From 83a5d988af28d5082ad9f9aac5e1122705f2f687 Mon Sep 17 00:00:00 2001 From: ilia Date: Sun, 14 Dec 2025 21:04:45 -0500 Subject: [PATCH] Fix: Update ansible-lint configuration to exclude specific paths and skip certain rules for improved linting flexibility --- .ansible-lint | 3 ++ .gitea/workflows/ci.yml | 46 ++++++++++++++++--- inventories/production/host_vars/devGPU.yml | 3 +- .../production/host_vars/git-ci-01.yml | 2 +- .../production/host_vars/sonarqube-01.yml | 3 +- roles/applications/tasks/main.yml | 7 +-- roles/datascience/defaults/main.yml | 3 +- roles/datascience/handlers/main.yml | 3 +- roles/datascience/meta/main.yml | 3 +- roles/datascience/tasks/main.yml | 3 +- roles/development/tasks/main.yml | 1 + roles/docker/tasks/setup_gpg_key.yml | 4 +- roles/docker/tasks/setup_repo_debian.yml | 4 +- roles/docker/tasks/setup_repo_linux_mint.yml | 4 +- roles/docker/tasks/setup_repo_ubuntu.yml | 4 +- roles/shell/tasks/configure_user_shell.yml | 2 +- roles/tailscale/tasks/debian.yml | 1 + 17 files changed, 66 insertions(+), 30 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index 9a7f606..f55e932 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -4,11 +4,14 @@ exclude_paths: - .cache/ - .github/ + - .gitea/ - .ansible/ # Skip specific rules skip_list: - yaml[line-length] # Allow longer lines in some cases + - yaml[document-start] # Allow missing document start in vault files + - yaml[truthy] # Allow different truthy values in workflow files - name[casing] # Allow mixed case in task names - args[module] # Skip args rule that causes "file name too long" issues - var-naming[no-role-prefix] # Allow shorter variable names for readability diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 727c571..3efbf2b 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -294,15 +294,49 @@ jobs: - name: Install Java and SonarScanner run: | + set -e apt-get update && apt-get install -y wget curl unzip openjdk-17-jre + # Download and install SonarScanner - SONAR_SCANNER_VERSION=$(curl -s https://api.github.com/repos/SonarSource/sonar-scanner-cli/releases/latest | grep tag_name | cut -d '"' -f 4 | sed 's/v//') - wget -q "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip" -O /tmp/sonar-scanner.zip - unzip -q /tmp/sonar-scanner.zip -d /opt - mv /opt/sonar-scanner-${SONAR_SCANNER_VERSION}-linux /opt/sonar-scanner - ln -s /opt/sonar-scanner/bin/sonar-scanner /usr/local/bin/sonar-scanner + echo "Detecting latest SonarScanner version..." + SONAR_SCANNER_VERSION=$(curl -s https://api.github.com/repos/SonarSource/sonar-scanner-cli/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' | sed 's/v//') + + if [ -z "$SONAR_SCANNER_VERSION" ]; then + echo "Failed to detect version, using fallback version 5.0.1.3006" + SONAR_SCANNER_VERSION="5.0.1.3006" + fi + + echo "Installing SonarScanner version: ${SONAR_SCANNER_VERSION}" + SCANNER_URL="https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip" + + echo "Downloading from: ${SCANNER_URL}" + if ! wget -q --show-progress "${SCANNER_URL}" -O /tmp/sonar-scanner.zip; then + echo "❌ Failed to download SonarScanner" + exit 1 + fi + + echo "Extracting SonarScanner..." + if ! unzip -q /tmp/sonar-scanner.zip -d /tmp; then + echo "❌ Failed to extract SonarScanner" + exit 1 + fi + + if [ -d "/tmp/sonar-scanner-${SONAR_SCANNER_VERSION}-linux" ]; then + mv /tmp/sonar-scanner-${SONAR_SCANNER_VERSION}-linux /opt/sonar-scanner + elif [ -d "/tmp/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux" ]; then + mv /tmp/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux /opt/sonar-scanner + else + echo "❌ SonarScanner directory not found after extraction" + ls -la /tmp/ | grep sonar + exit 1 + fi + + ln -sf /opt/sonar-scanner/bin/sonar-scanner /usr/local/bin/sonar-scanner + chmod +x /opt/sonar-scanner/bin/sonar-scanner chmod +x /usr/local/bin/sonar-scanner - sonar-scanner --version + + echo "Verifying installation..." + sonar-scanner --version || (echo "❌ SonarScanner verification failed" && exit 1) - name: Verify SonarQube connection run: | diff --git