Merge pull request #103 from lafeychine/ci-improvement

Add `ansible-lint`
osm-fr · Nov 7, 2023 · 1e0340c · 1e0340c
2 parents 09e0a19 + f25a283
commit 1e0340c
Show file tree

Hide file tree

Showing 10 changed files with 561 additions and 30 deletions.
diff --git a/.config/ansible-lint-ignore.txt b/.config/ansible-lint-ignore.txt
diff --git a/.config/ansible-lint.yml b/.config/ansible-lint.yml
@@ -0,0 +1,11 @@
+---
+profile: production
+
+enable_list:
+  - empty-string-compare
+  - no-log-password
+  - no-prompting
+  - no-same-owner
+
+offline: true
+...
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -1,26 +1,25 @@
 name: CI
 
-on: [push, pull_request]
+on: [fork, pull_request, push]
 
 jobs:
   lint:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Checkout
+        uses: actions/checkout@v4
 
-      - run: |
-          sudo apt-get update
-          sudo apt-get install --yes --no-install-recommends \
-            pylama \
-            python3-pylama \
-            yamllint
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          cache: 'pip'
 
-      - uses: actions/checkout@v3
+      - name: Install Python dependencies
+        run: pip install -U -r requirements.txt
 
-      - name: yamllint
-        run: |
-          yamllint .
+      - name: Run ansible-lint
+        run: ansible-lint
 
-      - name: pylama
-        run: |
-          pylama
+      - name: Run Pylama
+        run: pylama
diff --git a/.yamllint b/.yamllint
@@ -21,5 +21,3 @@ rules:
   document-start: disable
   truthy:
     allowed-values: ['true', 'false', 'True', 'False', 'yes', 'no']
-    ignore: |
-      .github/workflows/ci.yml
diff --git a/README.md b/README.md
@@ -4,22 +4,49 @@ This repository contains various scripts to setup and configure machines
 handled by OSM-FR association (a french association for OpenStreetMap). These
 scripts are used with [ansible](https://www.ansible.com/).
 
-## Configuring ansible
+## Installing dependencies
+
+### Installing on Debian
 
 A version of ansible >= 2.3 is sufficient, and is available in Debian,
 or from [git repository](https://github.com/ansible/ansible.git). To install all
 dependency on Debian, use:
 
   ```shell
-  apt-get install ansible python-jmespath
+  apt-get install ansible
   ```
 
 To install VM through proxmox, python promoxer module is necessary, It can be
 installed with:
 
   ```shell
-  sudo pip install proxmoxer
+  apt-get install python3-proxmoxer
+  ```
+
+### Installing using `venv`
+
+`venv` module creates isolated Python environments.
+
+First of all, install the required packages. On Debian, use:
+
+  ```shell
+  apt-get install python3 python3-venv
+  ```
+
+You can jump into a new isolated environments using:
+
+  ```shell
+  python3 -m venv <folder>      # Create the environment, only needs to be done once
+  source <folder>/bin/activate  # Run a subshell using the environment 
   ```
+
+Then, install the required packages:
+
+  ```shell
+  pip install -r requirements.txt
+  ```
+
+Note: The created environment folder should be placed outside this project folder to prevent `ansible-lint` from looking at it.
 
 ## Using ansible scripts
 

diff --git a/accounts.yml b/accounts.yml
@@ -1,4 +1,4 @@
-- name: default configuration
+- name: Default configuration
   hosts: all
   gather_facts: no
   become: yes

diff --git a/pylama.ini b/pylama.ini
@@ -1,4 +1,4 @@
 [pylama]
 skip = galaxy/*
-ignore = E111,E221,E501,C901
+ignore = E111,E121,E221,E501,C901
 max_line_length = 160
diff --git a/requirements.txt b/requirements.txt
@@ -0,0 +1,4 @@
+ansible ~= 8.0
+ansible-lint ~= 6.0
+proxmoxer ~= 1.0
+pylama ~= 8.0
diff --git a/roles/accounts/tasks/account.yml b/roles/accounts/tasks/account.yml
@@ -1,29 +1,30 @@
 ---
-- name: Set {{ user }} group
-  group:
+- name: Set group {{ user }}
+  ansible.builtin.group:
     name: "{{ user }}"
 
-- name: Set {{ user }} account
-  user:
+- name: Set account {{ user }}
+  ansible.builtin.user:
     group: "{{ user }}"
     home: "{{ workspace }}/{{ user }}"
     name: "{{ user }}"
     uid: "{{ uid }}"
 
 - name: Initialise folders for {{ user }}
-  file:
+  ansible.builtin.file:
     path: "{{ file }}"
     state: directory
     group: "{{ user }}"
     owner: "{{ user }}"
+    mode: u=rwx,g=rx,o=rx
   loop:
     - "/data/work/{{ user }}"
     - "{{ workspace }}/{{ user }}"
   loop_control:
     loop_var: file
 
 - name: Copy SSH key of user {{ user }}
-  authorized_key:
+  ansible.posix.authorized_key:
     user: "{{ user }}"
     key: "{{ lookup('file', file) }}"
   with_fileglob:
@@ -32,12 +33,13 @@
     loop_var: file
 
 - name: Copy default config files
-  copy:
+  ansible.builtin.copy:
     force: false
     src: "default{{ file }}"
     dest: "{{ workspace }}/{{ user }}/{{ file }}"
     group: "{{ user }}"
     owner: "{{ user }}"
+    mode: u=rw,g=r,o=r
   loop:
     - .gitconfig
     - .vimrc

diff --git a/roles/accounts/tasks/main.yml b/roles/accounts/tasks/main.yml
@@ -1,11 +1,11 @@
 ---
 - name: Set accounts
-  include_tasks: account.yml
+  ansible.builtin.include_tasks: account.yml
   vars:
     service: "{{ item.value.service | default(false) }}"
     uid: "{{ item.value.uid | default(omit) }}"
     user: "{{ item.user }}"
     workspace: "{{ '/data/project' if item.value.service | default(false) else '/home' }}"
-  loop: "{{ accounts__users | dict2items(key_name = 'user') }}"
+  loop: "{{ accounts__users | dict2items(key_name='user') }}"
   when: "item.user in group_names or (item.value.admin | default(false))"
 ...