diff --git a/downstream/assemblies/devtools/assembly-devtools-lint.adoc b/downstream/assemblies/devtools/assembly-devtools-lint.adoc index 71efd2f25c..47f77d15f4 100644 --- a/downstream/assemblies/devtools/assembly-devtools-lint.adoc +++ b/downstream/assemblies/devtools/assembly-devtools-lint.adoc @@ -11,12 +11,28 @@ endif::[] = Working with ansible-lint -:context: devtools-lint - -// You must move roles into collections if you want to use them in {PlatformNameShort}. - -Working with ansible-lint - +:context: devtools-ansible-lint + +include::devtools/ref-devtools-ansible-lint-about.adoc[leveloffset=+1] +include::devtools/proc-debugging-playbook.adoc[leveloffset=+1] +include::devtools/proc-devtools-ansible-lint-rules.adoc[leveloffset=+1] +include::devtools/proc-devtools-ansible-lint-customize.adoc[leveloffset=+1] +include::devtools/proc-devtools-ansible-lint-profiles.adoc[leveloffset=+1] +// include::devtools/ref-devtools-ansible-lint-usage.adoc[leveloffset=+1] +include::devtools/proc-devtools-ansible-lint-cli.adoc[leveloffset=+1] +include::devtools/ref-devtools-ansible-lint-switches.adoc[leveloffset=+2] +include::devtools/proc-devtools-ansible-lint-autofix.adoc[leveloffset=+3] +include::devtools/proc-devtools-ansible-lint-exclude-rules.adoc[leveloffset=+2] +include::devtools/proc-devtools-ansible-lint-ci.adoc[leveloffset=+1] +// Include mute warnings? +include::devtools/ref-devtools-ansible-lint-muting-warnings.adoc[leveloffset=+2] +include::devtools/ref-devtools-ansible-lint-cache.adoc[leveloffset=+2] +include::devtools/ref-devtools-ansible-lint-gradual-adoption.adoc[leveloffset=+2] +include::devtools/proc-devtools-ansible-lint-vaults.adoc[leveloffset=+1] +include::devtools/ref-devtools-ansible-lint-dependencies.adoc[leveloffset=+1] +// Add a section about extending lint. +// Not includoing the Specifying rules at runtime section because we don't encourage using custom rules. +// proc-devtools-ansible-lint-all.adoc // include::devtools/proc-devtools-zzz.adoc[leveloffset=+1] ifdef::parent-context-of-devtools-lint[:context: {parent-context-of-devtools-lint}] diff --git a/downstream/attributes/attributes.adoc b/downstream/attributes/attributes.adoc index 42bbb5f0a1..5792ab8888 100644 --- a/downstream/attributes/attributes.adoc +++ b/downstream/attributes/attributes.adoc @@ -131,6 +131,8 @@ :IDEcollection: Ansible IDE collection explorer :IDElanguage: Ansible IDE language server :VSCode: VS Code +:LintName: Ansible Lint +:LintCmd: ansible-lint // Content Collections :CertifiedName: Ansible Certified Content Collections diff --git a/downstream/modules/devtools/proc-debugging-playbook.adoc b/downstream/modules/devtools/proc-debugging-playbook.adoc index 3d43e9e28e..d9dce9142e 100644 --- a/downstream/modules/devtools/proc-debugging-playbook.adoc +++ b/downstream/modules/devtools/proc-debugging-playbook.adoc @@ -1,8 +1,11 @@ [id="debugging-playbook_{context}"] -= Debugging your playbook += Debugging with ansible-lint in {VSCode} -== Error messages +When the Ansible extension is running in {VSCode}, ansible-lint runs in the background. +Diagnostics information for files whose language is identified as Ansible is displayed in the *Problems* tab of the terminal. + +// == Error messages The following playbook contains multiple errors: diff --git a/downstream/modules/devtools/proc-devtools-ansible-lint-autofix.adoc b/downstream/modules/devtools/proc-devtools-ansible-lint-autofix.adoc new file mode 100644 index 0000000000..3b59c3dd08 --- /dev/null +++ b/downstream/modules/devtools/proc-devtools-ansible-lint-autofix.adoc @@ -0,0 +1,58 @@ +[id="devtools-ansible-lint-autofix_{context}"] + += Autofix + +Ansible-lint provides an autofix feature that allows auto-fixing of some rule violations in Ansible files. + +To reformat YAML files and run transform for the given rules, run the following command: + +---- +ansible-lint --fix [] +---- + +Use the `write-list` to limit the rules that you want to auto-fix +by passing a keywords `all` or `none` or a comma separated list of rule ids or rule tags. + +* `ansible-lint --fix ["all"]` (default) runs all transforms. +* `ansible-lint --fix ["none"]` disables all auto-fixes. +* `ansible-lint --fix ["csv-list-of-rules"]` enables a subset of rule transforms by listing rules/tags here. + +The following rules allow autofix functionality. + +[options="header" cols="30,70"] +|=== +|Options |Description +|`command-instead-of-shell` +|Use shell only when shell functionality is required. + +|`deprecated-local-action` +|Do not use `local_action`, use `delegate_to: localhost`. + +|`fqcn` +|Use FQCN for builtin actions. + +|`jinja` +|Rule that looks inside jinja2 templates. + +|`key-order` +|Ensure specific order of keys in mappings. + +|`name` +|Rule for checking task and play names. + +|`no-free-form` +|Rule for detecting discouraged free-form syntax for action modules. + +|`no-jinja-when` +|No Jinja2 in when. + +|`no-log-password` +|Password should not be logged. + +|`partial-become` +|`become_user` should have a corresponding `become` at the play or task level. + +|`yaml` +|Violations reported by yamllint. +|=== + diff --git a/downstream/modules/devtools/proc-devtools-ansible-lint-ci.adoc b/downstream/modules/devtools/proc-devtools-ansible-lint-ci.adoc new file mode 100644 index 0000000000..c813d7d6d7 --- /dev/null +++ b/downstream/modules/devtools/proc-devtools-ansible-lint-ci.adoc @@ -0,0 +1,4 @@ +[id="devtools-ansible-lint-ci_{context}"] + += Using ansible-lint in CI + diff --git a/downstream/modules/devtools/proc-devtools-ansible-lint-cli.adoc b/downstream/modules/devtools/proc-devtools-ansible-lint-cli.adoc new file mode 100644 index 0000000000..fe7e9639a6 --- /dev/null +++ b/downstream/modules/devtools/proc-devtools-ansible-lint-cli.adoc @@ -0,0 +1,42 @@ +[id="devtools-ansible-lint-cli_{context}"] + += Running ansible-lint from the command line + +Run `ansible-lint --help` to display available commands and their options. + +Ansible-lint recommends following the +https://docs.ansible.com/ansible-core/devel/dev_guide/developing_collections_structure.html#collection-structure[collection +structure layout] whether you plan to build a collection or not. + +Following that layout assures the best integration with all ecosystem +tools because it helps those tools better distinguish between random +YAML files and files managed by Ansible. When you call `ansible-lint` +without arguments, it uses internal heuristics to determine file types. + +Pass the *roles* and *playbooks* that you want to lint as arguments to +the `ansible-lint` command. For example, to lint +`examples/playbooks/play.yml` and `examples/roles/bobbins`, use the +following command: + +---- +$ ansible-lint examples/playbooks/play.yml examples/roles/bobbins +---- + +// == Running example playbooks +// +// Ansible-lint includes an `ansible-lint/examples` folder that contains +// example playbooks with different rule violations and undesirable +// characteristics. You can run `ansible-lint` on the example playbooks +// to observe Ansible-lint in action, as follows: +// +// ---- +// $ ansible-lint --offline -p examples/playbooks/example.yml +// ---- + +Ansible-lint also handles playbooks that include other playbooks, tasks, +handlers, or roles. +// +// ---- +// $ ansible-lint --offline -q -p examples/playbooks/include.yml +// ---- + diff --git a/downstream/modules/devtools/proc-devtools-ansible-lint-customize.adoc b/downstream/modules/devtools/proc-devtools-ansible-lint-customize.adoc new file mode 100644 index 0000000000..37ee1532bf --- /dev/null +++ b/downstream/modules/devtools/proc-devtools-ansible-lint-customize.adoc @@ -0,0 +1,185 @@ +[id="devtools-ansible-lint-customize_{context}"] + += Customizing {LintName} + +You can customize how {LintName} runs against automation content to suit your needs. +You can ignore certain rules, enable opt-in rules, and control various other settings. + +{LintName} loads configuration from the `.ansible-lint.yml` configuration file, or from a file that you specify in the command line. +This file is not scaffolded when you create a playbook or collection project. +You must create the file