From 57acbf40653afe9064c22a4d85b30fd680c5eebe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Duarte?= Date: Thu, 4 Jan 2024 09:45:27 +0000 Subject: [PATCH 1/4] Add ansible linter action --- .github/workflows/ansible-linter.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/workflows/ansible-linter.yaml diff --git a/.github/workflows/ansible-linter.yaml b/.github/workflows/ansible-linter.yaml new file mode 100644 index 0000000..b085290 --- /dev/null +++ b/.github/workflows/ansible-linter.yaml @@ -0,0 +1,16 @@ +name: ansible-lint +on: + pull_request: + push: + branches: + - main + + +jobs: + build: + name: Ansible Lint # Naming the build is important to use it as a status check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Run ansible-lint + uses: ansible/ansible-lint@main # or version tag instead of 'main' \ No newline at end of file From e26c1697e3c9070bbc910cf6f9322beb3aaf9d7c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Duarte?= Date: Thu, 4 Jan 2024 10:12:40 +0000 Subject: [PATCH 2/4] Add ansible configuration file with a workaround for ansible-lint since it doesn't support glob or regex --- .ansible-lint | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .ansible-lint diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..b1852b9 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,12 @@ +--- +exclude_paths: +# NOTE(luisd): AFAIK ansible-lint doesn't have a include files only and neither deos have +# a glob implementation, so we exclude all yaml files manually from the root directory :/ + - dev-cluster.yaml + - local-dev-cluster.yaml + - .kube-linter.yaml + - .github/ + - .vscode/ + - .git +kinds: + - playbook: '**/*-playbook.{yaml,yml}' From 040da1e115a16b94f87bc8bb03bec4b68c968e2c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Duarte?= Date: Thu, 4 Jan 2024 10:29:04 +0000 Subject: [PATCH 3/4] add sarif uploading --- .ansible-lint | 3 +++ .github/workflows/ansible-linter.yaml | 8 +++++++- .gitignore | 3 ++- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index b1852b9..e6593ab 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -8,5 +8,8 @@ exclude_paths: - .github/ - .vscode/ - .git + +sarif_file: ansible.sarif + kinds: - playbook: '**/*-playbook.{yaml,yml}' diff --git a/.github/workflows/ansible-linter.yaml b/.github/workflows/ansible-linter.yaml index b085290..b7cf036 100644 --- a/.github/workflows/ansible-linter.yaml +++ b/.github/workflows/ansible-linter.yaml @@ -13,4 +13,10 @@ jobs: steps: - uses: actions/checkout@v4 - name: Run ansible-lint - uses: ansible/ansible-lint@main # or version tag instead of 'main' \ No newline at end of file + uses: ansible/ansible-lint@main # or version tag instead of 'main' + - name: Upload sarif + if: always() + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: ansible.sarif + category: ansible-lint \ No newline at end of file diff --git a/.gitignore b/.gitignore index 1a53d47..69a4362 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .vagrant/** -local-dev-cluster.yaml \ No newline at end of file +local-dev-cluster.yaml +**.sarif \ No newline at end of file From 490fadc69f435d7c6c5e197c8b89780f6e356a02 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lu=C3=ADs=20Duarte?= Date: Sat, 6 Jan 2024 20:11:29 +0000 Subject: [PATCH 4/4] Apply suggestions from code review Co-authored-by: Nuno Pereira --- .ansible-lint | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index e6593ab..dde280b 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,7 +1,7 @@ --- exclude_paths: -# NOTE(luisd): AFAIK ansible-lint doesn't have a include files only and neither deos have -# a glob implementation, so we exclude all yaml files manually from the root directory :/ +# NOTE(luisd): AFAIK ansible-lint has neither an "include files only" configuration nor a glob implementation, +# so we exclude all yaml files manually from the root directory :/ - dev-cluster.yaml - local-dev-cluster.yaml - .kube-linter.yaml