mirror of
https://github.com/super-linter/super-linter.git
synced 2025-01-10 08:24:44 -05:00
Lint the whole Ansible directory (#2576)
This commit is contained in:
parent
e98f38ce93
commit
4b16b5b473
29 changed files with 53 additions and 174 deletions
|
@ -4,7 +4,7 @@ This folder holds the test cases for **Ansible**.
|
|||
|
||||
## Additional Docs
|
||||
|
||||
The folder **ghe-initialize** is pulled from the **GitHub-Demo-Stack** and is a valid **Ansible** role.
|
||||
The folder **roles/ghe-initialize** is pulled from the **GitHub-Demo-Stack** and is a valid **Ansible** role.
|
||||
|
||||
## Good Test Cases
|
||||
|
||||
|
|
|
@ -1,39 +0,0 @@
|
|||
---
|
||||
###########################################
|
||||
###########################################
|
||||
#### GitHub Services-Engineering Stack ####
|
||||
#### ####
|
||||
#### GHE Primary HA backup-utils ONLY ####
|
||||
###########################################
|
||||
###########################################
|
||||
|
||||
###############################
|
||||
# Description of the playbook #
|
||||
###############################
|
||||
# description: Builds GHE Primary, HA, and backup-utils.
|
||||
# detailed_description: Builds GHE Primary, HA, and backup-utils.
|
||||
|
||||
######################
|
||||
## Configure GitHub ##
|
||||
######################
|
||||
- hosts: Yo-Mama
|
||||
vars:
|
||||
github_host: "{{ hostvars['github_primary'].ansible_host }}"
|
||||
probot_server_ip: "{{ hostvars['backup-utils'].ansible_host }}"
|
||||
roles:
|
||||
- role: ghe-initialize
|
||||
|
||||
##########################################
|
||||
## Run ghe-config-apply for all changes ##
|
||||
##########################################
|
||||
# Due to us hot loading some data into GHE, the final
|
||||
# run of ghe-config-apply hangs and leaves the system in an odd state
|
||||
# The simplist option is to run the process
|
||||
# 1 more time at the end to solve the issue
|
||||
- hosts: github_primary
|
||||
tasks:
|
||||
- block:
|
||||
include_role:
|
||||
tasks_from: ghe-config-apply.yml
|
||||
tags:
|
||||
- github
|
|
@ -1,42 +0,0 @@
|
|||
---
|
||||
###########################################
|
||||
###########################################
|
||||
#### GitHub Services-Engineering Stack ####
|
||||
#### ####
|
||||
#### GHE Primary HA backup-utils ONLY ####
|
||||
###########################################
|
||||
###########################################
|
||||
|
||||
###############################
|
||||
# Description of the playbook #
|
||||
###############################
|
||||
# description: Builds GHE Primary, HA, and backup-utils.
|
||||
# detailed_description: Builds GHE Primary, HA, and backup-utils.
|
||||
|
||||
######################
|
||||
## Configure GitHub ##
|
||||
######################
|
||||
- hosts: github_primary
|
||||
vars:
|
||||
demo_github_initial_user: "{{ hostvars['localhost'].local_user }}"
|
||||
github_host: "{{ hostvars['github_primary'].ansible_host }}"
|
||||
probot_server_ip: "{{ hostvars['backup-utils'].ansible_host }}"
|
||||
roles:
|
||||
- role: ghe_initialize
|
||||
|
||||
##########################################
|
||||
## Run ghe-config-apply for all changes ##
|
||||
##########################################
|
||||
# Due to us hot loading some data into GHE, the final
|
||||
# run of ghe-config-apply hangs and leaves the system in an odd state
|
||||
# The simplist option is to run the process
|
||||
# 1 more time at the end to solve the issue
|
||||
- hosts: github_primary
|
||||
tasks:
|
||||
- block:
|
||||
- name: GHE-Config-Apply
|
||||
include_role:
|
||||
name: ghe_initialize
|
||||
tasks_from: ghe-config-apply.yml
|
||||
tags:
|
||||
- github
|
5
.automation/test/ansible/inventory/hosts.yml
Normal file
5
.automation/test/ansible/inventory/hosts.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
all:
|
||||
hosts:
|
||||
test.example.com: null
|
||||
...
