Merge pull request #50 from geotribu/tooling/add-ansible-linters

tooling(lint): add yaml and ansible linters

Author: Guts

.pre-commit-config.yaml

@@ -7,45 +7,70 @@ repos:
     rev: v5.0.0
     hooks:
       - id: check-added-large-files
-        args: ["--maxkb=500"]
+        args:
+          - --maxkb=500
       - id: check-ast
+      - id: check-builtin-literals
       - id: check-case-conflict
-      - id: check-executables-have-shebangs
-      - id: check-json
       - id: check-toml
       - id: check-yaml
-        args: [--unsafe]
+        args:
+          - --unsafe
       - id: detect-private-key
       - id: end-of-file-fixer
       - id: fix-byte-order-marker
       - id: fix-encoding-pragma
-        args: [--remove]
+        args:
+          - --remove
       - id: trailing-whitespace
-        args: [--markdown-linebreak-ext=md]
+        args:
+          - --markdown-linebreak-ext=md
 
-  - repo: https://github.com/pycqa/isort
-    rev: 6.0.1
+  - repo: https://github.com/asottile/pyupgrade
+    rev: v3.19.1
     hooks:
-      - id: isort
-        args: ["--profile", "black", "--filter-files"]
+      - id: pyupgrade
+        args:
+          - "--py310-plus"
 
   - repo: https://github.com/psf/black
     rev: 25.1.0
     hooks:
       - id: black
+        args:
+          - --target-version=py310
 
-  - repo: https://github.com/pycqa/flake8
-    rev: 7.3.0
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: "v0.11.4"
     hooks:
-      - id: flake8
-        language: python
-        types: [python]
-        args: ["--ignore=E501"]
+      - id: ruff
+        args:
+          - --fix-only
 
-  # - repo: https://github.com/ansible-community/ansible-lint.git
-  #   rev: v6.8.6
-  #   hooks:
-  #     - id: ansible-lint
+  - repo: https://github.com/pycqa/isort
+    rev: 6.0.1
+    hooks:
+      - id: isort
+        args:
+          - --profile
+          - black
+          - --filter-files
+
+  - repo: https://github.com/adrienverge/yamllint
+    rev: v1.37.1
+    hooks:
+      - id: yamllint
+
+  - repo: https://github.com/ansible/ansible-lint
+    rev: v25.6.1
+    hooks:
+      - id: ansible-lint
+        name: Ansible Lint
+        description: Run yamllint with configurations in .ansible-lint file
+        args:
+          - -c
+          - ./ansible/.ansible-lint.yaml
+          - ansible
 
 ci:
   autofix_prs: true

.yamllint.yaml

@@ -0,0 +1,23 @@
+extends: default
+
+rules:
+  # 160 chars was the default used by old E204 rule, but
+  # you can easily change it or disable in your .yamllint file.
+  line-length:
+    max: 160
+    level: warning
+  # Everything below is added to match ansible-lint rules
+  # see https://ansible.readthedocs.io/projects/lint/rules/yaml/#yamllint-configuration
+  comments:
+    min-spaces-from-content: 1
+  # https://github.com/adrienverge/yamllint/issues/384
+  comments-indentation: false
+  document-start: disable
+  # We are adding an extra space inside braces as that's how prettier does it
+  # and we are trying not to fight other linters.
+  braces:
+    min-spaces-inside: 0
+    max-spaces-inside: 1
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true

ansible/.ansible-lint.yaml

@@ -0,0 +1,9 @@
+---
+profile: production
+
+warn_list:
+  - package-latest
+
+skip_list:
+  - var-naming[no-role-prefix]
+  - yaml[line-length]

ansible/README.md

@@ -43,7 +43,7 @@ python -m pip install -U setuptools wheel
 python -m pip install -U -r ansible/requirements.txt
 ```
 
-Installer les rôles et collections Ansible :
+### Installer les rôles et collections Ansible
 
