summaryrefslogtreecommitdiffstats
path: root/.github
diff options
context:
space:
mode:
Diffstat (limited to '.github')
-rw-r--r--.github/CODEOWNERS1
-rw-r--r--.github/CODE_OF_CONDUCT.md3
-rw-r--r--.github/ISSUE_TEMPLATE.md33
-rw-r--r--.github/ISSUE_TEMPLATE/bug_report.md70
-rw-r--r--.github/ISSUE_TEMPLATE/config.yml23
-rw-r--r--.github/SECURITY.md14
-rw-r--r--.github/dependabot.yml19
-rw-r--r--.github/release-drafter.yml3
-rw-r--r--.github/workflows/ack.yml10
-rw-r--r--.github/workflows/push.yml13
-rw-r--r--.github/workflows/redirects.yml33
-rw-r--r--.github/workflows/release.yml77
-rw-r--r--.github/workflows/tox.yml236
13 files changed, 535 insertions, 0 deletions
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..3d3aa8e
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @ansible/devtools @ansible/ansible-lint-external-contributors
diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000..0164155
--- /dev/null
+++ b/.github/CODE_OF_CONDUCT.md
@@ -0,0 +1,3 @@
+# Community Code of Conduct
+
+Please see the official [Ansible Community Code of Conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html).
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
new file mode 100644
index 0000000..490de20
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,33 @@
+# Issue Type
+
+- Bug report
+- Feature request
+
+# Ansible and Ansible Lint details
+
+```
+ansible --version
+ansible-lint --version
+```
+
+- ansible installation method: one of source, pip, OS package
+- ansible-lint installation method: one of source, pip, OS package
+
+# Desired Behavior
+
+Please give some details of the feature being requested
+or what should happen if providing a bug report
+
+Possible security bugs should be reported via email to `security@ansible.com`
+
+# Actual Behavior (Bug report only)
+
+Please give some details of what is actually happening.
+Include a [minimum complete verifiable example] with:
+
+- playbook
+- output of running ansible-lint
+- if you're getting a stack trace, output of
+ `ansible-playbook --syntax-check playbook`
+
+[minimum complete verifiable example]: http://stackoverflow.com/help/mcve
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
new file mode 100644
index 0000000..041a61a
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,70 @@
+---
+name: Bug report
+about: >
+ Create a bug report. Ensure that it does reproduce on the main branch with
+ python >=3.9. For anything else, please use the discussion link below.
+labels: bug, new
+---
+
+<!--- Verify first that your issue is not already reported on GitHub -->
+<!--- Also test if the latest release and main branch are affected too -->
+
+##### Summary
+
+<!--- Explain the problem briefly below -->
+
+##### Issue Type
+
+- Bug Report
+
+##### OS / ENVIRONMENT
+
+<!--- Paste verbatim output between triple backticks -->
+
+```console (paste below)
+ansible-lint --version
+```
+
+<!--- Provide all relevant information below, e.g. target OS versions, network
+ device firmware, etc. -->
+
+- ansible installation method: one of source, pip, OS package
+- ansible-lint installation method: one of source, pip, OS package
+
+##### STEPS TO REPRODUCE
+
+<!--- Describe exactly how to reproduce the problem, using a minimal test case -->
+
+<!--- Paste example playbooks or commands between triple backticks below -->
+
+```console (paste below)
+
+```
+
+<!--- HINT: You can paste gist.github.com links for larger files -->
+
+##### Desired Behavior
+
+<!--- Describe what you expected to happen when running the steps above -->
+
+Possible security bugs should be reported via email to `security@ansible.com`
+
+##### Actual Behavior
+
+<!--- Describe what happened. If possible run with extra verbosity (-vvvv) -->
+
+Please give some details of what is happening.
+Include a [minimum complete verifiable example] with:
+
+- minimized playbook to reproduce the error
+- the output of running ansible-lint including the command line used
+- if you're getting a stack trace, also the output of
+ `ansible-playbook --syntax-check playbook`
+
+<!--- Paste verbatim command output between triple backticks -->
+
+```paste below
+
+```
+
+[minimum complete verifiable example]: http://stackoverflow.com/help/mcve
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
new file mode 100644
index 0000000..b7218f7
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,23 @@
+---
+# Ref: https://help.github.com/en/github/building-a-strong-community/configuring-issue-templates-for-your-repository#configuring-the-template-chooser
+blank_issues_enabled: false # default is true
+contact_links:
+ - name: Feature requests
+ url: https://github.com/ansible/ansible-lint/discussions/categories/ideas
+ about: Suggest an idea for this project
+ - name: Discussions
+ url: https://github.com/ansible/ansible-lint/discussions/
+ about: Any kind of questions should go on the forum.