|
8
.automation/test/ansible/playbooks/ansible_good_1.yml
Normal file
8
.automation/test/ansible/playbooks/ansible_good_1.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- hosts: github_primary
|
||||
vars:
|
||||
demo_github_initial_user: "{{ hostvars['localhost'].local_user }}"
|
||||
github_host: "{{ hostvars['github_primary'].ansible_host }}"
|
||||
probot_server_ip: "{{ hostvars['backup-utils'].ansible_host }}"
|
||||
roles:
|
||||
- role: ghe_initialize
|
4
.automation/test/ansible/requirements.yml
Normal file
4
.automation/test/ansible/requirements.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
collections:
|
||||
- ansible.posix
|
||||
...
|
28
.github/linters/.ansible-lint.yml
vendored
28
.github/linters/.ansible-lint.yml
vendored
|
@ -1,30 +1,9 @@
|
|||
---
|
||||
##########################
|
||||
##########################
|
||||
## Ansible Linter rules ##
|
||||
##########################
|
||||
##########################
|
||||
|
||||
#############################
|
||||
# Exclude paths from linter #
|
||||
#############################
|
||||
# exclude_paths:
|
||||
|
||||
########################
|
||||
# Make output parsable #
|
||||
########################
|
||||
parseable: true
|
||||
|
||||
#######################
|
||||
# Set output to quiet #
|
||||
#######################
|
||||
quiet: true
|
||||
|
||||
#####################
|
||||
# Path to rules dir #
|
||||
#####################
|
||||
# rulesdir:
|
||||
|
||||
################
|
||||
# Tags to skip #
|
||||
################
|
||||
|
@ -36,11 +15,6 @@ skip_list:
|
|||
- 'command-instead-of-shell' # Allow use of shell when you want
|
||||
- 'no-handler' # Allow step to run like handler
|
||||
|
||||
##################
|
||||
# Tags to follow #
|
||||
##################
|
||||
# tags:
|
||||
|
||||
#############
|
||||
# Use rules #
|
||||
#############
|
||||
|
@ -49,4 +23,4 @@ use_default_rules: true
|
|||
#################
|
||||
# Set verbosity #
|
||||
#################
|
||||
verbosity: 1
|
||||
verbosity: 2
|
||||
|
|
11
README.md
11
README.md
|
@ -278,6 +278,7 @@ But if you wish to select or exclude specific linters, we give you full control
|
|||
| **ACTIONS_RUNNER_DEBUG** | `false` | Flag to enable additional information about the linter, versions, and additional output. |
|
||||
| **ANSIBLE_CONFIG_FILE** | `.ansible-lint.yml` | Filename for [Ansible-lint configuration](https://ansible-lint.readthedocs.io/en/latest/configuring.html#configuration-file) (ex: `.ansible-lint`, `.ansible-lint.yml`) |
|
||||
| **ANSIBLE_DIRECTORY** | `/ansible` | Flag to set the root directory for Ansible file location(s), relative to `DEFAULT_WORKSPACE`. Set to `.` to use the top-level of the `DEFAULT_WORKSPACE`. |
|
||||
| **ANSIBLE_ROLES_PATH** | `${ANSIBLE_DIRECTORY}/roles` | Path to the Ansible roles directory. |
|
||||
| **CSS_FILE_NAME** | `.stylelintrc.json` | Filename for [Stylelint configuration](https://github.com/stylelint/stylelint) (ex: `.stylelintrc.yml`, `.stylelintrc.yaml`) |
|
||||
| **DEFAULT_BRANCH** | `master` | The name of the repository default branch. |
|
||||
| **DEFAULT_WORKSPACE** | `/tmp/lint` | The location containing files to lint if you are running locally. |
|
||||
|
@ -306,7 +307,7 @@ But if you wish to select or exclude specific linters, we give you full control
|
|||
| **MULTI_STATUS** | `true` | A status API is made for each language that is linted to make visual parsing easier. |
|
||||
| **NATURAL_LANGUAGE_CONFIG_FILE** | `.textlintrc` | Filename for [textlint configuration](https://textlint.github.io/docs/getting-started.html#configuration) (ex: `.textlintrc`) |
|
||||
| **PHP_CONFIG_FILE** | `php.ini` | Filename for [PHP Configuration](https://www.php.net/manual/en/configuration.file.php) (ex: `php.ini`) |
|
||||
| **PROTOBUF_CONFIG_FILE** | `.protolintrc.yml` | Filename for [protolint configuration](https://github.com/yoheimuta/protolint/blob/master/_example/config/.protolint.yaml) (ex: `.protolintrc.yml`) |
|
||||