in the `.config` directory of your {VSCode} workspace. + +Any configuration option that is passed from the command line will override the one specified inside the configuration file. + +The example `.ansible-lint.yml` file below selects the `production` profile. +The settings are explained in the comments. + +---- +--- +# .ansible-lint + +profile: production # min, basic, moderate,safety, shared, production, null + +# Allows dumping of results in SARIF format +# sarif_file: result.sarif + +# exclude_paths included in this file are parsed relative to this file's location +# and not relative to the CWD of execution. CLI arguments passed to the --exclude +# option are parsed relative to the CWD of execution. +exclude_paths: + - .cache/ # implicit unless exclude_paths is defined in config + - test/fixtures/formatting-before/ + - test/fixtures/formatting-prettier/ +# parseable: true +# quiet: true +# strict: true +# verbosity: 1 + +# Mock modules or roles in order to pass ansible-playbook --syntax-check +mock_modules: + - zuul_return + # note the foo.bar is invalid as being neither a module or a collection + - fake_namespace.fake_collection.fake_module + - fake_namespace.fake_collection.fake_module.fake_submodule +mock_roles: + - mocked_role + - author.role_name # old standalone galaxy role + - fake_namespace.fake_collection.fake_role # role within a collection + +# Enable checking of loop variable prefixes in roles +loop_var_prefix: "^(__|{role}_)" + +# Enforce variable names to follow pattern below, in addition to Ansible own +# requirements, like avoiding python identifiers. To disable add `var-naming` +# to skip_list. +var_naming_pattern: "^[a-z_][a-z0-9_]*$" + +use_default_rules: true +# Load custom rules from this specific folder +# rulesdir: +# - ./rule/directory/ + +# Ansible-lint is able to recognize and load skip rules stored inside +# `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files. +# To skip a rule just enter filename and tag, like "playbook.yml package-latest" +# on a new line. +# Optionally you can add comments after the tag, prefixed by "#". +# When putting ignores inside the ignore file, they are marked as ignored, but +# still visible, making it easier to address later. + +# Ansible-lint does not automatically load rules that have the 'opt-in' tag. +# You must enable opt-in rules by listing each rule 'id' below. +enable_list: + - args + - empty-string-compare # opt-in + - no-log-password # opt-in + - no-same-owner # opt-in + - name[prefix] # opt-in + - galaxy-version-incorrect # opt-in + # add yaml here if you want to avoid ignoring yaml checks when yamllint + # library is missing. Normally its absence just skips using that rule. + - yaml +# Report only a subset of tags and fully ignore any others +# tags: +# - jinja[spacing] + +# Ansible-lint does not fail on warnings from the rules or tags listed below +warn_list: + - skip_this_tag + - experimental # experimental is included in the implicit list + # - role-name + # - yaml[document-start] # you can also use sub-rule matches + +# Some rules can transform files to fix (or make it easier to fix) identified +# errors. `ansible-lint --fix` will reformat YAML files and run these transforms. +# By default it will run all transforms (effectively `write_list: ["all"]`). +# You can disable running transforms by setting `write_list: ["none"]`. +# Or only enable a subset of rule transforms by listing rules/tags here. +# write_list: +# - all + +# Offline mode disables installation of requirements.yml and schema refreshing +offline: true + +# Define required Ansible's variables to satisfy syntax check +extra_vars: + foo: bar + multiline_string_variable: | + line1 + line2 + complex_variable: ":{;\t$()" + +# Uncomment to enforce action validation with tasks, usually is not +# needed as Ansible syntax check also covers it. +# skip_action_validation: false + +# List of additional kind:pattern to be added at the top of the default +# match list, first match determines the file kind. +kinds: + # - playbook: "**/examples/*.