---
- hosts: all
  name: openstack-helm-infra-bandit
  tasks:
    - name: Clear firewall
      include_role:
        name: clear-firewall

    - name: Install Required Packages and Setup Host
      shell: |
        set -xe;
        ./tools/deployment/common/000-install-packages.sh
        ./tools/deployment/common/005-deploy-k8s.sh
        sudo -H pip3 install yq bandit==1.7.1 setuptools
      environment:
        zuul_site_mirror_fqdn: "{{ zuul_site_mirror_fqdn }}"
      args:
        chdir: "{{ zuul.project.src_dir }}"

    - name: Template out python files
      shell: |
        set -xe;
        make all
        mkdir -p python-files
        ./tools/gate/template-python.sh
      args:
        chdir: "{{ zuul.project.src_dir }}"

    - name: Run bandit against python files
      shell: bandit -r ./python-files
      args:
        chdir: "{{ zuul.project.src_dir }}"
...