diff options
Diffstat (limited to '.github')
-rw-r--r-- | .github/CODEOWNERS | 1 | ||||
-rw-r--r-- | .github/CODE_OF_CONDUCT.md | 3 | ||||
-rw-r--r-- | .github/ISSUE_TEMPLATE.md | 33 | ||||
-rw-r--r-- | .github/ISSUE_TEMPLATE/bug_report.md | 70 | ||||
-rw-r--r-- | .github/ISSUE_TEMPLATE/config.yml | 23 | ||||
-rw-r--r-- | .github/SECURITY.md | 14 | ||||
-rw-r--r-- | .github/dependabot.yml | 19 | ||||
-rw-r--r-- | .github/release-drafter.yml | 3 | ||||
-rw-r--r-- | .github/workflows/ack.yml | 10 | ||||
-rw-r--r-- | .github/workflows/push.yml | 13 | ||||
-rw-r--r-- | .github/workflows/redirects.yml | 33 | ||||
-rw-r--r-- | .github/workflows/release.yml | 47 | ||||
-rw-r--r-- | .github/workflows/tox.yml | 233 |
13 files changed, 502 insertions, 0 deletions
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..3d3aa8e --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @ansible/devtools @ansible/ansible-lint-external-contributors diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..0164155 --- /dev/null +++ b/.github/CODE_OF_CONDUCT.md @@ -0,0 +1,3 @@ +# Community Code of Conduct + +Please see the official [Ansible Community Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html). diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..490de20 --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,33 @@ +# Issue Type + +- Bug report +- Feature request + +# Ansible and Ansible Lint details + +``` +ansible --version +ansible-lint --version +``` + +- ansible installation method: one of source, pip, OS package +- ansible-lint installation method: one of source, pip, OS package + +# Desired Behavior + +Please give some details of the feature being requested +or what should happen if providing a bug report + +Possible security bugs should be reported via email to `security@ansible.com` + +# Actual Behavior (Bug report only) + +Please give some details of what is actually happening. +Include a [minimum complete verifiable example] with: + +- playbook +- output of running ansible-lint +- if you're getting a stack trace, output of + `ansible-playbook --syntax-check playbook` + +[minimum complete verifiable example]: http://stackoverflow.com/help/mcve diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..041a61a --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,70 @@ +--- +name: Bug report +about: > + Create a bug report. Ensure that it does reproduce on the main branch with + python >=3.9. For anything else, please use the discussion link below. +labels: bug, new +--- + +<!--- Verify first that your issue is not already reported on GitHub --> +<!--- Also test if the latest release and main branch are affected too --> + +##### Summary + +<!--- Explain the problem briefly below --> + +##### Issue Type + +- Bug Report + +##### OS / ENVIRONMENT + +<!--- Paste verbatim output between triple backticks --> + +```console (paste below) +ansible-lint --version +``` + +<!--- Provide all relevant information below, e.g. target OS versions, network + device firmware, etc. --> + +- ansible installation method: one of source, pip, OS package +- ansible-lint installation method: one of source, pip, OS package + +##### STEPS TO REPRODUCE + +<!--- Describe exactly how to reproduce the problem, using a minimal test case --> + +<!--- Paste example playbooks or commands between triple backticks below --> + +```console (paste below) + +``` + +<!--- HINT: You can paste gist.github.com links for larger files --> + +##### Desired Behavior + +<!--- Describe what you expected to happen when running the steps above --> + +Possible security bugs should be reported via email to `security@ansible.com` + +##### Actual Behavior + +<!--- Describe what happened. If possible run with extra verbosity (-vvvv) --> + +Please give some details of what is happening. +Include a [minimum complete verifiable example] with: + +- minimized playbook to reproduce the error +- the output of running ansible-lint including the command line used +- if you're getting a stack trace, also the output of + `ansible-playbook --syntax-check playbook` + +<!