-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make ansible-lint and yamllint use more strict rules. #400
Make ansible-lint and yamllint use more strict rules. #400
Conversation
2ccd4d6
to
18f134f
Compare
6416524
to
c02511d
Compare
7194e7a
to
4d968e9
Compare
4d968e9
to
33d9536
Compare
13f9d13
to
55abf8c
Compare
4415c24
to
32235f1
Compare
@t-woerner, please, can you review this PR? |
99f027e
to
ac4643b
Compare
96c693d
to
fbc8d26
Compare
4a8ea90
to
34998cf
Compare
.ansible-lint
Outdated
- '305' # Use shell only when shell functionality is required | ||
- '306' # risky-shell-pipe | ||
- yaml # yamllint should be executed separately. | ||
- experimental # Ignore rules that resulted in false positives |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is experimental
exactly?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
experimental
varies from release to release. It used to give lots of false positive, but is much more stable in the latest versions.
I enabled experimental
and fixed the warnings for ansible-lint 5.0.7 using ansible 2.9.25
.
playbooks/dnsforwardzone/ensure-dnsforwardzone-with-forwarder-port.yml
Outdated
Show resolved
Hide resolved
34998cf
to
0fcee93
Compare
ipaadmin_password: SomeADMINpassword | ||
name: host01.exmaple.com | ||
name: host01.example.com | ||
managedby_host: server.exmaple.com |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have a lot of "exmaple" in the playbooks folder. Let's fix this with another PR.
This patch adds 'name' to all test playbook tasks that did not have it, fixing ansible-lint's error 'unnamed-task'.
This patch adds 'name' to all example playbook tasks that did not have it, fixing ansible-lint's error 'unnamed-task'.
This patch fixes yamllint's "line too long" (line-lenght) warnings by ensuring all lines in YAML files have, at most, 160 characters. If a line cannot be written as a multiline block, line-length rule evaluation is disabled for the specific line, both on yamllint and on ansible-lint.
Comments in YAML files should be aligned to content.
This patch modifies configuration of both ansible-lint and yamllint to check for more rules, resulting in a more strict verification. For ansible-lint verification of errors 301, 305 and 505 are skipped, due to false positives. For the same reason, 'experimental' rules are skipped. ansible-lint error 306 is skipped since the fix is to set pipefail, which is not available in all shells (for example dash, which runs ansible-freeipa CI). Yamllint disabled rules (comments, and indentation) would introduce a huge amount of small changes, and are left for future changes, it deemed necessary.
Some tests for ipahost and ipauser modules, related to certificates had the verification part disabled. This patch enable these verifications.
These playbooks manage the certificates of a user, but did not have the proper action for it.
As of September, 2021, Ansible-lint cannot evaluate task files which included through `include_tasks`, as it fails syntax-check. This change exclude evaluation of these files (`env_*`) when evaluating files before commit (pre-commit).
0fcee93
to
a5310b0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This patch modifies configuration of both ansible-lint and yamllint
to check for more rules, resulting in a more strict verification.
The rules left disable are either necessary due to missing Ansible
modules, or might impact modules or roles execution or testing.