Compare commits

...

158 Commits
v3.4.3 ... main

Author SHA1 Message Date
8571c4841e
[skip-ci] drop docs link 2024-11-06 09:36:13 +01:00
7099f6d3dc
[skip-ci] add discontinued notice to readme 2024-11-06 09:32:52 +01:00
renovate[bot]
d0070d4816 chore(deps): update dependency thegeeklab/hugo-geekdoc to v1.2.1 2024-11-04 02:07:08 +01:00
renovate[bot]
aa69db12cc chore(deps): update dependency ruff to v0.7.2 2024-11-04 02:05:51 +01:00
renovate[bot]
d5cb46f3c4
chore(deps): update dependency pytest-cov to v6 (#898)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-30 08:47:00 +01:00
renovate[bot]
523867c885
chore(deps): update quay.io/thegeeklab/hugo docker tag to v0.136.5 (#894)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-28 08:35:47 +01:00
renovate[bot]
bdb093047c
chore(deps): lock file maintenance (#897)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-28 08:30:27 +01:00
renovate[bot]
38d11aae44 chore(deps): update dependency ruff to v0.7.1 2024-10-28 02:06:33 +01:00
92d3fad445
cleanup docs pipeline 2024-10-27 21:21:08 +01:00
renovate[bot]
7b95de429b
chore(deps): lock file maintenance (#891)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-27 21:06:47 +01:00
64531c1271
ci: add trivy and replace deprecated workflow syntax (#895) 2024-10-27 21:06:37 +01:00
renovate[bot]
d5682968ab chore(deps): update dependency ruff to v0.7.0 2024-10-21 02:47:08 +02:00
renovate[bot]
62b7096f3a chore(docker): update python:3.12-alpine docker digest to 38e179a 2024-10-20 03:43:22 +02:00
renovate[bot]
68bb9953de
chore(deps): lock file maintenance (#887)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-07 21:11:45 +02:00
renovate[bot]
34c879dcc6 chore(deps): update dependency ruff to v0.6.9 2024-10-07 03:20:15 +02:00
renovate[bot]
ff03f9c933 chore(deps): update dependency thegeeklab/hugo-geekdoc to v1.1.0 2024-10-07 03:19:57 +02:00
renovate[bot]
20425d54b5
fix(deps): update dependency toolz to v1 (#884)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-06 20:51:28 +02:00
renovate[bot]
3b1c285f2d
chore(deps): lock file maintenance (#881)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-10-03 14:28:09 +02:00
renovate[bot]
fa4ebcdb67 chore(docker): update python:3.12-alpine docker digest to e75de17 2024-10-03 02:22:54 +02:00
renovate[bot]
49b4182fda chore(docker): update python:3.12-alpine docker digest to cf0a168 2024-10-02 03:35:11 +02:00
renovate[bot]
26d89019de chore(deps): update dependency ruff to v0.6.8 2024-09-30 03:14:24 +02:00
renovate[bot]
70d2e2b6e3
chore(deps): lock file maintenance (#879)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-23 11:18:40 +02:00
renovate[bot]
b8fc1f80f5 chore(deps): update dependency ruff to v0.6.7 2024-09-23 05:33:14 +02:00
dependabot[bot]
3ecaf2c83c
build(deps): bump cryptography from 42.0.8 to 43.0.1 (#876)
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-20 10:00:09 +02:00
renovate[bot]
ae339853fc
chore(deps): lock file maintenance (#875)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-20 08:50:15 +02:00
renovate[bot]
7d6ff809ae chore(deps): update devdeps non-major 2024-09-16 04:26:50 +02:00
renovate[bot]
fff6c09a3d chore(docker): update python:3.12-alpine docker digest to 7130f75 2024-09-14 03:37:08 +02:00
renovate[bot]
72c1e8e778 chore(docker): update python:3.12-alpine docker digest to 7593fc6 2024-09-13 04:19:45 +02:00
renovate[bot]
6d84a16819 chore(docker): update python:3.12-alpine docker digest to e0e4d3d 2024-09-12 03:50:33 +02:00
renovate[bot]
4880f9e999
chore(deps): lock file maintenance (#869)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-09 18:09:17 +02:00
renovate[bot]
855fdb701f chore(deps): update dependency ruff to v0.6.4 2024-09-09 03:38:41 +02:00
renovate[bot]
9a447b168a chore(docker): update python:3.12-alpine docker digest to bb5d0ac 2024-09-08 02:36:21 +02:00
renovate[bot]
253b54410d chore(docker): update python:3.12-alpine docker digest to aeff643 2024-09-05 04:26:49 +02:00
renovate[bot]
6c6fbe2646
chore(deps): update quay.io/thegeeklab/hugo docker tag to v0.133.0 (#860)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 11:06:53 +02:00
renovate[bot]
dd2d6e415b
chore(deps): update dependency thegeeklab/hugo-geekdoc to v1 (#863)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 07:47:45 +02:00
renovate[bot]
a1a2b57546
chore(deps): lock file maintenance (#865)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-09-02 07:47:31 +02:00
renovate[bot]
1a1ecbd695 chore(deps): update dependency ruff to v0.6.3 2024-09-02 02:46:49 +02:00
renovate[bot]
6f0a9fa628
chore(deps): lock file maintenance (#862)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-26 08:25:47 +02:00
renovate[bot]
c09b67088f chore(deps): update dependency ruff to v0.6.2 2024-08-26 03:31:00 +02:00
renovate[bot]
fa49768ded
chore(deps): lock file maintenance (#859)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-19 08:12:10 +02:00
renovate[bot]
25b52b9e18 chore(deps): update dependency ruff to v0.6.1 2024-08-19 02:54:36 +02:00
renovate[bot]
f0ceba29ed
chore(deps): lock file maintenance (#856)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-12 08:30:47 +02:00
renovate[bot]
c75029d26f chore(deps): update dependency ruff to v0.5.7 2024-08-12 03:55:41 +02:00
renovate[bot]
bf4fa1f9e8 chore(docker): update python:3.12-alpine docker digest to c2f41e6 2024-08-08 03:34:05 +02:00
ccaa936f9a
ci: fix notification step 2024-08-07 21:26:44 +02:00
renovate[bot]
a8ae213b42
chore(deps): lock file maintenance (#844)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-07 08:58:47 +02:00
renovate[bot]
f17f833e6d
fix(deps): update dependency pyyaml to v6.0.2 (#853)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-08-07 08:58:38 +02:00
renovate[bot]
b1a92ee164 chore(docker): update python:3.12-alpine docker digest to 63094ab 2024-08-06 03:15:34 +02:00
renovate[bot]
e22fd04a04 chore(deps): update dependency ruff to v0.5.6 2024-08-05 03:17:55 +02:00
renovate[bot]
c9bebc3fc6 chore(docker): update python:3.12-alpine docker digest to a0c22d8 2024-08-03 02:25:52 +02:00
renovate[bot]
7d0f611982 chore(docker): update python:3.12-alpine docker digest to 2abecb7 2024-08-02 05:41:51 +02:00
renovate[bot]
1f15548f69 chore(docker): update python:3.12-alpine docker digest to 7b76f1c 2024-08-02 02:20:25 +02:00
renovate[bot]
70b31ff632 chore(deps): update devdeps non-major 2024-07-29 03:04:32 +02:00
renovate[bot]
dce5137deb chore(docker): update python:3.12-alpine docker digest to 7f15e22 2024-07-25 04:45:56 +02:00
renovate[bot]
414ae921b8 chore(docker): update python:3.12-alpine docker digest to 0032125 2024-07-24 04:16:39 +02:00
renovate[bot]
97b6c688c6 chore(deps): update devdeps non-major 2024-07-22 04:16:33 +02:00
renovate[bot]
f81a2e2f79 chore(deps): update dependency thegeeklab/hugo-geekdoc to v0.47.0 2024-07-15 04:18:21 +02:00
renovate[bot]
776896eb10 chore(deps): update dependency ruff to v0.5.2 2024-07-15 04:17:18 +02:00
renovate[bot]
77ac5003a2 chore(docker): update python:3.12-alpine docker digest to 0bd77ae 2024-07-11 04:14:10 +02:00
renovate[bot]
4decb201b7
fix(deps): update dependency jsonschema to v4.23.0 (#837)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-09 08:16:02 +02:00
renovate[bot]
35e26084fa
chore(deps): update quay.io/thegeeklab/wp-docker-buildx docker tag to v5 (#836)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-08 15:48:58 +02:00
renovate[bot]
ab9edb7618
chore(deps): lock file maintenance (#824)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-07-08 09:11:16 +02:00
renovate[bot]
7224113ec9 chore(deps): update dependency ruff to v0.5.1 2024-07-08 05:26:22 +02:00
renovate[bot]
bd8a413c4b chore(docker): update python:3.12-alpine docker digest to b7662fc 2024-07-04 03:31:56 +02:00
renovate[bot]
d03b522bbc chore(deps): update dependency ruff to v0.5.0 2024-07-01 04:18:56 +02:00
renovate[bot]
516b78a871 chore(docker): update python:3.12-alpine docker digest to ff870bf 2024-06-28 02:43:04 +02:00
renovate[bot]
0decedea9c chore(docker): update python:3.12-alpine docker digest to 99fd097 2024-06-27 06:15:15 +02:00
renovate[bot]
68187e8765 chore(deps): update dependency ruff to v0.4.10 2024-06-24 03:02:39 +02:00
renovate[bot]
70b40cee63 chore(docker): update python:3.12-alpine docker digest to dc09596 2024-06-22 02:16:56 +02:00
renovate[bot]
0fd035828b chore(docker): update python:3.12-alpine docker digest to 15e5169 2024-06-21 03:05:19 +02:00
renovate[bot]
94591e4435 chore(deps): update dependency ruff to v0.4.9 2024-06-17 03:34:13 +02:00
renovate[bot]
efa2529ae0 chore(docker): update python:3.12-alpine docker digest to a982997 2024-06-15 02:10:24 +02:00
renovate[bot]
a17ddf8a52
chore(deps): update quay.io/thegeeklab/hugo docker tag to v0.127.0 (#821)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-10 07:28:12 +02:00
renovate[bot]
9af2d042e0 chore(deps): update devdeps non-major 2024-06-10 05:19:13 +02:00
renovate[bot]
d7b6775516 chore(deps): update dependency thegeeklab/hugo-geekdoc to v0.46.0 2024-06-10 02:15:04 +02:00
renovate[bot]
6abed0ab00 chore(docker): update python:3.12-alpine docker digest to d24ed56 2024-06-08 12:32:19 +02:00
renovate[bot]
893eb69cc6 chore(docker): update python:3.12-alpine docker digest to 32385e6 2024-06-06 05:38:17 +02:00
renovate[bot]
47b55b27b6 chore(docker): update python:3.12-alpine docker digest to d696c99 2024-06-06 02:39:52 +02:00
renovate[bot]
f9a214f622 chore(deps): update dependency ruff to v0.4.7 2024-06-03 02:56:59 +02:00
renovate[bot]
5971c9679c
chore(deps): lock file maintenance (#816)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-01 13:42:27 +02:00
renovate[bot]
f87922a662 chore(deps): update dependency ruff to v0.4.5 2024-05-27 02:17:14 +02:00
renovate[bot]
aed6a5f420
fix(deps): update dependency ansible-core to v2.14.17 (#812)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-24 09:44:32 +02:00
renovate[bot]
21d6316dd0 chore(docker): update python:3.12-alpine docker digest to 5365725 2024-05-23 06:02:13 +02:00
renovate[bot]
b0f3dca7c7 chore(deps): update dependency pytest to v8.2.1 2024-05-20 02:27:24 +02:00
renovate[bot]
e6ca4cfdb0
chore(deps): lock file maintenance (#809)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-17 09:37:20 +02:00
renovate[bot]
e1b535af8a
chore(deps): update quay.io/thegeeklab/hugo docker tag to v0.125.7 (#810)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-14 14:08:53 +02:00
renovate[bot]
b7401677dc chore(deps): update dependency ruff to v0.4.4 2024-05-13 02:46:59 +02:00
renovate[bot]
8213c46e05
chore(deps): lock file maintenance (#807)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-07 12:15:03 +02:00
renovate[bot]
e2549dfc77 chore(deps): update dependency ruff to v0.4.3 2024-05-06 03:30:21 +02:00
renovate[bot]
4c3b8f2e82
fix(deps): update dependency jsonschema to v4.22.0 (#805)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-01 12:36:49 +02:00
renovate[bot]
5e64c9d79d
chore(deps): lock file maintenance (#802)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-04-29 10:29:29 +02:00
renovate[bot]
cfcd804959 chore(deps): update devdeps non-major 2024-04-29 03:04:16 +02:00
renovate[bot]
13ac29da22
fix(deps): update dependency ansible-core to v2.14.16 (#803)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-04-23 21:18:16 +02:00
renovate[bot]
eeae482b31 chore(deps): update dependency ruff to v0.4.1 2024-04-22 04:20:01 +02:00
renovate[bot]
0a53eee7f3 chore(deps): update dependency ruff to v0.3.7 2024-04-15 03:26:31 +02:00
renovate[bot]
73e960f0b7
chore(deps): lock file maintenance (#794)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-04-12 09:18:14 +02:00
renovate[bot]
5d40978fa3 chore(docker): update python:3.12-alpine docker digest to ef09762 2024-04-11 02:22:02 +02:00
renovate[bot]
9dcaf5e488 chore(deps): update dependency thegeeklab/hugo-geekdoc to v0.45.0 2024-04-08 02:48:45 +02:00
renovate[bot]
fa65be587b chore(deps): update dependency ruff to v0.3.5 2024-04-08 02:47:25 +02:00
renovate[bot]
dcc2e08d2c chore(deps): update dependency thegeeklab/hugo-geekdoc to v0.44.3 2024-04-01 02:17:59 +02:00
renovate[bot]
ab4f8b209f
chore(deps): update quay.io/thegeeklab/wp-docker-buildx docker tag to v4 (#791)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-03-27 08:56:19 +01:00
renovate[bot]
82e09a5726 chore(docker): update python:3.12-alpine docker digest to c7eb5c9 2024-03-27 02:34:21 +01:00
renovate[bot]
cef217826e
chore(deps): lock file maintenance (#785)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-03-26 08:33:14 +01:00
renovate[bot]
64e1b4dadb
fix(deps): update dependency ansible-core to v2.14.15 (#789)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-03-26 08:33:06 +01:00
renovate[bot]
0f00036d7c
chore(deps): update dependency pytest-cov to v5 (#787)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-03-25 08:34:14 +01:00
renovate[bot]
2209fabe28 chore(deps): update devdeps non-major 2024-03-25 01:36:01 +01:00
renovate[bot]
c7b9e492d3
chore(deps): update quay.io/thegeeklab/hugo docker tag to v0.124.1 (#786)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-03-20 22:54:15 +01:00
renovate[bot]
ab9b9c6ae9 chore(deps): update dependency ruff to v0.3.3 2024-03-18 01:32:06 +01:00
renovate[bot]
de4825ff70 chore(docker): update python:3.12-alpine docker digest to 25a82f6 2024-03-17 01:46:53 +01:00
e285bf3351
ci: fix deprecated ruff command 2024-03-12 20:52:53 +01:00
renovate[bot]
58beb822ae chore(deps): update dependency thegeeklab/hugo-geekdoc to v0.44.2 2024-03-11 02:26:27 +01:00
renovate[bot]
afcbd3d356 chore(deps): update devdeps non-major 2024-03-11 02:26:10 +01:00
renovate[bot]
a5832c553a chore(deps): update devdeps non-major 2024-03-04 01:40:41 +01:00
renovate[bot]
fc4a6944d6
chore(deps): lock file maintenance (#778)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-26 10:41:38 +01:00
renovate[bot]
d6ac162764
chore(deps): lock file maintenance (#776)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-26 10:14:12 +01:00
renovate[bot]
a7623f7a5a chore(deps): update dependency pytest to v8.0.2 2024-02-26 02:55:16 +01:00
renovate[bot]
f0baf76e24 chore(deps): update devdeps non-major 2024-02-19 01:13:55 +01:00
renovate[bot]
f754a7f292
fix(deps): update dependency yamllint to v1.35.1 (#774)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-16 13:56:52 +01:00
renovate[bot]
d92da10f13
fix(deps): update dependency yamllint to v1.35.0 (#773)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-15 12:29:39 +01:00
e6027445c8
[skip ci] revert renovate automerge config 2024-02-15 12:23:08 +01:00
renovate[bot]
1d7321e3dc
chore(deps): update quay.io/thegeeklab/hugo docker tag to v0.122.0 (#772)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-11 21:50:13 +01:00
252af19cb3
enable renovate on automerge branches 2024-02-09 23:08:30 +01:00
renovate[bot]
2803c86816 chore(docker): update python:3.12-alpine docker digest to 1a05012 2024-02-09 04:20:27 +01:00
renovate[bot]
359db66db2
fix(deps): update dependency yamllint to v1.34.0 (#770)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-06 11:20:31 +01:00
0e74461b58
chore: bump ruff to v0.2.1 (#769) 2024-02-06 09:34:20 +01:00
renovate[bot]
942420db34 chore(docker): update python:3.12-alpine docker digest to 14cfc61 2024-02-02 14:35:26 +01:00
b90b030054
docs: remove ref to unmaintained github action 2024-02-01 12:37:12 +01:00
8dba488747
docs: add document-end to default config 2024-02-01 12:30:50 +01:00
a89d6d5336
fix: fix handling of blocks (#767) 2024-01-31 22:49:19 +01:00
renovate[bot]
37e701217e
fix(deps): update dependency anyconfig to v0.14.0 (#742)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-31 10:50:12 +01:00
48baa2f338
fix: pkg_resources with importlib.resources (#766) 2024-01-31 10:28:46 +01:00
ce0d895fc4
feat: add new rule CheckKeyOrder (#765) 2024-01-30 22:35:45 +01:00
renovate[bot]
9d6dd16c1c
fix(deps): update dependency ansible-core to v2.14.14 (#763)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-30 08:42:23 +01:00
0e197fd585
fix: ensure yaml document end marker is not set (#762)
BREAKING CHANGE: The default setting for the yamllint rule `docuent-end` has been changed to `false`.
2024-01-29 21:28:23 +01:00
renovate[bot]
9797533a14
chore(deps): update dependency pytest to v8 (#760)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-29 08:34:31 +01:00
674ffe6445
feat: add new rule CheckFQCN (#761) 2024-01-29 08:34:08 +01:00
6fd39b62a4
revert candidate filetype handling 2024-01-28 21:38:56 +01:00
7121b2ce6f
use candiate filetype 2024-01-28 14:54:27 +01:00
74f58c59c9
fix: strip builtin fqc prefix from task action (#759) 2024-01-27 20:56:00 +01:00
da5d3c21c2
feat: add rule CheckYamlOctalValues (#758) 2024-01-27 20:31:15 +01:00
7b44647bec
chore: improve desc and help for CheckFilePermissionOctal 2024-01-27 19:59:45 +01:00
2f4e35d83c
refactor: use lint-like rule identifier (#757) 2024-01-27 19:56:35 +01:00
80ac8ec34d
fix toml formatting 2024-01-27 18:20:15 +01:00
8861dcc705
add back optional dependency group ansible 2024-01-26 10:20:48 +01:00
renovate[bot]
b365b32638
fix(deps): update dependency toolz to v0.12.1 (#751)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-25 22:40:01 +01:00
renovate[bot]
087df4848e
fix(deps): update dependency ansible-core to v2.14.13 (#755)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-25 22:33:50 +01:00
39a5e90e78
chore: cleanup optional ansible dependency (#754) 2024-01-25 22:27:08 +01:00
2df48598ec
refactor: drop default standards version and rename to rules (#752)
BREAKING CHANGE: The option to define a `Standards` version has been removed. Every new rule that is added on upcoming releases is activated by default and will also create errors if triggered. The behavior of rules can be controlled by the existing `rules.exclude_filter` or `rules.warning_filter` options.

