Lint the whole Ansible directory (#2576)

This commit is contained in:
Marco Ferrari 2022-03-14 20:47:04 +01:00 committed by GitHub
parent e98f38ce93
commit 4b16b5b473
WARNING! Although there is a key with this ID in the database it does not verify this commit! This commit is SUSPICIOUS.
GPG key ID: 4AEE18F83AFDEB23
29 changed files with 53 additions and 174 deletions

View file

@ -4,7 +4,7 @@ This folder holds the test cases for **Ansible**.
## Additional Docs
The folder **ghe-initialize** is pulled from the **GitHub-Demo-Stack** and is a valid **Ansible** role.
The folder **roles/ghe-initialize** is pulled from the **GitHub-Demo-Stack** and is a valid **Ansible** role.
## Good Test Cases

View file

@ -1,39 +0,0 @@
---
###########################################
###########################################
#### GitHub Services-Engineering Stack ####
#### ####
#### GHE Primary HA backup-utils ONLY ####
###########################################
###########################################
###############################
# Description of the playbook #
###############################
# description: Builds GHE Primary, HA, and backup-utils.
# detailed_description: Builds GHE Primary, HA, and backup-utils.
######################
## Configure GitHub ##
######################
- hosts: Yo-Mama
vars:
github_host: "{{ hostvars['github_primary'].ansible_host }}"
probot_server_ip: "{{ hostvars['backup-utils'].ansible_host }}"
roles:
- role: ghe-initialize
##########################################
## Run ghe-config-apply for all changes ##
##########################################
# Due to us hot loading some data into GHE, the final
# run of ghe-config-apply hangs and leaves the system in an odd state
# The simplist option is to run the process
# 1 more time at the end to solve the issue
- hosts: github_primary
tasks:
- block:
include_role:
tasks_from: ghe-config-apply.yml
tags:
- github

View file

@ -1,42 +0,0 @@
---
###########################################
###########################################
#### GitHub Services-Engineering Stack ####
#### ####
#### GHE Primary HA backup-utils ONLY ####
###########################################
###########################################
###############################
# Description of the playbook #
###############################
# description: Builds GHE Primary, HA, and backup-utils.
# detailed_description: Builds GHE Primary, HA, and backup-utils.
######################
## Configure GitHub ##
######################
- hosts: github_primary
vars:
demo_github_initial_user: "{{ hostvars['localhost'].local_user }}"
github_host: "{{ hostvars['github_primary'].ansible_host }}"
probot_server_ip: "{{ hostvars['backup-utils'].ansible_host }}"
roles:
- role: ghe_initialize
##########################################
## Run ghe-config-apply for all changes ##
##########################################
# Due to us hot loading some data into GHE, the final
# run of ghe-config-apply hangs and leaves the system in an odd state
# The simplist option is to run the process
# 1 more time at the end to solve the issue
- hosts: github_primary
tasks:
- block:
- name: GHE-Config-Apply
include_role:
name: ghe_initialize
tasks_from: ghe-config-apply.yml
tags:
- github

View file

@ -0,0 +1,5 @@
---
all:
hosts:
test.example.com: null
...

View file

@ -0,0 +1,8 @@
---
- hosts: github_primary
vars:
demo_github_initial_user: "{{ hostvars['localhost'].local_user }}"
github_host: "{{ hostvars['github_primary'].ansible_host }}"
probot_server_ip: "{{ hostvars['backup-utils'].ansible_host }}"
roles:
- role: ghe_initialize

View file

@ -0,0 +1,4 @@
---
collections:
- ansible.posix
...

View file

@ -1,30 +1,9 @@
---
##########################
##########################
## Ansible Linter rules ##
##########################
##########################
#############################
# Exclude paths from linter #
#############################
# exclude_paths:
########################
# Make output parsable #
########################
parseable: true
#######################
# Set output to quiet #
#######################
quiet: true
#####################
# Path to rules dir #
#####################
# rulesdir:
################
# Tags to skip #
################
@ -36,11 +15,6 @@ skip_list:
- 'command-instead-of-shell' # Allow use of shell when you want
- 'no-handler' # Allow step to run like handler
##################
# Tags to follow #
##################
# tags:
#############
# Use rules #
#############
@ -49,4 +23,4 @@ use_default_rules: true
#################
# Set verbosity #
#################
verbosity: 1
verbosity: 2

