blob: 0838febff63540b74cac32bc57bd20f72ae27705 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
"""Implementation of latest rule."""
from __future__ import annotations
from typing import TYPE_CHECKING
from ansiblelint.rules import AnsibleLintRule
if TYPE_CHECKING:
from ansiblelint.errors import MatchError
from ansiblelint.file_utils import Lintable
from ansiblelint.utils import Task
class LatestRule(AnsibleLintRule):
"""Result of the command may vary on subsequent runs."""
id = "latest"
description = (
"All version control checkouts must point to "
"an explicit commit or tag, not just ``latest``"
)
severity = "MEDIUM"
tags = ["idempotency"]
version_added = "v6.5.2"
_ids = {
"latest[git]": "Use a commit hash or tag instead of 'latest' for git",
"latest[hg]": "Use a commit hash or tag instead of 'latest' for hg",
}
def matchtask(
self,
task: Task,
file: Lintable | None = None,
) -> bool | str | MatchError:
"""Check if module args are safe."""
if (
task["action"]["__ansible_module__"] == "git"
and task["action"].get("version", "HEAD") == "HEAD"
):
return self.create_matcherror(tag="latest[git]", filename=file)
if (
task["action"]["__ansible_module__"] == "hg"
and task["action"].get("revision", "default") == "default"
):
return self.create_matcherror(tag="latest[hg]", filename=file)
return False
|
