---
sudo: no
+language: python
addons:
apt:
packages:
- libtext-markdown-discount-perl
- libtext-typography-perl
-script: make -C doc
+install:
+ - pip install ansible
+ - pip install ansible-lint
+ - ansible --version
+ - ansible-lint --version
+
+script:
+ - ansible/lint.sh
+ - make -C doc
deploy:
provider: pages
--- /dev/null
+skip_list:
+ # These default rules (https://docs.ansible.com/ansible-lint/rules/default_rules.html) are deactivated:
+ #
+ # This list must contain only strings, so put the rule numbers in quotes
+ #
+ # Lines can be big and beautiful and don't need no linter!
+ - "204"
+ # Currently buggy in 4.0.0: https://github.com/ansible/ansible-lint/issues/443
+ - "404"
+ # Not a concern for us (internet is either stable or down, retries won't change that):
+ - "405"
+ # Our roles are generally not intended to go on Ansible Galaxy
+ - "701"
+ - "703"
+ - "704"
./apply-role.sh servers base -C -D
```
+ansible-lint
+------------
+
+We use ansible-lint to check all roles when changes are pushed to Github.
+Some rules have been globally disabled. See [.ansible-lint](/ansible/.ansible-lint)
+for a list of all disabled rules. If ansible-lint produces a false positive for
+a specific task you can disable it by adding the following to the task:
+
+```
+ tags:
+ - skip_ansible_lint
+```
+
+For now only roles and no playbooks are checked. Every role must be manually added
+to the generic playbook [_lint_roles.yml](/ansible/_lint_roles.yml) in order to be
+included.
+If an entire role should be skipped please add it to the playbook commented out
+and supply a reason why this role must be skipped.
+
Local ssh config
----------------
--- /dev/null
+---
+##
+## This playbook is only used by ansible-lint to test all roles
+##
+## If a role shouldn't be checked, add it commented-out and document a
+## reason why it is not included in this list
+##
+- hosts: invalid_host_name_by_design
+ roles:
+ - base
+ - debian-installer
+ - localconfig
+ - openwrt/image
+ - preseed
+ - reboot-and-wait
+ - usb-install
+ - vm/grub
+ - vm/guest
+ - vm/host
+ - vm/install
+ - vm/network
--- /dev/null
+#!/bin/bash
+cd "${BASH_SOURCE%/*}/"
+exec ansible-lint _lint_roles.yml
---
-- set_fact:
+- name: generate list of users allowed to login via ssh
+ set_fact:
sshd_allowusers: >-
{{ [ 'root' ] | union(user_groups.noc)
| union(sshd_allowusers_group | default([]))
- "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256"
- "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc"
- "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}"
- - fail:
+
+ - name: the download has failed...
+ fail:
msg: Something borked
path: "{{ openwrt_output_dir }}"
state: directory
- - set_fact:
+ - name: generate list of packages to add or remove
+ set_fact:
openwrt_packages: >-
{{ openwrt_packages_remove | map('regex_replace', '^', '-') | join(' ') }}
{{ openwrt_packages_add | join(' ') }}
state: directory
register: tmpdir
-- set_fact:
+- name: set variables needed to build images
+ set_fact:
openwrt_imgbuilder_dir: "{{ tmpdir.path }}"
openwrt_imgbuilder_files: "{{ tmpdir.path }}/files"
- "{{ openwrt_mixin | map('dirname') | map('regex_replace', '^', openwrt_imgbuilder_files) | unique | list }}"
-- name: Copy mixins in place [1/2]
+- name: Copy mixins in place [1/3]
+ file:
+ dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}"
+ src: "{{ item.value.link }}"
+ force: yes
+ follow: no
+ state: link
+ with_dict: "{{ openwrt_mixin }}"
+ when: '"link" in item.value'
+ loop_control:
+ label: "{{ item.key }}"
+
+- name: Copy mixins in place [2/3]
copy:
src: "{{ item.value.file }}"
dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}"
loop_control:
label: "{{ item.key }}"
-- name: Copy mixins in place [2/2]
+- name: Copy mixins in place [3/3]
copy:
content: "{{ item.value.content }}"
dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}"
trim_blocks: yes
when: openwrt_groups is defined or openwrt_users is defined
-- unarchive:
+- name: extract image builder tarball
+ unarchive:
copy: False
src: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}"
dest: "{{ openwrt_imgbuilder_dir }}"
stdin: |
preseed.cfg
authorized_keys
+ tags:
+ - skip_ansible_lint
async: 1
poll: 0
ignore_errors: true
+ tags:
+ - skip_ansible_lint
- name: waiting for host to come back
wait_for_connection:
projects / noc.git / commitdiff