---
# =============================================================================
# Ansible Lint Configuration
# =============================================================================
#
# This file configures ansible-lint for code quality checks.
#
# Run with:
#   ansible-lint                    # Lint all files
#   ansible-lint site.yml           # Lint specific playbook
#   ansible-lint roles/role_name/   # Lint specific role
#
# =============================================================================

# Use production profile for strict checking
profile: production

# Exclude paths
exclude_paths:
  - .cache/
  - .git/
  - .github/
  - molecule/
  - secrets/
  - stats/
  - inventories/*/host_vars/
  - inventories/*/group_vars/all/vault.yml
  - '*.vault'
  - '*.example'
  - tests/

# Skip specific rules
skip_list:
  # Allow latest for security packages (automatic updates)
  - package-latest

  # Allow risky-file-permissions for specific cases
  # (we use explicit permissions in our roles)
  # - risky-file-permissions

# Warn on these rules instead of failing
warn_list:
  - experimental
  - no-changed-when
  - command-instead-of-module
  - command-instead-of-shell

# Enable offline mode (don't check for new rules)
offline: false

# Strict mode - treat warnings as errors
# strict: true

# Mock modules and roles for linting
mock_modules:
  - community.general.nmcli
  - community.general.lvol
  - community.general.lvg
  - community.libvirt.virt

mock_roles:
  - common
  - security_baseline

# Enable progressive mode (incrementally adopt new rules)
progressive: false

# Configure specific rules
kinds:
  - yaml: "**/*.yaml"
  - yaml: "**/*.yml"
  - playbook: "**/playbooks/*.yml"
  - playbook: "**/plays/*.yml"
  - playbook: "site.yml"
  - tasks: "**/tasks/*.yml"
  - vars: "**/vars/*.yml"
  - meta: "**/meta/*.yml"
  - requirements: "**/requirements.yml"
  - handlers: "**/handlers/*.yml"
  - galaxy: "**/galaxy.yml"

# =============================================================================
# Rule Configuration
# =============================================================================

# Ignore line length for specific patterns
# rules:
#   line-length:
#     max: 160
#     allow-filter: true

# =============================================================================
# Usage Examples
# =============================================================================
#
# Lint entire project:
#   ansible-lint
#
# Lint specific playbook:
#   ansible-lint site.yml
#   ansible-lint playbooks/security_audit.yml
#
# Lint specific role:
#   ansible-lint roles/system_info/
#
# Auto-fix issues (where possible):
#   ansible-lint --fix
#
# List all rules:
#   ansible-lint -L
#
# Show rule documentation:
#   ansible-lint -T
#
# =============================================================================