mirror of
https://github.com/trailofbits/algo.git
synced 2025-09-30 15:45:18 +02:00
640249ae59
* fix: Remove POSIX-incompatible 'local' keyword from install.sh The install.sh script uses #\!/usr/bin/env sh (POSIX shell) but was using the 'local' keyword in the tryGetMetadata function, which is a bash-specific feature. This caused shellcheck to fail with SC3043 warnings in CI. Fixed by removing 'local' keywords from variable declarations in the tryGetMetadata function. The variables are still function-scoped in practice since they're assigned at the beginning of the function. This resolves the CI failure introduced in PR #14788 (run #919). * ci: Make ansible-lint stricter and fix basic issues - Remove || true from ansible-lint CI job to enforce linting - Enable name[play] rule - all plays should be named - Enable yaml[new-line-at-end-of-file] rule - Move name[missing] from skip_list to warn_list (first step) - Add names to plays in main.yml and users.yml - Document future linting improvements in comments This makes the CI stricter while fixing the easy issues first. More comprehensive fixes for the 113 name[missing] warnings can be addressed in future PRs. * fix: Add name[missing] to skip_list temporarily The ansible-lint CI is failing because name[missing] was not properly added to skip_list. This causes 113 name[missing] errors to fail the CI. Adding it to skip_list for now to fix the CI. The rule can be moved to warn_list and eventually enabled once all tasks are properly named in future PRs. * fix: Fix ansible-lint critical errors - Fix schema[tasks] error in roles/local/tasks/prompts.yml by removing with_items loop - Add missing newline at end of requirements.yml - Replace ignore_errors with failed_when in reboot task - Add pipefail to shell command with pipes in strongswan openssl task These fixes address all critical ansible-lint errors that were causing CI failures.
46 lines
1.5 KiB
YAML
46 lines
1.5 KiB
YAML
# Ansible-lint configuration
|
|
exclude_paths:
|
|
- .cache/
|
|
- .github/
|
|
- tests/legacy-lxd/
|
|
- tests/
|
|
|
|
skip_list:
|
|
- 'package-latest' # Package installs should not use latest - needed for updates
|
|
- 'experimental' # Experimental rules
|
|
- 'fqcn[action]' # Use FQCN for module actions - gradual migration
|
|
- 'fqcn[action-core]' # Use FQCN for builtin actions - gradual migration
|
|
- 'var-naming[no-role-prefix]' # Variable naming
|
|
- 'var-naming[pattern]' # Variable naming patterns
|
|
- 'no-free-form' # Avoid free-form syntax - some legacy usage
|
|
- 'key-order[task]' # Task key order
|
|
- 'jinja[spacing]' # Jinja2 spacing
|
|
- 'name[casing]' # Name casing
|
|
- 'yaml[document-start]' # YAML document start
|
|
- 'role-name' # Role naming convention - too many cloud-* roles
|
|
- 'no-handler' # Handler usage - some legitimate non-handler use cases
|
|
- 'name[missing]' # All tasks should be named - 113 issues to fix (temporary)
|
|
|
|
warn_list:
|
|
- no-changed-when
|
|
- yaml[line-length]
|
|
- risky-file-permissions
|
|
|
|
# Enable additional rules
|
|
enable_list:
|
|
- no-log-password
|
|
- no-same-owner
|
|
- partial-become
|
|
- name[play] # All plays should be named
|
|
- yaml[new-line-at-end-of-file] # Files should end with newline
|
|
|
|
# Rules we're actively working on fixing
|
|
# Move these from skip_list to enable_list as we fix them
|
|
# - 'name[missing]' # All tasks should be named - 113 issues to fix
|
|
# - 'no-changed-when' # Commands should not change things
|
|
# - 'yaml[line-length]' # Line length limit
|
|
# - 'risky-file-permissions' # File permissions
|
|
|
|
verbosity: 1
|
|
|
|
# vim: ft=yaml
|