Adding upstream version 6.17.2.upstream/6.17.2upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

13 files changed, 535 insertions, 0 deletions

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..3d3aa8e
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+*       @ansible/devtools @ansible/ansible-lint-external-contributors
diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000..0164155
--- /dev/null
+++ b/.github/CODE_OF_CONDUCT.md
@@ -0,0 +1,3 @@
+# Community Code of Conduct
+
+Please see the official [Ansible Community Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
new file mode 100644
index 0000000..490de20
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,33 @@
+# Issue Type
+
+- Bug report
+- Feature request
+
+# Ansible and Ansible Lint details
+
+```
+ansible --version
+ansible-lint --version
+```
+
+- ansible installation method: one of source, pip, OS package
+- ansible-lint installation method: one of source, pip, OS package
+
+# Desired Behavior
+
+Please give some details of the feature being requested
+or what should happen if providing a bug report
+
+Possible security bugs should be reported via email to `security@ansible.com`
+
+# Actual Behavior (Bug report only)
+
+Please give some details of what is actually happening.
+Include a [minimum complete verifiable example] with:
+
+- playbook
+- output of running ansible-lint
+- if you're getting a stack trace, output of
+  `ansible-playbook --syntax-check playbook`
+
+[minimum complete verifiable example]: http://stackoverflow.com/help/mcve
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 0000000..041a61a
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,70 @@
+---
+name: Bug report
+about: >
+  Create a bug report. Ensure that it does reproduce on the main branch with
+  python >=3.9.  For anything else, please use the discussion link below.
+labels: bug, new
+---
+
+<!--- Verify first that your issue is not already reported on GitHub -->
+<!--- Also test if the latest release and main branch are affected too -->
+
+##### Summary
+
+<!--- Explain the problem briefly below -->
+
+##### Issue Type
+
+- Bug Report
+
+##### OS / ENVIRONMENT
+
+<!--- Paste verbatim output between triple backticks -->
+
+```console (paste below)
+ansible-lint --version
+```
+
+<!--- Provide all relevant information below, e.g. target OS versions, network
+ device firmware, etc. -->
+
+- ansible installation method: one of source, pip, OS package
+- ansible-lint installation method: one of source, pip, OS package
+
+##### STEPS TO REPRODUCE
+
+<!--- Describe exactly how to reproduce the problem, using a minimal test case -->
+
+<!--- Paste example playbooks or commands between triple backticks below -->
+
+```console (paste below)
+
+```
+
+<!--- HINT: You can paste gist.github.com links for larger files -->
+
+##### Desired Behavior
+
+<!--- Describe what you expected to happen when running the steps above -->
+
+Possible security bugs should be reported via email to `security@ansible.com`
+
+##### Actual Behavior
+
+<!--- Describe what happened. If possible run with extra verbosity (-vvvv) -->
+
+Please give some details of what is happening.
+Include a [minimum complete verifiable example] with:
+
+- minimized playbook to reproduce the error
+- the output of running ansible-lint including the command line used
+- if you're getting a stack trace, also the output of
+  `ansible-playbook --syntax-check playbook`
+
+<!--- Paste verbatim command output between triple backticks -->
+
+```paste below
+
+```
+
+[minimum complete verifiable example]: http://stackoverflow.com/help/mcve
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
new file mode 100644
index 0000000..b7218f7
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,23 @@
+---
+# Ref: https://help.github.com/en/github/building-a-strong-community/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
+blank_issues_enabled: false # default is true
+contact_links:
+  - name: Feature requests
+    url: https://github.com/ansible/ansible-lint/discussions/categories/ideas
+    about: Suggest an idea for this project
+  - name: Discussions
+    url: https://github.com/ansible/ansible-lint/discussions/
+    about: Any kind of questions should go on the forum.
+  - name: Security bug report
+    url: https://docs.ansible.com/ansible/latest/community/reporting_bugs_and_features.html
+    about: |
+      Please learn how to report security vulnerabilities here.
+
+      For all security related bugs, email security@ansible.com
+      instead of using this issue tracker and you will receive
+      a prompt response.
