diff --git a/.ansible-lint-ignore b/.ansible-lint-ignore new file mode 100644 index 00000000..1f278c20 --- /dev/null +++ b/.ansible-lint-ignore @@ -0,0 +1,100 @@ +# This file contains ignores rule violations for ansible-lint +bootstrap/playbook.yml name[play] +bootstrap/roles/appliance-build.bootstrap role-name +bootstrap/roles/appliance-build.bootstrap/tasks/main.yml fqcn[action-core] +bootstrap/roles/appliance-build.bootstrap/tasks/main.yml fqcn[action] +bootstrap/roles/appliance-build.bootstrap/tasks/main.yml name[missing] +bootstrap/roles/appliance-build.bootstrap/tasks/main.yml yaml[truthy] +live-build/misc/ansible-roles/appliance-build.buildserver-internal/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.buildserver-internal/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml command-instead-of-module +live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml fqcn[action] +live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml no-changed-when +live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml risky-file-permissions +live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml yaml[truthy] +live-build/misc/ansible-roles/appliance-build.dct-common/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.dct-common/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.delphix-autofs/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.delphix-autofs/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.delphix-autofs/tasks/main.yml yaml[octal-values] +live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml literal-compare +live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml yaml[octal-values] +live-build/misc/ansible-roles/appliance-build.delphix-ldap/tasks/main.yml yaml[truthy] +live-build/misc/ansible-roles/appliance-build.devops-development/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.devops-development/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.devops-development/tasks/main.yml yaml[truthy] +live-build/misc/ansible-roles/appliance-build.masking-common/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.masking-common/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.masking-development/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.masking-development/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.masking-development/tasks/main.yml risky-file-permissions +live-build/misc/ansible-roles/appliance-build.masking-development/tasks/main.yml yaml[truthy] +live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml command-instead-of-shell +live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml no-changed-when +live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml yaml[octal-values] +live-build/misc/ansible-roles/appliance-build.minimal-common/tasks/main.yml yaml[truthy] +live-build/misc/ansible-roles/appliance-build.minimal-development/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.minimal-development/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.minimal-development/tasks/main.yml yaml[octal-values] +live-build/misc/ansible-roles/appliance-build.minimal-internal/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.minimal-internal/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.minimal-internal/tasks/main.yml yaml[octal-values] +live-build/misc/ansible-roles/appliance-build.qa-internal/handlers/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.qa-internal/handlers/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.qa-internal/handlers/main.yml no-changed-when +live-build/misc/ansible-roles/appliance-build.qa-internal/handlers/main.yml yaml[new-line-at-end-of-file] +live-build/misc/ansible-roles/appliance-build.qa-internal/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.qa-internal/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.qa-internal/tasks/main.yml yaml[octal-values] +live-build/misc/ansible-roles/appliance-build.recovery-environment/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.recovery-environment/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.recovery-environment/tasks/main.yml yaml[empty-lines] +live-build/misc/ansible-roles/appliance-build.unittest-internal/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.unittest-internal/tasks/main.yml fqcn[action] +live-build/misc/ansible-roles/appliance-build.unittest-internal/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml command-instead-of-module +live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml no-changed-when +live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml risky-file-permissions +live-build/misc/ansible-roles/appliance-build.virtualization-common/tasks/main.yml yaml[truthy] +live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml fqcn[action] +live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml key-order[task] +live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml risky-file-permissions +live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml yaml[truthy] +live-build/misc/ansible-roles/appliance-build.zfsonlinux-development/tasks/main.yml fqcn[action-core] +live-build/misc/ansible-roles/appliance-build.zfsonlinux-development/tasks/main.yml name[missing] +live-build/misc/ansible-roles/appliance-build.zfsonlinux-development/tasks/main.yml