()
| 44 | |
| 45 | |
| 46 | def main(): |
| 47 | # Install pre-commit and bandit from requirements-dev.txt |
| 48 | with open("requirements-dev.txt") as f: |
| 49 | reqs = f.readlines() |
| 50 | pre_commit_req = next(line for line in reqs if "pre-commit" in line) |
| 51 | bandit_req = next(line for line in reqs if "bandit" in line) |
| 52 | |
| 53 | run_cmd(f"pip3 install {pre_commit_req.strip()}") |
| 54 | run_cmd(f"pip3 install {bandit_req.strip()}") |
| 55 | |
| 56 | # Install pre-commit hooks |
| 57 | run_cmd("pre-commit install") |
| 58 | |
| 59 | # Run pre-commit on all files |
| 60 | try: |
| 61 | run_cmd("pre-commit run -a --show-diff-on-failure") |
| 62 | except SystemExit: |
| 63 | handle_check_failure("pre-commit checks failed") |
| 64 | |
| 65 | # Run bandit security checks |
| 66 | bandit_output = run_cmd( |
| 67 | "bandit --configfile scripts/bandit.yaml -r tensorrt_llm").stdout |
| 68 | print(f"Bandit output:\n{bandit_output}") |
| 69 | |
| 70 | # Check bandit results |
| 71 | if "Total lines skipped (#nosec): 0" not in bandit_output: |
| 72 | handle_check_failure("Found #nosec annotations in code") |
| 73 | |
| 74 | if "Issue:" in bandit_output: |
| 75 | handle_check_failure("Bandit found security issues") |
| 76 | |
| 77 | print("pre-commit and bandit checks passed") |
| 78 | |
| 79 | |
| 80 | if __name__ == "__main__": |
no test coverage detected