Enable syntax-check on roles (#3035)

.github/workflows/tox.yml

@@ -70,7 +70,7 @@ jobs:
       WSLENV: FORCE_COLOR:PYTEST_REQPASS:TOXENV:GITHUB_STEP_SUMMARY
       # Number of expected test passes, safety measure for accidental skip of
       # tests. Update value if you add/remove tests.
-      PYTEST_REQPASS: 794
+      PYTEST_REQPASS: 795
 
     steps:
       - name: Activate WSL1

examples/roles/invalid_due_syntax/tasks/main.yml

@@ -0,0 +1,2 @@
+---
+- name: Fixture for testing syntax-check[specific] on roles

src/ansiblelint/rules/syntax_check.py

@@ -68,27 +68,39 @@ class AnsibleSyntaxCheckRule(AnsibleLintRule):
     _order = 0
 
     @staticmethod
-    # pylint: disable=too-many-locals
+    # pylint: disable=too-many-locals,too-many-branches
     def _get_ansible_syntax_check_matches(lintable: Lintable) -> list[MatchError]:
         """Run ansible syntax check and return a list of MatchError(s)."""
         default_rule: BaseRule = AnsibleSyntaxCheckRule()
         results = []
-        if lintable.kind != "playbook":
+        if lintable.kind not in ("playbook", "role"):
             return []
 
-        with timed_info("Executing syntax check on %s", lintable.path):
+        with timed_info(
+            "Executing syntax check on %s %s", lintable.kind, lintable.path
+        ):
             # To avoid noisy warnings we pass localhost as current inventory:
             # [WARNING]: No inventory was parsed, only implicit localhost is available
             # [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all'
-            args = ["-i", "localhost,"]
+            if lintable.kind == "playbook":
+                cmd = [
+                    "ansible-playbook",
+                    "-i",
+                    "localhost,",
+                    "--syntax-check",
+                    str(lintable.path.expanduser()),
+                ]
+            else:  # role
+                cmd = [
+                    "ansible",
+                    "localhost",
+                    "--syntax-check",
+                    "--module-name=include_role",
+                    "--args",
+                    f"name={str(lintable.path.expanduser())}",
+                ]
             if options.extra_vars:
-                args.extend(["--extra-vars", json.dumps(options.extra_vars)])
-            cmd = [
-                "ansible-playbook",
-                "--syntax-check",
-                *args,
-                str(lintable.path.expanduser()),
-            ]
+                cmd.extend(["--extra-vars", json.dumps(options.extra_vars)])
 
             # To reduce noisy warnings like
             # CryptographyDeprecationWarning: Blowfish has been deprecated
@@ -215,3 +227,14 @@ def test_extra_vars_passed_to_command(config_options: Any) -> None:
         result = AnsibleSyntaxCheckRule._get_ansible_syntax_check_matches(lintable)
 
         assert not result
+
+    def test_syntax_check_role() -> None:
+        """Validate syntax check of a broken role."""
+        lintable = Lintable("examples/playbooks/roles/invalid_due_syntax", kind="role")
+        # pylint: disable=protected-access
+        result = AnsibleSyntaxCheckRule._get_ansible_syntax_check_matches(lintable)
+        assert len(result) == 1, result
+        assert result[0].linenumber == 2
+        assert result[0].filename == "examples/roles/invalid_due_syntax/tasks/main.yml"
+        assert result[0].tag == "syntax-check[specific]"
+        assert result[0].message == "no module/action detected in task."

test/test_utils.py

@@ -302,7 +302,10 @@ def test_cli_auto_detect(capfd: CaptureFixture[str]) -> None:
     assert "Identified: .github/" not in out
     # assures that we can parse playbooks as playbooks
     assert "Identified: test/test/always-run-success.yml" not in err
-    assert "Executing syntax check on examples/playbooks/mocked_dependency.yml" in err
+    assert (
+        "Executing syntax check on playbook examples/playbooks/mocked_dependency.yml"
+        in err
+    )
 
 
 def test_is_playbook() -> None: