Add ansible-lint production profile configuration
Add comprehensive ansible-lint configuration for code quality and security best practices enforcement. Features: - Production profile for strict checking - Proper exclusion of sensitive directories (secrets/, stats/) - Mock modules for community collections (nmcli, lvol, lvg, virt) - Comprehensive file type detection (playbooks, roles, tasks, etc.) - Warn-only rules for experimental and legacy patterns Configuration highlights: - Exclude paths: .cache, .git, molecule, secrets, stats, vaults - Allow package-latest for security updates (automatic patching) - Warn on: experimental, no-changed-when, command-instead-of-module - Support for custom playbooks/ and plays/ directories - Documented usage examples and rule configuration Benefits: - Consistent code quality across all roles and playbooks - Early detection of security issues and best practice violations - Automated checking in development workflow - Clear documentation for team members - Support for auto-fix capability (ansible-lint --fix) Usage: ansible-lint # Lint all files ansible-lint site.yml # Lint specific playbook ansible-lint roles/role_name/ # Lint specific role ansible-lint --fix # Auto-fix issues Integration: - Ready for CI/CD pipeline integration - Compatible with pre-commit hooks - Supports GitHub Actions workflows 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
115
.ansible-lint
Normal file
115
.ansible-lint
Normal file
@@ -0,0 +1,115 @@
|
||||
---
|
||||
# =============================================================================
|
||||
# Ansible Lint Configuration
|
||||
# =============================================================================
|
||||
#
|
||||
# This file configures ansible-lint for code quality checks.
|
||||
#
|
||||
# Run with:
|
||||
# ansible-lint # Lint all files
|
||||
# ansible-lint site.yml # Lint specific playbook
|
||||
# ansible-lint roles/role_name/ # Lint specific role
|
||||
#
|
||||
# =============================================================================
|
||||
|
||||
# Use production profile for strict checking
|
||||
profile: production
|
||||
|
||||
# Exclude paths
|
||||
exclude_paths:
|
||||
- .cache/
|
||||
- .git/
|
||||
- .github/
|
||||
- molecule/
|
||||
- secrets/
|
||||
- stats/
|
||||
- inventories/*/host_vars/
|
||||
- inventories/*/group_vars/all/vault.yml
|
||||
- '*.vault'
|
||||
- '*.example'
|
||||
- tests/
|
||||
|
||||
# Skip specific rules
|
||||
skip_list:
|
||||
# Allow latest for security packages (automatic updates)
|
||||
- package-latest
|
||||
|
||||
# Allow risky-file-permissions for specific cases
|
||||
# (we use explicit permissions in our roles)
|
||||
# - risky-file-permissions
|
||||
|
||||
# Warn on these rules instead of failing
|
||||
warn_list:
|
||||
- experimental
|
||||
- no-changed-when
|
||||
- command-instead-of-module
|
||||
- command-instead-of-shell
|
||||
|
||||
# Enable offline mode (don't check for new rules)
|
||||
offline: false
|
||||
|
||||
# Strict mode - treat warnings as errors
|
||||
# strict: true
|
||||
|
||||
# Mock modules and roles for linting
|
||||
mock_modules:
|
||||
- community.general.nmcli
|
||||
- community.general.lvol
|
||||
- community.general.lvg
|
||||
- community.libvirt.virt
|
||||
|
||||
mock_roles:
|
||||
- common
|
||||
- security_baseline
|
||||
|
||||
# Enable progressive mode (incrementally adopt new rules)
|
||||
progressive: false
|
||||
|
||||
# Configure specific rules
|
||||
kinds:
|
||||
- yaml: "**/*.yaml"
|
||||
- yaml: "**/*.yml"
|
||||
- playbook: "**/playbooks/*.yml"
|
||||
- playbook: "**/plays/*.yml"
|
||||
- playbook: "site.yml"
|
||||
- tasks: "**/tasks/*.yml"
|
||||
- vars: "**/vars/*.yml"
|
||||
- meta: "**/meta/*.yml"
|
||||
- requirements: "**/requirements.yml"
|
||||
- handlers: "**/handlers/*.yml"
|
||||
- galaxy: "**/galaxy.yml"
|
||||
|
||||
# =============================================================================
|
||||
# Rule Configuration
|
||||
# =============================================================================
|
||||
|
||||
# Ignore line length for specific patterns
|
||||
# rules:
|
||||
# line-length:
|
||||
# max: 160
|
||||
# allow-filter: true
|
||||
|
||||
# =============================================================================
|
||||
# Usage Examples
|
||||
# =============================================================================
|
||||
#
|
||||
# Lint entire project:
|
||||
# ansible-lint
|
||||
#
|
||||
# Lint specific playbook:
|
||||
# ansible-lint site.yml
|
||||
# ansible-lint playbooks/security_audit.yml
|
||||
#
|
||||
# Lint specific role:
|
||||
# ansible-lint roles/system_info/
|
||||
#
|
||||
# Auto-fix issues (where possible):
|
||||
# ansible-lint --fix
|
||||
#
|
||||
# List all rules:
|
||||
# ansible-lint -L
|
||||
#
|
||||
# Show rule documentation:
|
||||
# ansible-lint -T
|
||||
#
|
||||
# =============================================================================
|
||||
Reference in New Issue
Block a user