risky-file-permissions +live-build/misc/ansible-roles/appliance-build.zfsonlinux-development/tasks/main.yml yaml[truthy] +live-build/variants/external-dct/ansible/playbook.yml name[play] +live-build/variants/external-dct/ansible/playbook.yml yaml[truthy] +live-build/variants/external-standard/ansible/playbook.yml name[play] +live-build/variants/external-standard/ansible/playbook.yml yaml[truthy] +live-build/variants/internal-buildserver/ansible/playbook.yml name[play] +live-build/variants/internal-buildserver/ansible/playbook.yml yaml[truthy] +live-build/variants/internal-dcenter/ansible/playbook.yml name[play] +live-build/variants/internal-dcenter/ansible/playbook.yml yaml[truthy] +live-build/variants/internal-dct/ansible/playbook.yml name[play] +live-build/variants/internal-dct/ansible/playbook.yml yaml[truthy] +live-build/variants/internal-dev/ansible/playbook.yml name[play] +live-build/variants/internal-dev/ansible/playbook.yml yaml[truthy] +live-build/variants/internal-minimal/ansible/playbook.yml name[play] +live-build/variants/internal-minimal/ansible/playbook.yml yaml[truthy] +live-build/variants/internal-package-mirror/ansible/playbook.yml name[play] +live-build/variants/internal-package-mirror/ansible/playbook.yml yaml[truthy] +live-build/variants/internal-qa/ansible/playbook.yml name[play] +live-build/variants/internal-qa/ansible/playbook.yml yaml[truthy] +live-build/variants/internal-unittest/ansible/playbook.yml name[play] +live-build/variants/internal-unittest/ansible/playbook.yml yaml[truthy] +live-build/misc/ansible-roles/appliance-build.dcenter/tasks/main.yml syntax-check[unknown-module] +live-build/misc/ansible-roles/appliance-build.virtualization-development/tasks/main.yml syntax-check[unknown-module] +live-build/misc/ansible-roles/appliance-build.unittest-internal/tasks/main.yml syntax-check[unknown-module] +bootstrap/roles/appliance-build.bootstrap/tasks/main.yml syntax-check[unknown-module] diff --git a/.github/scripts/install-ansible-lint.sh b/.github/scripts/install-ansible-lint.sh deleted file mode 100755 index 79d78dcd..00000000 --- a/.github/scripts/install-ansible-lint.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -ex - -sudo apt-get install ansible - -git clone https://github.com/willthames/ansible-lint /opt/ansible-lint -cd /opt/ansible-lint -git checkout v3.4.21 - -# -# GitHub Actions exposes the GITHUB_ENV file that can be used to -# manipulate the environment of the job that's running. In this case, we -# use it to modify the environment of the job, to edit the PATH and -# PYTHONPATH global variables. -# -echo "PATH=${PATH}:/opt/ansible-lint/bin" >> ${GITHUB_ENV} -echo "PYTHONPATH=${PYTHONPATH}:/opt/ansible-lint/lib" >> ${GITHUB_ENV} diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 66932d81..72b7e7b3 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -2,12 +2,16 @@ on: [push, pull_request] jobs: check-ansible: - runs-on: ubuntu-20.04 + runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v1 - - run: sudo ./.github/scripts/install-gradle.sh - - run: sudo -E ./.github/scripts/install-ansible-lint.sh - - run: /opt/gradle-5.1/bin/gradle ansibleCheck + - uses: actions/checkout@v4 + - name: Run ansible-lint + uses: ansible/ansible-lint@main + with: + args: "" + setup_python: "true" + working_directory: "" + requirements_file: "" check-shellcheck: runs-on: ubuntu-20.04 steps: diff --git a/bootstrap/roles/appliance-build.bootstrap/tasks/main.yml b/bootstrap/roles/appliance-build.bootstrap/tasks/main.yml index a2b2fbb4..3bfaf43d 100644 --- a/bootstrap/roles/appliance-build.bootstrap/tasks/main.yml +++ b/bootstrap/roles/appliance-build.bootstrap/tasks/main.yml @@ -15,6 +15,11 @@ # --- +# The VSDK plugin requires python3.8. The deadsnakes PPA provides python3.8 on 24.04. +- apt_repository: + repo: ppa:deadsnakes/ppa + state: present + - apt: update_cache: yes @@ -22,10 +27,10 @@ name: - ansible - aptly - - awscli - bc - coreutils - devscripts + - docker.io - equivs - gdisk - git @@ -36,15 +41,38 @@ - livecd-rootfs - make - man - - openjdk-8-jre-headless + - openjdk-8-jdk - pigz - - qemu + # The VSDK plugin requires python3.8 + - python3.8 + - qemu-system - rename - shellcheck - vim - zfsutils-linux state: present +- systemd: + name: unattended-upgrades + state: stopped + register: result_systemd_stop + failed_when: "result_systemd_stop is failed and 'Could not find the requested service' not in result_systemd_stop.msg" + +- apt: + name: + - unattended-upgrades + state: absent + purge: true + +- snap: + name: aws-cli + classic: yes + - modprobe: name: zfs state: present + +- user: + name: delphix + groups: docker + append: true diff --git a/build.gradle b/build.gradle index 10c2fbf2..487ca0b7 100644 --- a/build.gradle +++ b/build.gradle @@ -105,13 +105,7 @@ task shellCheck(type: Exec) { commandLine(["shellcheck", "--exclude=SC1090,SC1091"] + shellScripts.getFiles()) } -task ansibleCheck(type: Exec) { - def ansibleFiles = fileTree("bootstrap").include("**/playbook.yml") + - fileTree("live-build/variants").include("**/playbook.yml") - commandLine(["ansible-lint", "--exclude=SC1090,SC1091"] + ansibleFiles.getFiles()) -} - -tasks.check.dependsOn shellCheck, shfmtCheck, ansibleCheck +tasks.check.dependsOn shellCheck, shfmtCheck task format() { dependsOn shfmt