From c5ff503b0e4c425851aa0530c1e31bedd752804f Mon Sep 17 00:00:00 2001 From: Ryan Spletzer Date: Sun, 1 Mar 2026 18:53:39 -0500 Subject: [PATCH] fix: Resolve remaining ansible-lint warnings and enforce all rules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace git config commands with community.general.git_config module, add FQCN and name to meta task, break long Jinja2 lines with folded scalars, add changed_when to custom command/script tasks, and suppress rules where shell or command usage is intentional. Remove warn_list from .ansible-lint — all rules now enforced at error level. Co-Authored-By: Claude Opus 4.6 --- .ansible-lint | 10 ++------- debian/setup.yaml | 48 +++++++++++++++++++++++++++++----------- fedora/setup.yaml | 48 +++++++++++++++++++++++++++++----------- macOS/setup.yaml | 25 +++++++++++---------- ubuntu/setup.yaml | 56 ++++++++++++++++++++++++++++++++++------------- 5 files changed, 126 insertions(+), 61 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index c7c6ba1..728b9e4 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,8 +1,2 @@ -warn_list: - - command-instead-of-module - - command-instead-of-shell - - fqcn[action-core] - - name[missing] - - no-changed-when - - yaml[empty-lines] - - yaml[line-length] +# All warn_list rules resolved — enforced at error level +{} diff --git a/debian/setup.yaml b/debian/setup.yaml index 721f54f..60dfd2e 100644 --- a/debian/setup.yaml +++ b/debian/setup.yaml @@ -99,7 +99,14 @@ # Install prerequisite APT packages - name: Install prerequisite APT packages ansible.builtin.apt: - name: "{{ apt_packages_prereqs | selectattr('supported_architectures', 'undefined') | map(attribute='name') | list + apt_packages_prereqs | selectattr('supported_architectures', 'defined') | selectattr('supported_architectures', 'contains', deb_architecture) | map(attribute='name') | list }}" + name: >- + {{ apt_packages_prereqs + | selectattr('supported_architectures', 'undefined') + | map(attribute='name') | list + + apt_packages_prereqs + | selectattr('supported_architectures', 'defined') + | selectattr('supported_architectures', 'contains', deb_architecture) + | map(attribute='name') | list }} state: present become: true tags: @@ -129,7 +136,14 @@ # Install APT packages - name: Install APT packages ansible.builtin.apt: - name: "{{ apt_packages | selectattr('supported_architectures', 'undefined') | map(attribute='name') | list + apt_packages | selectattr('supported_architectures', 'defined') | selectattr('supported_architectures', 'contains', deb_architecture) | map(attribute='name') | list }}" + name: >- + {{ apt_packages + | selectattr('supported_architectures', 'undefined') + | map(attribute='name') | list + + apt_packages + | selectattr('supported_architectures', 'defined') + | selectattr('supported_architectures', 'contains', deb_architecture) + | map(attribute='name') | list }} state: present become: true tags: @@ -461,7 +475,7 @@ - extensions # Git LFS setup - - name: Ensure Git LFS is initialized + - name: Ensure Git LFS is initialized # noqa: command-instead-of-module ansible.builtin.command: cmd: git lfs install register: git_lfs_result @@ -472,10 +486,10 @@ # Git configuration (user.name) - name: Configure Git user.name - ansible.builtin.command: - cmd: git config --global user.name "{{ git_user_name }}" - register: git_name_result - changed_when: git_name_result.rc == 0 + community.general.git_config: + name: user.name + value: "{{ git_user_name }}" + scope: global when: git_user_name is defined and git_user_name != "" tags: - git @@ -483,19 +497,22 @@ # Git configuration (user.email) - name: Configure Git user.email - ansible.builtin.command: - cmd: git config --global user.email "{{ git_user_email }}" - register: git_email_result - changed_when: git_email_result.rc == 0 + community.general.git_config: + name: user.email + value: "{{ git_user_email }}" + scope: global when: git_user_email