BREAKING CHANGE: The option `rules.buildin` has been renamed to `rules.builtin`.

BREAKING CHANGE: The option `rules.standards` has been renamed to `rules.dir`.

BREAKING CHANGE: The option `rules.filter` has been renamed to `rules.include_filter`.
2024-01-25 21:40:15 +01:00
renovate[bot]
d360de2125
chore(deps): update quay.io/thegeeklab/wp-docker-buildx docker tag to v3 (#750)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-22 11:29:41 +01:00
renovate[bot]
0137b863fa chore(deps): update dependency ruff to v0.1.14 2024-01-22 01:34:45 +01:00
renovate[bot]
d4db45ba05
fix(deps): update dependency jsonschema to v4.21.1 (#748)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-20 15:48:13 +01:00
renovate[bot]
e9a082b2fa chore(docker): update python:3.12-alpine docker digest to 801b54e 2024-01-19 23:33:30 +01:00
renovate[bot]
975a7bd661 chore(docker): update python:3.12-alpine docker digest to 4a156f7 2024-01-19 05:57:59 +01:00
renovate[bot]
f907222162
fix(deps): update dependency jsonschema to v4.21.0 (#745)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-18 10:21:58 +01:00
renovate[bot]
7f5c2a51b1 chore(deps): update dependency thegeeklab/hugo-geekdoc to v0.44.1 2024-01-16 02:57:53 +01:00
renovate[bot]
c51a4111ec
chore(deps): lock file maintenance (#735)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-15 21:58:56 +01:00
8c9420b445 fix linting 2024-01-15 15:26:56 +01:00
renovate[bot]
87ef3539cb chore(deps): update dependency ruff to v0.1.13 2024-01-15 15:26:56 +01:00
66 changed files with 1274 additions and 1081 deletions

View File

@ -18,8 +18,8 @@ HostVars
Rolesfile
Makefile
Jinja2
ANSIBLE([0-9]{4})
LINT([0-9]{4})
ANS([0-9]{3})
YML([0-9]{3})
SCM
bools
Check[A-Z].+

View File

@ -1,7 +1,6 @@
repository:
name: ansible-later
description: Another best practice scanner for Ansible roles and playbooks
homepage: https://ansible-later.geekdocs.de
topics: ansible, ansible-later, ansible-review, best practice
private: false

View File

@ -12,22 +12,31 @@ steps:
- pip install poetry poetry-dynamic-versioning -qq
- poetry build
- name: dryrun
image: quay.io/thegeeklab/wp-docker-buildx:2
- name: security-build
image: quay.io/thegeeklab/wp-docker-buildx:5
depends_on: [build]
settings:
containerfile: Containerfile.multiarch
dry_run: true
platforms:
- linux/amd64
- linux/arm64
provenance: false
output: type=oci,dest=oci/${CI_REPO_NAME},tar=false
repo: ${CI_REPO}
when:
- event: [pull_request]
- name: security-scan
image: docker.io/aquasec/trivy
depends_on: [security-build]
commands:
- trivy -v
- trivy image --input oci/${CI_REPO_NAME}
environment:
TRIVY_EXIT_CODE: "1"
TRIVY_IGNORE_UNFIXED: "true"
TRIVY_NO_PROGRESS: "true"
TRIVY_SEVERITY: HIGH,CRITICAL
TRIVY_TIMEOUT: 1m
TRIVY_DB_REPOSITORY: docker.io/aquasec/trivy-db:2
- name: publish-dockerhub
image: quay.io/thegeeklab/wp-docker-buildx:2
group: container
image: quay.io/thegeeklab/wp-docker-buildx:5
depends_on: [security-scan]
settings:
auto_tag: true
containerfile: Containerfile.multiarch
@ -47,8 +56,8 @@ steps:
- ${CI_REPO_DEFAULT_BRANCH}
- name: publish-quay
image: quay.io/thegeeklab/wp-docker-buildx:2
group: container
image: quay.io/thegeeklab/wp-docker-buildx:5
depends_on: security-scan
settings:
auto_tag: true
containerfile: Containerfile.multiarch