+
+      For more information, see https://docs.ansible.com/ansible/latest/community/reporting_bugs_and_features.html
+  - name: Ansible Code of Conduct
+    url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html
+    about: Be nice to other members of the community. Behave.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 0000000..f94d78a
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Ansible applies security fixes according to the 3-versions-back support
+policy. Please find more information in [our docs].
+
+## Reporting a Vulnerability
+
+We encourage responsible disclosure practices for security
+vulnerabilities. Please read our [policies for reporting bugs](https://docs.ansible.com/ansible/devel/community/reporting_bugs_and_features.html#reporting-a-bug)
+if you want to report a security issue that might affect Ansible.
+
+[our docs]: https://docs.ansible.com/ansible-core/devel/reference_appendices/release_and_maintenance.html#ansible-core-release-cycle
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..6a4dae2
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,19 @@
+---
+version: 2
+updates:
+  - package-ecosystem: pip
+    directory: /.config/
+    schedule:
+      day: sunday
+      interval: weekly
+    labels:
+      - dependabot-deps-updates
+      - skip-changelog
+    versioning-strategy: lockfile-only
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: daily
+    labels:
+      - "dependencies"
+      - "skip-changelog"
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
new file mode 100644
index 0000000..11fa614
--- /dev/null
+++ b/.github/release-drafter.yml
@@ -0,0 +1,3 @@
+---
+# see https://github.com/ansible/devtools
+_extends: ansible/devtools
diff --git a/.github/workflows/ack.yml b/.github/workflows/ack.yml
new file mode 100644
index 0000000..291eb88
--- /dev/null
+++ b/.github/workflows/ack.yml
@@ -0,0 +1,10 @@
+---
+# See https://github.com/ansible/devtools/blob/main/.github/workflows/ack.yml
+name: ack
+"on":
+  pull_request_target:
+    types: [opened, labeled, unlabeled, synchronize]
+
+jobs:
+  ack:
+    uses: ansible/devtools/.github/workflows/ack.yml@main
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
new file mode 100644
index 0000000..1debf04
--- /dev/null
+++ b/.github/workflows/push.yml
@@ -0,0 +1,13 @@
+---
+# See https://github.com/ansible/devtools/blob/main/.github/workflows/push.yml
+name: push
+"on":
+  push:
+    branches:
+      - main
+      - "releases/**"
+      - "stable/**"
+
+jobs:
+  ack:
+    uses: ansible/devtools/.github/workflows/push.yml@main
diff --git a/.github/workflows/redirects.yml b/.github/workflows/redirects.yml
new file mode 100644
index 0000000..fcc5eea
--- /dev/null
+++ b/.github/workflows/redirects.yml
@@ -0,0 +1,33 @@
+---
+# Sync RTD redirects
+name: redirects
+
+"on":
+  push:
+    branches:
+      - main
+    paths:
+      - docs/redirects.yml
+      - .github/workflows/redirects.yml
+
+  # Manually triggered using GitHub's UI
+  workflow_dispatch:
+
+jobs:
+  docs:
+    environment: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+
+      - name: Upgrade Python toolchain
+        run: python3 -m pip install --upgrade pip setuptools wheel
+
+      - name: Install readthedocs-cli
+        run: python3 -m pip install readthedocs-cli
+
+      - name: Sync redirects
+        run: rtd projects ansible-lint redirects sync -f docs/redirects.yml --wet-run
+        env:
+          RTD_TOKEN: ${{ secrets.RTD_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..317b5e1
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,77 @@
+---
+# cspell:ignore mislav
+name: release
+
+"on":
+  release:
+    types: [published]
+  workflow_dispatch:
+
+jobs:
+  # https://github.com/marketplace/actions/actions-tagger
+  actions-tagger:
+    runs-on: windows-latest
+    steps:
