For some time now, we had some issues with molecule when building test
images for ansible-freeipa, and replaced the image creation with custom
build scripts that use commom container tools (like Dockerfiles and the
build command).
As there's no more tasks that require the use of molecule, this patch
removes the last bits used by it, and fixes documentation and lint
scripts and configuration.
Latest ansible-lint version (6.16.1) started to raise an error when
variable names from within roles are not prefixed with the role name.
Error: var-naming[no-role-prefix].
As Ansible sanity check does not enforce this, it will be disabled, for
now on ansible-freeipa's upstream CI.
A future effort to reduce the checks that are not being evaluated should
be done as preparation for future Ansible Galaxy and Automation Hub
requirements.
The experimental tests is running several additional tests like for
example to check module arg values. It fails everytime a variable is
used to pass the value in.
Examples:
- playbooks/topology/add-topologysegments.yml:15: args[module]: value of
suffix must be one of: domain, ca, domain+ca, got: {{ item.suffix }}
- tests/host/test_host.yml:21: args[module]: value of ipaapi_context must
be one of: server, client, got: {{ ipa_context | default(omit) }}
The name template test is failing for every template use inside of a name.
This is forcing to have only generic names and nothing specific in the
log anymore.
These two tests have been deactivated to have less overflow in the
ansible-lint output.
Failing to identify task files included by playbooks raised false
positives when runnnig ansible lint. This change force ansible-lint to
correctly identify YAML files named "env_*.yml" or "tasks_*.yml" as task
files that are imported by other playbooks, and treat them accordingly.
This patch modifies configuration of both ansible-lint and yamllint
to check for more rules, resulting in a more strict verification.
For ansible-lint verification of errors 301, 305 and 505 are skipped,
due to false positives. For the same reason, 'experimental' rules
are skipped.
ansible-lint error 306 is skipped since the fix is to set pipefail,
which is not available in all shells (for example dash, which runs
ansible-freeipa CI).
Yamllint disabled rules (comments, and indentation) would introduce a
huge amount of small changes, and are left for future changes, it
deemed necessary.
Some YAML files used in the project are not Ansible playbooks and
should not be evaluated by ansible-lint. This change add the paths
and files that should not be evaluated to an exclude list, that
affects linter operations in CI and pre-commit scripts.
By running ansible-lint we check if playbooks provided in
ansible-freipa follow Ansible's best practices, nd the verification
will be performed on every push (even on forks) or pull-request.
This patch provides the configuration needed to run ansible-lint
to the playbooks found in the `tests`, `playbooks` and `molecule`
directories, on every push or pull-request done on Github, using
Ansible's Github Action ansible/ansible-lint-action.