{yml,yaml}" + # - galaxy: "**/folder/galaxy.yml" + # - tasks: "**/tasks/*.yml" + # - vars: "**/vars/*.yml" + # - meta: "**/meta/main.yml" + - yaml: "**/*.yaml-too" + +# List of additional collections to allow in only-builtins rule. +# only_builtins_allow_collections: +# - example_ns.example_collection + +# List of additions modules to allow in only-builtins rule. +# only_builtins_allow_modules: +# - example_module + +# Allow setting custom prefix for name[prefix] rule +task_name_prefix: "{stem} | " +# Complexity related settings + +# Limit the depth of the nested blocks: +# max_block_depth: 20 +---- + +The following example `.ansible-lint.yml` file excludes the comments. +It selects the `production` profile and enables fixing of files. + +---- +--- +profile: 'production' + +loop_var_prefix: '^(__|{role}_)' +var_naming_pattern: '^[a-z_][a-z0-9_]*$' +use_default_rules: true +offline: true +skip_action_validation: false + +kinds: + - tasks: 'tasks/*.{yml,yaml}' + - vars: 'vars/*.{yml,yaml}' + - vars: 'defaults/*.{yml,yaml}' + - meta: 'meta/main.{yml,yaml}' + - yaml: '.ansible-lint' + - yaml: '.github/workflows/*.{yml,yaml}' + - yaml: '.pre-commit-config.yaml' + - yaml: '.yamllint' + - yaml: 'collections/requirements.yml' + +task_name_prefix: '{stem} | ' + +exclude_paths: + - '.git/' + - 'files/' + +max_block_depth: 20 +skip_list: [] +warn_list: + - 'experimental' +write_list: + - 'all' +---- + +To specify the configuration file, use the `-c ` CLI flag with command line invocations of `{LintCmd}`: + +---- +ansible-lint -c path/to/ansible-lint-dev.yml +---- + diff --git a/downstream/modules/devtools/proc-devtools-ansible-lint-exclude-rules.adoc b/downstream/modules/devtools/proc-devtools-ansible-lint-exclude-rules.adoc new file mode 100644 index 0000000000..b960cbce77 --- /dev/null +++ b/downstream/modules/devtools/proc-devtools-ansible-lint-exclude-rules.adoc @@ -0,0 +1,14 @@ +[id="devtools-ansible-lint-exclude-rules_{context}"] + + += Excluding ansible-lint rules + +To exclude specific rules from being applied when linting a playbook, use the `-x` flag. +This is useful if you want to temporarily disable certain rules without modifying your configuration file. + +The following example lints a file but skips the checks for YAML formatting rules and tabs: + +---- +ansible-lint -x no-tabs -x yaml +---- + diff --git a/downstream/modules/devtools/proc-devtools-ansible-lint-profiles.adoc b/downstream/modules/devtools/proc-devtools-ansible-lint-profiles.adoc new file mode 100644 index 0000000000..43b95dc24b --- /dev/null +++ b/downstream/modules/devtools/proc-devtools-ansible-lint-profiles.adoc @@ -0,0 +1,65 @@ +[id="devtools-ansible-lint-profiles_{context}"] + += Applying profiles + +A profile specifies a predefined collection of rules to be applied when running `{LintCmd}`. +Profiles allow you to group related rules together and switch between different sets of checks easily, +so that you can enforce different levels of strictness when linting. + +This is useful when you need to apply different linting standards for different contexts, +for example development and production environments, +so that you can progressively improve the quality of Ansible files. + +The following command displays the available profiles: + +---- +ansible-lint --list-profiles +---- + +The predefined profiles below are listed from least strict to most strict. + +`min`:: Ensures that Ansible can load content. Rules in this profile are mandatory because they prevent fatal errors. +`basic`:: Prevents common coding issues and enforces standard styles and formatting. +`moderate`:: Ensures that content adheres to best practices for making content easier to read and maintain. +`safety`:: Avoids module calls that can have non-determinant outcomes or security concerns. +`shared`:: Ensures that content follows best practices for packaging and publishing. This profile is intended for content creators who want to make Ansible playbooks, roles, or collections available from `galaxy.ansible.com`. +`production`:: Ensures that content meets requirements for inclusion in {PlatformNameShort} as validated or certified content. + +The profiles are incremental: the stricter profiles include the rules from the less strict profiles. +For example, the `moderate` profile includes the rules from the `basic` and `min` profiles. + +To specify a profile for linting your content, use the `--profile` parameter: + +---- +ansible-lint --profile= +---- + +During early development cycles, user the less strict {LintName} profiles. +Starting with the `min` profile ensures that Ansible can load +your content: + +---- +ansible-lint --profile=min +---- + +As you move to the next stage of developing content, you +can gradually apply profiles to avoid common pitfalls and brittle +complexity. + +When you are ready to publish or share your content, +you can use the `shared` and `production` profiles with much +stricter rules. +These profiles harden security, guarantee reliability, +and ensure your Ansible content is easy for others to contribute to and +use. + +---- +ansible-lint --profile=production +---- + +[NOTE] +==== +Tags such as `opt-in` and `experimental` do not take effect for rules that are included in profiles, directly or indirectly. +If a rule is in a profile, {LintName} applies that rule to the content. +==== + diff --git a/downstream/modules/devtools/proc-devtools-ansible-lint-rules.adoc b/downstream/modules/devtools/proc-devtools-ansible-lint-rules.adoc new file mode 100644 index 0000000000..6e3f022037 --- /dev/null +++ b/downstream/modules/devtools/proc-devtools-ansible-lint-rules.adoc @@ -0,0 +1,26 @@ +[id="devtools-ansible-lint-rules_{context}"] + += Rules + +A rule in {LintName} defines a best practice or an anti-pattern for Ansible playbooks and roles. +Each rule has a unique name. +You can specify which rules to enable or disable in the `.ansible-lint.yml` configuration file. + +== Listing ansible-lint rules + +To list the {LintName} rules, run the following command: + +---- +$ ansible-lint -L +---- + +Specify the verbosity with the `-f` switch. + +---- +$ ansible-lint -L -f brief # <1> +$ ansible-lint -L -f full # <2> +---- + +<1> Displays a concise description of the rule. +<2> Displays a more verbose description of the rule. + diff --git a/downstream/modules/devtools/proc-devtools-ansible-lint-vaults.adoc b/downstream/modules/devtools/proc-devtools-ansible-lint-vaults.adoc new file mode 100644 index 0000000000..d183d84e2b --- /dev/null +++ b/downstream/modules/devtools/proc-devtools-ansible-lint-vaults.adoc @@ -0,0 +1,31 @@ +[id="devtools-ansible-lint-vaults_{context}"] += Vaults + +As ansible-lint executes ansible, it also needs access to encrypted +secrets. If you do not give access to them or you are concerned about +security implications, you should consider refactoring your code to +allow it to be linted without access to real secrets: + +* Configure dummy fallback values that are used during linting, so +Ansible will not complain about undefined variables. +* Exclude the problematic files from the linting process. + +---- +# Example of avoiding undefined variable error +foo: "{{ undefined_variable_name | default('dummy') }}" +---- + +Keep in mind that a well-written playbook or role should allow Ansible’s +syntax check from passing on it, even if you do not have access to the +vault. + +Internally ansible-lint runs `ansible-playbook --syntax-check` on each +playbook and also on roles. As ansible-code does not support running +syntax-check directly on roles, the linter will create temporary +playbooks that only include each role from your project. You will need +to change the code of the role in a way that it does not produce syntax +errors when called without any variables or arguments. This usually +involves making use of `defaults/` but be sure that you fully +understand +https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#understanding-variable-precedence[variable +precedence]. diff --git a/downstream/modules/devtools/ref-devtools-ansible-lint-about.adoc b/downstream/modules/devtools/ref-devtools-ansible-lint-about.adoc new file mode 100644 index 0000000000..359bc515e7 --- /dev/null +++ b/downstream/modules/devtools/ref-devtools-ansible-lint-about.adoc @@ -0,0 +1,20 @@ +[id="devtools-ansible-lint-about_{context}"] + += About {LintName} + +{LintName} (`ansible-lint`) is a linter specifically designed for Ansible playbooks and roles. + +The goal of {LintName} is to flag syntax and programming errors, bugs, stylistic errors, and suspicious constructs. +It also ensures that your Ansible files follow standard practices so that content created by different people has a similar look and feel. + +{LintName} checks your roles and playbooks against a set of rules. +Profiles are predefined groups of these rules that configure how ansible-lint runs in different scenarios. +For example, the `basic` profile uses fewer rules and is therefore less strict than the `production` profile. + +You can set the profile you want to use, as well as other preferences for {LintName}, in the `.ansible-lint.yml` configuration file. + +You can view reports about your playbook and roles files in the terminal in {VSCode}, or you can run `ansible-lint` commands from the command line. + +[role="_additional-resources"] +.Additional resources +* For information about rules in {LintName}, see xref:devtools-ansible-lint-rules_[text] diff --git a/downstream/modules/devtools/ref-devtools-ansible-lint-cache.adoc b/downstream/modules/devtools/ref-devtools-ansible-lint-cache.adoc new file mode 100644 index 0000000000..a2238a4f67 --- /dev/null +++ b/downstream/modules/devtools/ref-devtools-ansible-lint-cache.adoc @@ -0,0 +1,18 @@ +[id="devtools-ansible-lint-cacle_{context}"] + += Caching + +For optimal performance, Ansible-lint creates caches with installed or +mocked roles, collections, and modules in the `{project_dir}/.cache` +folder. The location of `{project_dir}` is passed with a command line +argument, determined by the location of the configuration file, git +project top-level directory, or user home directory. + +To perform faster re-runs, Ansible-lint does not automatically clean the +cache. If required you can do this manually by simply deleting the +`.cache` folder. Ansible-lint creates a new cache on the next +invocation. + +Add the `.cache` folder to the `.gitignore` file in your +git repositories. + diff --git a/downstream/modules/devtools/ref-devtools-ansible-lint-dependencies.adoc b/downstream/modules/devtools/ref-devtools-ansible-lint-dependencies.adoc new file mode 100644 index 0000000000..25dfdb84ec --- /dev/null +++ b/downstream/modules/devtools/ref-devtools-ansible-lint-dependencies.adoc @@ -0,0 +1,14 @@ +[id="devtools-ansible-lint-dependencies_{context}"] += Dependencies and requirements + +Ansible-lint will recognize `requirements.yml` files used for runtime +and testing purposes and install them automatically. Valid locations for +these files are: + +* https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-roles-and-collections-from-the-same-requirements-yml-file[`requirements.yml`] +* `roles/requirements.yml` +* `collections/requirements.yml` +* `tests/requirements.yml` +* `tests/integration/requirements.yml` +* `tests/unit/requirements.yml` +* https://docs.ansible.com/ansible/latest/dev_guide/collections_galaxy_meta.html[`galaxy.yml`] diff --git a/downstream/modules/devtools/ref-devtools-ansible-lint-gradual-adoption.adoc b/downstream/modules/devtools/ref-devtools-ansible-lint-gradual-adoption.adoc new file mode 100644 index 0000000000..c1fc4cd1dc --- /dev/null +++ b/downstream/modules/devtools/ref-devtools-ansible-lint-gradual-adoption.adoc @@ -0,0 +1,11 @@ +[id="devtools-ansible-lint-gradual-adoption_{context}"] + += Gradual adoption + +For an easier gradual adoption, adopters should consider [ignore +file][ignoring-rules-for-entire-files] feature. This allows the quick +introduction of a linter pipeline for preventing the addition of new +violations, while known violations are ignored. Some people can work on +addressing these historical violations while others may continue to work +on other maintenance tasks. + diff --git a/downstream/modules/devtools/ref-devtools-ansible-lint-muting-warnings.adoc