summaryrefslogtreecommitdiffstats
path: root/src/ansiblelint/data/profiles.yml
blob: 8de92fdd287576767424583d20401976a1241c67 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
---
# Do not change sorting order of the primary keys as they also represent how
# progressive the profiles are, each one extending the one before it.
min:
  description: >
    The `min` profile ensures that Ansible can load content.
    Rules in this profile are mandatory because they prevent fatal errors.
    You can add files to the exclude list or provide dependencies to load the
    correct files.
  extends: null
  rules:
    internal-error:
    load-failure:
    parser-error:
    syntax-check:
basic:
  description: >
    The `basic` profile prevents common coding issues and enforces standard styles and formatting.
  extends: min
  rules:
    command-instead-of-module:
    command-instead-of-shell:
    deprecated-bare-vars:
    deprecated-command-syntax:
    deprecated-local-action:
    deprecated-module:
    inline-env-var:
    key-order:
    literal-compare:
    jinja:
    no-jinja-when:
    no-tabs:
    partial-become:
    playbook-extension:
    role-name:
    schema: # can cover lots of rules, but not really be able to give best error messages
    name:
    var-naming:
    yaml:
  skip_list: # just because we enable them in following profiles
    - name[template]
    - name[casing]
moderate:
  description: >
    The `moderate` profile ensures that content adheres to best practices for making content easier to read and maintain.
  extends: basic
  rules:
    name[template]:
    name[imperative]:
      url: https://github.com/ansible/ansible-lint/issues/2170
    name[casing]:
    no-free-form: # schema-related
      url: https://github.com/ansible/ansible-lint/issues/2117
    spell-var-name:
      url: https://github.com/ansible/ansible-lint/issues/2168
safety:
  description: >
    The `safety` profile avoids module calls that can have non-determinant outcomes or security concerns.
  extends: moderate
  rules:
    avoid-implicit:
    latest:
    package-latest:
    risky-file-permissions:
    risky-octal:
    risky-shell-pipe:
shared:
  description: >
    The `shared` profile ensures that content follows best practices for packaging and publishing.
    This profile is intended for content creators who want to make Ansible
    playbooks, roles, or collections available from
    [galaxy.ansible.com](https://galaxy.ansible.com/),
    [automation-hub](https://console.redhat.com/ansible/automation-hub),
    or a private instance.
  extends: safety
  rules:
    galaxy: # <-- applies to both galaxy and automation-hub
    ignore-errors:
    layout:
      url: https://github.com/ansible/ansible-lint/issues/1900
    meta-incorrect:
    meta-no-info:
    meta-no-tags:
    meta-video-links:
    meta-version:
      url: https://github.com/ansible/ansible-lint/issues/2103
    meta-runtime:
      url: https://github.com/ansible/ansible-lint/issues/2102
    no-changed-when:
    no-changelog:
      url: https://github.com/ansible/ansible-lint/issues/2101
    no-handler:
    no-relative-paths:
    max-block-depth:
      url: https://github.com/ansible/ansible-lint/issues/2173
    max-tasks:
      url: https://github.com/ansible/ansible-lint/issues/2172
    unsafe-loop:
      # unsafe-loop[prefix] (currently named "no-var-prefix")
      # [unsafe-loop[var-prefix|iterator]]
      url: https://github.com/ansible/ansible-lint/issues/2038
production:
  description: >
    The `production` profile ensures that content meets requirements for
    inclusion in [Ansible Automation Platform (AAP)](https://www.redhat.com/en/technologies/management/ansible)
    as validated or certified content.
  extends: shared
  rules:
    avoid-dot-notation:
      url: https://github.com/ansible/ansible-lint/issues/2174
    disallowed-ignore: # [sanity]
      url: https://github.com/ansible/ansible-lint/issues/2121
    fqcn:
    import-task-no-when:
      url: https://github.com/ansible/ansible-lint/issues/2219
    meta-no-dependencies:
      url: https://github.com/ansible/ansible-lint/issues/2159
    single-entry-point:
      url: https://github.com/ansible/ansible-lint/issues/2242
    use-loop:
      url: https://github.com/ansible/ansible-lint/issues/2204