View file

@ -278,6 +278,7 @@ But if you wish to select or exclude specific linters, we give you full control
| **ACTIONS_RUNNER_DEBUG** | `false` | Flag to enable additional information about the linter, versions, and additional output. |
| **ANSIBLE_CONFIG_FILE** | `.ansible-lint.yml` | Filename for [Ansible-lint configuration](https://ansible-lint.readthedocs.io/en/latest/configuring.html#configuration-file) (ex: `.ansible-lint`, `.ansible-lint.yml`) |
| **ANSIBLE_DIRECTORY** | `/ansible` | Flag to set the root directory for Ansible file location(s), relative to `DEFAULT_WORKSPACE`. Set to `.` to use the top-level of the `DEFAULT_WORKSPACE`. |
| **ANSIBLE_ROLES_PATH** | `${ANSIBLE_DIRECTORY}/roles` | Path to the Ansible roles directory. |
| **CSS_FILE_NAME** | `.stylelintrc.json` | Filename for [Stylelint configuration](https://github.com/stylelint/stylelint) (ex: `.stylelintrc.yml`, `.stylelintrc.yaml`) |
| **DEFAULT_BRANCH** | `master` | The name of the repository default branch. |
| **DEFAULT_WORKSPACE** | `/tmp/lint` | The location containing files to lint if you are running locally. |
@ -306,7 +307,7 @@ But if you wish to select or exclude specific linters, we give you full control
| **MULTI_STATUS** | `true` | A status API is made for each language that is linted to make visual parsing easier. |
| **NATURAL_LANGUAGE_CONFIG_FILE** | `.textlintrc` | Filename for [textlint configuration](https://textlint.github.io/docs/getting-started.html#configuration) (ex: `.textlintrc`) |
| **PHP_CONFIG_FILE** | `php.ini` | Filename for [PHP Configuration](https://www.php.net/manual/en/configuration.file.php) (ex: `php.ini`) |
| **PROTOBUF_CONFIG_FILE** | `.protolintrc.yml` | Filename for [protolint configuration](https://github.com/yoheimuta/protolint/blob/master/_example/config/.protolint.yaml) (ex: `.protolintrc.yml`) |
| **PROTOBUF_CONFIG_FILE** | `.protolintrc.yml` | Filename for [protolint configuration](https://github.com/yoheimuta/protolint/blob/master/_example/config/.protolint.yaml) (ex: `.protolintrc.yml`) |
| **PYTHON_BLACK_CONFIG_FILE** | `.python-black` | Filename for [black configuration](https://github.com/psf/black/blob/main/docs/guides/using_black_with_other_tools.md#black-compatible-configurations) (ex: `.isort.cfg`, `pyproject.toml`) |
| **PYTHON_FLAKE8_CONFIG_FILE** | `.flake8` | Filename for [flake8 configuration](https://flake8.pycqa.org/en/latest/user/configuration.html) (ex: `.flake8`, `tox.ini`) |
| **PYTHON_ISORT_CONFIG_FILE** | `.isort.cfg` | Filename for [isort configuration](https://pycqa.github.io/isort/docs/configuration/config_files.html) (ex: `.isort.cfg`, `pyproject.toml`) |
@ -316,11 +317,11 @@ But if you wish to select or exclude specific linters, we give you full control
| **SCALAFMT_CONFIG_FILE** | `.scalafmt.conf` | Filename for [scalafmt configuration](https://scalameta.org/scalafmt/docs/configuration.html) (ex: `.scalafmt.conf`) |
| **SNAKEMAKE_SNAKEFMT_CONFIG_FILE** | `.snakefmt.toml` | Filename for [Snakemake configuration](https://github.com/snakemake/snakefmt#configuration) (ex: `pyproject.toml`, `.snakefmt.toml`) |
| **SSL_CERT_SECRET** | `none` | SSL cert to add to the **Super-Linter** trust store. This is needed for users on `self-hosted` runners or need to inject the cert for security standards (ex. ${{ secrets.SSL_CERT }}) |
| **SSH_KEY** | `none` | SSH key that has access to your private repositories |
| **SSH_SETUP_GITHUB** | `false` | If set to `true`, adds the `github.com` SSH key to `known_hosts`. This is ignored if `SSH_KEY` is provided - i.e. the `github.com` SSH key is always added if `SSH_KEY` is provided |
| **SSH_INSECURE_NO_VERIFY_GITHUB_KEY** | `false` | **INSECURE -** If set to `true`, does not verify the fingerprint of the github.com SSH key before adding this. This is not recommended! |
| **SSH_KEY** | `none` | SSH key that has access to your private repositories |
| **SSH_SETUP_GITHUB** | `false` | If set to `true`, adds the `github.com` SSH key to `known_hosts`. This is ignored if `SSH_KEY` is provided - i.e. the `github.com` SSH key is always added if `SSH_KEY` is provided |
| **SSH_INSECURE_NO_VERIFY_GITHUB_KEY** | `false` | **INSECURE -** If set to `true`, does not verify the fingerprint of the github.com SSH key before adding this. This is not recommended! |
| **SQL_CONFIG_FILE** | `.sql-config.json` | Filename for [SQL-Lint configuration](https://sql-lint.readthedocs.io/en/latest/files/configuration.html) (ex: `sql-config.json` , `.config.json`) |
| **SQLFLUFF_CONFIG_FILE** | `/.sqlfluff` | Filename for [SQLFLUFF configuration](https://docs.sqlfluff.com/en/stable/configuration.html) (ex: `/.sqlfluff`, `pyproject.toml`) |
| **SQLFLUFF_CONFIG_FILE** | `/.sqlfluff` | Filename for [SQLFLUFF configuration](https://docs.sqlfluff.com/en/stable/configuration.html) (ex: `/.sqlfluff`, `pyproject.toml`) |
| **SUPPRESS_FILE_TYPE_WARN** | `false` | If set to `true`, will hide warning messages about files without their proper extensions. Default is `false` |
| **SUPPRESS_POSSUM** | `false` | If set to `true`, will hide the ASCII possum at top of log output. Default is `false` |
| **TERRAFORM_TERRASCAN_CONFIG_FILE**| `terrascan.toml` | Filename for [terrascan configuration](https://github.com/accurics/terrascan) (ex: `terrascan.toml`) |