View File

@ -40,11 +40,11 @@ steps:
- name: publish-pypi
image: docker.io/library/python:3.12
secrets:
- source: pypi_password
target: POETRY_HTTP_BASIC_PYPI_PASSWORD
- source: pypi_username
target: POETRY_HTTP_BASIC_PYPI_USERNAME
environment:
POETRY_HTTP_BASIC_PYPI_PASSWORD:
from_secret: pypi_password
POETRY_HTTP_BASIC_PYPI_USERNAME:
from_secret: pypi_username
commands:
- pip install poetry poetry-dynamic-versioning -qq
- poetry publish -n

View File

@ -13,13 +13,13 @@ steps:
- name: markdownlint
image: quay.io/thegeeklab/markdownlint-cli
group: test
depends_on: [assets]
commands:
- markdownlint 'README.md' 'CONTRIBUTING.md'
- name: spellcheck
image: quay.io/thegeeklab/alpine-tools
group: test
depends_on: [assets]
commands:
- spellchecker --files 'docs/**/*.md' 'README.md' 'CONTRIBUTING.md' -d .dictionary -p spell indefinite-article syntax-urls
environment:
@ -27,24 +27,25 @@ steps:
- name: link-validation
image: docker.io/lycheeverse/lychee
group: test
depends_on: [assets]
commands:
- lychee --no-progress --format detailed docs/content README.md
- name: build
image: quay.io/thegeeklab/hugo:0.121.2
image: quay.io/thegeeklab/hugo:0.136.5
depends_on: [link-validation]
commands:
- hugo --panicOnWarning -s docs/
- name: beautify
image: quay.io/thegeeklab/alpine-tools
depends_on: [build]
commands:
- html-beautify -r -f 'docs/public/**/*.html'
environment:
FORCE_COLOR: "true"
- name: publish
image: quay.io/thegeeklab/wp-s3-action
depends_on: [beautify]
settings:
access_key:
from_secret: s3_access_key
@ -66,12 +67,12 @@ steps:
- name: pushrm-dockerhub
image: docker.io/chko/docker-pushrm:1
secrets:
- source: docker_password
target: DOCKER_PASS
- source: docker_username
target: DOCKER_USER
depends_on: [publish]
environment:
DOCKER_PASS:
from_secret: docker_password
DOCKER_USER:
from_secret: docker_username
PUSHRM_FILE: README.md
PUSHRM_SHORT: Another best practice scanner for Ansible roles and playbooks
PUSHRM_TARGET: ${CI_REPO}
@ -83,10 +84,10 @@ steps:
- name: pushrm-quay
image: docker.io/chko/docker-pushrm:1
secrets:
- source: quay_token
target: APIKEY__QUAY_IO
depends_on: [publish]
environment:
APIKEY__QUAY_IO:
from_secret: quay_token
PUSHRM_FILE: README.md
PUSHRM_TARGET: quay.io/${CI_REPO}
when:

View File

@ -8,6 +8,7 @@ when:
steps:
- name: check-format
image: docker.io/library/python:3.12
depends_on: []
commands:
- pip install poetry poetry-dynamic-versioning -qq
- poetry install
@ -17,9 +18,10 @@ steps:
- name: check-coding
image: docker.io/library/python:3.12
depends_on: []
commands:
- pip install poetry poetry-dynamic-versioning -qq
- poetry install -E ansible-core
- poetry run ruff ./${CI_REPO_NAME//-/}
- poetry run ruff check ./${CI_REPO_NAME//-/}
environment:
PY_COLORS: "1"

View File

@ -13,12 +13,12 @@ steps:
settings:
homeserver:
from_secret: matrix_homeserver
password:
from_secret: matrix_password
roomid:
from_secret: matrix_roomid
username:
from_secret: matrix_username
room_id:
from_secret: matrix_room_id
user_id:
from_secret: matrix_user_id
access_token:
from_secret: matrix_access_token
when:
- status: [success, failure]

View File

@ -7,7 +7,7 @@ when:
variables:
- &pytest_base
group: pytest
depends_on: []
commands:
- pip install poetry poetry-dynamic-versioning -qq
- poetry install -E ansible-core

View File

@ -1,4 +1,4 @@
FROM python:3.12-alpine@sha256:c793b92fd9e0e2a0b611756788a033d569ca864b733461c8fb30cfd14847dbcf
FROM python:3.12-alpine@sha256:38e179a0f0436c97ecc76bcd378d7293ab3ee79e4b8c440fdc7113670cb6e204
LABEL maintainer="Robert Kaussow <mail@thegeeklab.de>"
LABEL org.opencontainers.image.authors="Robert Kaussow <mail@thegeeklab.de>"

View File

@ -1,5 +1,5 @@
# renovate: datasource=github-releases depName=thegeeklab/hugo-geekdoc
THEME_VERSION := v0.44.0
THEME_VERSION := v1.2.1
THEME := hugo-geekdoc
BASEDIR := docs
THEMEDIR := $(BASEDIR)/themes

View File

@ -12,22 +12,12 @@ Another best practice scanner for Ansible roles and playbooks
[![Source: GitHub](https://img.shields.io/badge/source-github-blue.svg?logo=github&logoColor=white)](https://github.com/thegeeklab/ansible-later)
[![License: MIT](https://img.shields.io/github/license/thegeeklab/ansible-later)](https://github.com/thegeeklab/ansible-later/blob/main/LICENSE)
> **Discontinued:** This project is no longer maintained. Please use [ansible-lint](https://github.com/ansible-community/ansible-lint) instead.
ansible-later is a best practice scanner and linting tool. In most cases, if you write Ansible roles in a team, it helps to have a coding or best practice guideline in place. This will make Ansible roles more readable for all maintainers and can reduce the troubleshooting time. While ansible-later aims to be a fast and easy to use linting tool for your Ansible resources, it might not be that feature completed as required in some situations. If you need a more in-depth analysis you can take a look at [ansible-lint](https://github.com/ansible-community/ansible-lint).
ansible-later does **not** ensure that your role will work as expected. For deployment tests you can use other tools like [molecule](https://github.com/ansible/molecule).
You can find the full documentation at [https://ansible-later.geekdocs.de](https://ansible-later.geekdocs.de/).
## Community
<!-- prettier-ignore-start -->
<!-- spellchecker-disable -->
- [GitHub Action](https://github.com/patrickjahns/ansible-later-action) by [@patrickjahns](https://github.com/patrickjahns)
<!-- spellchecker-enable -->
<!-- prettier-ignore-end -->
## Contributors
Special thanks to all [contributors](https://github.com/thegeeklab/ansible-later/graphs/contributors). If you would like to contribute,

View File

@ -7,8 +7,8 @@ import sys
from ansiblelater import LOG, __version__, logger
from ansiblelater.candidate import Candidate
from ansiblelater.rule import SingleRules
from ansiblelater.settings import Settings
from ansiblelater.standard import SingleStandards
def main():
@ -22,33 +22,33 @@ def main():
parser.add_argument(
"-r",
"--rules-dir",
dest="rules.standards",
metavar="RULES",
dest="rules.dir",
metavar="DIR",
action="append",
help="directory of standard rules",
help="directory of rules",
)
parser.add_argument(
"-B",
"--no-buildin",
dest="rules.buildin",
"--no-builtin",
dest="rules.builtin",
action="store_false",
help="disables build-in standard rules",
help="disables built-in rules",
)
parser.add_argument(
"-s",
"--standards",
dest="rules.filter",
metavar="FILTER",
"-i",
"--include-rules",
dest="rules.include_filter",
metavar="TAGS",
action="append",
help="limit standards to given ID's",
help="limit rules to given id/tags",
)
parser.add_argument(
"-x",
"--exclude-standards",
"--exclude-rules",
dest="rules.exclude_filter",
metavar="EXCLUDE_FILTER",
metavar="TAGS",
action="append",
help="exclude standards by given ID's",
help="exclude rules by given it/tags",
)
parser.add_argument(
"-v", dest="logging.level", action="append_const", const=-1, help="increase log level"
@ -65,7 +65,7 @@ def main():
config = settings.config
logger.update_logger(LOG, config["logging"]["level"], config["logging"]["json"])
SingleStandards(config["rules"]["standards"])
SingleRules(config["rules"]["dir"])
workers = max(multiprocessing.cpu_count() - 2, 2)
p = multiprocessing.Pool(workers)

