"Environment variables don't work as part of command" - I know, and that's why I used shell instead of command

[sourcejedi]

Bug Report

SUMMARY

Ansible Galaxy warns that $VAR does not work in command tasks. This is irrelevant, because I am only using $VAR in shell tasks. Where it works.

This seems to be the result of plugging something like ansible-lint in to Galaxy. ansible-lint has this exact same message & reported bug. ansible/ansible-lint#275

STEPS TO REPRODUCE

Clone my git repo & import it on your Ansible Galaxy account. Notice the score, view the role page on ansible galaxy, and click details to view the score breakdown.

Git repo: https://github.com/sourcejedi/ansible-rpmfusion__impl

Here are the four lines that Galaxy warns about.

$ (cd tasks && grep -B2 '[$]' *)
install-nonidempotent.yml-- name: Our key file matches our list of fingerprints
install-nonidempotent.yml-  shell: VER={{ ansible_distribution_major_version|int }};
install-nonidempotent.yml:         KEY=RPM-GPG-KEY-rpmfusion-{{ repo }}-fedora-"$VER";
install-nonidempotent.yml:         ./keyfile_to_fingerprints.sh rpm-gpg/"$KEY" |
install-nonidempotent.yml:         diff -u fingerprints/"$KEY" /dev/stdin
--
install-nonidempotent.yml-# key IDs.  Check that this works for the key we just installed.
install-nonidempotent.yml-- name: Check description of installed signing key
install-nonidempotent.yml:  shell: FPRINT="$(cat /ansible-managed/rpmfusion/fingerprints/RPM-GPG-KEY-rpmfusion-{{ repo }}-fedora-{{ ansible_distribution_major_version }})" &&
install-nonidempotent.yml:         KEYID="$(echo "$FPRINT" | tr "A-F" "a-f" | tr -d ' \r\n' | tail --bytes 8 )" &&
install-nonidempotent.yml:         rpm -qa gpg-pubkey --qf "%{version}-%{release} %{summary}\n" | grep "gpg[(]RPM Fusion {{ repo }}" | grep "$KEYID"
--
update_master_keys.yml-  shell: VER={{ ansible_distribution_major_version|int + 1}};
update_master_keys.yml-         ./keyfile_to_fingerprints.sh
update_master_keys.yml:         rpm-gpg/RPM-GPG-KEY-rpmfusion-{{ repo }}-fedora-"$VER"
update_master_keys.yml:         > fingerprints/RPM-GPG-KEY-rpmfusion-{{ repo }}-fedora-"$VER"
--
update_master_keys.yml-  shell: VER={{ ansible_distribution_major_version|int + 2}};
update_master_keys.yml-         ./keyfile_to_fingerprints.sh
update_master_keys.yml:         rpm-gpg/RPM-GPG-KEY-rpmfusion-{{ repo }}-fedora-"$VER"
update_master_keys.yml:         > fingerprints/RPM-GPG-KEY-rpmfusion-{{ repo }}-fedora-"$VER"

EXPECTED RESULTS

The "Severity: High" warning messages should avoid being simply wrong. No offence if you want to warn about my hacks anyway, but I'd appreciate Galaxy giving a more comprehensible reason than this :-).

ACTUAL RESULTS

Syntax Score:
0
Warnings: 14

4 [Severity: High]
E304:
Environment variables don't work as part of command

[awcrosby]

Thanks for bubbling this up. I added the ansible-lint issue to be looked at during the 4.1.0 milestone.