| **PROTOBUF_CONFIG_FILE** | `.protolintrc.yml` | Filename for [protolint configuration](https://github.com/yoheimuta/protolint/blob/master/_example/config/.protolint.yaml) (ex: `.protolintrc.yml`) |
|
||||
| **PYTHON_BLACK_CONFIG_FILE** | `.python-black` | Filename for [black configuration](https://github.com/psf/black/blob/main/docs/guides/using_black_with_other_tools.md#black-compatible-configurations) (ex: `.isort.cfg`, `pyproject.toml`) |
|
||||
| **PYTHON_FLAKE8_CONFIG_FILE** | `.flake8` | Filename for [flake8 configuration](https://flake8.pycqa.org/en/latest/user/configuration.html) (ex: `.flake8`, `tox.ini`) |
|
||||
| **PYTHON_ISORT_CONFIG_FILE** | `.isort.cfg` | Filename for [isort configuration](https://pycqa.github.io/isort/docs/configuration/config_files.html) (ex: `.isort.cfg`, `pyproject.toml`) |
|
||||
|
@ -316,11 +317,11 @@ But if you wish to select or exclude specific linters, we give you full control
|
|||
| **SCALAFMT_CONFIG_FILE** | `.scalafmt.conf` | Filename for [scalafmt configuration](https://scalameta.org/scalafmt/docs/configuration.html) (ex: `.scalafmt.conf`) |
|
||||
| **SNAKEMAKE_SNAKEFMT_CONFIG_FILE** | `.snakefmt.toml` | Filename for [Snakemake configuration](https://github.com/snakemake/snakefmt#configuration) (ex: `pyproject.toml`, `.snakefmt.toml`) |
|
||||
| **SSL_CERT_SECRET** | `none` | SSL cert to add to the **Super-Linter** trust store. This is needed for users on `self-hosted` runners or need to inject the cert for security standards (ex. ${{ secrets.SSL_CERT }}) |
|
||||
| **SSH_KEY** | `none` | SSH key that has access to your private repositories |
|
||||
| **SSH_SETUP_GITHUB** | `false` | If set to `true`, adds the `github.com` SSH key to `known_hosts`. This is ignored if `SSH_KEY` is provided - i.e. the `github.com` SSH key is always added if `SSH_KEY` is provided |
|
||||
| **SSH_INSECURE_NO_VERIFY_GITHUB_KEY** | `false` | **INSECURE -** If set to `true`, does not verify the fingerprint of the github.com SSH key before adding this. This is not recommended! |
|
||||
| **SSH_KEY** | `none` | SSH key that has access to your private repositories |
|
||||
| **SSH_SETUP_GITHUB** | `false` | If set to `true`, adds the `github.com` SSH key to `known_hosts`. This is ignored if `SSH_KEY` is provided - i.e. the `github.com` SSH key is always added if `SSH_KEY` is provided |
|
||||
| **SSH_INSECURE_NO_VERIFY_GITHUB_KEY** | `false` | **INSECURE -** If set to `true`, does not verify the fingerprint of the github.com SSH key before adding this. This is not recommended! |
|
||||
| **SQL_CONFIG_FILE** | `.sql-config.json` | Filename for [SQL-Lint configuration](https://sql-lint.readthedocs.io/en/latest/files/configuration.html) (ex: `sql-config.json` , `.config.json`) |
|
||||
| **SQLFLUFF_CONFIG_FILE** | `/.sqlfluff` | Filename for [SQLFLUFF configuration](https://docs.sqlfluff.com/en/stable/configuration.html) (ex: `/.sqlfluff`, `pyproject.toml`) |
|
||||
| **SQLFLUFF_CONFIG_FILE** | `/.sqlfluff` | Filename for [SQLFLUFF configuration](https://docs.sqlfluff.com/en/stable/configuration.html) (ex: `/.sqlfluff`, `pyproject.toml`) |
|
||||
| **SUPPRESS_FILE_TYPE_WARN** | `false` | If set to `true`, will hide warning messages about files without their proper extensions. Default is `false` |
|
||||
| **SUPPRESS_POSSUM** | `false` | If set to `true`, will hide the ASCII possum at top of log output. Default is `false` |
|
||||
| **TERRAFORM_TERRASCAN_CONFIG_FILE**| `terrascan.toml` | Filename for [terrascan configuration](https://github.com/accurics/terrascan) (ex: `terrascan.toml`) |
|
||||
|
|
|
@ -243,6 +243,16 @@ function BuildFileList() {
|
|||
done
|
||||
debug "---------------------------------------------"
|
||||
|
||||
#########################################
|
||||
# Check if the Ansible directory exists #
|
||||
#########################################
|
||||
if [ -d "${ANSIBLE_DIRECTORY}" ]; then
|
||||
debug "Adding ANSIBLE_DIRECTORY (${ANSIBLE_DIRECTORY}) to the list of files and directories to lint."