View File

@ -3,14 +3,12 @@
import codecs
import copy
import os
import re
from ansible.plugins.loader import module_loader
from packaging.version import Version
from ansiblelater import LOG, utils
from ansiblelater import LOG
from ansiblelater.logger import flag_extra
from ansiblelater.standard import SingleStandards, StandardBase
from ansiblelater.rule import RuleBase, SingleRules
class Candidate:
@ -21,11 +19,12 @@ class Candidate:
bundled with necessary meta informations for rule processing.
"""
def __init__(self, filename, settings={}, standards=[]): # noqa
def __init__(self, filename, settings={}, rules=[]): # noqa
self.path = filename
self.binary = False
self.vault = False
self.filetype = type(self).__name__.lower()
self.filemeta = type(self).__name__.lower()
self.kind = type(self).__name__.lower()
self.faulty = False
self.config = settings.config
self.settings = settings
@ -37,166 +36,117 @@ class Candidate:
except UnicodeDecodeError:
self.binary = True
def _get_version(self):
name = type(self).__name__
path = self.path
version = None
config_version = self.config["rules"]["version"].strip()
if config_version:
version_config_re = re.compile(r"([\d.]+)")
match = version_config_re.match(config_version)
if match:
version = match.group(1)
if not self.binary:
if isinstance(self, RoleFile):
parentdir = os.path.dirname(os.path.abspath(self.path))
while parentdir != os.path.dirname(parentdir):
meta_file = os.path.join(parentdir, "meta", "main.yml")
if os.path.exists(meta_file):
path = meta_file
break
parentdir = os.path.dirname(parentdir)
version_file_re = re.compile(r"^# Standards:\s*([\d.]+)")
with codecs.open(path, mode="rb", encoding="utf-8") as f:
for line in f:
match = version_file_re.match(line)
if match:
version = match.group(1)
if version:
LOG.info(f"{name} {path} declares standards version {version}")
return version
def _filter_standards(self):
target_standards = []
includes = self.config["rules"]["filter"]
def _filter_rules(self):
target_rules = []
includes = self.config["rules"]["include_filter"]
excludes = self.config["rules"]["exclude_filter"]
if len(includes) == 0:
includes = [s.sid for s in self.standards]
includes = [s.rid for s in self.rules]
for standard in self.standards:
if standard.sid in includes and standard.sid not in excludes:
target_standards.append(standard)
for rule in self.rules:
if rule.rid in includes and rule.rid not in excludes:
target_rules.append(rule)
return target_standards
return target_rules
def review(self):
errors = 0
self.standards = SingleStandards(self.config["rules"]["standards"]).rules
self.version_config = self._get_version()
self.version = self.version_config or utils.standards_latest(self.standards)
self.rules = SingleRules(self.config["rules"]["dir"]).rules
for standard in self._filter_standards():
if type(self).__name__.lower() not in standard.types:
for rule in self._filter_rules():
if self.kind not in rule.types:
continue
result = standard.check(self, self.config)
result = rule.check(self, self.config)
if not result:
LOG.error(
f"Standard '{standard.sid}' returns an empty result object. Check failed!"
)
LOG.error(f"rule '{rule.rid}' returns an empty result object. Check failed!")
continue
labels = {
"tag": "review",
"standard": standard.description,
"rule": rule.description,
"file": self.path,
"passed": True,
}
if standard.sid and standard.sid.strip():
labels["sid"] = standard.sid
if rule.rid and rule.rid.strip():
labels["rid"] = rule.rid
for err in result.errors:
err_labels = copy.copy(labels)
err_labels["passed"] = False
sid = self._format_id(standard.sid)
rid = self._format_id(rule.rid)
path = self.path
description = standard.description
description = rule.description
if isinstance(err, StandardBase.Error):
if isinstance(err, RuleBase.Error):
err_labels.update(err.to_dict())
if not standard.version:
LOG.warning(
f"{sid}Best practice '{description}' not met:\n{path}:{err}",
extra=flag_extra(err_labels),
)
elif Version(standard.version) > Version(self.version):
LOG.warning(
f"{sid}Future standard '{description}' not met:\n{path}:{err}",
extra=flag_extra(err_labels),
)
else:
msg = f"{sid}Standard '{description}' not met:\n{path}:{err}"
msg = f"{rid}rule '{description}' not met:\n{path}:{err}"
if standard.sid not in self.config["rules"]["warning_filter"]:
LOG.error(msg, extra=flag_extra(err_labels))
errors = errors + 1
else:
LOG.warning(msg, extra=flag_extra(err_labels))
if rule.rid not in self.config["rules"]["warning_filter"]:
LOG.error(msg, extra=flag_extra(err_labels))
errors = errors + 1
else:
LOG.warning(msg, extra=flag_extra(err_labels))
return errors
@staticmethod
def classify(filename, settings={}, standards=[]): # noqa
def classify(filename, settings={}, rules=[]): # noqa
parentdir = os.path.basename(os.path.dirname(filename))
basename = os.path.basename(filename)
ext = os.path.splitext(filename)[1][1:]
if parentdir in ["tasks"]:
return Task(filename, settings, standards)
return Task(filename, settings, rules)
if parentdir in ["handlers"]:
return Handler(filename, settings, standards)
return Handler(filename, settings, rules)
if parentdir in ["vars", "defaults"]:
return RoleVars(filename, settings, standards)
return RoleVars(filename, settings, rules)
if "group_vars" in filename.split(os.sep):
return GroupVars(filename, settings, standards)
return GroupVars(filename, settings, rules)
if "host_vars" in filename.split(os.sep):
return HostVars(filename, settings, standards)
return HostVars(filename, settings, rules)
if parentdir in ["meta"] and "main" in basename:
return Meta(filename, settings, standards)
return Meta(filename, settings, rules)
if parentdir in ["meta"] and "argument_specs" in basename:
return ArgumentSpecs(filename, settings, standards)
return ArgumentSpecs(filename, settings, rules)
if parentdir in [
"library",
"lookup_plugins",
"callback_plugins",
"filter_plugins",
] or filename.endswith(".py"):
return Code(filename, settings, standards)
return Code(filename, settings, rules)
if basename == "inventory" or basename == "hosts" or parentdir in ["inventories"]:
return Inventory(filename, settings, standards)
return Inventory(filename, settings, rules)
if "rolesfile" in basename or ("requirements" in basename and ext in ["yaml", "yml"]):
return Rolesfile(filename, settings, standards)
return Rolesfile(filename, settings, rules)
if "Makefile" in basename:
return Makefile(filename, settings, standards)
return Makefile(filename, settings, rules)
if "templates" in filename.split(os.sep) or basename.endswith(".j2"):
return Template(filename, settings, standards)
return Template(filename, settings, rules)
if "files" in filename.split(os.sep):
return File(filename, settings, standards)
return File(filename, settings, rules)
if basename.endswith(".yml") or basename.endswith(".yaml"):
return Playbook(filename, settings, standards)
return Playbook(filename, settings, rules)
if "README" in basename:
return Doc(filename, settings, standards)
return Doc(filename, settings, rules)
return None
def _format_id(self, standard_id):
sid = standard_id.strip()
if sid:
standard_id = f"[{sid}] "
def _format_id(self, rule_id):
rid = rule_id.strip()
if rid:
rule_id = f"[{rid}] "
return standard_id
return rule_id
def __repr__(self):
return f"{type(self).__name__} ({self.path})"
return f"{self.kind} ({self.path})"
def __getitem__(self, item):
return self.__dict__.get(item)
@ -205,8 +155,8 @@ class Candidate:
class RoleFile(Candidate):
"""Object classified as Ansible role file."""
def __init__(self, filename, settings={}, standards=[]): # noqa
super().__init__(filename, settings, standards)
def __init__(self, filename, settings={}, rules=[]): # noqa
super().__init__(filename, settings, rules)
parentdir = os.path.dirname(os.path.abspath(filename))
while parentdir != os.path.dirname(parentdir):
@ -226,17 +176,17 @@ class Playbook(Candidate):
class Task(RoleFile):
"""Object classified as Ansible task file."""
def __init__(self, filename, settings={}, standards=[]): # noqa
super().__init__(filename, settings, standards)
self.filetype = "tasks"
def __init__(self, filename, settings={}, rules=[]): # noqa
super().__init__(filename, settings, rules)
self.filemeta = "tasks"
class Handler(RoleFile):
"""Object classified as Ansible handler file."""
def __init__(self, filename, settings={}, standards=[]): # noqa
super().__init__(filename, settings, standards)
self.filetype = "handlers"
def __init__(self, filename, settings={}, rules=[]): # noqa
super().__init__(filename, settings, rules)
self.filemeta = "handlers"
class Vars(Candidate):

View File

@ -82,7 +82,7 @@ class LogFilter:
class MultilineFormatter(logging.Formatter):
"""Logging Formatter to reset color after newline characters."""
def format(self, record): # noqa
def format(self, record):
record.msg = record.msg.replace("\n", f"\n{colorama.Style.RESET_ALL}... ")
record.msg = record.msg + "\n"
return logging.Formatter.format(self, record)
@ -91,7 +91,7 @@ class MultilineFormatter(logging.Formatter):
class MultilineJsonFormatter(jsonlogger.JsonFormatter):
"""Logging Formatter to remove newline characters."""
def format(self, record): # noqa
def format(self, record):
record.msg = record.msg.replace("\n", " ")
return jsonlogger.JsonFormatter.format(self, record)

View File

@ -1,4 +1,4 @@
"""Standard definition."""
"""Rule definition."""
import copy
import importlib
@ -27,27 +27,26 @@ from ansiblelater.utils.yamlhelper import (
)
class StandardMeta(type):
class RuleMeta(type):
def __call__(cls, *args):
mcls = type.__call__(cls, *args)
mcls.sid = cls.sid
mcls.rid = cls.rid
mcls.description = getattr(cls, "description", "__unknown__")
mcls.helptext = getattr(cls, "helptext", "")
mcls.version = getattr(cls, "version", None)
mcls.types = getattr(cls, "types", [])
return mcls
class StandardExtendedMeta(StandardMeta, ABCMeta):
class RuleExtendedMeta(RuleMeta, ABCMeta):
pass
class StandardBase(metaclass=StandardExtendedMeta):
class RuleBase(metaclass=RuleExtendedMeta):
SHELL_PIPE_CHARS = "&|<>;$\n*[]{}?"
@property
@abstractmethod
def sid(self):
def rid(self):
pass
@abstractmethod
@ -55,7 +54,7 @@ class StandardBase(metaclass=StandardExtendedMeta):
pass
def __repr__(self):
return f"Standard: {self.description} (version: {self.version}, types: {self.types})"
return f"Rule: {self.description} (types: {self.types})"
@staticmethod
def get_tasks(candidate, settings): # noqa
@ -69,11 +68,11 @@ class StandardBase(metaclass=StandardExtendedMeta):
except LaterError as ex:
e = ex.original
errors.append(
StandardBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
RuleBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
)
candidate.faulty = True
except LaterAnsibleError as e:
errors.append(StandardBase.Error(e.line, f"syntax error: {e.message}"))
errors.append(RuleBase.Error(e.line, f"syntax error: {e.message}"))
candidate.faulty = True
return yamllines, errors
@ -93,11 +92,11 @@ class StandardBase(metaclass=StandardExtendedMeta):
except LaterError as ex:
e = ex.original
errors.append(
StandardBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
RuleBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
)
candidate.faulty = True
except LaterAnsibleError as e:
errors.append(StandardBase.Error(e.line, f"syntax error: {e.message}"))
errors.append(RuleBase.Error(e.line, f"syntax error: {e.message}"))
candidate.faulty = True
return tasks, errors
@ -115,11 +114,11 @@ class StandardBase(metaclass=StandardExtendedMeta):
except LaterError as ex:
e = ex.original
errors.append(
StandardBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
RuleBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
)
candidate.faulty = True
except LaterAnsibleError as e:
errors.append(StandardBase.Error(e.line, f"syntax error: {e.message}"))
errors.append(RuleBase.Error(e.line, f"syntax error: {e.message}"))
candidate.faulty = True
return normalized, errors
@ -150,20 +149,21 @@ class StandardBase(metaclass=StandardExtendedMeta):
# No need to normalize_task if we are skipping it.
continue
normalized.append(
normalize_task(
task, candidate.path, settings["ansible"]["custom_modules"]
)
normalized_task = normalize_task(
task, candidate.path, settings["ansible"]["custom_modules"]
)
normalized_task["__raw_task__"] = task
normalized.append(normalized_task)
except LaterError as ex:
e = ex.original
errors.append(
StandardBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
RuleBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
)
candidate.faulty = True
except LaterAnsibleError as e:
errors.append(StandardBase.Error(e.line, f"syntax error: {e.message}"))
errors.append(RuleBase.Error(e.line, f"syntax error: {e.message}"))
candidate.faulty = True
return normalized, errors
@ -184,11 +184,11 @@ class StandardBase(metaclass=StandardExtendedMeta):
except LaterError as ex:
e = ex.original
errors.append(
StandardBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
RuleBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
)
candidate.faulty = True
except LaterAnsibleError as e:
errors.append(StandardBase.Error(e.line, f"syntax error: {e.message}"))
errors.append(RuleBase.Error(e.line, f"syntax error: {e.message}"))
candidate.faulty = True
return yamllines, errors
@ -210,7 +210,7 @@ class StandardBase(metaclass=StandardExtendedMeta):
content = yaml.safe_load(f)
except yaml.YAMLError as e:
errors.append(
StandardBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
RuleBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
)
candidate.faulty = True
@ -224,14 +224,14 @@ class StandardBase(metaclass=StandardExtendedMeta):
try:
with open(candidate.path, encoding="utf-8") as f:
for problem in linter.run(f, YamlLintConfig(options)):
errors.append(StandardBase.Error(problem.line, problem.desc))
errors.append(RuleBase.Error(problem.line, problem.desc))
except yaml.YAMLError as e:
errors.append(
StandardBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
RuleBase.Error(e.problem_mark.line + 1, f"syntax error: {e.problem}")
)
candidate.faulty = True
except (TypeError, ValueError) as e:
errors.append(StandardBase.Error(None, f"yamllint error: {e}"))
errors.append(RuleBase.Error(None, f"yamllint error: {e}"))
candidate.faulty = True
return errors
@ -302,7 +302,7 @@ class StandardBase(metaclass=StandardExtendedMeta):
return "\n".join([f"{self.candidate}:{error}" for error in self.errors])
class StandardLoader:
class RulesLoader:
def __init__(self, source):
self.rules = []
@ -331,23 +331,20 @@ class StandardLoader:
def _is_plugin(self, obj):
return (
inspect.isclass(obj)
and issubclass(obj, StandardBase)
and obj is not StandardBase
and not None
inspect.isclass(obj) and issubclass(obj, RuleBase) and obj is not RuleBase and not None
)
def validate(self):
normalized_std = list(toolz.remove(lambda x: x.sid == "", self.rules))
unique_std = len(list(toolz.unique(normalized_std, key=lambda x: x.sid)))
all_std = len(normalized_std)
if all_std != unique_std:
normalize_rule = list(toolz.remove(lambda x: x.rid == "", self.rules))
unique_rule = len(list(toolz.unique(normalize_rule, key=lambda x: x.rid)))
all_rules = len(normalize_rule)
if all_rules != unique_rule:
sysexit_with_message(
"Detect duplicate ID's in standards definition. Please use unique ID's only."
"Found duplicate tags in rules definition. Please use unique tags only."
)
class SingleStandards(StandardLoader, metaclass=Singleton):
class SingleRules(RulesLoader, metaclass=Singleton):
"""Singleton config class."""
pass