a/inventories/production/host_vars/devGPU.yml b/inventories/production/host_vars/devGPU.yml index 0374445..f1744e6 100644 --- a/inventories/production/host_vars/devGPU.yml +++ b/inventories/production/host_vars/devGPU.yml @@ -1,3 +1,4 @@ +--- ansible_become_password: root ansible_python_interpreter: /usr/bin/python3 @@ -9,7 +10,7 @@ shell_additional_users: - devuser01 - devuser02 - dev - + # Data Science configuration (datascience role) install_conda: true conda_install_path: "/root/anaconda3" diff --git a/inventories/production/host_vars/git-ci-01.yml b/inventories/production/host_vars/git-ci-01.yml index 5e4549d..bb80d7e 100644 --- a/inventories/production/host_vars/git-ci-01.yml +++ b/inventories/production/host_vars/git-ci-01.yml @@ -1,3 +1,4 @@ +--- # Configure sudo path for git-ci-01 # Sudo may not be in PATH for non-interactive shells ansible_become_exe: /usr/bin/sudo @@ -5,4 +6,3 @@ ansible_become_method: sudo # Alternative: if sudo is in a different location, update this # ansible_become_exe: /usr/local/bin/sudo - diff --git a/inventories/production/host_vars/sonarqube-01.yml b/inventories/production/host_vars/sonarqube-01.yml index 1300d54..c97cfac 100644 --- a/inventories/production/host_vars/sonarqube-01.yml +++ b/inventories/production/host_vars/sonarqube-01.yml @@ -6,5 +6,4 @@ ansible_become: true ansible_become_method: sudo # Configure shell for ladmin user shell_users: - - ladmin - + - ladmin \ No newline at end of file diff --git a/roles/applications/tasks/main.yml b/roles/applications/tasks/main.yml index 46a0776..52286fa 100644 --- a/roles/applications/tasks/main.yml +++ b/roles/applications/tasks/main.yml @@ -29,6 +29,7 @@ fi register: brave_key_check failed_when: false + changed_when: false when: applications_brave_needs_install - name: Check if Brave repository exists and is correct @@ -55,7 +56,7 @@ - /etc/apt/sources.list.d/brave-browser-release.sources become: true failed_when: false - when: + when: - applications_brave_needs_install - brave_repo_check.stdout == "wrong_config" @@ -64,7 +65,7 @@ path: /usr/share/keyrings/brave-browser-archive-keyring.gpg state: absent become: true - when: + when: - applications_brave_needs_install - brave_key_check.stdout == "wrong_key" @@ -108,4 +109,4 @@ - "LibreOffice: {{ 'Installed' if 'libreoffice' in ansible_facts.packages else 'Missing' }}" - "Evince: {{ 'Installed' if 'evince' in ansible_facts.packages else 'Missing' }}" - "Brave: {{ applications_brave_check.stdout if applications_brave_check.rc == 0 else 'Not installed' }}" - when: ansible_debug_output | default(false) | bool \ No newline at end of file + when: ansible_debug_output | default(false) | bool diff --git a/roles/datascience/defaults/main.yml b/roles/datascience/defaults/main.yml index 6f49a3d..cabe443 100644 --- a/roles/datascience/defaults/main.yml +++ b/roles/datascience/defaults/main.yml @@ -16,5 +16,4 @@ install_r: false r_packages: - r-base - r-base-dev - - r-recommended - + - r-recommended \ No newline at end of file diff --git a/roles/datascience/handlers/main.yml b/roles/datascience/handlers/main.yml index 1c317d3..284b86a 100644 --- a/roles/datascience/handlers/main.yml +++ b/roles/datascience/handlers/main.yml @@ -4,5 +4,4 @@ name: jupyter-notebook state: restarted daemon_reload: true - become: true - + become: true \ No newline at end of file diff --git a/roles/datascience/meta/main.yml b/roles/datascience/meta/main.yml index 337e929..99e099c 100644 --- a/roles/datascience/meta/main.yml +++ b/roles/datascience/meta/main.yml @@ -1,4 +1,3 @@ --- dependencies: - - role: base - + - role: base \ No newline at end of file diff --git a/roles/datascience/tasks/main.yml b/roles/datascience/tasks/main.yml index faa73cc..d50a5a2 100644 --- a/roles/datascience/tasks/main.yml +++ b/roles/datascience/tasks/main.yml @@ -199,5 +199,4 @@ - name: Display R version ansible.builtin.debug: - msg: "R version installed: {{ r_version.stdout_lines[0] if r_version.stdout_lines | length > 0 else 'Not checked in dry-run mode' }}" - + msg: "R version installed: {{ r_version.stdout_lines[0] if