+ - name: Security bug report
+ url: https://docs.ansible.com/ansible/latest/community/reporting_bugs_and_features.html
+ about: |
+ Please learn how to report security vulnerabilities here.
+
+ For all security related bugs, email security@ansible.com
+ instead of using this issue tracker and you will receive
+ a prompt response.
+
+ For more information, see https://docs.ansible.com/ansible/latest/community/reporting_bugs_and_features.html
+ - name: Ansible Code of Conduct
+ url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html
+ about: Be nice to other members of the community. Behave.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 0000000..f94d78a
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Ansible applies security fixes according to the 3-versions-back support
+policy. Please find more information in [our docs].
+
+## Reporting a Vulnerability
+
+We encourage responsible disclosure practices for security
+vulnerabilities. Please read our [policies for reporting bugs](https://docs.ansible.com/ansible/devel/community/reporting_bugs_and_features.html#reporting-a-bug)
+if you want to report a security issue that might affect Ansible.
+
+[our docs]: https://docs.ansible.com/ansible-core/devel/reference_appendices/release_and_maintenance.html#ansible-core-release-cycle
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..6a4dae2
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,19 @@
+---
+version: 2
+updates:
+ - package-ecosystem: pip
+ directory: /.config/
+ schedule:
+ day: sunday
+ interval: weekly
+ labels:
+ - dependabot-deps-updates
+ - skip-changelog
+ versioning-strategy: lockfile-only
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ interval: daily
+ labels:
+ - "dependencies"
+ - "skip-changelog"
diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml
new file mode 100644
index 0000000..11fa614
--- /dev/null
+++ b/.github/release-drafter.yml
@@ -0,0 +1,3 @@
+---
+# see https://github.com/ansible/devtools
+_extends: ansible/devtools
diff --git a/.github/workflows/ack.yml b/.github/workflows/ack.yml
new file mode 100644
index 0000000..291eb88
--- /dev/null
+++ b/.github/workflows/ack.yml
@@ -0,0 +1,10 @@
+---
+# See https://github.com/ansible/devtools/blob/main/.github/workflows/ack.yml
+name: ack
+"on":
+ pull_request_target:
+ types: [opened, labeled, unlabeled, synchronize]
+
+jobs:
+ ack:
+ uses: ansible/devtools/.github/workflows/ack.yml@main
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
new file mode 100644
index 0000000..1debf04
--- /dev/null
+++ b/.github/workflows/push.yml
@@ -0,0 +1,13 @@
+---
+# See https://github.com/ansible/devtools/blob/main/.github/workflows/push.yml
+name: push
+"on":
+ push:
+ branches:
+ - main
+ - "releases/**"
+ - "stable/**"
+
+jobs:
+ ack:
+ uses: ansible/devtools/.github/workflows/push.yml@main
diff --git a/.github/workflows/redirects.yml b/.github/workflows/redirects.yml
new file mode 100644
index 0000000..fcc5eea
--- /dev/null
+++ b/.github/workflows/redirects.yml
@@ -0,0 +1,33 @@
+---
+# Sync RTD redirects
+name: redirects
+
+"on":
+ push:
+ branches:
+ - main
+ paths:
+ - docs/redirects.yml
+ - .github/workflows/redirects.yml
+
+ # Manually triggered using GitHub's UI
+ workflow_dispatch:
+
+jobs:
+ docs:
+ environment: release
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - uses: actions/setup-python@v4
+
+ - name: Upgrade Python toolchain
+ run: python3 -m pip install --upgrade pip setuptools wheel
+
+ - name: Install readthedocs-cli
+ run: python3 -m pip install readthedocs-cli
+
+ - name: Sync redirects
+ run: rtd projects ansible-lint redirects sync -f docs/redirects.yml --wet-run
+ env:
+ RTD_TOKEN: ${{ secrets.RTD_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..317b5e1
