Fix: Update ansible-lint configuration to exclude specific paths and skip certain rules for improved linting flexibility

2025-12-14 21:04:45 -05:00 · 2025-12-14 21:04:45 -05:00 · 83a5d988af
commit 83a5d988af
parent a45ee496e4
17 changed files with 66 additions and 30 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -4,11 +4,14 @@
 exclude_paths:
  - .cache/
  - .github/
+  - .gitea/
  - .ansible/

 # Skip specific rules
 skip_list:
  - yaml[line-length]  # Allow longer lines in some cases
+  - yaml[document-start]  # Allow missing document start in vault files
+  - yaml[truthy]  # Allow different truthy values in workflow files
  - name[casing]       # Allow mixed case in task names
  - args[module]       # Skip args rule that causes "file name too long" issues
  - var-naming[no-role-prefix]  # Allow shorter variable names for readability
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@ -294,15 +294,49 @@ jobs:

      - name: Install Java and SonarScanner
        run: |
+          set -e
          apt-get update && apt-get install -y wget curl unzip openjdk-17-jre
+          
          # Download and install SonarScanner
-          SONAR_SCANNER_VERSION=$(curl -s https://api.github.com/repos/SonarSource/sonar-scanner-cli/releases/latest | grep tag_name | cut -d '"' -f 4 | sed 's/v//')
-          wget -q "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip" -O /tmp/sonar-scanner.zip
-          unzip -q /tmp/sonar-scanner.zip -d /opt
-          mv /opt/sonar-scanner-${SONAR_SCANNER_VERSION}-linux /opt/sonar-scanner
-          ln -s /opt/sonar-scanner/bin/sonar-scanner /usr/local/bin/sonar-scanner
+          echo "Detecting latest SonarScanner version..."
+          SONAR_SCANNER_VERSION=$(curl -s https://api.github.com/repos/SonarSource/sonar-scanner-cli/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' | sed 's/v//')
+          
+          if [ -z "$SONAR_SCANNER_VERSION" ]; then
+            echo "Failed to detect version, using fallback version 5.0.1.3006"
+            SONAR_SCANNER_VERSION="5.0.1.3006"
+          fi
+          
+          echo "Installing SonarScanner version: ${SONAR_SCANNER_VERSION}"
+          SCANNER_URL="https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip"
+          
+          echo "Downloading from: ${SCANNER_URL}"
+          if ! wget -q --show-progress "${SCANNER_URL}" -O /tmp/sonar-scanner.zip; then
+            echo "❌ Failed to download SonarScanner"
+            exit 1
+          fi
+          
+          echo "Extracting SonarScanner..."
+          if ! unzip -q /tmp/sonar-scanner.zip -d /tmp; then
+            echo "❌ Failed to extract SonarScanner"
+            exit 1
+          fi
+          
+          if [ -d "/tmp/sonar-scanner-${SONAR_SCANNER_VERSION}-linux" ]; then
+            mv /tmp/sonar-scanner-${SONAR_SCANNER_VERSION}-linux /opt/sonar-scanner
+          elif [ -d "/tmp/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux" ]; then
+            mv /tmp/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux /opt/sonar-scanner
+          else
+            echo "❌ SonarScanner directory not found after extraction"
+            ls -la /tmp/ | grep sonar
+            exit 1
+          fi
+          
+          ln -sf /opt/sonar-scanner/bin/sonar-scanner /usr/local/bin/sonar-scanner
+          chmod +x /opt/sonar-scanner/bin/sonar-scanner
          chmod +x /usr/local/bin/sonar-scanner
-          sonar-scanner --version
+          
+          echo "Verifying installation..."
+          sonar-scanner --version || (echo "❌ SonarScanner verification failed" && exit 1)

      - name: Verify SonarQube connection
        run: |
--- a/inventories/production/host_vars/devGPU.yml
+++ b/inventories/production/host_vars/devGPU.yml
@ -1,3 +1,4 @@
+---
 ansible_become_password: root

 ansible_python_interpreter: /usr/bin/python3
@ -9,7 +10,7 @@ shell_additional_users:
  - devuser01
  - devuser02
  - dev
-  
+
 # Data Science configuration (datascience role)
 install_conda: true
 conda_install_path: "/root/anaconda3"
--- a/inventories/production/host_vars/git-ci-01.yml
+++ b/inventories/production/host_vars/git-ci-01.yml
@ -1,3 +1,4 @@
+---
 # Configure sudo path for git-ci-01
 # Sudo may not be in PATH for non-interactive shells
 ansible_become_exe: /usr/bin/sudo
@ -5,4 +6,3 @@ ansible_become_method: sudo

 # Alternative: if sudo is in a different location, update this
 # ansible_become_exe: /usr/local/bin/sudo
-
--- a/inventories/production/host_vars/sonarqube-01.yml
+++ b/inventories/production/host_vars/sonarqube-01.yml
@ -6,5 +6,4 @@ ansible_become: true
 ansible_become_method: sudo
 # Configure shell for ladmin user
 shell_users:
-  - ladmin
-
+  - ladmin
--- a/roles/applications/tasks/main.yml
+++ b/roles/applications/tasks/main.yml
@ -29,6 +29,7 @@
    fi
  register: brave_key_check
  failed_when: false
+  changed_when: false
  when: applications_brave_needs_install

 - name: Check if Brave repository exists and is correct
@ -55,7 +56,7 @@
    - /etc/apt/sources.list.d/brave-browser-release.sources
  become: true
  failed_when: false
-  when: 
+  when:
    - applications_brave_needs_install
    - brave_repo_check.stdout == "wrong_config"