r_version.stdout_lines | length > 0 else 'Not checked in dry-run mode' }}" \ No newline at end of file diff --git a/roles/development/tasks/main.yml b/roles/development/tasks/main.yml index 64102aa..3dbef26 100644 --- a/roles/development/tasks/main.yml +++ b/roles/development/tasks/main.yml @@ -30,6 +30,7 @@ fi register: nodesource_repo_check failed_when: false + changed_when: false when: node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22') - name: Check if NodeSource GPG key exists and is correct diff --git a/roles/docker/tasks/setup_gpg_key.yml b/roles/docker/tasks/setup_gpg_key.yml index 20a3817..7f2fd81 100644 --- a/roles/docker/tasks/setup_gpg_key.yml +++ b/roles/docker/tasks/setup_gpg_key.yml @@ -12,6 +12,7 @@ fi register: docker_key_check failed_when: false + changed_when: false - name: Remove incorrect Docker GPG key ansible.builtin.file: @@ -42,5 +43,4 @@ ansible.builtin.file: path: /tmp/docker.gpg state: absent - when: docker_key_check.stdout in ["not_exists", "wrong_key"] - \ No newline at end of file + when: docker_key_check.stdout in ["not_exists", "wrong_key"] \ No newline at end of file diff --git a/roles/docker/tasks/setup_repo_debian.yml b/roles/docker/tasks/setup_repo_debian.yml index d83ba97..ac79607 100644 --- a/roles/docker/tasks/setup_repo_debian.yml +++ b/roles/docker/tasks/setup_repo_debian.yml @@ -12,6 +12,7 @@ fi register: docker_repo_check failed_when: false + changed_when: false - name: Remove incorrect Docker repository ansible.builtin.file: @@ -25,5 +26,4 @@ repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" state: present update_cache: true - when: docker_repo_check.stdout in ["not_exists", "wrong_config"] - \ No newline at end of file + when: docker_repo_check.stdout in ["not_exists", "wrong_config"] \ No newline at end of file diff --git a/roles/docker/tasks/setup_repo_linux_mint.yml b/roles/docker/tasks/setup_repo_linux_mint.yml index f49292c..4e518a1 100644 --- a/roles/docker/tasks/setup_repo_linux_mint.yml +++ b/roles/docker/tasks/setup_repo_linux_mint.yml @@ -20,6 +20,7 @@ fi register: docker_repo_check failed_when: false + changed_when: false - name: Remove incorrect Docker repository ansible.builtin.file: @@ -33,5 +34,4 @@ repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ docker_ubuntu_codename }} stable" state: present update_cache: true - when: docker_repo_check.stdout in ["not_exists", "wrong_config"] - \ No newline at end of file + when: docker_repo_check.stdout in ["not_exists", "wrong_config"] \ No newline at end of file diff --git a/roles/docker/tasks/setup_repo_ubuntu.yml b/roles/docker/tasks/setup_repo_ubuntu.yml index 1ea73dd..ca25913 100644 --- a/roles/docker/tasks/setup_repo_ubuntu.yml +++ b/roles/docker/tasks/setup_repo_ubuntu.yml @@ -12,6 +12,7 @@ fi register: docker_repo_check failed_when: false + changed_when: false - name: Remove incorrect Docker repository ansible.builtin.file: @@ -25,5 +26,4 @@ repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable" state: present update_cache: true - when: docker_repo_check.stdout in ["not_exists", "wrong_config"] - \ No newline at end of file + when: docker_repo_check.stdout in ["not_exists", "wrong_config"] \ No newline at end of file diff --git a/roles/shell/tasks/configure_user_shell.yml b/roles/shell/tasks/configure_user_shell.yml index 882f1ef..dfdd331 100644 --- a/roles/shell/tasks/configure_user_shell.yml +++ b/roles/shell/tasks/configure_user_shell.yml @@ -101,4 +101,4 @@ - " 1. Log out and back in (recommended)" - " 2. Run: exec zsh" - " 3. Or simply run: zsh" - - "==========================================" \ No newline at end of file + - "==========================================" diff --git a/roles/tailscale/tasks/debian.yml b/roles/tailscale/tasks/debian.yml index 4b51cdf..cad3eba 100644 --- a/roles/tailscale/tasks/debian.yml +++ b/roles/tailscale/tasks/debian.yml @@ -18,6 +18,7 @@ fi register: tailscale_key_check failed_when: false + changed_when: false when: tailscale_version_check.rc != 0 - name: Check if Tailscale repository exists and is correct