 ```sh
 ansible-galaxy install -r ansible/requirements.yml

ansible/playbook-test.yml

@@ -1,6 +1,6 @@
 - name: Playbook de test
   hosts: all
-  gather_facts: yes
+  gather_facts: true
 
   tasks:
     - name: "Ping l'hôte"

ansible/roles/backup/tasks/main.yml

@@ -20,11 +20,13 @@
 
 - name: Télécharge et ajoute la clé du dépôt dans le portefeuille
   ansible.builtin.shell: |
+    set -o pipefail
     curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg
     sudo chmod go+r /usr/share/keyrings/githubcli-archive-keyring.gpg
     echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
   become: true
   when: not gh_ppa.stat.exists
+  changed_when: true
 
 - name: "Installe le CLI GitHub"
   become: true
@@ -36,7 +38,7 @@
 - name: MAJ les paquets installés
   become: true
   ansible.builtin.apt:
-    update_cache: yes
+    update_cache: true
     upgrade: true
 
 #  Script de sauvegarde
@@ -46,15 +48,19 @@
     state: directory
     owner: geotribu
     group: geotribu
+    mode: "0755"
   become_user: geotribu
+  become: true
 
-- name: "Crée le dossier du script de sauvegarde {{ dir_backup_scripts }}cdn"
+- name: "Crée le dossier du script de sauvegarde CDN {{ dir_backup_scripts }}"
   ansible.builtin.file:
     path: "{{ dir_backup_scripts }}"
     state: directory
     owner: geotribu
     group: geotribu
+    mode: "0755"
   become_user: geotribu
+  become: true
 
 - name: "Copie le script de sauvegarde du site + CDN dans {{ dir_backup_scripts }}"
   ansible.builtin.template:
@@ -63,6 +69,7 @@
     mode: "0775"
     backup: true
   become_user: geotribu
+  become: true
 
 - name: "Copie le fichier modèle de notification dans {{ dir_backup_scripts }}"
   ansible.builtin.copy:
@@ -71,8 +78,10 @@
     owner: geotribu
     group: geotribu
     # mode: "0775"
+    mode: preserve
     backup: true
   become_user: geotribu
+  become: true
 
 # Cible de la sauvegarde
 - name: Crée le dossier de destination pour la sauvegarde des sources du site
@@ -82,16 +91,18 @@
     recurse: true
     owner: geotribu
     group: www-data
+    mode: "0755"
   become: true
 
 - name: Clone le dépôt des sources du site Geotribu
   ansible.builtin.git:
     repo: https://github.com/geotribu/website.git
     dest: "{{ dir_website_source }}"
     depth: 1
-    single_branch: yes
+    single_branch: true
     version: master
   become_user: geotribu
+  become: true
 
 - name: Configure le dépôt local - nom d'utilisateur
   community.general.git_config:
@@ -114,3 +125,4 @@
     job: "{{ dir_backup_scripts }}geotribu-backup-site-cdn.sh > {{ dir_backup_scripts }}`date +\\%Y\\%m\\%d\\%H\\%M\\%S`-cron.log 2>&1"
     special_time: monthly
   become_user: geotribu
+  become: true

ansible/roles/cdn-indexer/files/search_indexer.py

@@ -9,7 +9,6 @@
 from math import log as math_log
 from os.path import expanduser, expandvars
 from pathlib import Path
-from typing import List
 
 # 3rd party
 import imagesize
@@ -19,7 +18,7 @@
 configuration_file: Path = Path(__file__).parent / "images-indexer.ini"
 start_folder: Path = Path.home() / "Images"
 extensions_to_index: tuple = (".gif", ".jpg", ".jpeg", ".png", ".svg", ".webp")
-images_list: List[dict] = []
+images_list: list[dict] = []
 images_dict: dict = {}
 
 # -- FUNCTIONS ---------------------------------------------------------------
@@ -43,7 +42,7 @@ def convert_octets(octets: int) -> str:
     p = pow(1024, i)
     s = round(octets / p, 2)
 
-    return "%s %s" % (s, size_name[i])
+    return f"{s} {size_name[i]}"
 
 
 # -- MAIN --------------------------------------------------------------------

ansible/roles/cdn-indexer/tasks/main.yml

@@ -16,22 +16,26 @@
     owner: geotribu
     group: geotribu
   become_user: geotribu
+  become: true
 