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,77 @@
+---
+# cspell:ignore mislav
+name: release
+
+"on":
+ release:
+ types: [published]
+ workflow_dispatch:
+
+jobs:
+ # https://github.com/marketplace/actions/actions-tagger
+ actions-tagger:
+ runs-on: windows-latest
+ steps:
+ - uses: Actions-R-Us/actions-tagger@latest
+ env:
+ GITHUB_TOKEN: "${{ github.token }}"
+ pypi:
+ name: Publish to PyPI registry
+ environment: release
+ runs-on: ubuntu-22.04
+ permissions:
+ id-token: write
+
+ env:
+ FORCE_COLOR: 1
+ PY_COLORS: 1
+ TOXENV: pkg
+
+ steps:
+ - name: Switch to using Python 3.9 by default
+ uses: actions/setup-python@v4
+ with:
+ python-version: 3.9
+
+ - name: Install tox
+ run: python3 -m pip install --user "tox>=4.0.0"
+
+ - name: Check out src from Git
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0 # needed by setuptools-scm
+ submodules: true
+
+ - name: Build dists
+ run: python -m tox
+
+ - name: Publish to pypi.org
+ if: >- # "create" workflows run separately from "push" & "pull_request"
+ github.event_name == 'release'
+ uses: pypa/gh-action-pypi-publish@release/v1
+
+ homebrew:
+ name: Bump homebrew formula
+ environment: release
+ runs-on: ubuntu-22.04
+ needs: pypi
+
+ env:
+ FORCE_COLOR: 1
+ PY_COLORS: 1
+ TOXENV: pkg
+
+ steps:
+ - name: Check out src from Git
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0 # needed by setuptools-scm
+ submodules: true
+
+ - name: Bump homebrew formula
+ uses: mislav/bump-homebrew-formula-action@v2.2
+ with:
+ # A PR will be sent to github.com/Homebrew/homebrew-core to update this formula:
+ formula-name: ansible-lint
+ env:
+ COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }}
diff --git a/.github/workflows/tox.yml b/.github/workflows/tox.yml
new file mode 100644
index 0000000..3220155
--- /dev/null
+++ b/.github/workflows/tox.yml
@@ -0,0 +1,236 @@
+---
+name: tox
+
+on:
+ push: # only publishes pushes to the main branch to TestPyPI
+ branches: # any integration branch but not tag
+ - "main"
+ pull_request:
+ branches:
+ - "main"
+
+concurrency:
+ group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
+ cancel-in-progress: true
+
+env:
+ FORCE_COLOR: 1 # tox, pytest, ansible-lint
+ PY_COLORS: 1
+
+jobs:
+ pre:
+ name: pre
+ runs-on: ubuntu-22.04
+ outputs:
+ matrix: ${{ steps.generate_matrix.outputs.matrix }}
+ steps:
+ - name: Determine matrix
+ id: generate_matrix
+ uses: coactions/dynamic-matrix@v1
+ with:
+ min_python: "3.9"
+ max_python: "3.11"
+ other_names: |
+ lint
+ pkg
+ hook
+ docs
+ schemas
+ eco
+ py-devel
+ platforms: linux,macos
+ test-action:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+ - name: Self test for ansible-lint@${{ github.action_ref || 'main' }}
+ uses: ./
+ with:
+ # basically we only lint linter own configuration, which should be passing.
+ args: .ansible-lint
+ build:
+ name: ${{ matrix.name }}
+ runs-on: ${{ matrix.os || 'ubuntu-22.04' }}
+ needs:
+ - pre
+ - test-action
+ defaults:
+ run:
+ shell: ${{ matrix.shell || 'bash'}}
+ strategy:
+ fail-fast: false
+ matrix: ${{ fromJson(needs.pre.outputs.matrix) }}
+ # max-parallel: 5
+ # The matrix testing goal is to cover the *most likely* environments
+ # which are expected to be used by users in production. Avoid adding a
+ # combination unless there are good reasons to test it, like having
+ # proof that we failed to catch a bug by not running it. Using
+ # distribution should be preferred instead of custom builds.
+ env:
+ # vars safe to be passed to wsl:
+ WSLENV: FORCE_COLOR:PYTEST_REQPASS:TOXENV:GITHUB_STEP_SUMMARY
+ # Number of expected test passes, safety measure for accidental skip of
+ # tests. Update value if you add/remove tests.