View File

@ -1,11 +1,10 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckBecomeUser(StandardBase):
sid = "ANSIBLE0015"
class CheckBecomeUser(RuleBase):
rid = "ANS115"
description = "Become should be combined with become_user"
helptext = "the task has `become` enabled but `become_user` is missing"
version = "0.1"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,14 +1,13 @@
import re
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
from ansiblelater.utils import count_spaces
class CheckBracesSpaces(StandardBase):
sid = "ANSIBLE0004"
class CheckBracesSpaces(RuleBase):
rid = "ANS104"
description = "YAML should use consistent number of spaces around variables"
helptext = "no suitable numbers of spaces (min: {min} max: {max})"
version = "0.1"
types = ["playbook", "task", "handler", "rolevars", "hostvars", "groupvars", "meta"]
def check(self, candidate, settings):

View File

@ -18,14 +18,13 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckChangedInWhen(StandardBase):
sid = "ANSIBLE0026"
class CheckChangedInWhen(RuleBase):
rid = "ANS126"
description = "Use handlers instead of `when: changed`"
helptext = "tasks using `when: result.changed` setting are effectively acting as a handler"
version = "0.2"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,14 +1,13 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckCommandHasChanges(StandardBase):
sid = "ANSIBLE0011"
class CheckCommandHasChanges(RuleBase):
rid = "ANS111"
description = "Commands should be idempotent"
helptext = (
"commands should only read while using `changed_when` or try to be "
"idempotent while using controls like `creates`, `removes` or `when`"
)
version = "0.1"
types = ["playbook", "task"]
def check(self, candidate, settings):

View File

@ -20,14 +20,13 @@
import os
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckCommandInsteadOfArgument(StandardBase):
sid = "ANSIBLE0017"
class CheckCommandInsteadOfArgument(RuleBase):
rid = "ANS117"
description = "Commands should not be used in place of module arguments"
helptext = "{exec} used in place of file modules argument {arg}"
version = "0.2"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,13 +1,12 @@
import os
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckCommandInsteadOfModule(StandardBase):
sid = "ANSIBLE0008"
class CheckCommandInsteadOfModule(RuleBase):
rid = "ANS108"
description = "Commands should not be used in place of modules"
helptext = "{exec} command used in place of {module} module"
version = "0.1"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,14 +1,13 @@
import re
from ansiblelater.candidate import Template
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckCompareToEmptyString(StandardBase):
sid = "ANSIBLE0012"
class CheckCompareToEmptyString(RuleBase):
rid = "ANS112"
description = 'Don\'t compare to empty string ""'
helptext = "use `when: var` rather than `when: var !=` (or conversely `when: not var`)"
version = "0.1"
types = ["playbook", "task", "handler", "template"]
def check(self, candidate, settings):

View File

@ -1,14 +1,13 @@
import re
from ansiblelater.candidate import Template
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckCompareToLiteralBool(StandardBase):
sid = "ANSIBLE0013"
class CheckCompareToLiteralBool(RuleBase):
rid = "ANS113"
description = "Don't compare to True or False"
helptext = "use `when: var` rather than `when: var == True` (or conversely `when: not var`)"
version = "0.1"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,11 +1,10 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckDeprecated(StandardBase):
sid = "ANSIBLE9999"
class CheckDeprecated(RuleBase):
rid = "ANS999"
description = "Deprecated features should not be used"
helptext = "'{old}' is deprecated and should not be used anymore. Use '{new}' instead."
version = "0.1"
helptext = "`{old}` is deprecated and should not be used anymore. Use `{new}` instead."
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -20,18 +20,17 @@
import os
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
from ansiblelater.utils import has_glob, has_jinja
class CheckDeprecatedBareVars(StandardBase):
sid = "ANSIBLE0027"
class CheckDeprecatedBareVars(RuleBase):
rid = "ANS127"
description = "Deprecated bare variables in loops must not be used"
helptext = (
"bare var '{barevar}' in '{loop_type}' must use full var syntax '{{{{ {barevar} }}}}' "
"or be converted to a list"
)
version = "0.3"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -0,0 +1,132 @@
# Original code written by the authors of ansible-lint
from ansiblelater.rule import RuleBase
from ansiblelater.utils import load_plugin
class CheckFQCNBuiltin(RuleBase):
rid = "ANS128"
helptext = "use FQCN `{module_alias}` for module action `{module}`"
description = "Module actions should use full qualified collection names"
types = ["playbook", "task", "handler", "rolevars", "hostvars", "groupvars"]
module_aliases = {"block/always/rescue": "block/always/rescue"}
def check(self, candidate, settings):
tasks, errors = self.get_normalized_tasks(candidate, settings)
_builtins = [
"add_host",
"apt",
"apt_key",
"apt_repository",
"assemble",
"assert",
"async_status",
"blockinfile",
"command",
"copy",
"cron",
"debconf",
"debug",
"dnf",
"dpkg_selections",
"expect",
"fail",
"fetch",
"file",
"find",
"gather_facts",
"get_url",
"getent",
"git",
"group",
"group_by",
"hostname",
"import_playbook",
"import_role",
"import_tasks",
"include",
"include_role",
"include_tasks",
"include_vars",
"iptables",
"known_hosts",
"lineinfile",
"meta",
"package",
"package_facts",
"pause",
"ping",
"pip",
"raw",
"reboot",
"replace",
"rpm_key",
"script",
"service",
"service_facts",
"set_fact",
"set_stats",
"setup",
"shell",
"slurp",
"stat",
"subversion",
"systemd",
"sysvinit",
"tempfile",
"template",
"unarchive",
"uri",
"user",
"wait_for",
"wait_for_connection",
"yum",
"yum_repository",
]
if errors:
return self.Result(candidate.path, errors)
for task in tasks:
module = task["action"]["__ansible_module_original__"]
if module not in self.module_aliases:
loaded_module = load_plugin(module)
target = loaded_module.resolved_fqcn
self.module_aliases[module] = target
if target is None:
self.module_aliases[module] = module
continue
if target not in self.module_aliases:
self.module_aliases[target] = target
if module != self.module_aliases[module]:
module_alias = self.module_aliases[module]
if module_alias.startswith("ansible.builtin"):
legacy_module = module_alias.replace(
"ansible.builtin.",
"ansible.legacy.",
1,
)
if module != legacy_module:
helptext = self.helptext.format(module_alias=module_alias, module=module)
if module == "ansible.builtin.include":
helptext = (
"`ansible.builtin.include_task` or `ansible.builtin.import_tasks` "
f"should be used instead of deprecated `{module}`",
)
errors.append(self.Error(task["__line__"], helptext))
else:
if module.count(".") < 2:
errors.append(
self.Error(
task["__line__"],
self.helptext.format(module_alias=module_alias, module=module),
)
)
return self.Result(candidate.path, errors)

View File

@ -19,17 +19,16 @@
# THE SOFTWARE.
import re
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckFilePermissionMissing(StandardBase):
sid = "ANSIBLE0018"
class CheckFilePermissionMissing(RuleBase):
rid = "ANS118"
description = "File permissions unset or incorrect"
helptext = (
"`mode` parameter should set permissions explicitly (e.g. `mode: 0644`) "
"to avoid unexpected file permissions"
)
version = "0.2"
types = ["playbook", "task", "handler"]
_modules = {

View File

@ -18,14 +18,13 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckFilePermissionOctal(StandardBase):
sid = "ANSIBLE0019"
description = "Octal file permissions must contain leading zero or be a string"
helptext = "numeric file permissions without leading zero can behave in unexpected ways"
version = "0.2"
class CheckFilePermissionOctal(RuleBase):
rid = "ANS119"
description = "Numeric file permissions without a leading zero can behave unexpectedly"
helptext = '`mode: {mode}` should be strings with a leading zero `mode: "0{mode}"`'
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):
@ -48,7 +47,9 @@ class CheckFilePermissionOctal(StandardBase):
mode = task["action"].get("mode", None)
if isinstance(mode, int) and self._is_invalid_permission(mode):
errors.append(self.Error(task["__line__"], self.helptext))
errors.append(
self.Error(task["__line__"], self.helptext.format(mode=mode))
)
return self.Result(candidate.path, errors)

View File

@ -1,13 +1,12 @@
import re
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckFilterSeparation(StandardBase):
sid = "ANSIBLE0016"
class CheckFilterSeparation(RuleBase):
rid = "ANS116"
description = "Jinja2 filters should be separated with spaces"
helptext = "no suitable numbers of spaces (required: 1)"
version = "0.1"
types = ["playbook", "task", "handler", "rolevars", "hostvars", "groupvars"]
def check(self, candidate, settings):

View File

@ -18,14 +18,13 @@
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckGitHasVersion(StandardBase):
sid = "ANSIBLE0020"
class CheckGitHasVersion(RuleBase):
rid = "ANS120"
description = "Git checkouts should use explicit version"
helptext = "git checkouts should point to an explicit commit or tag, not `latest`"
version = "0.2"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,11 +1,10 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckInstallUseLatest(StandardBase):
sid = "ANSIBLE0009"
class CheckInstallUseLatest(RuleBase):
rid = "ANS109"
description = "Package installs should use present, not latest"
helptext = "package installs should use `state=present` with or without a version"
version = "0.1"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -0,0 +1,89 @@
# Original code written by the authors of ansible-lint
import functools
from ansiblelater.rule import RuleBase
SORTER_TASKS = (
"name",
# "__module__",
# "action",
# "args",
None, # <-- None include all modules that not using action and *
# "when",
# "notify",
# "tags",
"block",
"rescue",
"always",
)
class CheckKeyOrder(RuleBase):
rid = "ANS129"
description = "Check for recommended key order"
helptext = "{type} key order can be improved to `{sorted_keys}`"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):
errors = []
tasks, err = self.get_normalized_tasks(candidate, settings)
if err:
return self.Result(candidate.path, err)
for task in tasks:
is_sorted, keys = self._sort_keys(task.get("__raw_task__"))
if not is_sorted:
errors.append(
self.Error(
task["__line__"],
self.helptext.format(type="task", sorted_keys=", ".join(keys)),
)
)
if candidate.kind == "playbook":
tasks, err = self.get_tasks(candidate, settings)
if err:
return self.Result(candidate.path, err)
for task in tasks:
is_sorted, keys = self._sort_keys(task)
if not is_sorted:
errors.append(
self.Error(
task["__line__"],
self.helptext.format(type="play", sorted_keys=", ".join(keys)),
)
)
return self.Result(candidate.path, errors)
@staticmethod
def _sort_keys(task):
if not task:
return True, []
keys = [str(key) for key in task if not key.startswith("_")]
sorted_keys = sorted(keys, key=functools.cmp_to_key(_task_property_sorter))
return (keys == sorted_keys), sorted_keys
def _task_property_sorter(property1, property2):
"""Sort task properties based on SORTER."""
v_1 = _get_property_sort_index(property1)
v_2 = _get_property_sort_index(property2)
return (v_1 > v_2) - (v_1 < v_2)
def _get_property_sort_index(name):
"""Return the index of the property in the sorter."""
a_index = -1
for i, v in enumerate(SORTER_TASKS):
if v == name:
return i
if v is None:
a_index = i
return a_index

View File

@ -1,13 +1,12 @@
import re
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckLiteralBoolFormat(StandardBase):
sid = "ANSIBLE0014"
class CheckLiteralBoolFormat(RuleBase):
rid = "ANS114"
description = "Literal bools should be consistent"
helptext = "literal bools should be written as `{bools}`"
version = "0.1"
types = ["playbook", "task", "handler", "rolevars", "hostvars", "groupvars"]
def check(self, candidate, settings):

View File

@ -1,13 +1,12 @@
# Copyright (c) 2016, Tsukinowa Inc. <info@tsukinowa.jp>
# Copyright (c) 2018, Ansible Project
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckLocalAction(StandardBase):
sid = "ANSIBLE0024"
class CheckLocalAction(RuleBase):
rid = "ANS124"
description = "Don't use local_action"
helptext = "`delegate_to: localhost` should be used instead of `local_action`"
version = "0.2"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,14 +1,13 @@
# Copyright (c) 2018, Ansible Project
from nested_lookup import nested_lookup
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckMetaChangeFromDefault(StandardBase):
sid = "ANSIBLE0021"
class CheckMetaChangeFromDefault(RuleBase):
rid = "ANS121"
description = "Roles meta/main.yml default values should be changed"
helptext = "meta/main.yml default values should be changed for: `{field}`"
version = "0.2"
types = ["meta"]
def check(self, candidate, settings):

