Run ansible-lint through subdirectories within a gitlab role

4.5k views Asked by At

I am trying to add a validation step to a gitlab repo holding a single ansible role (with no playbook). The structure of the role looks like :

  • .gitlab-ci.yml
  • tasks/
  • templates/
  • files/
  • vars/
  • handlers/

With the gitlab-ci looking like :

stages:
  - lint
  
job-lint:
  image:
    name: cytopia/ansible-lint:latest
    entrypoint: ["/bin/sh", "-c"]
  
  stage: lint
  script:
    - ansible-lint --version
    - ansible-lint . -x 106 tasks/*.yml

I need to skip the naming rule, thus ignoring rule 106. Otherwise, I would like all files at the root repo to be checked. Since there is no playbook, lint has to be given the files that need to be checked... or at least, that is what I understoodd : I may have this point wrong. But anyway, if I give no name, lint does return ok but actually performs no check.

My problem is that I don't know how to tell him to check all the yaml in a recursive way, or even within a subdirectory. The above code returns an error :

ansible-lint: error: unrecognized arguments: tasks/deploy.yml tasks/localhost.yml tasks/main.yml tasks/managedata.yml tasks/psqlconf.yml

Any idea on how to check all the files from a subdirectory or through the whole role?

PS : I am using cytopia image for ansible-lint, but I have no problem using another, provided it's hosted on dockerhub.

2

There are 2 answers

2
larsks On BEST ANSWER

You should certainly be able to pass multiple YAML files as arguments to ansible-lint. I have version 4.1.1a0, and I'm able to use it like this, for example:

anisble-lint -x 106 roles/*/tasks/*.yml

I notice that you seem to have placed a . before your -x 106; that looks like an error. It doesn't look like ansible-lint will accept a directory name as an argument (it doesn't cause it to fail; it just doesn't accomplish anything).


I've tried this both with a locally installed ansible-lint and using the cytopia/ansible-lint image, which appears to perform identically:

docker run --rm -v $PWD:/src -w /src cytopia/ansible-lint -x 106 roles/*/tasks/*.yml
2
Andrew On

If you want to check all the yaml files, you can use find with exec option, something like this:

find ./ -not -name ".gitlab-ci.yml" -name "*.yml"  | xargs ansible-lint -x 106

However ansible-lint -x 106 ./ should work, are you sure that your role really has errors? I've tested it both on ansible-galaxy init generated roles (with meta and all that stuff) and roles which were containing only tasks directory, and it worked every time.

EDIT: I tried creating an error in existing role, replacing "present" with "latest" in package install task

$ ansible-galaxy install geerlingguy.nfs
$ cd ~/.ansible/roles/geerlingguy.nfs
$ sed -i  "s/present/latest/g" tasks/setup-RedHat.yml
$ ansible-lint ./
Examining tasks/main.yml of type tasks
Examining tasks/setup-Debian.yml of type tasks
Examining tasks/setup-RedHat.yml of type tasks
Examining handlers/main.yml of type handlers
Examining meta/main.yml of type meta
[403] Package installs should not use latest
tasks/setup-RedHat.yml:2
Task/Handler: Ensure NFS utilities are installed.

and it actually worked, so you may want to run a verbose output to see if actually works, maybe individual yaml file rules are different from whole roles.

When i ran my find-based check i got a lot of extra [204] Lines should be no longer than 160 chars