2025-12-17 22:45:01 -05:00
17 changed files with 66 additions and 30 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -4,11 +4,14 @@
 exclude_paths:
  - .cache/
  - .github/
+  - .gitea/
  - .ansible/

 # Skip specific rules
 skip_list:
  - yaml[line-length]  # Allow longer lines in some cases
+  - yaml[document-start]  # Allow missing document start in vault files
+  - yaml[truthy]  # Allow different truthy values in workflow files
  - name[casing]       # Allow mixed case in task names
  - args[module]       # Skip args rule that causes "file name too long" issues
  - var-naming[no-role-prefix]  # Allow shorter variable names for readability
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@ -294,15 +294,49 @@ jobs:

      - name: Install Java and SonarScanner
        run: |
+          set -e
          apt-get update && apt-get install -y wget curl unzip openjdk-17-jre
+          
          # Download and install SonarScanner
-          SONAR_SCANNER_VERSION=$(curl -s https://api.github.com/repos/SonarSource/sonar-scanner-cli/releases/latest | grep tag_name | cut -d '"' -f 4 | sed 's/v//')
-          wget -q "https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip" -O /tmp/sonar-scanner.zip
-          unzip -q /tmp/sonar-scanner.zip -d /opt
-          mv /opt/sonar-scanner-${SONAR_SCANNER_VERSION}-linux /opt/sonar-scanner
-          ln -s /opt/sonar-scanner/bin/sonar-scanner /usr/local/bin/sonar-scanner
+          echo "Detecting latest SonarScanner version..."
+          SONAR_SCANNER_VERSION=$(curl -s https://api.github.com/repos/SonarSource/sonar-scanner-cli/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' | sed 's/v//')
+          
+          if [ -z "$SONAR_SCANNER_VERSION" ]; then
+            echo "Failed to detect version, using fallback version 5.0.1.3006"
+            SONAR_SCANNER_VERSION="5.0.1.3006"
+          fi
+          
+          echo "Installing SonarScanner version: ${SONAR_SCANNER_VERSION}"
+          SCANNER_URL="https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux.zip"
+          
+          echo "Downloading from: ${SCANNER_URL}"
+          if ! wget -q --show-progress "${SCANNER_URL}" -O /tmp/sonar-scanner.zip; then
+            echo "❌ Failed to download SonarScanner"
+            exit 1
+          fi
+          
+          echo "Extracting SonarScanner..."
+          if ! unzip -q /tmp/sonar-scanner.zip -d /tmp; then
+            echo "❌ Failed to extract SonarScanner"
+            exit 1
+          fi
+          
+          if [ -d "/tmp/sonar-scanner-${SONAR_SCANNER_VERSION}-linux" ]; then
+            mv /tmp/sonar-scanner-${SONAR_SCANNER_VERSION}-linux /opt/sonar-scanner
+          elif [ -d "/tmp/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux" ]; then
+            mv /tmp/sonar-scanner-cli-${SONAR_SCANNER_VERSION}-linux /opt/sonar-scanner
+          else
+            echo "❌ SonarScanner directory not found after extraction"
+            ls -la /tmp/ | grep sonar
+            exit 1
+          fi
+          
+          ln -sf /opt/sonar-scanner/bin/sonar-scanner /usr/local/bin/sonar-scanner
+          chmod +x /opt/sonar-scanner/bin/sonar-scanner
          chmod +x /usr/local/bin/sonar-scanner
-          sonar-scanner --version
+          
+          echo "Verifying installation..."
+          sonar-scanner --version || (echo "❌ SonarScanner verification failed" && exit 1)

      - name: Verify SonarQube connection
        run: |
--- a/inventories/production/host_vars/devGPU.yml
+++ b/inventories/production/host_vars/devGPU.yml
@ -1,3 +1,4 @@
+---
 ansible_become_password: root

 ansible_python_interpreter: /usr/bin/python3
--- a/inventories/production/host_vars/git-ci-01.yml
+++ b/inventories/production/host_vars/git-ci-01.yml
@ -1,3 +1,4 @@
+---
 # Configure sudo path for git-ci-01
 # Sudo may not be in PATH for non-interactive shells
 ansible_become_exe: /usr/bin/sudo
@ -5,4 +6,3 @@ ansible_become_method: sudo

 # Alternative: if sudo is in a different location, update this
 # ansible_become_exe: /usr/local/bin/sudo
-
--- a/inventories/production/host_vars/sonarqube-01.yml
+++ b/inventories/production/host_vars/sonarqube-01.yml
@ -7,4 +7,3 @@ ansible_become_method: sudo
 # Configure shell for ladmin user
 shell_users:
  - ladmin
-
--- a/roles/applications/tasks/main.yml
+++ b/roles/applications/tasks/main.yml
@ -29,6 +29,7 @@
    fi
  register: brave_key_check
  failed_when: false
+  changed_when: false
  when: applications_brave_needs_install

 - name: Check if Brave repository exists and is correct
--- a/roles/datascience/defaults/main.yml
+++ b/roles/datascience/defaults/main.yml
@ -17,4 +17,3 @@ r_packages:
  - r-base
  - r-base-dev
  - r-recommended
-
--- a/roles/datascience/handlers/main.yml
+++ b/roles/datascience/handlers/main.yml
@ -5,4 +5,3 @@
    state: restarted
    daemon_reload: true
  become: true
-
--- a/roles/datascience/meta/main.yml
+++ b/roles/datascience/meta/main.yml
@ -1,4 +1,3 @@
 ---
 dependencies:
  - role: base
-
--- a/roles/datascience/tasks/main.yml
+++ b/roles/datascience/tasks/main.yml
@ -200,4 +200,3 @@
    - name: Display R version
      ansible.builtin.debug:
        msg: "R version installed: {{ r_version.stdout_lines[0] if r_version.stdout_lines | length > 0 else 'Not checked in dry-run mode' }}"
-
--- a/roles/development/tasks/main.yml
+++ b/roles/development/tasks/main.yml
@ -30,6 +30,7 @@
    fi
  register: nodesource_repo_check
  failed_when: false
+  changed_when: false
  when: node_version_check.rc != 0 or not node_version_check.stdout.startswith('v22')

 - name: Check if NodeSource GPG key exists and is correct
--- a/roles/docker/tasks/setup_gpg_key.yml
+++ b/roles/docker/tasks/setup_gpg_key.yml
@ -12,6 +12,7 @@
    fi
  register: docker_key_check
  failed_when: false
+  changed_when: false

 - name: Remove incorrect Docker GPG key
  ansible.builtin.file:
@ -43,4 +44,3 @@
    path: /tmp/docker.gpg
    state: absent
  when: docker_key_check.stdout in ["not_exists", "wrong_key"]
-  
--- a/roles/docker/tasks/setup_repo_debian.yml
+++ b/roles/docker/tasks/setup_repo_debian.yml
@ -12,6 +12,7 @@
    fi
  register: docker_repo_check
  failed_when: false
+  changed_when: false

 - name: Remove incorrect Docker repository
  ansible.builtin.file:
@ -26,4 +27,3 @@
    state: present
    update_cache: true
  when: docker_repo_check.stdout in ["not_exists", "wrong_config"]
-  
--- a/roles/docker/tasks/setup_repo_linux_mint.yml
+++ b/roles/docker/tasks/setup_repo_linux_mint.yml
@ -20,6 +20,7 @@
    fi
  register: docker_repo_check
  failed_when: false
+  changed_when: false

 - name: Remove incorrect Docker repository
  ansible.builtin.file:
@ -34,4 +35,3 @@
    state: present
    update_cache: true
  when: docker_repo_check.stdout in ["not_exists", "wrong_config"]
-  
--- a/roles/docker/tasks/setup_repo_ubuntu.yml
+++ b/roles/docker/tasks/setup_repo_ubuntu.yml
@ -12,6 +12,7 @@
    fi
  register: docker_repo_check
  failed_when: false
+  changed_when: false

 - name: Remove incorrect Docker repository
  ansible.builtin.file:
@ -26,4 +27,3 @@
    state: present
    update_cache: true
  when: docker_repo_check.stdout in ["not_exists", "wrong_config"]
-  
--- a/roles/tailscale/tasks/debian.yml
+++ b/roles/tailscale/tasks/debian.yml
@ -18,6 +18,7 @@
    fi
  register: tailscale_key_check
  failed_when: false
+  changed_when: false
  when: tailscale_version_check.rc != 0

 - name: Check if Tailscale repository exists and is correct