+      - uses: Actions-R-Us/actions-tagger@latest
+        env:
+          GITHUB_TOKEN: "${{ github.token }}"
+  pypi:
+    name: Publish to PyPI registry
+    environment: release
+    runs-on: ubuntu-22.04
+    permissions:
+      id-token: write
+
+    env:
+      FORCE_COLOR: 1
+      PY_COLORS: 1
+      TOXENV: pkg
+
+    steps:
+      - name: Switch to using Python 3.9 by default
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.9
+
+      - name: Install tox
+        run: python3 -m pip install --user "tox>=4.0.0"
+
+      - name: Check out src from Git
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 # needed by setuptools-scm
+          submodules: true
+
+      - name: Build dists
+        run: python -m tox
+
+      - name: Publish to pypi.org
+        if: >- # "create" workflows run separately from "push" & "pull_request"
+          github.event_name == 'release'
+        uses: pypa/gh-action-pypi-publish@release/v1
+
+  homebrew:
+    name: Bump homebrew formula
+    environment: release
+    runs-on: ubuntu-22.04
+    needs: pypi
+
+    env:
+      FORCE_COLOR: 1
+      PY_COLORS: 1
+      TOXENV: pkg
+
+    steps:
+      - name: Check out src from Git
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 # needed by setuptools-scm
+          submodules: true
+
+      - name: Bump homebrew formula
+        uses: mislav/bump-homebrew-formula-action@v2.2
+        with:
+          # A PR will be sent to github.com/Homebrew/homebrew-core to update this formula:
+          formula-name: ansible-lint
+        env:
+          COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }}
diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml
new file mode 100644
index 0000000..3220155
--- /dev/null
+++ b/.github/workflows/tox.yml
@@ -0,0 +1,236 @@
+---
+name: tox
+
+on:
+  push: # only publishes pushes to the main branch to TestPyPI
+    branches: # any integration branch but not tag
+      - "main"
+  pull_request:
+    branches:
+      - "main"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+  cancel-in-progress: true
+
+env:
+  FORCE_COLOR: 1 # tox, pytest, ansible-lint
+  PY_COLORS: 1
+
+jobs:
+  pre:
+    name: pre
+    runs-on: ubuntu-22.04
+    outputs:
+      matrix: ${{ steps.generate_matrix.outputs.matrix }}
+    steps:
+      - name: Determine matrix
+        id: generate_matrix
+        uses: coactions/dynamic-matrix@v1
+        with:
+          min_python: "3.9"
+          max_python: "3.11"
+          other_names: |
+            lint
+            pkg
+            hook
+            docs
+            schemas
+            eco
+            py-devel
+          platforms: linux,macos
+  test-action:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Self test for ansible-lint@${{ github.action_ref || 'main' }}
+        uses: ./
+        with:
+          # basically we only lint linter own configuration, which should be passing.
+          args: .ansible-lint
+  build:
+    name: ${{ matrix.name }}
+    runs-on: ${{ matrix.os || 'ubuntu-22.04' }}
+    needs:
+      - pre
+      - test-action
+    defaults:
+      run:
+        shell: ${{ matrix.shell || 'bash'}}
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.pre.outputs.matrix) }}
+      # max-parallel: 5
+      # The matrix testing goal is to cover the *most likely* environments
+      # which are expected to be used by users in production. Avoid adding a
+      # combination unless there are good reasons to test it, like having
+      # proof that we failed to catch a bug by not running it. Using
+      # distribution should be preferred instead of custom builds.
+    env:
+      # vars safe to be passed to wsl:
+      WSLENV: FORCE_COLOR:PYTEST_REQPASS:TOXENV:GITHUB_STEP_SUMMARY
+      # Number of expected test passes, safety measure for accidental skip of
+      # tests. Update value if you add/remove tests.
