ansible/infra-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
infra-automation/.ansible-lint
ansible 0231144d87 Add ansible-lint production profile configuration 
Add comprehensive ansible-lint configuration for code quality and
security best practices enforcement.

Features:
- Production profile for strict checking
- Proper exclusion of sensitive directories (secrets/, stats/)
- Mock modules for community collections (nmcli, lvol, lvg, virt)
- Comprehensive file type detection (playbooks, roles, tasks, etc.)
- Warn-only rules for experimental and legacy patterns

Configuration highlights:
- Exclude paths: .cache, .git, molecule, secrets, stats, vaults
- Allow package-latest for security updates (automatic patching)
- Warn on: experimental, no-changed-when, command-instead-of-module
- Support for custom playbooks/ and plays/ directories
- Documented usage examples and rule configuration

Benefits:
- Consistent code quality across all roles and playbooks
- Early detection of security issues and best practice violations
- Automated checking in development workflow
- Clear documentation for team members
- Support for auto-fix capability (ansible-lint --fix)

Usage:
  ansible-lint                      # Lint all files
  ansible-lint site.yml             # Lint specific playbook
  ansible-lint roles/role_name/     # Lint specific role
  ansible-lint --fix                # Auto-fix issues

Integration:
- Ready for CI/CD pipeline integration
- Compatible with pre-commit hooks
- Supports GitHub Actions workflows

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-11 01:35:36 +01:00

116 lines
2.8 KiB
Plaintext
Raw Permalink Blame History

---
# =============================================================================
# Ansible Lint Configuration
# =============================================================================
#
# This file configures ansible-lint for code quality checks.
#
# Run with:
# ansible-lint # Lint all files
# ansible-lint site.yml # Lint specific playbook
# ansible-lint roles/role_name/ # Lint specific role
#
# =============================================================================
# Use production profile for strict checking
profile: production
# Exclude paths
exclude_paths:
- .cache/
- .git/
- .github/
- molecule/
- secrets/
- stats/
- inventories/*/host_vars/
- inventories/*/group_vars/all/vault.yml
- '*.vault'
- '*.example'
- tests/
# Skip specific rules
skip_list:
# Allow latest for security packages (automatic updates)
- package-latest
# Allow risky-file-permissions for specific cases
# (we use explicit permissions in our roles)
# - risky-file-permissions
# Warn on these rules instead of failing
warn_list:
- experimental
- no-changed-when
- command-instead-of-module
- command-instead-of-shell
# Enable offline mode (don't check for new rules)
offline: false
# Strict mode - treat warnings as errors
# strict: true
# Mock modules and roles for linting
mock_modules:
- community.general.nmcli
- community.general.lvol
- community.general.lvg
- community.libvirt.virt
mock_roles:
- common
- security_baseline
# Enable progressive mode (incrementally adopt new rules)
progressive: false
# Configure specific rules
kinds:
- yaml: "**/*.yaml"
- yaml: "**/*.yml"
- playbook: "**/playbooks/*.yml"
- playbook: "**/plays/*.yml"
- playbook: "site.yml"
- tasks: "**/tasks/*.yml"
- vars: "**/vars/*.yml"
- meta: "**/meta/*.yml"
- requirements: "**/requirements.yml"
- handlers: "**/handlers/*.yml"
- galaxy: "**/galaxy.yml"
# =============================================================================
# Rule Configuration
# =============================================================================
# Ignore line length for specific patterns
# rules:
# line-length:
# max: 160
# allow-filter: true
# =============================================================================
# Usage Examples
# =============================================================================
#
# Lint entire project:
# ansible-lint
#
# Lint specific playbook:
# ansible-lint site.yml
# ansible-lint playbooks/security_audit.yml
#
# Lint specific role:
# ansible-lint roles/system_info/
#
# Auto-fix issues (where possible):
# ansible-lint --fix
#
# List all rules:
# ansible-lint -L
#
# Show rule documentation:
# ansible-lint -T
#
# =============================================================================
Reference in New Issue View Git Blame Copy Permalink