b/downstream/modules/devtools/ref-devtools-ansible-lint-muting-warnings.adoc new file mode 100644 index 0000000000..93d2d57a09 --- /dev/null +++ b/downstream/modules/devtools/ref-devtools-ansible-lint-muting-warnings.adoc @@ -0,0 +1,48 @@ +[id="devtools-ansible-lint-muting-warning_{context}"] + += Muting warnings to avoid false positives + +Not all linting rules are precise, some are general rules of thumb. +Advanced _git_, _yum_ or _apt_ usage, for example, can be difficult to +achieve in a playbook. In cases like this, Ansible-lint can incorrectly +trigger rule violations. + +To disable rule violations for specific tasks, and mute false positives, +add `# noqa: [rule_id]` to the end of the line. It is best practice to +add a comment that explains why rules are disabled. + +You can add the `# noqa: [rule_id]` comment to the end of any line in +a task. You can also skip multiple rules with a space-separated list. + +---- +- name: This task would typically fire git-latest and partial-become rules + become_user: alice # noqa: git-latest partial-become + ansible.builtin.git: src=/path/to/git/repo dest=checkout +---- + +If the rule is line-based, `# noqa: [rule_id]` must be at the end of +the line. + +---- +- name: This would typically fire jinja[spacing] + get_url: + url: http://example.com/file.conf + dest: "{{dest_proj_path}}/foo.conf" # noqa: jinja[spacing] +---- + +If you want Ansible-lint to skip a rule entirely, use the `-x` command +line argument or add it to `skip_list` in your configuration. + +The least preferred method of skipping rules is to skip all task-based +rules for a task, which does not skip line-based rules. You can use the +`skip_ansible_lint` tag with all tasks, for example: + +---- +- name: This would typically fire no-free-form + command: warn=no chmod 644 X + +- name: This would typically fire git-latest + git: src=/path/to/git/repo dest=checkout + tags: + - skip_ansible_lint +---- diff --git a/downstream/modules/devtools/ref-devtools-ansible-lint-switches.adoc b/downstream/modules/devtools/ref-devtools-ansible-lint-switches.adoc new file mode 100644 index 0000000000..391dad11b5 --- /dev/null +++ b/downstream/modules/devtools/ref-devtools-ansible-lint-switches.adoc @@ -0,0 +1,150 @@ +[id="devtools-ansible-lint-switches_{context}"] + += Command-line switches for ansible-lint + +Run the following command to display {LintCmd} commands and switches: + +----- +$ ansible-lint --help +----- + +The following table lists the options: + +[options="header"] +|=== +|Options |Description +|`-h` + +`--help` +|Show this help message and exit. +// +|`-P` + +`--list-profiles` +|List all profiles. +No formatting options available. +// +|`-L` + +`--list-rules` +|List all the rules. + +For listing rules, only the following formats for the `-f` argument are supported: `{brief, full, md}` with `brief` as default. +// +|`-T` + +`--list-tags` +|List all the tags and the rules they cover. + +Increase the verbosity level with `-v` to include 'opt-in' tag and its rules. +// +|`-f {brief,full,md,json,codeclimate,quiet,pep8,sarif}` + +`--format {brief,full,md,json,codeclimate,quiet,pep8,sarif}` + +|stdout formatting, `json` being an alias for codeclimate. (default: `None`) +// +|`--sarif-file SARIF_FILE` + +|SARIF output file +// +|`-q` +|quieter, reduce verbosity, can be specified twice. +// +|`--profile {min,basic,moderate,safety,shared,production}` + +|Specify which rules profile to be used. +// +|`-p` + +`--parseable` +|parseable output, same as `-f pep8` +// +|`--project-dir PROJECT_DIR` + +|Location of project/repository, autodetected based on location of configuration file. +// +|`-r RULESDIR` + +`--rules-dir RULESDIR` + +|Specify custom rule directories. Add `-R` to keep using embedded rules from `/home/docs/checkouts/readthedocs.org/user_builds/ansible-lint/checkouts/latest/src/ansiblelint/rules` +// +|`-R` +|Keep default rules when using -r +// +|`-s` + +`--strict` +|Return non-zero exit code on warnings as well as errors +// +|`--fix [WRITE_LIST]` +|Allow ansible-lint