+      PYTEST_REQPASS: 805
+    steps:
+      - name: Activate WSL1
+        if: "contains(matrix.shell, 'wsl')"
+        uses: Vampire/setup-wsl@v2
+
+      - name: MacOS workaround for https://github.com/actions/virtual-environments/issues/1187
+        if: ${{ matrix.os == 'macOS-latest' }}
+        run: |
+          sudo sysctl -w net.link.generic.system.hwcksum_tx=0
+          sudo sysctl -w net.link.generic.system.hwcksum_rx=0
+
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0 # needed by setuptools-scm
+          submodules: true
+
+      - name: Set pre-commit cache
+        uses: actions/cache@v3
+        if: ${{ matrix.passed_name == 'lint' }}
+        with:
+          path: |
+            ~/.cache/pre-commit
+          key: pre-commit-${{ matrix.name || matrix.passed_name }}-${{ hashFiles('.pre-commit-config.yaml') }}
+
+      - name: Set ansible cache(s)
+        uses: actions/cache@v3
+        with:
+          path: |
+            .cache/eco
+            examples/playbooks/collections/ansible_collections
+            ~/.cache/ansible-compat
+            ~/.ansible/collections
+            ~/.ansible/roles
+          key: ${{ matrix.name || matrix.passed_name }}-${{ hashFiles('tools/test-eco.sh', 'requirements.yml', 'examples/playbooks/collections/requirements.yml') }}
+
+      - name: Set up Python ${{ matrix.python_version || '3.9' }}
+        if: "!contains(matrix.shell, 'wsl')"
+        uses: actions/setup-python@v4
+        with:
+          cache: pip
+          python-version: ${{ matrix.python_version || '3.9' }}
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 18
+          cache: "npm"
+          cache-dependency-path: test/schemas/package-lock.json
+
+      - name: Run ./tools/test-setup.sh
+        run: ./tools/test-setup.sh
+
+      - name: Install tox
+        run: |
+          python3 -m pip install --upgrade pip
+          python3 -m pip install --upgrade "tox>=4.0.0"
+
+      - name: Log installed dists
+        run: python3 -m pip freeze --all
+
+      - name: Initialize tox envs ${{ matrix.passed_name }}
+        run: python3 -m tox --notest --skip-missing-interpreters false -vv -e ${{ matrix.passed_name }}
+        timeout-minutes: 5 # average is under 1, but macos can be over 3
+
+      # sequential run improves browsing experience (almost no speed impact)
+      - name: tox -e ${{ matrix.passed_name }}
+        run: python3 -m tox -e ${{ matrix.passed_name }}
+
+      - name: Combine coverage data
+        if: ${{ startsWith(matrix.passed_name, 'py') }}
+        # produce a single .coverage file at repo root
+        run: tox -e coverage
+
+      - name: Upload coverage data
+        if: ${{ startsWith(matrix.passed_name, 'py') }}
+        uses: codecov/codecov-action@v3
+        with:
+          name: ${{ matrix.passed_name }}
+          fail_ci_if_error: false # see https://github.com/codecov/codecov-action/issues/598
+          token: ${{ secrets.CODECOV_TOKEN }}
+          verbose: true # optional (default = false)
+
+      - name: Archive logs
+        uses: actions/upload-artifact@v3
+        with:
+          name: logs.zip
+          path: .tox/**/log/
+        # https://github.com/actions/upload-artifact/issues/123
+        continue-on-error: true
+
+      - name: Report failure if git reports dirty status
+        run: |
+          git checkout HEAD -- src/ansiblelint/schemas/__store__.json
+          if [[ -n $(git status -s) ]]; then
+            # shellcheck disable=SC2016
+            echo -n '::error file=git-status::'
+            printf '### Failed as git reported modified and/or untracked files\n```\n%s\n```\n' "$(git status -s)" | tee -a "$GITHUB_STEP_SUMMARY"
+            exit 99
+          fi
+        # https://github.com/actions/toolkit/issues/193
+  codeql:
+    name: codeql
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: ["python"]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+
+          # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+        with:
+          category: "/language:${{matrix.language}}"
+
+  check: # This job does nothing and is only used for the branch protection
+    if: always()
+    permissions:
+      pull-requests: write # allow codenotify to comment on pull-request
+
+    needs:
+      - build
+      - test-action
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Decide whether the needed jobs succeeded or failed
+        uses: re-actors/alls-green@release/v1
+        with:
+          jobs: ${{ toJSON(needs) }}
+
+      - name: Check out src from Git
+        uses: actions/checkout@v3
+
+      - name: Notify repository owners about lint change affecting them
+        uses: sourcegraph/codenotify@v0.6.4
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        # https://github.com/sourcegraph/codenotify/issues/19
+        continue-on-error: true