@ -64,7 +65,7 @@
    path: /usr/share/keyrings/brave-browser-archive-keyring.gpg
    state: absent
  become: true
-  when: 
+  when:
    - applications_brave_needs_install
    - brave_key_check.stdout == "wrong_key"

@ -108,4 +109,4 @@
      - "LibreOffice: {{ 'Installed' if 'libreoffice' in ansible_facts.packages else 'Missing' }}"
      - "Evince: {{ 'Installed' if 'evince' in ansible_facts.packages else 'Missing' }}"
      - "Brave: {{ applications_brave_check.stdout if applications_brave_check.rc == 0 else 'Not installed' }}"
-  when: ansible_debug_output | default(false) | bool
+  when: ansible_debug_output | default(false) | bool
--- a/roles/datascience/defaults/main.yml
+++ b/roles/datascience/defaults/main.yml
@ -16,5 +16,4 @@ install_r: false
 r_packages:
  - r-base
  - r-base-dev
-  - r-recommended
-
+  - r-recommended
--- a/roles/datascience/handlers/main.yml
+++ b/roles/datascience/handlers/main.yml
@ -4,5 +4,4 @@
    name: jupyter-notebook
    state: restarted
    daemon_reload: true
-  become: true
-
+  become: true
--- a/roles/datascience/meta/main.yml
+++ b/roles/datascience/meta/main.yml
@ -1,4 +1,3 @@
 ---
 dependencies:
-  - role: base
-
+  - role: base
--- a/roles/datascience/tasks/main.yml
+++ b/roles/datascience/tasks/main.yml
@ -199,5 +199,4 @@

    - name: Display R version
      ansible.builtin.debug:
-        msg: "R version installed: {{ r_version.stdout_lines[0] if r_version.stdout_lines | length > 0 else 'Not checked in dry-run mode' }}"
-
+        msg: "R version installed: {{ r_version.stdout_lines[0] if r_version.stdout_lines | length > 0 else 'Not checked in dry-run mode' }}"
--- a/roles/development/tasks/main.yml
+++ b/roles/development/tasks/main.yml
@ -30,6 +30,7 @@
    fi
  register: nodesource_repo_check
  failed_when: false
+  changed_when: false
  when: node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22')

 - name: Check if NodeSource GPG key exists and is correct
--- a/roles/docker/tasks/setup_gpg_key.yml
+++ b/roles/docker/tasks/setup_gpg_key.yml
@ -12,6 +12,7 @@
    fi
  register: docker_key_check
  failed_when: false
+  changed_when: false

 - name: Remove incorrect Docker GPG key
  ansible.builtin.file:
@ -42,5 +43,4 @@
  ansible.builtin.file:
    path: /tmp/docker.gpg
    state: absent
-  when: docker_key_check.stdout in ["not_exists", "wrong_key"]
-  
+  when: docker_key_check.stdout in ["not_exists", "wrong_key"]
--- a/roles/docker/tasks/setup_repo_debian.yml
+++ b/roles/docker/tasks/setup_repo_debian.yml
@ -12,6 +12,7 @@
    fi
  register: docker_repo_check
  failed_when: false
+  changed_when: false

 - name: Remove incorrect Docker repository
  ansible.builtin.file:
@ -25,5 +26,4 @@
    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
    state: present
    update_cache: true
-  when: docker_repo_check.stdout in ["not_exists", "wrong_config"]
-  
+  when: docker_repo_check.stdout in ["not_exists", "wrong_config"]
--- a/roles/docker/tasks/setup_repo_linux_mint.yml
+++ b/roles/docker/tasks/setup_repo_linux_mint.yml
@ -20,6 +20,7 @@
    fi
  register: docker_repo_check
  failed_when: false
+  changed_when: false

 - name: Remove incorrect Docker repository
  ansible.builtin.file:
@ -33,5 +34,4 @@
    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ docker_ubuntu_codename }} stable"
    state: present
    update_cache: true
-  when: docker_repo_check.stdout in ["not_exists", "wrong_config"]
-  
+  when: docker_repo_check.stdout in ["not_exists", "wrong_config"]
--- a/roles/docker/tasks/setup_repo_ubuntu.yml
+++ b/roles/docker/tasks/setup_repo_ubuntu.yml
@ -12,6 +12,7 @@
    fi
  register: docker_repo_check
  failed_when: false
+  changed_when: false

 - name: Remove incorrect Docker repository
  ansible.builtin.file:
@ -25,5 +26,4 @@
    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
    state: present
    update_cache: true
-  when: docker_repo_check.stdout in ["not_exists", "wrong_config"]
-  
+  when: docker_repo_check.stdout in ["not_exists", "wrong_config"]
--- a/roles/shell/tasks/configure_user_shell.yml
+++ b/roles/shell/tasks/configure_user_shell.yml
@ -101,4 +101,4 @@
          - "  1. Log out and back in (recommended)"
          - "  2. Run: exec zsh"
          - "  3. Or simply run: zsh"
-          - "=========================================="
+          - "=========================================="
--- a/roles/tailscale/tasks/debian.yml
+++ b/roles/tailscale/tasks/debian.yml
@ -18,6 +18,7 @@
    fi
  register: tailscale_key_check
  failed_when: false
+  changed_when: false
  when: tailscale_version_check.rc != 0

 - name: Check if Tailscale repository exists and is correct