From e069395ba00a36cb3d5da0b9ddbd186a64af405c Mon Sep 17 00:00:00 2001
From: Rafael Guterres Jeffman <rjeffman@redhat.com>
Date: Mon, 21 Sep 2020 19:56:58 -0300
Subject: [PATCH] Make ansible-lint and yamllint use more strict rules.

This patch modifies configuration of both ansible-lint and yamllint
to check for more rules, resulting in a more strict verification.

For ansible-lint verification of errors 301, 305 and 505 are skipped,
due to false positives. For the same reason, 'experimental' rules
are skipped.

ansible-lint error 306 is skipped since the fix is to set pipefail,
which is not available in all shells (for example dash, which runs
ansible-freeipa CI).

Yamllint disabled rules (comments, and indentation) would introduce a
huge amount of small changes, and are left for future changes, it
deemed necessary.
---
 .ansible-lint              | 16 +++++------
 .github/workflows/lint.yml |  1 +
 .yamllint                  |  9 ++----
 setup.cfg                  |  2 +-
 utils/lint_check.sh        | 56 +++++++++++++++++++++++---------------
 5 files changed, 46 insertions(+), 38 deletions(-)

diff --git a/.ansible-lint b/.ansible-lint
index 4db98b76..e71a16f8 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,3 +1,4 @@
+---
 exclude_paths:
   - .ansible-freeipa-tests/
   - .cache/
@@ -8,22 +9,21 @@ exclude_paths:
   - .yamllint
   - molecule/
   - tests/azure/
+  - meta/runtime.yml
 
+kinds:
+  - playbook: '**/tests/**/test_*.yml'
+  - playbook: '**/playbooks/**/*.yml'
 
 parseable: true
 
 quiet: false
 
 skip_list:
-  - '201'  # Trailing whitespace
-  - '204'  # Lines should be no longer than 160 chars
-  - '206'  # Variables should have spaces before and after: {{ var_name }}'
-  - '208'  # File permissions not mentioned
   - '301'  # Commands should not change things if nothing needs doing'
-  - '305'  # Use shell only when shell functionality is required'
-  - '306'  # Shells that use pipes should set the pipefail option'
-  - '502'  # All tasks should be named
-  - '505'  # Referenced missing file
+  - '305'  # Use shell only when shell functionality is required
+  - '306'  # risky-shell-pipe
+  - yaml   # yamllint should be executed separately.
 
 use_default_rules: true
 
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 80400482..d680f076 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -21,6 +21,7 @@ jobs:
             tests/*/*/*.yml
             playbooks/*.yml
             playbooks/*/*.yml
+            roles/*/*/*.yml
         env:
           ANSIBLE_MODULE_UTILS: plugins/module_utils
           ANSIBLE_LIBRARY: plugins/modules
diff --git a/.yamllint b/.yamllint
index 3671e728..5fbcc17c 100644
--- a/.yamllint
+++ b/.yamllint
@@ -16,13 +16,8 @@ rules:
   truthy:
     allowed-values: ["yes", "no", "true", "false", "True", "False"]
     level: error
+  line-length:
+    max: 160
   # Disabled rules
-  document-start: disable
   indentation: disable
-  line-length: disable
-  colons: disable
-  empty-lines: disable
   comments: disable
-  comments-indentation: disable
-  trailing-spaces: disable
-  new-line-at-end-of-file: disable
diff --git a/setup.cfg b/setup.cfg
index f4462241..15acf377 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -23,7 +23,7 @@ data_files =
 
 [flake8]
 extend-ignore = E203, D1, D212, D203, D400, D401
-exclude = .git,__pycache__,.tox,.venv
+exclude = .git,__pycache__,.tox,.venv,.cache,.ansible-freeipa-tests
 per-file-ignores =
     plugins/*:E402
     roles/*:E402
diff --git a/utils/lint_check.sh b/utils/lint_check.sh
index d7bfadc3..27060b27 100755
--- a/utils/lint_check.sh
+++ b/utils/lint_check.sh
@@ -1,29 +1,41 @@
 #!/bin/bash
 
-topdir="`dirname $(dirname $0)`"
-
-flake8 .
-pydocstyle .
-pylint plugins
-
-ANSIBLE_LIBRARY=${ANSIBLE_LIBRARY:-"${topdir}/plugins/modules"}
-ANSIBLE_MODULE_UTILS=${ANSIBLE_MODULE_UTILS:-"${topdir}/plugins/module_utils"}
+INFO="\033[37;1m"
+WARN="\033[33;1m"
+RST="\033[0m"
+
+pushd "`dirname $0`/.." >/dev/null 2>&1
+
+echo -e "${INFO}Running 'flake8'...${RST}"
+flake8 plugins utils roles *.py
+echo -e "${INFO}Running 'pydocstyle'...${RST}"
+pydocstyle plugins utils roles *.py
+echo -e "${INFO}Running 'pylint'...${RST}"
+pylint plugins *.py
+
+ANSIBLE_LIBRARY="${ANSIBLE_LIBRARY:-plugins/modules}"
+ANSIBLE_MODULE_UTILS="${ANSIBLE_MODULE_UTILS:-plugins/module_utils}"
+ANSIBLE_DOC_FRAGMENT_PLUGINS="${ANSIBLE_DOC_FRAGMENT_PLUGINS:-plugins/doc_fragments}"
+export ANSIBLE_LIBRARY ANSIBLE_MODULE_UTILS ANSIBLE_DOC_FRAGMENT_PLUGINS
+
+echo -e "${WARN}Missing file warnings are expected and can be ignored.${RST}"
+echo -e "${INFO}Running 'ansible-lint'...${RST}"
+playbook_dirs=(
+    "tests"
+    "playbooks"
+)
+ansible-lint --force-color "${playbook_dirs[@]}"
 
-export ANSIBLE_LIBRARY ANSIBLE_MODULE_UTILS
+echo -e "${INFO}Running 'ansible-doc-test'...${RST}"
+python "`dirname $0`/ansible-doc-test" -v roles plugins
 
+echo -e "${INFO}Running 'yamllint'...${RST}"
 yaml_dirs=(
-    "${topdir}/tests"
-    "${topdir}/playbooks"
-    "${topdir}/molecule"
+    "tests"
+    "playbooks"
+    "molecule"
+    "roles"
 )
+yamllint -f colored "${yaml_dirs[@]}"
 
-for dir in "${yaml_dirs[@]}"
-do
-    find "${dir}" -type f -name "*.yml" | xargs ansible-lint --force-color
-done
-
-
-for dir in "${yaml_dirs[@]}"
-do
-    find "${dir}" -type f -name "*.yml" | xargs yamllint
-done
+popd >/dev/null 2>&1
-- 
GitLab