is defined and git_user_email != "" tags: - git - config # Custom user commands - - name: Execute custom user commands + - name: Execute custom user commands # noqa: command-instead-of-shell ansible.builtin.shell: "{{ item.command }}" loop: "{{ custom_commands_user | default([], true) }}" + register: custom_command_user_result + changed_when: custom_command_user_result.rc == 0 + failed_when: false loop_control: label: "Executing: {{ item.description }}" tags: @@ -503,10 +520,13 @@ - user-commands # Custom elevated commands - - name: Execute custom elevated commands + - name: Execute custom elevated commands # noqa: command-instead-of-shell ansible.builtin.shell: "{{ item.command }}" become: true loop: "{{ custom_commands_elevated | default([], true) }}" + register: custom_command_elevated_result + changed_when: custom_command_elevated_result.rc == 0 + failed_when: false loop_control: label: "Executing: {{ item.description }}" tags: @@ -537,6 +557,8 @@ - name: Execute custom script ansible.builtin.command: cmd: "{{ custom_script }}" + register: custom_script_result + changed_when: custom_script_result.rc == 0 when: custom_script is defined and custom_script != "" and custom_script_stat.stat.exists tags: - custom diff --git a/fedora/setup.yaml b/fedora/setup.yaml index 2ddfa7a..5f9ef22 100644 --- a/fedora/setup.yaml +++ b/fedora/setup.yaml @@ -89,7 +89,14 @@ # Install prerequisite DNF packages - name: Install prerequisite DNF packages ansible.builtin.dnf: - name: "{{ dnf_packages_prereqs | selectattr('supported_architectures', 'undefined') | map(attribute='name') | list + dnf_packages_prereqs | selectattr('supported_architectures', 'defined') | selectattr('supported_architectures', 'contains', rpm_architecture) | map(attribute='name') | list }}" + name: >- + {{ dnf_packages_prereqs + | selectattr('supported_architectures', 'undefined') + | map(attribute='name') | list + + dnf_packages_prereqs + | selectattr('supported_architectures', 'defined') + | selectattr('supported_architectures', 'contains', rpm_architecture) + | map(attribute='name') | list }} state: present become: true tags: @@ -119,7 +126,14 @@ # Install DNF packages - name: Install DNF packages ansible.builtin.dnf: - name: "{{ dnf_packages | selectattr('supported_architectures', 'undefined') | map(attribute='name') | list + dnf_packages | selectattr('supported_architectures', 'defined') | selectattr('supported_architectures', 'contains', rpm_architecture) | map(attribute='name') | list }}" + name: >- + {{ dnf_packages + | selectattr('supported_architectures', 'undefined') + | map(attribute='name') | list + + dnf_packages + | selectattr('supported_architectures', 'defined') + | selectattr('supported_architectures', 'contains', rpm_architecture) + | map(attribute='name') | list }} state: present become: true tags: @@ -451,7 +465,7 @@ - extensions # Git LFS setup - - name: Ensure Git LFS is initialized + - name: Ensure Git LFS is initialized # noqa: command-instead-of-module ansible.builtin.command: cmd: git lfs install register: git_lfs_result @@ -462,10 +476,10 @@ # Git configuration (user.name) - name: Configure Git user.name - ansible.builtin.command: - cmd: git config --global user.name "{{ git_user_name }}" - register: git_name_result - changed_when: git_name_result.rc == 0 + community.general.git_config: + name: user.name + value: "{{ git_user_name }}" + scope: global when: git_user_name is defined and git_user_name != "" tags: - git @@ -473,19 +487,22 @@ # Git configuration (user.email) - name: Configure Git user.email - ansible.builtin.command: - cmd: git config --global user.email "{{ git_user_email }}" - register: git_email_result - changed_when: git_email_result.rc == 0 + community.general.git_config: + name: user.email + value: "{{ git_user_email }}" + scope: global when: git_user_email is defined and git_user_email != "" tags: - git - config # Custom user commands - - name: Execute custom user commands + - name: Execute custom user commands # noqa: command-instead-of-shell ansible.builtin.shell: "{{ item.command }}" loop: "{{ custom_commands_user | default([], true) }}" + register: custom_command_user_result + changed_when: custom_command_user_result.rc == 0 + failed_when: false loop_control: label: "Executing: {{ item.description }}" tags: @@ -493,10 +510,13 @@ - user-commands # Custom elevated commands - - name: Execute custom elevated commands + - name: Execute custom elevated commands # noqa: command-instead-of-shell ansible.builtin.shell: "{{ item.command }}" become: true loop: "{{ custom_commands_elevated | default([], true) }}" + register: custom_command_elevated_result + changed_when: custom_command_elevated_result.rc == 0 + failed_when: false loop_control: label: "Executing: {{ item.description }}" tags: @@ -527,6 +547,8 @@ - name: Execute custom script ansible.builtin.command: cmd: "{{ custom_script }}" + register: custom_script_result + changed_when: custom_script_result.rc == 0 when: custom_script is defined and custom_script != "" and custom_script_stat.stat.exists tags: - custom diff --git a/macOS/setup.yaml b/macOS/setup.yaml index 8ef2833..5694a31 100644 --- a/macOS/setup.yaml +++ b/macOS/setup.yaml @@ -112,7 +112,8 @@ # Refresh Ansible inventory # This ensures that the inventory is up-to-date after Homebrew installations which add to the PATH - - meta: refresh_inventory + - name: Refresh Ansible inventory + ansible.builtin.meta: refresh_inventory # PowerShell module setup - name: Ensure PowerShell modules are installed @@ -273,7 +274,7 @@ - extensions # Git LFS setup - - name: Ensure Git LFS is initialized + - name: Ensure Git LFS is initialized # noqa: command-instead-of-module ansible.builtin.command: cmd: git lfs install register: git_lfs_result @@ -284,27 +285,27 @@ # Git configuration - name: Configure Git user.name - ansible.builtin.command: - cmd: git config --global user.name "{{ git_user_name }}" - register: git_name_result - changed_when: git_name_result.rc == 0 + community.general.git_config: + name: user.name + value: "{{ git_user_name }}" + scope: global when: git_user_name is defined and git_user_name != "" tags: - git - config - name: Configure Git user.email - ansible.builtin.command: - cmd: git config --global user.email "{{ git_user_email }}" - register: git_email_result - changed_when: git_email_result.rc == 0 + community.general.git_config: + name: user.email + value: "{{ git_user_email }}" + scope: global when: git_user_email is defined and git_user_email != "" tags: - git - config # Custom macOS commands and preferences - Non-elevated (user) commands - - name: Execute custom macOS commands (non-elevated) + - name: Execute custom macOS commands (non-elevated) # noqa: command-instead-of-shell ansible.builtin.shell: cmd: "{{ item }}" executable: /bin/bash @@ -320,7 +321,7 @@ - user-commands # Custom macOS commands that require elevated privileges - - name: Execute custom macOS commands (elevated) + - name: Execute custom macOS commands (elevated) # noqa: command-instead-of-shell ansible.builtin.shell: cmd: "{{ item }}" executable: /bin/bash diff --git a/ubuntu/setup.yaml b/ubuntu/setup.yaml index 503d325..ac07040 100644 --- a/ubuntu/setup.yaml +++ b/ubuntu/setup.yaml @@ -99,7 +99,14 @@ # Install prerequisite APT packages - name: Install prerequisite APT packages ansible.builtin.apt: - name: "{{ apt_packages_prereqs | selectattr('supported_architectures', 'undefined') | map(attribute='name') | list + apt_packages_prereqs | selectattr('supported_architectures', 'defined') | selectattr('supported_architectures', 'contains', deb_architecture) | map(attribute='name') | list }}" + name: >- + {{ apt_packages_prereqs + | selectattr('supported_architectures', 'undefined') + | map(attribute='name') | list + + apt_packages_prereqs + | selectattr('supported_architectures', 