View File

@ -1,13 +1,12 @@
from nested_lookup import nested_lookup
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckMetaMain(StandardBase):
sid = "ANSIBLE0002"
class CheckMetaMain(RuleBase):
rid = "ANS102"
description = "Roles must contain suitable meta/main.yml"
helptext = "file should contain `{key}` key"
version = "0.1"
types = ["meta"]
def check(self, candidate, settings):

View File

@ -1,13 +1,12 @@
from collections import defaultdict
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckNameFormat(StandardBase):
sid = "ANSIBLE0007"
class CheckNameFormat(RuleBase):
rid = "ANS107"
description = "Name of tasks and handlers must be formatted"
helptext = "name '{name}' should start with uppercase"
version = "0.1"
helptext = "name `{name}` should start with uppercase"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,11 +1,10 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckNamedTask(StandardBase):
sid = "ANSIBLE0006"
class CheckNamedTask(RuleBase):
rid = "ANS106"
description = "Tasks and handlers must be named"
helptext = "module '{module}' used without or empty `name` attribute"
version = "0.1"
helptext = "module `{module}` used without or empty `name` attribute"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,11 +1,10 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckNativeYaml(StandardBase):
sid = "LINT0008"
class CheckNativeYaml(RuleBase):
rid = "YML108"
description = "Use YAML format for tasks and handlers rather than key=value"
helptext = "task arguments appear to be in key value rather than YAML format"
version = "0.1"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -21,17 +21,16 @@
# THE SOFTWARE.
import re
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckNestedJinja(StandardBase):
sid = "ANSIBLE0023"
class CheckNestedJinja(RuleBase):
rid = "ANS123"
description = "Don't use nested Jinja2 pattern"
helptext = (
"there should not be any nested jinja pattern "
"like `{{ list_one + {{ list_two | max }} }}`"
)
version = "0.2"
types = ["playbook", "task", "handler", "rolevars", "hostvars", "groupvars"]
def check(self, candidate, settings):

View File

@ -1,13 +1,12 @@
# Copyright (c) 2016, Tsukinowa Inc. <info@tsukinowa.jp>
# Copyright (c) 2018, Ansible Project
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckRelativeRolePaths(StandardBase):
sid = "ANSIBLE0025"
class CheckRelativeRolePaths(RuleBase):
rid = "ANS125"
description = "Don't use a relative path in a role"
helptext = "`copy` and `template` modules don't need relative path for `src`"
version = "0.2"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,13 +1,12 @@
from ansible.parsing.yaml.objects import AnsibleMapping
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckScmInSrc(StandardBase):
sid = "ANSIBLE0005"
class CheckScmInSrc(RuleBase):
rid = "ANS105"
description = "Use `scm:` key rather than `src: scm+url`"
helptext = "usage of `src: scm+url` not recommended"
version = "0.1"
types = ["rolesfile"]
def check(self, candidate, settings):

View File

@ -1,11 +1,10 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckShellInsteadCommand(StandardBase):
sid = "ANSIBLE0010"
class CheckShellInsteadCommand(RuleBase):
rid = "ANS110"
description = "Shell should only be used when essential"
helptext = "shell should only be used when piping, redirecting or chaining commands"
version = "0.1"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,14 +1,13 @@
import re
from collections import defaultdict
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckTaskSeparation(StandardBase):
sid = "ANSIBLE0001"
class CheckTaskSeparation(RuleBase):
rid = "ANS101"
description = "Single tasks should be separated by empty line"
helptext = "missing task separation (required: 1 empty line)"
version = "0.1"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,13 +1,12 @@
from collections import defaultdict
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckUniqueNamedTask(StandardBase):
sid = "ANSIBLE0003"
class CheckUniqueNamedTask(RuleBase):
rid = "ANS103"
description = "Tasks and handlers must be uniquely named within a single file"
helptext = "name '{name}' appears multiple times"
version = "0.1"
helptext = "name `{name}` appears multiple times"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,16 +0,0 @@
from ansiblelater.standard import StandardBase
class CheckVersion(StandardBase):
sid = "ANSIBLE9998"
description = "Standards version should be pinned"
helptext = "Standards version not set. Using latest standards version {version}"
types = ["task", "handler", "rolevars", "meta", "template", "file", "playbook"]
def check(self, candidate, settings): # noqa
errors = []
if not candidate.version_config:
errors.append(self.Error(None, self.helptext.format(version=candidate.version)))
return self.Result(candidate.path, errors)

View File

@ -1,13 +1,13 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckWhenFormat(StandardBase):
sid = "ANSIBLE0022"
class CheckWhenFormat(RuleBase):
rid = "ANS122"
description = "Don't use Jinja2 in when"
helptext = (
"`when` is a raw Jinja2 expression, redundant {{ }} " "should be removed from variable(s)"
"`when` is a raw Jinja2 expression, redundant `{{ }}` should be removed from variable(s)"
)
version = "0.2"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,10 +1,9 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckYamlColons(StandardBase):
sid = "LINT0005"
class CheckYamlColons(RuleBase):
rid = "YML105"
description = "YAML should use consistent number of spaces around colons"
version = "0.1"
types = ["playbook", "task", "handler", "rolevars", "hostvars", "groupvars", "meta"]
def check(self, candidate, settings):

View File

@ -1,10 +1,9 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckYamlDocumentEnd(StandardBase):
sid = "LINT0009"
description = "YAML should contain document end marker"
version = "0.1"
class CheckYamlDocumentEnd(RuleBase):
rid = "YML109"
description = "YAML document end marker should match configuration"
types = ["playbook", "task", "handler", "rolevars", "hostvars", "groupvars", "meta"]
def check(self, candidate, settings):

View File

@ -1,10 +1,9 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckYamlDocumentStart(StandardBase):
sid = "LINT0004"
description = "YAML should contain document start marker"
version = "0.1"
class CheckYamlDocumentStart(RuleBase):
rid = "YML104"
description = "YAML document start marker should match configuration"
types = ["playbook", "task", "handler", "rolevars", "hostvars", "groupvars", "meta"]
def check(self, candidate, settings):

View File

@ -1,10 +1,9 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckYamlEmptyLines(StandardBase):
sid = "LINT0001"
class CheckYamlEmptyLines(RuleBase):
rid = "YML101"
description = "YAML should not contain unnecessarily empty lines"
version = "0.1"
types = ["playbook", "task", "handler", "rolevars", "hostvars", "groupvars", "meta"]
def check(self, candidate, settings):

View File

@ -1,13 +1,12 @@
import os
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckYamlFile(StandardBase):
sid = "LINT0006"
class CheckYamlFile(RuleBase):
rid = "YML106"
description = "Roles file should be in yaml format"
helptext = "file does not have a .yml extension"
version = "0.1"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -1,11 +1,10 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckYamlHasContent(StandardBase):
sid = "LINT0007"
class CheckYamlHasContent(RuleBase):
rid = "YML107"
description = "Files should contain useful content"
helptext = "the file appears to have no useful content"
version = "0.1"
types = ["playbook", "task", "handler", "rolevars", "defaults", "meta"]
def check(self, candidate, settings):

View File

@ -1,10 +1,9 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckYamlHyphens(StandardBase):
sid = "LINT0003"
class CheckYamlHyphens(RuleBase):
rid = "YML103"
description = "YAML should use consistent number of spaces after hyphens"
version = "0.1"
types = ["playbook", "task", "handler", "rolevars", "hostvars", "groupvars", "meta"]
def check(self, candidate, settings):

View File

@ -1,10 +1,9 @@
from ansiblelater.standard import StandardBase
from ansiblelater.rule import RuleBase
class CheckYamlIndent(StandardBase):
sid = "LINT0002"
class CheckYamlIndent(RuleBase):
rid = "YML102"
description = "YAML should not contain unnecessarily empty lines"
version = "0.1"
types = ["playbook", "task", "handler", "rolevars", "hostvars", "groupvars", "meta"]
def check(self, candidate, settings):

View File

@ -0,0 +1,13 @@
from ansiblelater.rule import RuleBase
class CheckYamlOctalValues(RuleBase):
rid = "YML110"
description = "YAML implicit/explicit octal value should match configuration"
types = ["playbook", "task", "handler", "rolevars", "hostvars", "groupvars", "meta"]
def check(self, candidate, settings):
options = f"rules: {{octal-values: {settings['yamllint']['octal-values']}}}"
errors = self.run_yamllint(candidate, options)
return self.Result(candidate.path, errors)

View File

@ -1,5 +1,6 @@
"""Global settings object definition."""
import importlib.resources
import os
import anyconfig
@ -7,7 +8,6 @@ import jsonschema.exceptions
import pathspec
from appdirs import AppDirs
from jsonschema._utils import format_as_index
from pkg_resources import resource_filename
from ansiblelater import utils
@ -104,13 +104,13 @@ class Settings:
if f not in defaults["ansible"]["custom_modules"]:
defaults["ansible"]["custom_modules"].append(f)
if defaults["rules"]["buildin"]:
defaults["rules"]["standards"].append(
os.path.join(resource_filename("ansiblelater", "rules"))
)
if defaults["rules"]["builtin"]:
ref = importlib.resources.files("ansiblelater") / "rules"
with importlib.resources.as_file(ref) as path:
defaults["rules"]["dir"].append(path)
defaults["rules"]["standards"] = [
os.path.relpath(os.path.normpath(p)) for p in defaults["rules"]["standards"]
defaults["rules"]["dir"] = [
os.path.relpath(os.path.normpath(p)) for p in defaults["rules"]["dir"]
]
return defaults
@ -118,17 +118,16 @@ class Settings:
def _get_defaults(self):
defaults = {
"rules": {
"buildin": True,
"standards": [],
"filter": [],
"builtin": True,
"dir": [],
"include_filter": [],
"exclude_filter": [],
"warning_filter": [
"ANSIBLE9999",
"ANSIBLE9998",
"ANS128",
"ANS999",
],
"ignore_dotfiles": True,
"exclude_files": [],
"version": "",
},
"logging": {
"level": "WARNING",
@ -145,7 +144,7 @@ class Settings:
"exclude": [
"meta",
"debug",
"block",
"block/always/rescue",
"include_role",
"import_role",
"include_tasks",
@ -175,12 +174,16 @@ class Settings:
"present": True,
},
"document-end": {
"present": True,
"present": False,
},
"colons": {
"max-spaces-before": 0,
"max-spaces-after": 1,
},
"octal-values": {
"forbid-implicit-octal": True,
"forbid-explicit-octal": True,
},
},
}

View File

@ -4,9 +4,10 @@ import contextlib
import re
import sys
from contextlib import suppress
from functools import lru_cache
import yaml
from packaging.version import Version
from ansible.plugins.loader import module_loader
from ansiblelater import logger
@ -35,12 +36,6 @@ def count_spaces(c_string):
return (leading_spaces, trailing_spaces)
def standards_latest(standards):
return max(
[standard.version for standard in standards if standard.version] or ["0.1"], key=Version
)
def lines_ranges(lines_spec):
if not lines_spec:
return None
@ -84,9 +79,7 @@ def open_file(filename, mode="r"):
def add_dict_branch(tree, vector, value):
key = vector[0]
tree[key] = (
value
if len(vector) == 1
else add_dict_branch(tree[key] if key in tree else {}, vector[1:], value)
value if len(vector) == 1 else add_dict_branch(tree.get(key, {}), vector[1:], value)
)
return tree
@ -121,3 +114,21 @@ class Singleton(type):
if cls not in cls._instances:
cls._instances[cls] = super().__call__(*args, **kwargs)
return cls._instances[cls]
@lru_cache
def load_plugin(name):
"""Return loaded ansible plugin/module."""
loaded_module = module_loader.find_plugin_with_context(
name,
ignore_deprecated=True,
check_aliases=True,
)
if not loaded_module.resolved and name.startswith("ansible.builtin."):
# fallback to core behavior of using legacy
loaded_module = module_loader.find_plugin_with_context(
name.replace("ansible.builtin.", "ansible.legacy."),
ignore_deprecated=True,
check_aliases=True,
)
return loaded_module

