Add ansible lint action, fixes #346 (#351)

* Add Ansible lint action

* Exclude molecule base path

* Remove incompatible .yamllint

ansible-lint gives the following error and stops:

"Found incompatible custom yamllint configuration (.yamllint),
please either remove the file or edit it to comply with: ..."

* Fix linter issues

* Tune workflow

.ansible-lint

@@ -7,6 +7,8 @@ skip_list:
   - jinja
 
 exclude_paths:
+  - meta/main.yml # https://github.com/ansible/ansible-lint/issues/4387
+  - molecule
   - molecule/_tests/
   - examples/
   - tests/

.github/workflows/ansible-lint.yml

@@ -0,0 +1,17 @@
+---
+name: Ansible Lint
+on:
+  push:
+    tags_ignore:
+      - '*'
+  pull_request:
+jobs:
+  run:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@main
+        with:
+          requirements_file: molecule/requirements.yml

defaults/main.yml

@@ -6,7 +6,8 @@
 # ---------------------------------------------------------------------------
 
 # Package variables
-vault_version: "{{ lookup('env', 'VAULT_VERSION') | default('1.5.5', true) }}{{ '+prem' if vault_enterprise_premium else '' }}{{ '.hsm' if vault_enterprise_premium_hsm else '' }}"
+vault_version_suffix: "{{ '+prem' if vault_enterprise_premium else '' }}{{ '.hsm' if vault_enterprise_premium_hsm else '' }}"
+vault_version: "{{ lookup('env', 'VAULT_VERSION') | default('1.5.5', true) }}{{ vault_version_suffix }}"
 vault_architecture_map:
   # this first entry seems... redundant (but it's required for reasons)
   amd64: amd64
@@ -126,7 +127,8 @@ vault_backend_gcs: vault_backend_gcs.j2
 vault_cluster_disable: false
 vault_cluster_address: "{{ hostvars[inventory_hostname]['ansible_' + vault_iface]['ipv4']['address'] }}:{{ (vault_port | int) + 1 }}"
 vault_cluster_addr: "{{ vault_protocol }}://{{ vault_cluster_address }}"
-vault_api_addr: "{{ vault_protocol }}://{{ vault_redirect_address | default(hostvars[inventory_hostname]['ansible_' + vault_iface]['ipv4']['address']) }}:{{ vault_port }}"
+vault_api_addr: "{{ vault_protocol }}://{{ vault_redirect_address |
+  default(hostvars[inventory_hostname]['ansible_' + vault_iface]['ipv4']['address']) }}:{{ vault_port }}"
 vault_disable_api_health_check: false
 
 vault_max_lease_ttl: "768h"
@@ -213,7 +215,8 @@ vault_raft_cluster_members: |
     {
       "peer": "{{ server }}",
       "api_addr": "{{ hostvars[server]['vault_api_addr'] |
-      default(vault_protocol + '://' + hostvars[server]['ansible_' + hostvars[server]['ansible_default_ipv4']['interface']]['ipv4']['address'] + ':' + (vault_port|string)) }}"
+      default(vault_protocol + '://' +
+      hostvars[server]['ansible_' + hostvars[server]['ansible_default_ipv4']['interface']]['ipv4']['address'] + ':' + (vault_port|string)) }}"
     },
   {% endfor %}
   ]

tasks/backend_tls.yml

@@ -8,7 +8,7 @@
     state: directory
     owner: "{{ vault_user }}"
     group: "{{ vault_group }}"
-    mode: 0700
+    mode: "0700"
   with_items:
     - "{{ vault_backend_tls_certs_path }}"
     - "{{ vault_backend_tls_private_path }}"

tasks/install.yml

@@ -35,7 +35,7 @@
     dest: "{{ role_path }}/files/{{ vault_pkg }}"
     checksum: "sha256:{{ (lookup('url', vault_checksum_file_url, wantlist=true) | select('match', '.*' + vault_pkg + '$') | first).split()[0] }}"
     timeout: "42"
-    mode: 0644
+    mode: "0644"
   become: "{{ vault_privileged_install }}"
   run_once: true
   tags: installation

tasks/install_enterprise.yml

@@ -44,7 +44,7 @@
     dest: "{{ role_path }}/files/{{ vault_enterprise_pkg }}"
     checksum: sha256:{{ vault_sha256.stdout }}
     timeout: 42
-    mode: 0644
+    mode: "0644"
   become: false
   run_once: true
   tags: installation

tasks/install_remote.yml

@@ -14,7 +14,7 @@
   file:
     path: /tmp/vault
     state: directory
-    mode: 0750
+    mode: "0750"
 
 - name: Check Vault package file
   stat:
@@ -28,7 +28,7 @@
     dest: "/tmp/vault/{{ vault_pkg }}"
     checksum: "sha256:{{ (lookup('url', vault_checksum_file_url, wantlist=true) | select('match', '.*' + vault_pkg + '$') | first).split()[0] }}"
     timeout: "42"
-    mode: 0644
+    mode: "0644"
   tags: installation
   when: not vault_package.stat.exists | bool
 

tasks/main.yml

@@ -126,7 +126,7 @@
     dest: /etc/logrotate.d/vault
     owner: root
     group: root
-    mode: 0644
+    mode: "0644"
   when: vault_enable_logrotate | bool
 
 - name: TLS configuration
@@ -342,7 +342,7 @@
     owner: "{{ vault_user }}"
     group: "{{ vault_group }}"
     create: true
-    mode: 0600
+    mode: "0600"
   when:
     - not vault_dotfile_disable
     - ansible_os_family != 'Windows'
@@ -356,7 +356,7 @@
     owner: "{{ vault_user }}"
     group: "{{ vault_group }}"
     create: true
-    mode: 0600
+    mode: "0600"
   when:
     - not vault_dotfile_disable
     - not vault_tls_disable | bool

tasks/plugins/acme.yml

@@ -23,7 +23,7 @@
           file:
             path: "{{ (vault_plugin_acme_install == 'local') | ternary(vault_plugins_src_dir_local, vault_plugins_src_dir_remote) }}/acme"
             state: directory
-            mode: 0755
+            mode: "0755"
             owner: "{{ (vault_plugin_acme_install == 'local') | ternary(omit, vault_user) }}"
             group: "{{ (vault_plugin_acme_install == 'local') | ternary(omit, vault_group) }}"
           register: __vault_plugin_acme_zip_dir
@@ -34,7 +34,7 @@
             url: "{{ vault_plugin_acme_release_url }}/{{ vault_plugin_acme_zip }}"
             dest: "{{ __vault_plugin_acme_zip_dir.path }}"
             checksum: "sha256:{{ vault_plugin_acme_zip_sha256sum }}"
-            mode: 0644
+            mode: "0644"
           register: __vault_plugin_acme_zip_file
           run_once: "{{ (vault_plugin_acme_install == 'local') }}"
 
@@ -43,7 +43,7 @@
             remote_src: "{{ (vault_plugin_acme_install == 'remote') }}"
             src: "{{ __vault_plugin_acme_zip_file.dest }}"
             dest: "{{ __vault_plugin_acme_zip_dir.path }}"
-            mode: 0644
+            mode: "0644"
           run_once: "{{ (vault_plugin_acme_install == 'local') }}"
 
     - name: Install acme vault plugin

tasks/tls.yml

@@ -8,7 +8,7 @@
     state: directory
     owner: "{{ vault_user }}"
     group: "{{ vault_group }}"
-    mode: 0750
+    mode: "0750"
   with_items:
     - "{{ vault_tls_certs_path }}"
     - "{{ vault_tls_private_path }}"