|
||||
FILE_ARRAY_ANSIBLE+=("${ANSIBLE_DIRECTORY}")
|
||||
else
|
||||
debug "ANSIBLE_DIRECTORY (${ANSIBLE_DIRECTORY}) does NOT exist."
|
||||
fi
|
||||
|
||||
################################################
|
||||
# Iterate through the array of all files found #
|
||||
################################################
|
||||
|
@ -498,15 +508,6 @@ function BuildFileList() {
|
|||
################################
|
||||
FILE_ARRAY_JSON+=("${FILE}")
|
||||
|
||||
############################
|
||||
# Check if file is Ansible #
|
||||
############################
|
||||
if DetectAnsibleFile "${ANSIBLE_DIRECTORY}" "${FILE}"; then
|
||||
################################
|
||||
# Append the file to the array #
|
||||
################################
|
||||
FILE_ARRAY_ANSIBLE+=("${FILE}")
|
||||
fi
|
||||
############################
|
||||
# Check if file is OpenAPI #
|
||||
############################
|
||||
|
@ -793,19 +794,6 @@ function BuildFileList() {
|
|||
################################
|
||||
FILE_ARRAY_GITHUB_ACTIONS+=("${FILE}")
|
||||
fi
|
||||
############################
|
||||
# Check if file is Ansible #
|
||||
############################
|
||||
if [ -d "${ANSIBLE_DIRECTORY}" ]; then
|
||||
if DetectAnsibleFile "${ANSIBLE_DIRECTORY}" "${FILE}"; then
|
||||
################################
|
||||
# Append the file to the array #
|
||||
################################
|
||||
FILE_ARRAY_ANSIBLE+=("${FILE}")
|
||||
fi
|
||||
else
|
||||
debug "ANSIBLE_DIRECTORY (${ANSIBLE_DIRECTORY}) does NOT exist."
|
||||
fi
|
||||
|
||||
#####################################
|
||||
# Check if the file is CFN template #
|
||||
|
|
|
@ -7,27 +7,6 @@
|
|||
################################################################################
|
||||
########################## FUNCTION CALLS BELOW ################################
|
||||
################################################################################
|
||||
################################################################################
|
||||
################################################################################
|
||||
#### Function DetectAnsibleFile ################################################
|
||||
DetectAnsibleFile() {
|
||||
ANSIBLE_DIRECTORY="${1}"
|
||||
FILE="${2}"
|
||||
|
||||
debug "Checking if ${FILE} is an Ansible file. Ansible directory: ${ANSIBLE_DIRECTORY}..."
|
||||
|
||||
if [[ ${FILE} == *"vault.yml" ]] || [[ ${FILE} == *"galaxy.yml" ]] || [[ ${FILE} == *"vault.yaml" ]] || [[ ${FILE} == *"galaxy.yaml" ]]; then
|
||||
debug "${FILE} is a file that super-linter ignores. Ignoring it..."
|
||||
return 1
|
||||
elif [[ "$(dirname "${FILE}")" == *"${ANSIBLE_DIRECTORY}"* ]]; then
|
||||
debug "${FILE} is an Ansible-related file."
|
||||
return 0
|
||||
else
|
||||
debug "${FILE} is NOT an Ansible-related file."
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
################################################################################
|
||||
#### Function DetectActions ####################################################
|
||||
DetectActions() {
|
||||
FILE="${1}"
|
||||
|
|
|
@ -155,10 +155,16 @@ function LintCodebase() {
|
|||
fi
|
||||
|
||||
INDIVIDUAL_TEST_FOLDER="${FILE_TYPE,,}" # Folder for specific tests. By convention, it's the lowercased FILE_TYPE
|
||||
TEST_CASE_DIRECTORY="${TEST_CASE_FOLDER}/${INDIVIDUAL_TEST_FOLDER}"
|
||||
debug "File: ${FILE}, FILE_NAME: ${FILE_NAME}, DIR_NAME:${DIR_NAME}, FILE_STATUS: ${FILE_STATUS}, INDIVIDUAL_TEST_FOLDER: ${INDIVIDUAL_TEST_FOLDER}, TEST_CASE_DIRECTORY: ${TEST_CASE_DIRECTORY}"
|
||||
|
||||
debug "File: ${FILE}, FILE_NAME: ${FILE_NAME}, DIR_NAME:${DIR_NAME}, FILE_STATUS: ${FILE_STATUS}, INDIVIDUAL_TEST_FOLDER: ${INDIVIDUAL_TEST_FOLDER}"
|
||||
if [[ ${FILE_TYPE} != "ANSIBLE" ]]; then
|
||||
# These linters expect files inside a directory, not a directory. So we add a trailing slash
|
||||
TEST_CASE_DIRECTORY="${TEST_CASE_DIRECTORY}/"
|
||||
debug "${FILE_TYPE} expects to lint individual files. Updated TEST_CASE_DIRECTORY to: ${TEST_CASE_DIRECTORY}"
|
||||
fi
|
||||
|
||||
if [[ ${FILE} != *"${TEST_CASE_FOLDER}/${INDIVIDUAL_TEST_FOLDER}/"* ]] && [ "${TEST_CASE_RUN}" == "true" ]; then
|
||||
if [[ ${FILE} != *"${TEST_CASE_DIRECTORY}"* ]] && [ "${TEST_CASE_RUN}" == "true" ]; then
|
||||
debug "Skipping ${FILE} because it's not in the test case directory for ${FILE_TYPE}..."