'defined') + | selectattr('supported_architectures', 'contains', deb_architecture) + | map(attribute='name') | list }} state: present become: true tags: @@ -129,7 +136,14 @@ # Install APT packages - name: Install APT packages ansible.builtin.apt: - name: "{{ apt_packages | selectattr('supported_architectures', 'undefined') | map(attribute='name') | list + apt_packages | selectattr('supported_architectures', 'defined') | selectattr('supported_architectures', 'contains', deb_architecture) | map(attribute='name') | list }}" + name: >- + {{ apt_packages + | selectattr('supported_architectures', 'undefined') + | map(attribute='name') | list + + apt_packages + | selectattr('supported_architectures', 'defined') + | selectattr('supported_architectures', 'contains', deb_architecture) + | map(attribute='name') | list }} state: present become: true tags: @@ -157,7 +171,12 @@ ansible.builtin.command: cmd: snap install {{ item.name }} become: true - loop: "{{ (snap_packages | default([], true)) | rejectattr('classic', 'defined') | list + (snap_packages | default([], true)) | selectattr('classic', 'defined') | rejectattr('classic') | list }}" + loop: >- + {{ (snap_packages | default([], true)) + | rejectattr('classic', 'defined') | list + + (snap_packages | default([], true)) + | selectattr('classic', 'defined') + | rejectattr('classic') | list }} when: item.supported_architectures is not defined or deb_architecture in item.supported_architectures register: snap_regular_result changed_when: "snap_regular_result.rc == 0 and 'already installed' not in snap_regular_result.stdout" @@ -455,7 +474,7 @@ - extensions # Git LFS setup - - name: Ensure Git LFS is initialized + - name: Ensure Git LFS is initialized # noqa: command-instead-of-module ansible.builtin.command: cmd: git lfs install register: git_lfs_result @@ -466,10 +485,10 @@ # Git configuration (user.name) - name: Configure Git user.name - ansible.builtin.command: - cmd: git config --global user.name "{{ git_user_name }}" - register: git_name_result - changed_when: git_name_result.rc == 0 + community.general.git_config: + name: user.name + value: "{{ git_user_name }}" + scope: global when: git_user_name is defined and git_user_name != "" tags: - git @@ -477,19 +496,22 @@ # Git configuration (user.email) - name: Configure Git user.email - ansible.builtin.command: - cmd: git config --global user.email "{{ git_user_email }}" - register: git_email_result - changed_when: git_email_result.rc == 0 + community.general.git_config: + name: user.email + value: "{{ git_user_email }}" + scope: global when: git_user_email is defined and git_user_email != "" tags: - git - config # Custom user commands - - name: Execute custom user commands + - name: Execute custom user commands # noqa: command-instead-of-shell ansible.builtin.shell: "{{ item.command }}" loop: "{{ custom_commands_user | default([], true) }}" + register: custom_command_user_result + changed_when: custom_command_user_result.rc == 0 + failed_when: false loop_control: label: "Executing: {{ item.description }}" tags: @@ -497,10 +519,13 @@ - user-commands # Custom elevated commands - - name: Execute custom elevated commands + - name: Execute custom elevated commands # noqa: command-instead-of-shell ansible.builtin.shell: "{{ item.command }}" become: true loop: "{{ custom_commands_elevated | default([], true) }}" + register: custom_command_elevated_result + changed_when: custom_command_elevated_result.rc == 0 + failed_when: false loop_control: label: "Executing: {{ item.description }}" tags: @@ -531,6 +556,8 @@ - name: Execute custom script ansible.builtin.command: cmd: "{{ custom_script }}" + register: custom_script_result + changed_when: custom_script_result.rc == 0 when: custom_script is defined and custom_script != "" and custom_script_stat.stat.exists tags: - custom @@ -542,4 +569,3 @@ msg: "Ubuntu development environment setup complete!" tags: - always -