cqfd: add ansible-lint

Ansible was previously in the CI repository. Move it in ansible repository. Create the cqfd ansible-lint flavor. Signed-off-by: Mathieu Dupré <[email protected]>
vermeulenthi · May 30, 2023 · 5eb545f · 5eb545f
1 parent 588fc57
commit 5eb545f
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 2 deletions.
diff --git a/.cqfd/docker/Dockerfile b/.cqfd/docker/Dockerfile
@@ -12,6 +12,7 @@ ENV LC_ALL en_US.UTF-8
 RUN set -x \
     && apt-get update \
     && apt-get install -y \
+        ansible-lint \
         bash \
         docker.io \
         docker-compose \

diff --git a/.cqfdrc b/.cqfdrc
@@ -1,10 +1,10 @@
 [project]
 org='rte'
 name='ansible'
-flavors='prepare manual module_documentation export'
+flavors='prepare manual module_documentation ansible-lint export'
 
 [build]
-command='check_yaml'
+command='check_yaml && ansible-lint -c ansible-lint.conf'
 
 [prepare]
 command='./prepare.sh'
@@ -15,5 +15,9 @@ command='asciidoctor-pdf README.adoc OVS_configuration.adoc'
 [module_documentation]
 command='./generate_module_documentation.sh'
 
+[ansible-lint]
+docker_run_args="-v $(pwd)/examples/inventories/advanced_inventory_example.yaml:/etc/ansible/hosts/hosts.yaml -v $(pwd)/ceph-ansible/roles:/etc/ansible/roles"
+command='ansible-lint -c ansible-lint.conf'
+
 [export]
 command='rm -f ansible.tar.gz && ./prepare.sh && tar --exclude=ansible.tar.gz --exclude=.git -czf ansible.tar.gz .'
diff --git a/ansible-lint.conf b/ansible-lint.conf
@@ -0,0 +1,44 @@
+# Copyright (C) 2023, RTE (http://www.rte-france.com)
+# SPDX-License-Identifier: Apache-2.0
+#
+# This file handle the configuration of ansible-lint
+
+exclude_paths:
+  - ceph-ansible
+  - roles/systemd_networkd
+  - roles/corosync
+
+# ceph-ansible, systemd_networkd and corosync are submodules and seapath don't
+# have control of them.
+
+skip_list:
+  - yaml                   # yaml syntax warnings
+  - unnamed-task           # All tasks should be named
+  - role-name              # All role names should match "^[a-z_][a-z0-9_]*$"
+  - risky-file-permissions # All file creation must specify permissions
+  - no-tabs                # Most files should not contain tabs
+  - no-handler             # "when: result.changed" should trigger a handler instead
+  - no-changed-when        # Commands should not change things if nothing needs doing
+  - no-relative-paths      # Doesn't need a relative path in role
+
+### Why skip these warnings :
+#
+# - yaml errors are mostly "line >80 chars" and comment formatting. A yaml auto
+# formatter could be run on the repository and would correct some problems.
+# Reducing the length size requires a lot of reformatting work and isn't a big
+# deal for now.
+#
+# - unnamed-task are all debugging task and thus not so important to name.
+#
+# - role-name doesn't seem too important to us.
+#
+# - risky-file-permissions concern a global cyber-security question : Specifying
+# permissions on files must be done on the overall SEAPATH project in order to
+# be effective. This is a much bigger task.
+#
+# - no-tabs is raised by a patch task. The concerned tool should soon merge the
+# patch and this will not be required anymore.
+#
+# - no-handler, no-changed-when and no-relative-paths should not be skipped. The
+# raised warnings should be corrected as soon as possible for these three rules to
+# run on the CI.