker://docker.io/nixos/nix@sha256:c3db4c484f6b1ee6c9bb8ca90307cfbeca8ef88156840911356a677eeaff4845
-        name: /securePythonWithBandit/cli
-        with:
-          args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /securePythonWithBandit/cli"
-  macos_securePythonWithBandit_cli:
-    runs-on: macos-latest
-    steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
-      - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac
-      - name: /securePythonWithBandit/cli
-        run: nix-env -if . && m . /securePythonWithBandit/cli
-
   linux_taintTerraform_module:
     runs-on: ubuntu-latest
     steps:

diff --git a/.github/workflows/prod.yml b/.github/workflows/prod.yml
@@ -571,26 +571,6 @@ jobs:
         env:
           CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
 
-  linux_securePythonWithBandit_cli:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
-      - uses: docker://docker.io/nixos/nix@sha256:c3db4c484f6b1ee6c9bb8ca90307cfbeca8ef88156840911356a677eeaff4845
-        name: /securePythonWithBandit/cli
-        with:
-          args: sh -c "chown -R root:root /github/workspace && nix-env -if . && m . /securePythonWithBandit/cli"
-        env:
-          CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-  macos_securePythonWithBandit_cli:
-    runs-on: macos-latest
-    steps:
-      - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
-      - uses: cachix/install-nix-action@6ed004b9ccb68dbc28e7c85bee15fa93dbd214ac
-      - name: /securePythonWithBandit/cli
-        run: nix-env -if . && m . /securePythonWithBandit/cli
-        env:
-          CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
-
   linux_taintTerraform_module:
     runs-on: ubuntu-latest
     steps:

diff --git a/docs/mkdocs.yaml b/docs/mkdocs.yaml
@@ -130,7 +130,6 @@ nav:
           - api/extensions/containers.md
           - api/extensions/fetchers.md
           - api/extensions/format-conversion.md
-          - api/extensions/node.js.md
           - api/extensions/others.md
           - api/extensions/python.md
           - api/extensions/ruby.md

diff --git a/docs/src/api/builtins/security.md b/docs/src/api/builtins/security.md
@@ -64,35 +64,3 @@ Example:
     ```bash
     m . /secureKubernetesWithRbacPolice/makes
     ```
-
-## securePythonWithBandit
-
-Secure Python code
-with [Bandit](https://github.com/PyCQA/bandit).
-
-Types:
-
-- securePythonWithBandit (`attrsOf projectType`): Optional.
-    Definitions of directories of python packages/modules to lint.
-    Defaults to `{ }`.
-- projectType (`submodule`):
-    - target (`str`):
-        Relative path to the package/module.
-
-Example:
-
-=== "makes.nix"
-
-    ```nix
-    {
-      securePythonWithBandit = {
-        cli.target = "/src/cli";
-      };
-    }
-    ```
-
-=== "Invocation"
-
-    ```bash
-    m . /securePythonWithBandit/cli
-    ```
diff --git a/makes.nix b/makes.nix
@@ -192,7 +192,6 @@
     };
   };
   secretsForTerraformFromEnv = { example = { test = "VAR_NAME"; }; };
-  securePythonWithBandit = { cli.target = "/src/cli/main"; };
   taintTerraform = {
     modules = {
       module = {

diff --git a/src/args/agnostic.nix b/src/args/agnostic.nix
@@ -117,8 +117,6 @@ let
       inherit (__nixpkgs__.lib) removePrefix;
       secureKubernetesWithRbacPolice =
         import ./secure-kubernetes-with-rbac-police/default.nix self;
-      securePythonWithBandit =
-        import ./secure-python-with-bandit/default.nix self;
       sortAscii = builtins.sort (a: b: a < b);
       sortAsciiCaseless = builtins.sort
         (a: b: __nixpkgs__.lib.toLower a < __nixpkgs__.lib.toLower b);

diff --git a/src/args/secure-python-with-bandit/builder.sh b/src/args/secure-python-with-bandit/builder.sh
diff --git a/src/args/secure-python-with-bandit/default.nix b/src/args/secure-python-with-bandit/default.nix
diff --git a/src/args/secure-python-with-bandit/poetry.lock b/src/args/secure-python-with-bandit/poetry.lock
diff --git a/src/args/secure-python-with-bandit/pyproject.toml b/src/args/secure-python-with-bandit/pyproject.toml
diff --git a/src/evaluator/modules/default.nix b/src/evaluator/modules/default.nix
@@ -38,7 +38,6 @@
     (import ./secrets-for-kubernetes-config-from-aws/default.nix args)
     (import ./secrets-for-terraform-from-env/default.nix args)
     (import ./secure-kubernetes-with-rbac-police/default.nix args)
-    (import ./secure-python-with-bandit/default.nix args)
     (import ./taint-terraform/default.nix args)
     (import ./test-license/default.nix args)
     (import ./test-terraform/default.nix args)