|
||||
continue
|
||||
fi
|
||||
|
@ -188,20 +194,10 @@ function LintCodebase() {
|
|||
# Check for ansible #
|
||||
#####################
|
||||
if [[ ${FILE_TYPE} == "ANSIBLE" ]]; then
|
||||
#########################################
|
||||
# Make sure we don't lint certain files #
|
||||
#########################################
|
||||
if [[ ${FILE} == *"vault.yml"* ]] || [[ ${FILE} == *"galaxy.yml"* ]]; then
|
||||
# This is a file we don't look at
|
||||
continue
|
||||
fi
|
||||
|
||||
################################
|
||||
# Lint the file with the rules #
|
||||
################################
|
||||
LINT_CMD=$(
|
||||
cd "${ANSIBLE_DIRECTORY}" || exit
|
||||
${LINTER_COMMAND} "${FILE}" 2>&1
|
||||
debug "ANSIBLE_ROLES_PATH: ${ANSIBLE_ROLES_PATH}, LINTER_COMMAND:${LINTER_COMMAND}, FILE: ${FILE}"
|
||||
cd "${WORKSPACE_PATH}" || exit
|
||||
ANSIBLE_ROLES_PATH=${ANSIBLE_ROLES_PATH} ${LINTER_COMMAND} "${FILE}" 2>&1
|
||||
)
|
||||
####################################
|
||||
# Corner case for pwsh subshell #
|
||||
|
@ -393,6 +389,6 @@ function LintCodebase() {
|
|||
# We failed to find files and no tests were ran #
|
||||
#################################################
|
||||
error "Failed to find any tests ran for the Linter:[${LINTER_NAME}]!"
|
||||
fatal "Please validate logic or that tests exist!"
|
||||
fatal "Validate logic and that tests exist for linter: ${LINTER_NAME}"
|
||||
fi
|
||||
}
|
||||
|
|
|
@ -847,6 +847,11 @@ export DEFAULT_TEST_CASE_ANSIBLE_DIRECTORY
|
|||
############################
|
||||
GetValidationInfo
|
||||
|
||||
# Now ANSIBLE_DIRECTORY is set
|
||||
ANSIBLE_ROLES_PATH="${ANSIBLE_ROLES_PATH:-"${ANSIBLE_DIRECTORY}/roles"}"
|
||||
debug "Setting ANSIBLE_ROLES_PATH to: ${ANSIBLE_ROLES_PATH}..."
|
||||
export ANSIBLE_ROLES_PATH
|
||||
|
||||
#################################
|
||||
# Get the linter rules location #
|
||||
#################################
|
||||
|
@ -868,7 +873,7 @@ GetStandardRules "typescript"
|
|||
# Define linter commands #
|
||||
##########################
|
||||
declare -A LINTER_COMMANDS_ARRAY
|
||||
LINTER_COMMANDS_ARRAY['ANSIBLE']="ansible-lint -v -c ${ANSIBLE_LINTER_RULES}"
|
||||
LINTER_COMMANDS_ARRAY['ANSIBLE']="ansible-lint -vv -c ${ANSIBLE_LINTER_RULES}"
|
||||
LINTER_COMMANDS_ARRAY['ARM']="Import-Module ${ARM_TTK_PSD1} ; \${config} = \$(Import-PowerShellDataFile -Path ${ARM_LINTER_RULES}) ; Test-AzTemplate @config -TemplatePath"
|
||||
LINTER_COMMANDS_ARRAY['BASH']="shellcheck --color --external-sources"
|
||||
LINTER_COMMANDS_ARRAY['BASH_EXEC']="bash-exec"
|
||||
|
|
Loading…
Reference in a new issue