View file

@ -243,6 +243,16 @@ function BuildFileList() {
done
debug "---------------------------------------------"
#########################################
# Check if the Ansible directory exists #
#########################################
if [ -d "${ANSIBLE_DIRECTORY}" ]; then
debug "Adding ANSIBLE_DIRECTORY (${ANSIBLE_DIRECTORY}) to the list of files and directories to lint."
FILE_ARRAY_ANSIBLE+=("${ANSIBLE_DIRECTORY}")
else
debug "ANSIBLE_DIRECTORY (${ANSIBLE_DIRECTORY}) does NOT exist."
fi
################################################
# Iterate through the array of all files found #
################################################
@ -498,15 +508,6 @@ function BuildFileList() {
################################
FILE_ARRAY_JSON+=("${FILE}")
############################
# Check if file is Ansible #
############################
if DetectAnsibleFile "${ANSIBLE_DIRECTORY}" "${FILE}"; then
################################
# Append the file to the array #
################################
FILE_ARRAY_ANSIBLE+=("${FILE}")
fi
############################
# Check if file is OpenAPI #
############################
@ -793,19 +794,6 @@ function BuildFileList() {
################################
FILE_ARRAY_GITHUB_ACTIONS+=("${FILE}")
fi
############################
# Check if file is Ansible #
############################
if [ -d "${ANSIBLE_DIRECTORY}" ]; then
if DetectAnsibleFile "${ANSIBLE_DIRECTORY}" "${FILE}"; then
################################
# Append the file to the array #
################################
FILE_ARRAY_ANSIBLE+=("${FILE}")
fi
else
debug "ANSIBLE_DIRECTORY (${ANSIBLE_DIRECTORY}) does NOT exist."
fi
#####################################
# Check if the file is CFN template #

View file

@ -7,27 +7,6 @@
################################################################################
########################## FUNCTION CALLS BELOW ################################
################################################################################
################################################################################
################################################################################
#### Function DetectAnsibleFile ################################################
DetectAnsibleFile() {
ANSIBLE_DIRECTORY="${1}"
FILE="${2}"
debug "Checking if ${FILE} is an Ansible file. Ansible directory: ${ANSIBLE_DIRECTORY}..."
if [[ ${FILE} == *"vault.yml" ]] || [[ ${FILE} == *"galaxy.yml" ]] || [[ ${FILE} == *"vault.yaml" ]] || [[ ${FILE} == *"galaxy.yaml" ]]; then
debug "${FILE} is a file that super-linter ignores. Ignoring it..."
return 1
elif [[ "$(dirname "${FILE}")" == *"${ANSIBLE_DIRECTORY}"* ]]; then
debug "${FILE} is an Ansible-related file."
return 0
else
debug "${FILE} is NOT an Ansible-related file."
return 1
fi
}
################################################################################
#### Function DetectActions ####################################################
DetectActions() {
FILE="${1}"