View File

@ -65,11 +65,11 @@ def ansible_template(basedir, varname, templatevars, **kwargs):
try:
from ansible.plugins import module_loader
except ImportError:
from ansible.plugins.loader import init_plugin_loader, module_loader
init_plugin_loader()
except ImportError:
from ansible.plugins.loader import module_loader
LINE_NUMBER_KEY = "__line__"
FILENAME_KEY = "__file__"
@ -369,12 +369,63 @@ def _kv_to_dict(v):
def normalize_task(task, filename, custom_modules=None):
"""Ensure tasks have an action key and strings are converted to python objects."""
if custom_modules is None:
custom_modules = []
def _normalize(task, custom_modules):
if custom_modules is None:
custom_modules = []
ansible_action_type = task.get("__ansible_action_type__", "task")
if "__ansible_action_type__" in task:
del task["__ansible_action_type__"]
normalized = {}
ansible_parsed_keys = ("action", "local_action", "args", "delegate_to")
if is_nested_task(task):
_extract_ansible_parsed_keys_from_task(normalized, task, ansible_parsed_keys)
# Add dummy action for block/always/rescue statements
normalized["action"] = {
"__ansible_module__": "block/always/rescue",
"__ansible_module_original__": "block/always/rescue",
"__ansible_arguments__": "block/always/rescue",
}
return normalized
builtin = list(ansible.parsing.mod_args.BUILTIN_TASKS)
builtin = list(set(builtin + custom_modules))
ansible.parsing.mod_args.BUILTIN_TASKS = frozenset(builtin)
mod_arg_parser = ModuleArgsParser(task)
try:
action, arguments, normalized["delegate_to"] = mod_arg_parser.parse()
except AnsibleParserError as e:
raise LaterAnsibleError(e) from e
# denormalize shell -> command conversion
if "_uses_shell" in arguments:
action = "shell"
del arguments["_uses_shell"]
for k, v in list(task.items()):
if k in ansible_parsed_keys or k == action:
# we don"t want to re-assign these values, which were
# determined by the ModuleArgsParser() above
continue
normalized[k] = v
# convert builtin fqn calls to short forms because most rules know only
# about short calls
normalized["action"] = {
"__ansible_module__": action.removeprefix("ansible.builtin."),
"__ansible_module_original__": action,
}
if "_raw_params" in arguments:
normalized["action"]["__ansible_arguments__"] = (
arguments["_raw_params"].strip().split()
)
del arguments["_raw_params"]
else:
normalized["action"]["__ansible_arguments__"] = []
normalized["action"].update(arguments)
return normalized
# temp. extract metadata
ansible_meta = {}
@ -386,39 +437,11 @@ def normalize_task(task, filename, custom_modules=None):
ansible_meta[key] = task.pop(key, default)
normalized = {}
ansible_action_type = task.get("__ansible_action_type__", "task")
if "__ansible_action_type__" in task:
del task["__ansible_action_type__"]
builtin = list(ansible.parsing.mod_args.BUILTIN_TASKS)
builtin = list(set(builtin + custom_modules))
ansible.parsing.mod_args.BUILTIN_TASKS = frozenset(builtin)
mod_arg_parser = ModuleArgsParser(task)
try:
action, arguments, normalized["delegate_to"] = mod_arg_parser.parse()
except AnsibleParserError as e:
raise LaterAnsibleError(e) from e
# denormalize shell -> command conversion
if "_uses_shell" in arguments:
action = "shell"
del arguments["_uses_shell"]
for k, v in list(task.items()):
if k in ("action", "local_action", "args", "delegate_to") or k == action:
# we don"t want to re-assign these values, which were
# determined by the ModuleArgsParser() above
continue
normalized[k] = v
normalized["action"] = {"__ansible_module__": action}
if "_raw_params" in arguments:
normalized["action"]["__ansible_arguments__"] = arguments["_raw_params"].strip().split()
del arguments["_raw_params"]
else:
normalized["action"]["__ansible_arguments__"] = []
normalized["action"].update(arguments)
normalized = _normalize(task, custom_modules)
normalized[FILENAME_KEY] = filename
normalized["__ansible_action_type__"] = ansible_action_type
@ -431,22 +454,17 @@ def normalize_task(task, filename, custom_modules=None):
return normalized
def action_tasks(yaml, file):
def action_tasks(yaml, candidate):
tasks = []
if file["filetype"] in ["tasks", "handlers"]:
tasks = add_action_type(yaml, file["filetype"])
if candidate.filemeta in ["tasks", "handlers"]:
tasks = add_action_type(yaml, candidate.filemeta)
else:
tasks.extend(extract_from_list(yaml, ["tasks", "handlers", "pre_tasks", "post_tasks"]))
# Add sub-elements of block/rescue/always to tasks list
tasks.extend(extract_from_list(tasks, ["block", "rescue", "always"]))
# Remove block/rescue/always elements from tasks list
block_rescue_always = ("block", "rescue", "always")
tasks[:] = [task for task in tasks if all(k not in task for k in block_rescue_always)]
allowed = ["include", "include_tasks", "import_playbook", "import_tasks"]
return [task for task in tasks if set(allowed).isdisjoint(task.keys())]
return tasks
def task_to_str(task):
@ -475,7 +493,10 @@ def extract_from_list(blocks, candidates):
meta_data = dict(block)
for key in delete_meta_keys:
meta_data.pop(key, None)
results.extend(add_action_type(block[candidate], candidate, meta_data))
actions = add_action_type(block[candidate], candidate, meta_data)
results.extend(actions)
elif block[candidate] is not None:
raise RuntimeError(
f"Key '{candidate}' defined, but bad value: '{block[candidate]!s}'"
@ -564,6 +585,26 @@ def normalized_yaml(file, options):
return lines
def is_nested_task(task):
"""Check if task includes block/always/rescue."""
# Cannot really trust the input
if isinstance(task, str):
return False
return any(task.get(key) for key in ["block", "rescue", "always"])
def _extract_ansible_parsed_keys_from_task(result, task, keys):
"""Return a dict with existing key in task."""
for k, v in list(task.items()):
if k in keys:
# we don't want to re-assign these values, which were
# determined by the ModuleArgsParser() above
continue
result[k] = v
return result
class UnsafeTag:
"""Handle custom yaml unsafe tag."""

View File

@ -1,18 +1,17 @@
---
title: Minimal standard checks
title: Write a rule
---
A typical standards check will look like:
A typical rule check will look like:
<!-- prettier-ignore-start -->
<!-- spellchecker-disable -->
{{< highlight Python "linenos=table" >}}
class CheckBecomeUser(StandardBase):
class CheckBecomeUser(RuleBase):
sid = "ANSIBLE0015"
rid = "ANS115"
description = "Become should be combined with become_user"
helptext = "the task has `become` enabled but `become_user` is missing"
version = "0.1"
types = ["playbook", "task", "handler"]
def check(self, candidate, settings):

View File

@ -8,28 +8,27 @@ You can get all available CLI options by running `ansible-later --help`:
<!-- spellchecker-disable -->
{{< highlight Shell "linenos=table" >}}
$ ansible-later --help
usage: ansible-later [-h] [-c CONFIG_FILE] [-r RULES.STANDARDS]
[-s RULES.FILTER] [-v] [-q] [--version]
[rules.files [rules.files ...]]
usage: ansible-later [-h] [-c CONFIG] [-r DIR] [-B] [-i TAGS] [-x TAGS] [-v] [-q] [-V] [rules.files ...]
Validate Ansible files against best practice guideline
positional arguments:
rules.files
optional arguments:
options:
-h, --help show this help message and exit
-c CONFIG_FILE, --config CONFIG_FILE
location of configuration file
-r RULES.STANDARDS, --rules RULES.STANDARDS
location of standards rules
-s RULES.FILTER, --standards RULES.FILTER
limit standards to given ID's
-x RULES.EXCLUDE_FILTER, --exclude-standards RULES.EXCLUDE_FILTER
exclude standards by given ID's
-c CONFIG, --config CONFIG
path to configuration file
-r DIR, --rules-dir DIR
directory of rules
-B, --no-builtin disables built-in rules
-i TAGS, --include-rules TAGS
limit rules to given id/tags
-x TAGS, --exclude-rules TAGS
exclude rules by given it/tags
-v increase log level
-q decrease log level
--version show program's version number and exit
-V, --version show program's version number and exit
{{< /highlight >}}
<!-- spellchecker-enable -->
<!-- prettier-ignore-end -->

View File

@ -16,32 +16,32 @@ ansible:
# directory will be auto-detected and don't need to be added to this list.
custom_modules: []
# Settings for variable formatting rule (ANSIBLE0004)
# Settings for variable formatting rule (ANS104)
double-braces:
max-spaces-inside: 1
min-spaces-inside: 1
# List of allowed literal bools (ANSIBLE0014)
# List of allowed literal bools (ANS114)
literal-bools:
- "True"
- "False"
- "yes"
- "no"
# List of modules that don't need to be named (ANSIBLE0006).
# List of modules that don't need to be named (ANS106).
# You must specify each individual module name, globs or wildcards do not work!
named-task:
exclude:
- "meta"
- "debug"
- "block"
- "block/always/rescue"
- "include_role"
- "include_tasks"
- "include_vars"
- "import_role"
- "import_tasks"
# List of modules that are allowed to use the key=value format instead of the native YAML format (LINT0008).
# List of modules that are allowed to use the key=value format instead of the native YAML format (YML108).
# You must specify each individual module name, globs or wildcards do not work!
native-yaml:
exclude: []
@ -58,8 +58,8 @@ logging:
# Global settings for all defined rules
rules:
# Disable build-in rules if required
buildin: True
# Disable built-in rules if required
builtin: True
# List of files to exclude
exclude_files: []
@ -75,22 +75,17 @@ rules:
exclude_filter: []
# List of rule ID's that should be displayed as a warning instead of an error. By default,
# only rules whose version is higher than the current default version are marked as warnings.
# This list allows to degrade errors to warnings for each rule.
# no rules are marked as warnings. This list allows to degrade errors to warnings for each rule.
warning_filter:
- "ANSIBLE9999"
- "ANSIBLE9998"
- "ANS128"
- "ANS999"
# All dotfiles (including hidden folders) are excluded by default.
# You can disable this setting and handle dotfiles by yourself with `exclude_files`.
ignore_dotfiles: True
# List of directories to load standard rules from (defaults to build-in)
standards: []
# Standard version to use. Standard version set in a roles meta file
# or playbook will takes precedence.
version:
# List of directories to load rules from (defaults to built-in)
dir: []
# Block to control included yamllint rules.
# See https://yamllint.readthedocs.io/en/stable/rules.html
@ -100,6 +95,8 @@ yamllint:
max-spaces-before: 0
document-start:
present: True
document-end:
present: True
empty-lines:
max: 1
max-end: 1

