Make ansible-lint and yamllint use more strict rules.

This patch modifies configuration of both ansible-lint and yamllint to check for more rules, resulting in a more strict verification. For ansible-lint verification of errors 301, 305 and 505 are skipped, due to false positives. For the same reason, 'experimental' rules are skipped. ansible-lint error 306 is skipped since the fix is to set pipefail, which is not available in all shells (for example dash, which runs ansible-freeipa CI). Yamllint disabled rules (comments, and indentation) would introduce a huge amount of small changes, and are left for future changes, it deemed necessary.
2026-03-26 21:33:05 +00:00 · 2020-09-21 19:56:58 -03:00
parent db900ffe6a
commit e069395ba0
5 changed files with 43 additions and 35 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,3 +1,4 @@
+---
 exclude_paths:
  - .ansible-freeipa-tests/
  - .cache/
@@ -8,22 +9,21 @@ exclude_paths:
  - .yamllint
  - molecule/
  - tests/azure/
+  - meta/runtime.yml

+kinds:
+  - playbook: '**/tests/**/test_*.yml'
+  - playbook: '**/playbooks/**/*.yml'

 parseable: true

 quiet: false

 skip_list:
-  - '201'  # Trailing whitespace
-  - '204'  # Lines should be no longer than 160 chars
-  - '206'  # Variables should have spaces before and after: {{ var_name }}'
-  - '208'  # File permissions not mentioned
  - '301'  # Commands should not change things if nothing needs doing'
-  - '305'  # Use shell only when shell functionality is required'
-  - '306'  # Shells that use pipes should set the pipefail option'
-  - '502'  # All tasks should be named
-  - '505'  # Referenced missing file
+  - '305'  # Use shell only when shell functionality is required
+  - '306'  # risky-shell-pipe
+  - yaml   # yamllint should be executed separately.

 use_default_rules: true

--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -21,6 +21,7 @@ jobs:
            tests/*/*/*.yml
            playbooks/*.yml
            playbooks/*/*.yml
+            roles/*/*/*.yml
        env:
          ANSIBLE_MODULE_UTILS: plugins/module_utils
          ANSIBLE_LIBRARY: plugins/modules
--- a/.yamllint
+++ b/.yamllint
@@ -16,13 +16,8 @@ rules:
  truthy:
    allowed-values: ["yes", "no", "true", "false", "True", "False"]
    level: error
+  line-length:
+    max: 160
  # Disabled rules
-  document-start: disable
  indentation: disable
-  line-length: disable
-  colons: disable
-  empty-lines: disable
  comments: disable
-  comments-indentation: disable
-  trailing-spaces: disable
-  new-line-at-end-of-file: disable
--- a/setup.cfg
+++ b/setup.cfg
@@ -23,7 +23,7 @@ data_files =

 [flake8]
 extend-ignore = E203, D1, D212, D203, D400, D401
-exclude = .git,__pycache__,.tox,.venv
+exclude = .git,__pycache__,.tox,.venv,.cache,.ansible-freeipa-tests
 per-file-ignores =
    plugins/*:E402
    roles/*:E402
--- a/utils/lint_check.sh
+++ b/utils/lint_check.sh
@@ -1,29 +1,41 @@
 #!/bin/bash

-topdir="`dirname $(dirname $0)`"
+INFO="\033[37;1m"
+WARN="\033[33;1m"
+RST="\033[0m"

-flake8 .
-pydocstyle .
-pylint plugins
+pushd "`dirname $0`/.." >/dev/null 2>&1

-ANSIBLE_LIBRARY=${ANSIBLE_LIBRARY:-"${topdir}/plugins/modules"}
-ANSIBLE_MODULE_UTILS=${ANSIBLE_MODULE_UTILS:-"${topdir}/plugins/module_utils"}
+echo -e "${INFO}Running 'flake8'...${RST}"
+flake8 plugins utils roles *.py
+echo -e "${INFO}Running 'pydocstyle'...${RST}"
+pydocstyle plugins utils roles *.py
+echo -e "${INFO}Running 'pylint'...${RST}"
+pylint plugins *.py

-export ANSIBLE_LIBRARY ANSIBLE_MODULE_UTILS
+ANSIBLE_LIBRARY="${ANSIBLE_LIBRARY:-plugins/modules}"
+ANSIBLE_MODULE_UTILS="${ANSIBLE_MODULE_UTILS:-plugins/module_utils}"
+ANSIBLE_DOC_FRAGMENT_PLUGINS="${ANSIBLE_DOC_FRAGMENT_PLUGINS:-plugins/doc_fragments}"
+export ANSIBLE_LIBRARY ANSIBLE_MODULE_UTILS ANSIBLE_DOC_FRAGMENT_PLUGINS

-yaml_dirs=(
-    "${topdir}/tests"
-    "${topdir}/playbooks"
-    "${topdir}/molecule"
+echo -e "${WARN}Missing file warnings are expected and can be ignored.${RST}"
+echo -e "${INFO}Running 'ansible-lint'...${RST}"
+playbook_dirs=(
+    "tests"
+    "playbooks"
 )
+ansible-lint --force-color "${playbook_dirs[@]}"

-for dir in "${yaml_dirs[@]}"
-do
-    find "${dir}" -type f -name "*.yml" | xargs ansible-lint --force-color
-done
+echo -e "${INFO}Running 'ansible-doc-test'...${RST}"
+python "`dirname $0`/ansible-doc-test" -v roles plugins

+echo -e "${INFO}Running 'yamllint'...${RST}"
+yaml_dirs=(
+    "tests"
+    "playbooks"
+    "molecule"
+    "roles"
+)
+yamllint -f colored "${yaml_dirs[@]}"

-for dir in "${yaml_dirs[@]}"
-do
-    find "${dir}" -type f -name "*.yml" | xargs yamllint
-done
+popd >/dev/null 2>&1