Merge pull request #127 from willshersystems/feature/ci-updates

Ubuntu focal, CI updates, code quality improvements
2024-11-08 21:03:29 +01:00 · 2020-09-18 20:56:14 +01:00 · 2020-09-18 20:56:14 +01:00 · 68d0577647
commit 68d0577647
parent a3fe654044 78c56e2129
9 changed files with 68 additions and 15 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -0,0 +1,2 @@
+warn_list:  # or 'skip_list' to silence them completely                       │
+  - '106'  # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -0,0 +1,14 @@
+---
+repos:
+  - repo: https://github.com/adrienverge/yamllint.git
+    rev: v1.24.2
+    hooks:
+      - id: yamllint
+        files: \.(yaml|yml)$
+        types: [file, yaml]
+        entry: yamllint --strict
+  - repo: https://github.com/ansible/ansible-lint.git
+    rev: v4.3.5
+    hooks:
+      - id: ansible-lint
+        files: \.(yaml|yml)$
--- a/.travis.yml
+++ b/.travis.yml
@ -1,26 +1,19 @@
 ---
+dist: focal
 language: c
 sudo: required

 notifications:
-    webhooks: https://galaxy.ansible.com/api/v1/notifications/
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/

 before_install:
-  - sudo add-apt-repository -y ppa:ansible/ansible
-  - sudo apt-get update -qq
-  - sudo apt-get -qq install ansible
+  - sudo -H pip3 install ansible

 install:
  # Add ansible.cfg to pick up roles path.
-  - "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg"
+  - "{ echo '[defaults]'; echo 'roles_path = ../'; echo 'deprecation_warnings=False'; } >> ansible.cfg"

 script:
-  # Check the ansible version.
-  - >
-    ansible --version
-    | grep -q '^ansible 2'
-    && (echo 'Ansible 2.0+ test: pass' && exit 0)
-    || (echo 'Ansible 2.0+ test: fail' && exit 1)
  # Check the roles syntax.
  - "ANSIBLE_FORCE_COLOR=1 ansible-playbook -i tests/inventory tests/test.yml --syntax-check"

@ -32,4 +25,3 @@ script:
    ansible-playbook -i tests/inventory tests/test.yml --connection=local --become | grep -q 'changed=0.*failed=0'
    && (echo 'Idempotence test: pass' && exit 0)
    || (echo 'Idempotence test: fail' && exit 1)
-
--- a/.yamllint.yaml
+++ b/.yamllint.yaml
@ -0,0 +1,21 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+  braces: {max-spaces-inside: 1, level: error}
+  brackets: {max-spaces-inside: 1, level: error}
+  colons: {max-spaces-after: -1, level: error}
+  commas: {max-spaces-after: -1, level: error}
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines: {max: 3, level: error}
+  hyphens: {level: error}
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines: {type: unix}
+  trailing-spaces: disable
+  truthy: disable
--- a/meta/main.yml
+++ b/meta/main.yml
@ -4,7 +4,7 @@ galaxy_info:
  description: OpenSSH SSH daemon configuration
  company: Willsher Systems
  license: LGPLv3
-  min_ansible_version: 1.8
+  min_ansible_version: 2.8
  platforms:
  - name: Debian
    versions:
@ -17,6 +17,8 @@ galaxy_info:
    - precise
    - trusty
    - xenial
+    - bionic
+    - focal
  - name: FreeBSD
    version:
    - 10.1
@ -24,6 +26,7 @@ galaxy_info:
    versions:
    - 6
    - 7
+    - 8
  - name: Fedora
    versions:
    - 22
--- a/tasks/install.yml
+++ b/tasks/install.yml
@ -26,16 +26,25 @@
      template:
        src: "{{ sshd_service_template_service }}"
        dest: "/etc/systemd/system/{{ sshd_service }}.service"
+        owner: root
+        group: root
+        mode: "0644"
      notify: reload_sshd
    - name: Install instanced service unit file
      template:
        src: "{{ sshd_service_template_at_service }}"
        dest: "/etc/systemd/system/{{ sshd_service }}@.service"
+        owner: root
+        group: root
+        mode: "0644"
      notify: reload_sshd
    - name: Install socket unit file
      template:
        src: "{{ sshd_service_template_socket }}"
        dest: "/etc/systemd/system/{{ sshd_service }}.socket"
+        owner: root
+        group: root
+        mode: "0644"
      notify: reload_sshd
  when: sshd_install_service|bool

--- a/tasks/variables.yml
+++ b/tasks/variables.yml
@ -1,5 +1,4 @@
 ---
-
 - name: Set OS dependent variables
  include_vars: "{{ lookup('first_found', params) }}"
  vars:
--- a/vars/Debian_10.yml
+++ b/vars/Debian_10.yml
@ -32,4 +32,3 @@ __sshd_defaults:
  Subsystem: "sftp {{ sshd_sftp_server }}"
  UsePAM: yes
 __sshd_os_supported: yes
-
--- a/vars/Ubuntu_20.yml
+++ b/vars/Ubuntu_20.yml
@ -0,0 +1,14 @@
+---
+__sshd_service: ssh
+__sshd_packages:
+  - openssh-server
+  - openssh-sftp-server
+__sshd_config_mode: "0644"
+__sshd_defaults:
+  ChallengeResponseAuthentication: no
+  UsePAM: yes
+  X11Forwarding: yes
+  PrintMotd: no
+  AcceptEnv: LANG LC_*
+  Subsystem: "sftp  /usr/lib/openssh/sftp-server"
+__sshd_os_supported: yes