View File

@ -2,45 +2,47 @@
title: Included rules
---
Reviews are useless without some rules or standards to check against. ansible-later comes with a set of built-in checks, which are explained in the following table.
Reviews are useless without some rules to check against. `ansible-later` comes with a set of built-in checks, which are explained in the following table.
| Rule | ID | Description | Parameter |
| ----------------------------- | ----------- | ----------------------------------------------------------------- | ---------------------------------------------------------------------- |
| CheckYamlEmptyLines | LINT0001 | YAML should not contain unnecessarily empty lines. | {max: 1, max-start: 0, max-end: 1} |
| CheckYamlIndent | LINT0002 | YAML should be correctly indented. | {spaces: 2, check-multi-line-strings: false, indent-sequences: true} |
| CheckYamlHyphens | LINT0003 | YAML should use consistent number of spaces after hyphens (-). | {max-spaces-after: 1} |
| CheckYamlDocumentStart | LINT0004 | YAML should contain document start marker. | {document-start: {present: true}} |
| CheckYamlColons | LINT0005 | YAML should use consistent number of spaces around colons. | {colons: {max-spaces-before: 0, max-spaces-after: 1}} |
| CheckYamlFile | LINT0006 | Roles file should be in YAML format. | |
| CheckYamlHasContent | LINT0007 | Files should contain useful content. | |
| CheckNativeYaml | LINT0008 | Use YAML format for tasks and handlers rather than key=value. | {native-yaml: {exclude: []}} |
| CheckYamlDocumentEnd | LINT0009 | YAML should contain document end marker. | {document-end: {present: true}} |
| CheckTaskSeparation | ANSIBLE0001 | Single tasks should be separated by an empty line. | |
| CheckMetaMain | ANSIBLE0002 | Meta file should contain a basic subset of parameters. | author, description, min_ansible_version, platforms, dependencies |
| CheckUniqueNamedTask | ANSIBLE0003 | Tasks and handlers must be uniquely named within a file. | |
| CheckBraces | ANSIBLE0004 | YAML should use consistent number of spaces around variables. | {double-braces: max-spaces-inside: 1, min-spaces-inside: 1} |
| CheckScmInSrc | ANSIBLE0005 | Use SCM key rather than `src: scm+url` in requirements file. | |
| CheckNamedTask | ANSIBLE0006 | Tasks and handlers must be named. | {named-task: {exclude: [meta, debug, block, include\_\*, import\_\*]}} |
| CheckNameFormat | ANSIBLE0007 | Name of tasks and handlers must be formatted. | formats: first letter capital |
| CheckCommandInsteadofModule | ANSIBLE0008 | Commands should not be used in place of modules. | |
| CheckInstallUseLatest | ANSIBLE0009 | Package managers should not install with state=latest. | |
| CheckShellInsteadCommand | ANSIBLE0010 | Use Shell only when piping, redirecting or chaining commands. | |
| CheckCommandHasChanges | ANSIBLE0011 | Commands should be idempotent and only used with some checks. | |
| CheckCompareToEmptyString | ANSIBLE0012 | Don't compare to "" - use `when: var` or `when: not var`. | |
| CheckCompareToLiteralBool | ANSIBLE0013 | Don't compare to True/False - use `when: var` or `when: not var`. | |
| CheckLiteralBoolFormat | ANSIBLE0014 | Literal bools should be consistent. | {literal-bools: [True, False, yes, no]} |
| CheckBecomeUser | ANSIBLE0015 | Become should be combined with become_user. | |
| CheckFilterSeparation | ANSIBLE0016 | Jinja2 filters should be separated with spaces. | |
| CheckCommandInsteadOfArgument | ANSIBLE0017 | Commands should not be used in place of module arguments. | |
| CheckFilePermissionMissing | ANSIBLE0018 | File permissions unset or incorrect. | |
| CheckFilePermissionOctal | ANSIBLE0019 | Octal file permissions must contain leading zero or be a string. | |
| CheckGitHasVersion | ANSIBLE0020 | Git checkouts should use explicit version. | |
| CheckMetaChangeFromDefault | ANSIBLE0021 | Roles meta/main.yml default values should be changed. | |
| CheckWhenFormat | ANSIBLE0022 | Don't use Jinja2 in `when`. | |
| CheckNestedJinja | ANSIBLE0023 | Don't use nested Jinja2 pattern. | |
| CheckLocalAction | ANSIBLE0024 | Don't use local_action. | |
| CheckRelativeRolePaths | ANSIBLE0025 | Don't use a relative path in a role. | |
| CheckChangedInWhen | ANSIBLE0026 | Use handlers instead of `when: changed`. | |
| CheckChangedInWhen | ANSIBLE0027 | Deprecated bare variables in loops must not be used. | |
| CheckVersion | ANSIBLE9998 | Standards version should be pinned. | |
| CheckDeprecated | ANSIBLE9999 | Deprecated features of `ansible-later` should not be used. | |
| Rule | ID | Description | Parameter |
| ----------------------------- | ------ | ----------------------------------------------------------------- | -------------------------------------------------------------------------- |
| CheckYamlEmptyLines | YML101 | YAML should not contain unnecessarily empty lines. | {max: 1, max-start: 0, max-end: 1} |
| CheckYamlIndent | YML102 | YAML should be correctly indented. | {spaces: 2, check-multi-line-strings: false, indent-sequences: true} |
| CheckYamlHyphens | YML103 | YAML should use consistent number of spaces after hyphens (-). | {max-spaces-after: 1} |
| CheckYamlDocumentStart | YML104 | YAML should contain document start marker. | {document-start: {present: true}} |
| CheckYamlColons | YML105 | YAML should use consistent number of spaces around colons. | {colons: {max-spaces-before: 0, max-spaces-after: 1}} |
| CheckYamlFile | YML106 | Roles file should be in YAML format. | |
| CheckYamlHasContent | YML107 | Files should contain useful content. | |
| CheckNativeYaml | YML108 | Use YAML format for tasks and handlers rather than key=value. | {native-yaml: {exclude: []}} |
| CheckYamlDocumentEnd | YML109 | YAML should contain document end marker. | {document-end: {present: true}} |
| CheckYamlOctalValues | YML110 | YAML should not use forbidden implicit or explicit octal value. | {octal-values: {forbid-implicit-octal: true, forbid-explicit-octal: true}} |
| CheckTaskSeparation | ANS101 | Single tasks should be separated by an empty line. | |
| CheckMetaMain | ANS102 | Meta file should contain a basic subset of parameters. | author, description, min_ansible_version, platforms, dependencies |
| CheckUniqueNamedTask | ANS103 | Tasks and handlers must be uniquely named within a file. | |
| CheckBraces | ANS104 | YAML should use consistent number of spaces around variables. | {double-braces: max-spaces-inside: 1, min-spaces-inside: 1} |
| CheckScmInSrc | ANS105 | Use SCM key rather than `src: scm+url` in requirements file. | |
| CheckNamedTask | ANS106 | Tasks and handlers must be named. | {named-task: {exclude: [meta, debug, block, include\_\*, import\_\*]}} |
| CheckNameFormat | ANS107 | Name of tasks and handlers must be formatted. | formats: first letter capital |
| CheckCommandInsteadofModule | ANS108 | Commands should not be used in place of modules. | |
| CheckInstallUseLatest | ANS109 | Package managers should not install with state=latest. | |
| CheckShellInsteadCommand | ANS110 | Use Shell only when piping, redirecting or chaining commands. | |
| CheckCommandHasChanges | ANS111 | Commands should be idempotent and only used with some checks. | |
| CheckCompareToEmptyString | ANS112 | Don't compare to "" - use `when: var` or `when: not var`. | |
| CheckCompareToLiteralBool | ANS113 | Don't compare to True/False - use `when: var` or `when: not var`. | |
| CheckLiteralBoolFormat | ANS114 | Literal bools should be consistent. | {literal-bools: [True, False, yes, no]} |
| CheckBecomeUser | ANS115 | Become should be combined with become_user. | |
| CheckFilterSeparation | ANS116 | Jinja2 filters should be separated with spaces. | |
| CheckCommandInsteadOfArgument | ANS117 | Commands should not be used in place of module arguments. | |
| CheckFilePermissionMissing | ANS118 | File permissions unset or incorrect. | |
| CheckFilePermissionOctal | ANS119 | Octal file permissions must contain leading zero or be a string. | |
| CheckGitHasVersion | ANS120 | Git checkouts should use explicit version. | |
| CheckMetaChangeFromDefault | ANS121 | Roles meta/main.yml default values should be changed. | |
| CheckWhenFormat | ANS122 | Don't use Jinja2 in `when`. | |
| CheckNestedJinja | ANS123 | Don't use nested Jinja2 pattern. | |
| CheckLocalAction | ANS124 | Don't use local_action. | |
| CheckRelativeRolePaths | ANS125 | Don't use a relative path in a role. | |
| CheckChangedInWhen | ANS126 | Use handlers instead of `when: changed`. | |
| CheckChangedInWhen | ANS127 | Deprecated bare variables in loops must not be used. | |
| CheckFQCNBuiltin | ANS128 | Module actions should use full qualified collection names. | |
| CheckFQCNBuiltin | ANS129 | Check optimized playbook/tasks key order. | |
| CheckDeprecated | ANS999 | Deprecated features of `ansible-later` should not be used. | |

View File

@ -23,5 +23,5 @@ main:
sub:
- name: Candidates
ref: "/build_rules/candidates"
- name: Standards checks
ref: "/build_rules/standards_check"
- name: Rules
ref: "/build_rules/rule"

964
poetry.lock generated

File diff suppressed because it is too large Load Diff

View File

@ -20,34 +20,30 @@ classifiers = [
description = "Reviews ansible playbooks, roles and inventories and suggests improvements."
documentation = "https://ansible-later.geekdocs.de/"
homepage = "https://ansible-later.geekdocs.de/"
include = [
"LICENSE",
]
include = ["LICENSE"]
keywords = ["ansible", "code", "review"]
license = "MIT"
name = "ansible-later"
packages = [
{include = "ansiblelater"},
]
packages = [{ include = "ansiblelater" }]
readme = "README.md"
repository = "https://github.com/thegeeklab/ansible-later/"
version = "0.0.0"
[tool.poetry.dependencies]
PyYAML = "6.0.1"
ansible = {version = "8.7.0", optional = true}
ansible-core = {version = "2.15.8", optional = true}
anyconfig = "0.13.0"
PyYAML = "6.0.2"
ansible-core = { version = "2.14.17", optional = true }
ansible = { version = "7.7.0", optional = true }
anyconfig = "0.14.0"
appdirs = "1.4.4"
colorama = "0.4.6"
jsonschema = "4.20.0"
jsonschema = "4.23.0"
nested-lookup = "0.2.25"
pathspec = "0.12.1"
python = "^3.9.0"
python-json-logger = "2.0.7"
toolz = "0.12.0"
toolz = "1.0.0"
unidiff = "0.7.5"
yamllint = "1.33.0"
yamllint = "1.35.1"
[tool.poetry.extras]
ansible = ["ansible"]
@ -57,10 +53,10 @@ ansible-core = ["ansible-core"]
ansible-later = "ansiblelater.__main__:main"
[tool.poetry.group.dev.dependencies]
ruff = "0.1.11"
pytest = "7.4.4"
pytest-mock = "3.12.0"
pytest-cov = "4.1.0"
ruff = "0.7.2"
pytest = "8.3.3"
pytest-mock = "3.14.0"
pytest-cov = "6.0.0"
toml = "0.10.2"
[tool.poetry-dynamic-versioning]
@ -85,21 +81,22 @@ requires = ["poetry-core>=1.0.0", "poetry-dynamic-versioning"]
[tool.ruff]
exclude = [
".git",
"__pycache__",
"build",
"dist",
"test",
"*.pyc",
"*.egg-info",
".cache",
".eggs",
"env*",
".git",
"__pycache__",
"build",
"dist",
"test",
"*.pyc",
"*.egg-info",
".cache",
".eggs",
"env*",
]
line-length = 99
indent-width = 4
[tool.ruff.lint]
# Explanation of errors
#
# D100: Missing docstring in public module
@ -112,38 +109,38 @@ indent-width = 4
# D203: One blank line required before class docstring
# D212: Multi-line docstring summary should start at the first line
ignore = [
"D100",
"D101",
"D102",
"D103",
"D105",
"D107",
"D202",
"D203",
"D212",
"UP038",
"RUF012",
"D100",
"D101",
"D102",
"D103",
"D105",
"D107",
"D202",
"D203",
"D212",
"UP038",
"RUF012",
]
select = [
"D",
"E",
"F",
"Q",
"W",
"I",
"S",
"BLE",
"N",
"UP",
"B",
"A",
"C4",
"T20",
"SIM",
"RET",
"ARG",
"ERA",
"RUF",
"D",
"E",
"F",
"Q",
"W",
"I",
"S",
"BLE",
"N",
"UP",
"B",
"A",
"C4",
"T20",
"SIM",
"RET",
"ARG",
"ERA",
"RUF",
]
[tool.ruff.format]