View file

@ -155,10 +155,16 @@ function LintCodebase() {
fi
INDIVIDUAL_TEST_FOLDER="${FILE_TYPE,,}" # Folder for specific tests. By convention, it's the lowercased FILE_TYPE
TEST_CASE_DIRECTORY="${TEST_CASE_FOLDER}/${INDIVIDUAL_TEST_FOLDER}"
debug "File: ${FILE}, FILE_NAME: ${FILE_NAME}, DIR_NAME:${DIR_NAME}, FILE_STATUS: ${FILE_STATUS}, INDIVIDUAL_TEST_FOLDER: ${INDIVIDUAL_TEST_FOLDER}, TEST_CASE_DIRECTORY: ${TEST_CASE_DIRECTORY}"
debug "File: ${FILE}, FILE_NAME: ${FILE_NAME}, DIR_NAME:${DIR_NAME}, FILE_STATUS: ${FILE_STATUS}, INDIVIDUAL_TEST_FOLDER: ${INDIVIDUAL_TEST_FOLDER}"
if [[ ${FILE_TYPE} != "ANSIBLE" ]]; then
# These linters expect files inside a directory, not a directory. So we add a trailing slash
TEST_CASE_DIRECTORY="${TEST_CASE_DIRECTORY}/"
debug "${FILE_TYPE} expects to lint individual files. Updated TEST_CASE_DIRECTORY to: ${TEST_CASE_DIRECTORY}"
fi
if [[ ${FILE} != *"${TEST_CASE_FOLDER}/${INDIVIDUAL_TEST_FOLDER}/"* ]] && [ "${TEST_CASE_RUN}" == "true" ]; then
if [[ ${FILE} != *"${TEST_CASE_DIRECTORY}"* ]] && [ "${TEST_CASE_RUN}" == "true" ]; then
debug "Skipping ${FILE} because it's not in the test case directory for ${FILE_TYPE}..."
continue
fi
@ -188,20 +194,10 @@ function LintCodebase() {
# Check for ansible #
#####################
if [[ ${FILE_TYPE} == "ANSIBLE" ]]; then
#########################################
# Make sure we don't lint certain files #
#########################################
if [[ ${FILE} == *"vault.yml"* ]] || [[ ${FILE} == *"galaxy.yml"* ]]; then
# This is a file we don't look at
continue
fi
################################
# Lint the file with the rules #
################################
LINT_CMD=$(
cd "${ANSIBLE_DIRECTORY}" || exit
${LINTER_COMMAND} "${FILE}" 2>&1
debug "ANSIBLE_ROLES_PATH: ${ANSIBLE_ROLES_PATH}, LINTER_COMMAND:${LINTER_COMMAND}, FILE: ${FILE}"
cd "${WORKSPACE_PATH}" || exit
ANSIBLE_ROLES_PATH=${ANSIBLE_ROLES_PATH} ${LINTER_COMMAND} "${FILE}" 2>&1
)
####################################
# Corner case for pwsh subshell #
@ -393,6 +389,6 @@ function LintCodebase() {
# We failed to find files and no tests were ran #
#################################################
error "Failed to find any tests ran for the Linter:[${LINTER_NAME}]!"
fatal "Please validate logic or that tests exist!"
fatal "Validate logic and that tests exist for linter: ${LINTER_NAME}"
fi
}

View file

@ -847,6 +847,11 @@ export DEFAULT_TEST_CASE_ANSIBLE_DIRECTORY
############################
GetValidationInfo
# Now ANSIBLE_DIRECTORY is set
ANSIBLE_ROLES_PATH="${ANSIBLE_ROLES_PATH:-"${ANSIBLE_DIRECTORY}/roles"}"
debug "Setting ANSIBLE_ROLES_PATH to: ${ANSIBLE_ROLES_PATH}..."
export ANSIBLE_ROLES_PATH
#################################
# Get the linter rules location #
#################################
@ -868,7 +873,7 @@ GetStandardRules "typescript"
# Define linter commands #
##########################
declare -A LINTER_COMMANDS_ARRAY
LINTER_COMMANDS_ARRAY['ANSIBLE']="ansible-lint -v -c ${ANSIBLE_LINTER_RULES}"
LINTER_COMMANDS_ARRAY['ANSIBLE']="ansible-lint -vv -c ${ANSIBLE_LINTER_RULES}"
LINTER_COMMANDS_ARRAY['ARM']="Import-Module ${ARM_TTK_PSD1} ; \${config} = \$(Import-PowerShellDataFile -Path ${ARM_LINTER_RULES}) ; Test-AzTemplate @config -TemplatePath"
LINTER_COMMANDS_ARRAY['BASH']="shellcheck --color --external-sources"
LINTER_COMMANDS_ARRAY['BASH_EXEC']="bash-exec"