to perform auto-fixes, including YAML reformatting. You can limit the effective rule transforms (the `write_list`) by passing a keywords `all` or `none` or a comma separated list of rule IDs or rule tags. + +YAML reformatting happens whenever `--fix` or `--fix=` is used. `--fix` and `--fix=all` are equivalent: they allow all transforms to run. + +Using `--fix` in the command overrides the config file value. +// +|`--show-relpath` +|Display path relative to CWD +// +|`-t TAGS` + +`--tags TAGS` +|only check rules whose id/tags match these values +// +|`-v` +|Increase verbosity level (-vv for more) +// +|`-x SKIP_LIST` + +`--skip-list SKIP_LIST` + +|Only check rules whose id/tags do not match these values. + +Example: `--skip-list=name,run-once` +// +|`--generate-ignore` +|Generate a text file `.ansible-lint-ignore` that ignores all found violations. Each line contains a filename and rule ID separated by a space. +// +|`-w WARN_LIST` + +`--warn-list WARN_LIST + +|only warn about these rules, unless overridden in the config file. + +Default: `experimental`, `jinja[spacing]`, `fqcn[deep]` +// +|`--enable-list ENABLE_LIST` + +|activate optional rules by their tag name +// +|`--nocolor` +|disable colored output, same as NO_COLOR=1 +// +|`--force-color` +|Force colored output, same as FORCE_COLOR=1 +// +|`--exclude EXCLUDE_PATHS [EXCLUDE_PATHS ...]` + +|path to directories or files to skip. This option is repeatable. +// +|`-c CONFIG_FILE` + +`--config-file CONFIG_FILE` + +|Specify configuration file to use. By default it looks for `.ansible-lint`, `.config/ansible-lint.yml`, or `.config/ansible-lint.yaml` +// +|`-i IGNORE_FILE` + +`--ignore-file IGNORE_FILE` + +|Specify ignore file to use. By default it looks for `.ansible-lint-ignore` or `.config/ansible-lint-ignore.txt` +// +|`--offline` +|Disable installation of requirements.yml and schema refreshing +// +|`--version` +| +|=== + diff --git a/downstream/modules/devtools/ref-devtools-ansible-lint-usage.adoc b/downstream/modules/devtools/ref-devtools-ansible-lint-usage.adoc new file mode 100644 index 0000000000..b96c47b26d --- /dev/null +++ b/downstream/modules/devtools/ref-devtools-ansible-lint-usage.adoc @@ -0,0 +1,6 @@ +[id="devtools-ansible-lint-usage_{context}"] + += Using ansible-lint + +You can view reports about an open file in the `Problems` tab of a terminal in {VSCode}, or you can run `ansible-lint` commands from the command line. + diff --git a/downstream/titles/develop-automation-content/master.adoc b/downstream/titles/develop-automation-content/master.adoc index d68dc34451..dd30b0e526 100644 --- a/downstream/titles/develop-automation-content/master.adoc +++ b/downstream/titles/develop-automation-content/master.adoc @@ -29,18 +29,18 @@ include::devtools/assembly-publishing-playbook-collection-aap.adoc[leveloffset=+ include::devtools/assembly-devtools-develop-collections.adoc[leveloffset=+1] include::devtools/assembly-devtools-create-roles-collection.adoc[leveloffset=+1] -include::devtools/assembly-devtools-create-plugins-collection.adoc[leveloffset=+1] +// include::devtools/assembly-devtools-create-plugins-collection.adoc[leveloffset=+1] // Components -include::devtools/assembly-devtools-navigator.adoc[leveloffset=+1] -include::devtools/assembly-devtools-builder.adoc[leveloffset=+1] +// include::devtools/assembly-devtools-navigator.adoc[leveloffset=+1] +// include::devtools/assembly-devtools-builder.adoc[leveloffset=+1] include::devtools/assembly-devtools-lint.adoc[leveloffset=+1] -include::devtools/assembly-devtools-molecule.adoc[leveloffset=+1] +// include::devtools/assembly-devtools-molecule.adoc[leveloffset=+1] -include::devtools/assembly-devtools-tox-ansible.adoc[leveloffset=+1] -include::devtools/assembly-devtools-pytest-ansible.adoc[leveloffset=+1] -include::devtools/assembly-devtools-ansible-sign.adoc[leveloffset=+1] +// include::devtools/assembly-devtools-tox-ansible.adoc[leveloffset=+1] +// include::devtools/assembly-devtools-pytest-ansible.adoc[leveloffset=+1] +// include::devtools/assembly-devtools-ansible-sign.adoc[leveloffset=+1]