From 7f52894bbe6ebb0d6054dc4b0ff013dfd5e170f8 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Mon, 21 Oct 2024 19:54:10 +0900
Subject: [PATCH] pre-commit: Bump versions

... and use native hooks for bandit and hacking

Change-Id: I2fcd2cf1bb2cfa23071cdbda14535e9e72884726
---
 .pre-commit-config.yaml | 29 ++++++++++-------------------
 test-requirements.txt   |  7 -------
 tox.ini                 | 10 ++--------
 3 files changed, 12 insertions(+), 34 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 9d615bf37..c16ebb2e0 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,15 +1,6 @@
-# We from the Oslo project decided to pin repos based on the
-# commit hash instead of the version tag to prevend arbitrary
-# code from running in developer's machines.  To update to a
-# newer version, run `pre-commit autoupdate` and then replace
-# the newer versions with their commit hash.
-
-default_language_version:
-  python: python3
-
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: 9136088a246768144165fcc3ecc3d31bb686920a # v3.3.0
+    rev: v5.0.0
     hooks:
       - id: trailing-whitespace
       # Replaces or checks mixed line ending
@@ -27,13 +18,13 @@ repos:
       - id: debug-statements
       - id: check-yaml
         files: .*\.(yaml|yml)$
-  - repo: local
+  - repo: https://opendev.org/openstack/hacking
+    rev: 7.0.0
     hooks:
-      - id: flake8
-        name: flake8
-        additional_dependencies:
-          - hacking>=6.1.0,<=6.2.0
-        language: python
-        entry: flake8
-        files: '^.*\.py$'
-        exclude: '^(doc|releasenotes|tools)/.*$'
+      - id: hacking
+        additional_dependencies: []
+  - repo: https://github.com/PyCQA/bandit
+    rev: 1.7.10
+    hooks:
+      - id: bandit
+        args: ['-x', 'tests,tools']
diff --git a/test-requirements.txt b/test-requirements.txt
index 7c1b638df..6aa7f7fac 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,9 +1,5 @@
-# Hacking already pins down pep8, pyflakes and flake8
-hacking>=6.1.0,<=6.2.0 # Apache-2.0
-
 fixtures>=3.0.0 # Apache-2.0/BSD
 stestr>=2.0.0 # Apache-2.0
-pre-commit>=2.6.0 # MIT
 testscenarios>=0.4 # Apache-2.0/BSD
 testtools>=2.2.0 # MIT
 oslotest>=3.2.0 # Apache-2.0
@@ -18,8 +14,5 @@ coverage>=4.0 # Apache-2.0
 # development libraries.
 pyngus>=2.2.0 # Apache-2.0
 
-# Bandit security code scanner
-bandit>=1.7.0,<1.8.0 # Apache-2.0
-
 eventlet>=0.23.0 # MIT
 greenlet>=0.4.15 # MIT
diff --git a/tox.ini b/tox.ini
index 0261a1e17..a9edcffae 100644
--- a/tox.ini
+++ b/tox.ini
@@ -15,10 +15,10 @@ commands =
   stestr run --slowest {posargs}
 
 [testenv:pep8]
+deps =
+  pre-commit>=2.6.0 # MIT
 commands =
   pre-commit run -a
-  # run security linter
-  bandit -r oslo_messaging -x tests -n5
 
 [testenv:cover]
 setenv =
@@ -68,12 +68,6 @@ allowlist_externals =
 commands =
   {toxinidir}/tools/setup-scenario-env.sh stestr run --slowest {posargs:oslo_messaging.tests.functional}
 
-[testenv:bandit]
-# NOTE(kgiusti): This is required for the integration test job of the bandit
-# project. Please do not remove.
-commands =
-  bandit -r oslo_messaging -x tests -n5
-
 [flake8]
 show-source = True
 enable-extensions = H203,H106