Update Ansible lint workflow to v6.20.3.

UtrechtUniversity · Oct 10, 2023 · 489ccd6 · 489ccd6
1 parent 90d7369
commit 489ccd6
Show file tree

Hide file tree

Showing 11 changed files with 42 additions and 56 deletions.
diff --git a/.ansible-lint b/.ansible-lint
@@ -1,5 +1,23 @@
+profile: production
+
 skip_list:
   - experimental
   - var-naming
 
 parseable: true
+
+mock_modules:
+  - irods_advanced
+  - irods_config
+  - irods_indexing
+  - irods_python
+  - irods_resource
+  - irods_rulesets
+
+exclude_paths:
+  - .github/
+  - docker/
+  - docs/
+  - roles/yoda_test/
+  - roles/yoda_test_users_eus/
+  - environments/
diff --git a/.github/workflows/ansible-lint-zabbix.yml b/.github/workflows/ansible-lint-zabbix.yml
diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml
@@ -7,27 +7,20 @@ on:
     - 'Vagrantfile'
     - 'docs/**'
     - 'docker/**'
-    - '.github/workflows/ansible-lint-zabbix.yml'
     - '.github/workflows/documentation.yml'
   pull_request:
     paths-ignore:
     - 'README.md'
     - 'Vagrantfile'
     - 'docker/**'
     - 'docs/**'
-    - '.github/workflows/ansible-lint-zabbix.yml'
     - '.github/workflows/documentation.yml'
 
 jobs:
   build:
     runs-on: ubuntu-latest
-
     steps:
-      # Important: This sets up your GITHUB_WORKSPACE environment variable
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Run ansible-lint
-        # replace `main` with any valid ref, or tags like `v6`
-        uses: ansible-community/[email protected]
-        with:
-          path: "playbook.yml"
+        uses: ansible/[email protected]
diff --git a/roles/acme_certificates/meta/main.yml b/roles/acme_certificates/meta/main.yml
@@ -5,7 +5,7 @@ galaxy_info:
   author: Lazlo Westerhof
   description: Install Let's Encrypt certificates
   license: GPLv3
-  min_ansible_version: 2.7
+  min_ansible_version: '2.11'
   platforms:
-    - name: CentOS
+    - name: EL
       version: 7
diff --git a/roles/acme_certificates/tasks/main.yml b/roles/acme_certificates/tasks/main.yml
@@ -20,7 +20,7 @@
   when: not letsencrypt_fullchain.stat.exists
 
 
-- name: Generate certificate if it  doesn't exist yet
+- name: Generate certificate if it  doesn't exist yet # noqa no-changed-when
   ansible.builtin.command: "certbot certonly --standalone --noninteractive --agree-tos --email [email protected] -d {{ yoda_portal_fqdn }}"
   when: not letsencrypt_fullchain.stat.exists
 

diff --git a/roles/apache_wsgi/meta/main.yml b/roles/apache_wsgi/meta/main.yml
@@ -12,5 +12,5 @@ galaxy_info:
 
 
 dependencies:
-  - apache
-  - python3
+  - role: apache
+  - role: python3
diff --git a/roles/apache_wsgi/tasks/main.yml b/roles/apache_wsgi/tasks/main.yml
@@ -22,7 +22,7 @@
     dest: /etc/httpd/conf.modules.d/02-wsgi.conf
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   notify: Restart Apache webserver
 
 
@@ -39,13 +39,13 @@
     dest: /root/my-httpd.pp
     owner: root
     group: root
-    mode: 0644
+    mode: '0644'
   register: python_selinux
 
 
 # Running as task instead of handler in order to prevent ordering issues
 # with Apache restart handler.
-- name: Apply SELinux policy
+- name: Apply SELinux policy # noqa no-handler
   ansible.builtin.command:
     cmd: semodule -i /root/my-httpd.pp
   changed_when: false

diff --git a/roles/python_irodsclient/tasks/main.yml b/roles/python_irodsclient/tasks/main.yml
@@ -2,22 +2,22 @@
 # copyright Utrecht University
 
 - name: Ensure Python dependencies are installed
-  package:
+  ansible.builtin.package:
     name:
       - python-pip
     state: present
 
 
 - name: Ensure python-irodsclient dependencies are installed
-  pip:
+  ansible.builtin.pip:
     name:
       - pip==20.2.4
       - setuptools==44.1.1
     state: present
 
 
 - name: Ensure python-irodsclient is installed
-  pip:
+  ansible.builtin.pip:
     name:
       - python-irodsclient==1.1.8
     state: present
diff --git a/roles/remove_php/meta/main.yml b/roles/remove_php/meta/main.yml
@@ -5,7 +5,7 @@ galaxy_info:
   author: Sietse Snel
   description: Removes PHP
   license: GPLv3
-  min_ansible_version: "2.7"
+  min_ansible_version: '2.7'
   platforms:
-    - name: CentOS
+    - name: EL
       version: 7
diff --git a/roles/s3cmd/tasks/main.yml b/roles/s3cmd/tasks/main.yml
@@ -13,4 +13,4 @@
     dest: /var/lib/irods/.s3cfg
     owner: '{{ irods_service_account }}'
     group: '{{ irods_service_account }}'
-    mode: 0600
+    mode: '0600'
diff --git a/roles/yoda_credentials/tasks/main.yml b/roles/yoda_credentials/tasks/main.yml
@@ -2,32 +2,32 @@
 # copyright Utrecht University
 
 - name: Ensure that credentials store exists
-  file:
+  ansible.builtin.file:
     path: '{{ credentials_store }}'
     owner: '{{ irods_service_account }}'
     group: '{{ irods_service_account }}'
-    mode: 0700
+    mode: '0700'
     state: directory
   when: not ansible_check_mode
 
 
 - name: Configure credentials in credentials store
-  template:
+  ansible.builtin.template:
     src: store_config.j2
     dest: '{{ credentials_store }}/store_config.json'
     owner: '{{ irods_service_account }}'
     group: '{{ irods_service_account }}'
-    mode: 0600
+    mode: '0600'
   when: not ansible_check_mode
 
 
 - name: Ensure EPIC credentials are present in credentials store
-  copy:
+  ansible.builtin.copy:
     src: '{{ item.src }}'
     dest: '{{ item.dest }}'
     owner: '{{ irods_service_account }}'
     group: '{{ irods_service_account }}'
-    mode: 0600
+    mode: '0600'
   with_items:
     - src: '{{ credential_files }}/epic_key.pem'
       dest: '{{ credentials_store }}/epic_key.pem'
@@ -39,12 +39,12 @@
 
 
 - name: Ensure EPIC credentials are present in credentials store
-  copy:
+  ansible.builtin.copy:
     content: '{{ item.src | b64decode }}'
     dest: '{{ item.dest }}'
     owner: '{{ irods_service_account }}'
     group: '{{ irods_service_account }}'
-    mode: 0600
+    mode: '0600'
   with_items:
     - src: '{{ epic_key }}'
       dest: '{{ credentials_store }}/epic_key.pem'