+ PYTEST_REQPASS: 805
+ steps:
+ - name: Activate WSL1
+ if: "contains(matrix.shell, 'wsl')"
+ uses: Vampire/setup-wsl@v2
+
+ - name: MacOS workaround for https://github.com/actions/virtual-environments/issues/1187
+ if: ${{ matrix.os == 'macOS-latest' }}
+ run: |
+ sudo sysctl -w net.link.generic.system.hwcksum_tx=0
+ sudo sysctl -w net.link.generic.system.hwcksum_rx=0
+
+ - uses: actions/checkout@v3
+ with:
+ fetch-depth: 0 # needed by setuptools-scm
+ submodules: true
+
+ - name: Set pre-commit cache
+ uses: actions/cache@v3
+ if: ${{ matrix.passed_name == 'lint' }}
+ with:
+ path: |
+ ~/.cache/pre-commit
+ key: pre-commit-${{ matrix.name || matrix.passed_name }}-${{ hashFiles('.pre-commit-config.yaml') }}
+
+ - name: Set ansible cache(s)
+ uses: actions/cache@v3
+ with:
+ path: |
+ .cache/eco
+ examples/playbooks/collections/ansible_collections
+ ~/.cache/ansible-compat
+ ~/.ansible/collections
+ ~/.ansible/roles
+ key: ${{ matrix.name || matrix.passed_name }}-${{ hashFiles('tools/test-eco.sh', 'requirements.yml', 'examples/playbooks/collections/requirements.yml') }}
+
+ - name: Set up Python ${{ matrix.python_version || '3.9' }}
+ if: "!contains(matrix.shell, 'wsl')"
+ uses: actions/setup-python@v4
+ with:
+ cache: pip
+ python-version: ${{ matrix.python_version || '3.9' }}
+
+ - uses: actions/setup-node@v3
+ with:
+ node-version: 18
+ cache: "npm"
+ cache-dependency-path: test/schemas/package-lock.json
+
+ - name: Run ./tools/test-setup.sh
+ run: ./tools/test-setup.sh
+
+ - name: Install tox
+ run: |
+ python3 -m pip install --upgrade pip
+ python3 -m pip install --upgrade "tox>=4.0.0"
+
+ - name: Log installed dists
+ run: python3 -m pip freeze --all
+
+ - name: Initialize tox envs ${{ matrix.passed_name }}
+ run: python3 -m tox --notest --skip-missing-interpreters false -vv -e ${{ matrix.passed_name }}
+ timeout-minutes: 5 # average is under 1, but macos can be over 3
+
+ # sequential run improves browsing experience (almost no speed impact)
+ - name: tox -e ${{ matrix.passed_name }}
+ run: python3 -m tox -e ${{ matrix.passed_name }}
+
+ - name: Combine coverage data
+ if: ${{ startsWith(matrix.passed_name, 'py') }}
+ # produce a single .coverage file at repo root
+ run: tox -e coverage
+
+ - name: Upload coverage data
+ if: ${{ startsWith(matrix.passed_name, 'py') }}
+ uses: codecov/codecov-action@v3
+ with:
+ name: ${{ matrix.passed_name }}
+ fail_ci_if_error: false # see https://github.com/codecov/codecov-action/issues/598
+ token: ${{ secrets.CODECOV_TOKEN }}
+ verbose: true # optional (default = false)
+
+ - name: Archive logs
+ uses: actions/upload-artifact@v3
+ with:
+ name: logs.zip
+ path: .tox/**/log/
+ # https://github.com/actions/upload-artifact/issues/123
+ continue-on-error: true
+
+ - name: Report failure if git reports dirty status
+ run: |
+ git checkout HEAD -- src/ansiblelint/schemas/__store__.json
+ if [[ -n $(git status -s) ]]; then
+ # shellcheck disable=SC2016
+ echo -n '::error file=git-status::'
+ printf '### Failed as git reported modified and/or untracked files\n```\n%s\n```\n' "$(git status -s)" | tee -a "$GITHUB_STEP_SUMMARY"
+ exit 99
+ fi
+ # https://github.com/actions/toolkit/issues/193
+ codeql:
+ name: codeql
+ runs-on: ubuntu-latest
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ language: ["python"]
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v3
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v2
+ with:
+ languages: ${{ matrix.language }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+
+ # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+ # queries: security-extended,security-and-quality
+
+ - name: Autobuild
+ uses: github/codeql-action/autobuild@v2
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v2
+ with:
+ category: "/language:${{matrix.language}}"
+
+ check: # This job does nothing and is only used for the branch protection
+ if: always()
+ permissions:
+ pull-requests: write # allow codenotify to comment on pull-request
+
+ needs:
+ - build
+ - test-action
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Decide whether the needed jobs succeeded or failed
+ uses: re-actors/alls-green@release/v1
+ with:
+ jobs: ${{ toJSON(needs) }}
+
+ - name: Check out src from Git
+ uses: actions/checkout@v3
+
+ - name: Notify repository owners about lint change affecting them
+ uses: sourcegraph/codenotify@v0.6.4
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # https://github.com/sourcegraph/codenotify/issues/19
+ continue-on-error: true