 - name: "Copie les fichiers liés au script dans {{ dir_cdn_indexer_scripts }}"
   ansible.builtin.copy:
     src: "{{ item }}"
     dest: "{{ dir_cdn_indexer_scripts }}"
     owner: geotribu
     group: geotribu
+    mode: preserve
   with_items:
     - files/requirements.txt
     - files/search_indexer.py
   become_user: geotribu
+  become: true
 
 - name: Copie la configuration du script
   ansible.builtin.template:
     src: "templates/images-indexer.ini.j2"
     dest: "{{ dir_cdn_indexer_scripts }}images-indexer.ini"
+    mode: preserve
   become: true
 
 - name: Crée un environnement virtuel et installe les paquets Python de base
@@ -41,17 +45,20 @@
       - pip
       - setuptools
       - wheel
-    state: latest
+  args:
+    state: present
     virtualenv: "{{ dir_cdn_indexer_scripts }}.venv"
     virtualenv_command: /usr/bin/python3 -m venv
   become_user: geotribu
+  become: true
 
 - name: Installe les paquets Python pour le script
   ansible.builtin.pip:
     chdir: "{{ dir_cdn_indexer_scripts }}"
     requirements: requirements.txt
     virtualenv: "{{ dir_cdn_indexer_scripts }}.venv"
   become_user: geotribu
+  become: true
 
 # Planification
 - name: Planifie l'exécution du script d'indexation des images
@@ -61,3 +68,4 @@
     job: "cd {{ dir_cdn_indexer_scripts }} && {{ dir_cdn_indexer_scripts }}.venv/bin/python {{ dir_cdn_indexer_scripts }}search_indexer.py  > {{ dir_cdn_indexer_scripts }}`date +\\%Y\\%m\\%d\\%H\\%M\\%S`-cron.log 2>&1"
     special_time: hourly
   become_user: geotribu
+  become: true

ansible/roles/cdn.geotribu.fr/tasks/main.yml

@@ -29,7 +29,7 @@
       - php8.1-iconv
       - php8.1-mbstring
       - php8.1-zip
-    update_cache: yes
+    update_cache: true
 
 # Apache modules
 - name: Désactive les modules Apache
@@ -58,19 +58,21 @@
 
 - name: Active la configuration pour php8 FPM
   become: true
-  command: >
+  ansible.builtin.command: >
     a2enconf php8.1-fpm
   args:
     creates: "/etc/apache2/conf-enabled/php8.1-fpm.conf"
   when: item.state is not defined or item.state != 'absent'
   notify: Restart Apache
+  changed_when: true
 
 # Installe TinyFileManager
 - name: Crée le dossier de destination
   become: true
-  file:
+  ansible.builtin.file:
     path: "/var/www/{{ geotribu_www }}/{{ cdn_subdomain }}/images/"
     state: directory
+    mode: "0755"
 
 - name: Copie les fichiers de TinyFileManager
   become: true
@@ -91,19 +93,22 @@
   ansible.builtin.template:
     src: "templates/apache_cdn.conf.j2"
     dest: "/etc/apache2/sites-available/{{ geotribu_www }}-{{ cdn_subdomain }}.conf"
+    mode: preserve
 
 - name: Active le site
   become: true
   ansible.builtin.command: "/usr/sbin/a2ensite {{ geotribu_www }}-{{ cdn_subdomain }}"
   # notify: Restart Apache
+  changed_when: true
 
 - name: Désactive le site par défaut d'Apache
   become: true
   ansible.builtin.command: "/usr/sbin/a2dissite 000-default.conf"
   notify: Restart Apache
+  changed_when: true
 
 - name: Crée un certificat SSL pour {{ cdn_subdomain }}
-  shell: >-
+  ansible.builtin.command: >-
     certbot --apache
     --noninteractive
     -d {{ cdn_subdomain }}.{{ hostname }}
@@ -112,3 +117,4 @@
   become: true
   register: cert_created
   notify: Reload Apache
+  changed_when: true