--- Paste verbatim command output between triple backticks --> + +```paste below + +``` + +[minimum complete verifiable example]: http://stackoverflow.com/help/mcve diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000..b7218f7 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,23 @@ +--- +# Ref: https://help.github.com/en/github/building-a-strong-community/configuring-issue-templates-for-your-repository#configuring-the-template-chooser +blank_issues_enabled: false # default is true +contact_links: + - name: Feature requests + url: https://github.com/ansible/ansible-lint/discussions/categories/ideas + about: Suggest an idea for this project + - name: Discussions + url: https://github.com/ansible/ansible-lint/discussions/ + about: Any kind of questions should go on the forum. + - name: Security bug report + url: https://docs.ansible.com/ansible/latest/community/reporting_bugs_and_features.html + about: | + Please learn how to report security vulnerabilities here. + + For all security related bugs, email security@ansible.com + instead of using this issue tracker and you will receive + a prompt response. + + For more information, see https://docs.ansible.com/ansible/latest/community/reporting_bugs_and_features.html + - name: Ansible Code of Conduct + url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html + about: Be nice to other members of the community. Behave. diff --git a/.github/SECURITY.md b/.github/SECURITY.md new file mode 100644 index 0000000..f94d78a --- /dev/null +++ b/.github/SECURITY.md @@ -0,0 +1,14 @@ +# Security Policy + +## Supported Versions + +Ansible applies security fixes according to the 3-versions-back support +policy. Please find more information in [our docs]. + +## Reporting a Vulnerability + +We encourage responsible disclosure practices for security +vulnerabilities. Please read our [policies for reporting bugs](https://docs.ansible.com/ansible/devel/community/reporting_bugs_and_features.html#reporting-a-bug) +if you want to report a security issue that might affect Ansible. + +[our docs]: https://docs.ansible.com/ansible-core/devel/reference_appendices/release_and_maintenance.html#ansible-core-release-cycle diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..6a4dae2 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,19 @@ +--- +version: 2 +updates: + - package-ecosystem: pip + directory: /.config/ + schedule: + day: sunday + interval: weekly + labels: + - dependabot-deps-updates + - skip-changelog + versioning-strategy: lockfile-only + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: daily + labels: + - "dependencies" + - "skip-changelog" diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..11fa614 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,3 @@ +--- +# see https://github.com/ansible/devtools +_extends: ansible/devtools diff --git a/.github/workflows/ack.yml b/.github/workflows/ack.yml new file mode 100644 index 0000000..5e7b9f5 --- /dev/null +++ b/.github/workflows/ack.yml @@ -0,0 +1,10 @@ +--- +# See https://github.com/ansible/devtools/blob/main/.github/workflows/ack.yml +name: ack +on: + pull_request_target: + types: [opened, labeled, unlabeled, synchronize] + +jobs: + ack: + uses: ansible/devtools/.github/workflows/ack.yml@main diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml new file mode 100644 index 0000000..1a01af8 --- /dev/null +++ b/.github/workflows/push.yml @@ -0,0 +1,13 @@ +--- +# See https://github.com/ansible/devtools/blob/main/.github/workflows/push.yml +name: push +on: + push: + branches: + - main + - "releases/**" + - "stable/**" + +jobs: + ack: + uses: ansible/devtools/.github/workflows/push.yml@main diff --git a/.github/workflows/redirects.yml b/.github/workflows/redirects.yml new file mode 100644 index 0000000..28a9a26 --- /dev/null +++ b/.github/workflows/redirects.yml @@ -0,0 +1,33 @@ +--- +# Sync RTD redirects +name: redirects + +on: + push: + branches: + - main + paths: + - docs/redirects.yml + - .github/workflows/redirects.yml + + # Manually triggered using GitHub's UI + workflow_dispatch: + +jobs: + docs: + environment: release + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 + + - name: Upgrade Python toolchain + run: python3 -m pip install --upgrade pip setuptools wheel + + - name: Install readthedocs-cli + run: python3 -m pip install readthedocs-cli + + - name: Sync redirects + run: rtd projects ansible-lint redirects sync -f docs/redirects.yml --wet-run + env: + RTD_TOKEN: ${{ secrets.RTD_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..111f15f --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,47 @@ +--- +# cspell:ignore mislav +name: release + +on: + release: + types: [published] + +jobs: + pypi: + name: Publish to PyPI registry + environment: release + runs-on: ubuntu-22.04 + + env: + FORCE_COLOR: 1 + PY_COLORS: 1 + TOXENV: pkg + + steps: + - name: Switch to using Python 3.9 by default + uses: actions/setup-python@v4 + with: + python-version: 3.9 + - name: Install tox + run: python3 -m pip install --user "tox>=4.0.0" + - name: Check out src from Git + uses: actions/checkout@v3 + with: + fetch-depth: 0 # needed by setuptools-scm + submodules: true + - name: Build dists + run: python -m tox + - name: Publish to pypi.org + if: >- # "create" workflows run separately from "push" & "pull_request" + github.event_name == 'release' + uses: pypa/gh-action-pypi-publish@release/v1 + with: + password: ${{ secrets.pypi_password }} + + - name: Bump homebrew formula + uses: mislav/bump-homebrew-formula-action@v2 + with: + # A PR will be sent to github.com/Homebrew/homebrew-core to update this formula: + formula-name: ansible-lint + env: + COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }} diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml new file mode 100644 index 0000000..4fe6da7 --- /dev/null +++ b/.github/workflows/tox.yml @@ -0,0 +1,233 @@ +--- +name: tox + +on: + create: # is used for publishing to PyPI and TestPyPI + tags: # any tag regardless of its name, no branches + - "**" + push: # only publishes pushes to the main branch to TestPyPI + branches: # any integration branch but not tag + - "main" + pull_request: + branches: + - "main" + release: + types: + - published # It seems that you can publish directly without creating + schedule: + - cron: 1 0 * * * # Run daily at 0:01 UTC + # Run every Friday at 18:02 UTC + # https://crontab.guru/#2_18_*_*_5 + # - cron: 2 18 * * 5 + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} + cancel-in-progress: true + +env: + FORCE_COLOR: 1 # tox, pytest, ansible-lint + PY_COLORS: 1 + +jobs: + pre: + name: pre + runs-on: ubuntu-22.04 + outputs: + matrix: ${{ steps.generate_matrix.outputs.matrix }} + steps: + - name: Determine matrix + id: generate_matrix + uses: coactions/dynamic-matrix@v1 + with: + min_python: "3.9" + max_python: "3.11" + other_names: | + lint + pkg,hook,docs + schemas + eco + py-devel + platforms: linux,macos + + build: + name: ${{ matrix.name }} + runs-on: ${{ matrix.os || 'ubuntu-22.04' }} + needs: pre + defaults: + run: + shell: ${{ matrix.shell || 'bash'}} + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.pre.outputs.matrix) }} + # max-parallel: 5 + # The matrix testing goal is to cover the *most likely* environments + # which are expected to be used by users in production. Avoid adding a + # combination unless there are good reasons to test it, like having + # proof that we failed to catch a bug by not running it. Using + # distribution should be preferred instead of custom builds. + env: + # vars safe to be passed to wsl: + WSLENV: FORCE_COLOR:PYTEST_REQPASS:TOXENV:GITHUB_STEP_SUMMARY + # Number of expected test passes, safety measure for accidental skip of + # tests. Update value if you add/remove