Compare commits
2 Commits
e9974a054e
...
1c417eda10
| Author | SHA1 | Date | |
|---|---|---|---|
| 1c417eda10 | |||
| 14ce2dfea6 |
9
.ansible-lint.yaml
Normal file
9
.ansible-lint.yaml
Normal file
@ -0,0 +1,9 @@
|
||||
---
|
||||
skip_list:
|
||||
- line-length # don't yell about line length
|
||||
- meta-no-info # we don't publish to galaxy so stop yelling about it
|
||||
- package-latest # we install lots of latest stuff still 😢
|
||||
- experimental # no instability plz, give us a call when ur stable
|
||||
|
||||
warn_list:
|
||||
- no-handler # good to keep, but shouldn't be fatal
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@ -6,3 +6,4 @@ playbooks/testing.yml
|
||||
**/__pycache__/
|
||||
.venv/
|
||||
.ansible/
|
||||
.tox/
|
||||
|
||||
7
.yamllintrc.yaml
Normal file
7
.yamllintrc.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
yaml-files:
|
||||
- "*.yml"
|
||||
- "*.yaml"
|
||||
|
||||
rules:
|
||||
line-length: disable
|
||||
1
Makefile
1
Makefile
@ -1,5 +1,6 @@
|
||||
clean:
|
||||
rm --recursive --force .ansible/
|
||||
rm --recursive --force .tox/
|
||||
|
||||
dev:
|
||||
@poetry install --remove-untracked
|
||||
|
||||
695
poetry.lock
generated
695
poetry.lock
generated
File diff suppressed because it is too large
Load Diff
@ -6,8 +6,8 @@ authors = ["Ethan Paul <me@enp.one>"]
|
||||
license = "MIT"
|
||||
|
||||
[tool.poetry.dependencies]
|
||||
python = "^3.8"
|
||||
ansible = "^4.9.0"
|
||||
python = "^3.10"
|
||||
ansible-core = "^2.12.1"
|
||||
docker = "^4.2.0"
|
||||
docker-compose = "^1.25.4"
|
||||
paramiko = "^2.7.1"
|
||||
@ -16,12 +16,13 @@ netaddr = "^0.8.0"
|
||||
|
||||
[tool.poetry.dev-dependencies]
|
||||
ansible-lint = "^4.2.0"
|
||||
ipython = "^7.28.0"
|
||||
mdformat = "^0.7.9"
|
||||
mdformat-gfm = "^0.3.3"
|
||||
poetry = "^1.1.0"
|
||||
pre-commit = "^2.9.2"
|
||||
pre-commit-hooks = "^3.3.0"
|
||||
safety = "^1.9.0"
|
||||
tox = "^3.20.1"
|
||||
tox-poetry-installer = "^0.8.1"
|
||||
tox-poetry-installer = {extras = ["poetry"], version = "^0.8.3"}
|
||||
yamllint = "^1.20.0"
|
||||
mdformat = "^0.7.9"
|
||||
mdformat-gfm = "^0.3.3"
|
||||
ipython = "^7.28.0"
|
||||
|
||||
@ -17,4 +17,10 @@ build_ignore: []
|
||||
# L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
|
||||
# range specifiers can be set and are separated by ','
|
||||
dependencies:
|
||||
ansible.netcommon: ">=2.5.0,<3.0.0"
|
||||
ansible.posix: ">=1.3.0,<2.0.0"
|
||||
ansible.utils: ">=2.4.3,<3.0.0"
|
||||
community.docker: ">=2.0.2,<3.0.0"
|
||||
community.network: ">=3.0.0,<4.0.0"
|
||||
community.general: ">=4.1.0,<5.0.0"
|
||||
community.crypto: ">=1.0.0,<2.0.0"
|
||||
|
||||
42
tox.ini
Normal file
42
tox.ini
Normal file
@ -0,0 +1,42 @@
|
||||
[tox]
|
||||
envlist = ansible, python, security
|
||||
skipsdist = true
|
||||
|
||||
[testenv]
|
||||
require_locked_deps = true
|
||||
require_poetry = true
|
||||
setenv =
|
||||
ANSIBLE_CONFIG = {toxinidir}/ansible.cfg
|
||||
whitelist_externals =
|
||||
bash
|
||||
|
||||
[testenv:ansible]
|
||||
description = Lint ansible resources
|
||||
locked_deps =
|
||||
ansible-core
|
||||
ansible-lint
|
||||
yamllint
|
||||
pre-commit
|
||||
pre-commit-hooks
|
||||
mdformat
|
||||
mdformat-gfm
|
||||
commands =
|
||||
yamllint --config-file {toxinidir}/.yamllintrc.yaml \
|
||||
{toxinidir}/skylab/ \
|
||||
{toxinidir}/inventory.yaml \
|
||||
{toxinidir}/requirements.yaml
|
||||
bash -c "ansible-lint -c {toxinidir}/.ansible-lint.yaml \
|
||||
{toxinidir}/skylab/*/playbooks/"
|
||||
pre-commit run --all-files
|
||||
|
||||
[testenv:security]
|
||||
description = Check security parameters
|
||||
ignore_errors = true
|
||||
locked_deps =
|
||||
poetry
|
||||
safety
|
||||
commands =
|
||||
poetry export --format requirements.txt --without-hashes --dev --output {envtmpdir}/req.txt
|
||||
safety check --json --file {envtmpdir}/req.txt \
|
||||
# Ignore unfixed CVE-2021-3532 from ansible \
|
||||
--ignore 42923
|
||||
Reference in New Issue
Block a user