-
Notifications
You must be signed in to change notification settings - Fork 636
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Replace git-latest and hg-latest with latest rule
Combines two similar rules into a more generic one that can be used for similar purposed.
- Loading branch information
Showing
14 changed files
with
127 additions
and
147 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
--- | ||
- hosts: localhost | ||
tasks: | ||
- name: This would typically fire git-latest and partial-become | ||
become_user: alice # noqa git-latest partial-become | ||
- name: This would typically fire latest[git] and partial-become | ||
become_user: alice # noqa latest[git] partial-become | ||
git: src=/path/to/git/repo dest=checkout |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
# latest | ||
|
||
The `latest` rule checks that module arguments like those used for source | ||
control checkout do not have arguments that might generate different results | ||
based on context. | ||
|
||
This more generic rule replaced two older rules named `git-latest` and | ||
`hg-latest`. | ||
|
||
We are aware that there are genuine cases where getting the tip of the main | ||
branch is not accidental. For these cases, just add a comment such as | ||
`# noqa: latest` to the same line to prevent it from triggering. | ||
|
||
## Possible errors messages: | ||
|
||
- `latest[git]` | ||
- `latest[hg]` | ||
|
||
## Problematic code | ||
|
||
```yaml | ||
--- | ||
- name: Example for `latest` rule | ||
hosts: localhost | ||
tasks: | ||
- name: Risky use of git module | ||
ansible.builtin.git: | ||
repo: "https://foosball.example.org/path/to/repo.git" | ||
version: HEAD # <-- HEAD value is triggering the rule | ||
``` | ||
|
||
## Correct code | ||
|
||
```yaml | ||
--- | ||
- name: Example for `latest` rule | ||
hosts: localhost | ||
tasks: | ||
- name: Safe use of git module | ||
ansible.builtin.git: | ||
repo: "https://foosball.example.org/path/to/repo.git" | ||
version: abcd1234... # <-- that is safe | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
"""Implementation of latest rule.""" | ||
from __future__ import annotations | ||
|
||
from typing import TYPE_CHECKING, Any | ||
|
||
from ansiblelint.errors import MatchError | ||
from ansiblelint.rules import AnsibleLintRule | ||
|
||
if TYPE_CHECKING: | ||
from typing import Optional | ||
|
||
from ansiblelint.file_utils import Lintable | ||
|
||
|
||
class LatestRule(AnsibleLintRule): | ||
"""Result of the command may vary on subsequent runs.""" | ||
|
||
id = "latest" | ||
description = ( | ||
"All version control checkouts must point to " | ||
"an explicit commit or tag, not just ``latest``" | ||
) | ||
severity = "MEDIUM" | ||
tags = ["idempotency"] | ||
version_added = "v6.5.2" | ||
|
||
def matchtask( | ||
self, task: dict[str, Any], file: Lintable | None = None | ||
) -> bool | str | MatchError: | ||
"""Check if module args are safe.""" | ||
if ( | ||
task["action"]["__ansible_module__"] == "git" | ||
and task["action"].get("version", "HEAD") == "HEAD" | ||
): | ||
return self.create_matcherror(tag="latest[git]") | ||
if ( | ||
task["action"]["__ansible_module__"] == "hg" | ||
and task["action"].get("revision", "default") == "default" | ||
): | ||
return self.create_matcherror(tag="latest[hg]") | ||
return False |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.