tests. + PYTEST_REQPASS: 791 + + steps: + - name: Activate WSL1 + if: "contains(matrix.shell, 'wsl')" + uses: Vampire/setup-wsl@v2 + + - name: MacOS workaround for https://github.com/actions/virtual-environments/issues/1187 + if: ${{ matrix.os == 'macOS-latest' }} + run: | + sudo sysctl -w net.link.generic.system.hwcksum_tx=0 + sudo sysctl -w net.link.generic.system.hwcksum_rx=0 + + - uses: actions/checkout@v3 + with: + fetch-depth: 0 # needed by setuptools-scm + submodules: true + + - name: Set pre-commit cache + uses: actions/cache@v3 + if: ${{ matrix.passed_name == 'lint' }} + with: + path: | + ~/.cache/pre-commit + key: pre-commit-${{ matrix.name || matrix.passed_name }}-${{ hashFiles('.pre-commit-config.yaml') }} + + - name: Set galaxy cache + uses: actions/cache@v3 + if: ${{ startsWith(matrix.passed_name, 'py') }} + with: + path: | + examples/playbooks/collections/*.tar.gz + examples/playbooks/collections/ansible_collections + key: galaxy-${{ hashFiles('examples/playbooks/collections/requirements.yml') }} + + - name: Set up Python ${{ matrix.python_version || '3.9' }} + if: "!contains(matrix.shell, 'wsl')" + uses: actions/setup-python@v4 + with: + cache: pip + python-version: ${{ matrix.python_version || '3.9' }} + + - uses: actions/setup-node@v3 + with: + node-version: 18 + cache: "npm" + cache-dependency-path: test/schemas/package-lock.json + + - name: Run ./tools/test-setup.sh + run: ./tools/test-setup.sh + + - name: Install tox + run: | + python3 -m pip install --upgrade pip + python3 -m pip install --upgrade "tox>=4.0.0" + + - name: Log installed dists + run: python3 -m pip freeze --all + + - name: Initialize tox envs ${{ matrix.passed_name }} + run: python3 -m tox --notest --skip-missing-interpreters false -vv -e ${{ matrix.passed_name }} + timeout-minutes: 5 # average is under 1, but macos can be over 3 + + # sequential run improves browsing experience (almost no speed impact) + - name: tox -e ${{ matrix.passed_name }} + run: python3 -m tox -e ${{ matrix.passed_name }} + + - name: Combine coverage data + if: ${{ startsWith(matrix.passed_name, 'py') }} + # produce a single .coverage file at repo root + run: tox -e coverage + + - name: Upload coverage data + if: ${{ startsWith(matrix.passed_name, 'py') }} + uses: codecov/codecov-action@v3 + with: + name: ${{ matrix.passed_name }} + fail_ci_if_error: false # see https://github.com/codecov/codecov-action/issues/598 + token: ${{ secrets.CODECOV_TOKEN }} + verbose: true # optional (default = false) + + - name: Archive logs + uses: actions/upload-artifact@v3 + with: + name: logs.zip + path: .tox/**/log/ + # https://github.com/actions/upload-artifact/issues/123 + continue-on-error: true + + - name: Report failure if git reports dirty status + run: | + git checkout HEAD -- src/ansiblelint/schemas/__store__.json + if [[ -n $(git status -s) ]]; then + # shellcheck disable=SC2016 + echo -n '::error file=git-status::' + printf '### Failed as git reported modified and/or untracked files\n```\n%s\n```\n' "$(git status -s)" | tee -a "$GITHUB_STEP_SUMMARY" + exit 99 + fi + # https://github.com/actions/toolkit/issues/193 + codeql: + name: codeql + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["python"] + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" + + check: # This job does nothing and is only used for the branch protection + if: always() + permissions: + pull-requests: write # allow codenotify to comment on pull-request + + needs: + - build + + runs-on: ubuntu-latest + + steps: + - name: Decide whether the needed jobs succeeded or failed + uses: re-actors/alls-green@release/v1 + with: + jobs: ${{ toJSON(needs) }} + + - name: Check out src from Git + uses: actions/checkout@v3 + + - name: Notify repository owners about lint change affecting them + uses: sourcegraph/codenotify@v0.6.4 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # https://github.com/sourcegraph/codenotify/issues/19 + continue-on-error: true |