Dev/ansible-role-sonarqube
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: Better linting.

Browse Source
This commit is contained in:
Laur Ivan 2023-04-29 20:48:33 +02:00
parent 9b42e51137
commit 19a65164f4
16 changed files with 122 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.ansible-lint
View File

@ -1,6 +1,6 @@
--- ---
exclude_paths: exclude_paths:
- ./molecule # - ./molecule
- ./.travis.yml - ./.travis.yml
- ./.github - ./.github
parseable: true parseable: true

6
.yamllint
View File

@ -31,3 +31,9 @@ rules:
new-lines: new-lines:
type: unix type: unix
truthy: disable truthy: disable
quoted-strings:
quote-type: any
required: only-when-needed
key-ordering: disable
document-end:
present: false

6
defaults/main.yml
View File

@ -1,8 +1,8 @@
--- ---
## General ## General
sonarqube_image: sonarqube sonarqube_image: "sonarqube"
sonarqube_db_image: postgres sonarqube_db_image: "postgres"
sonarqube_http_port: 9000 sonarqube_http_port: 9000
sonarqube_api_port: 9001 sonarqube_api_port: 9001
@ -14,7 +14,7 @@ sonarqube_nofile: 131072
sonarqube_nproc: 8192 sonarqube_nproc: 8192
# Sonarqube paths # Sonarqube paths
sonarqube_root_path: /var/local sonarqube_root_path: "/var/local"
sonarqube_config_path: "{{ sonarqube_root_path }}/conf/sonarqube" sonarqube_config_path: "{{ sonarqube_root_path }}/conf/sonarqube"
sonarqube_db_user: "changeme" sonarqube_db_user: "changeme"

30
meta/main.yml
View File

@ -1,25 +1,25 @@
--- ---
galaxy_info: galaxy_info:
author: Laur Ivan (laur.ivan@gmail.com) author: "Laur Ivan (laur.ivan@gmail.com)"
namespace: laurivan namespace: "laurivan"
role_name: sonarqube role_name: "sonarqube"
description: Sonarqube Role description: "Sonarqube Role"
min_ansible_version: "2.4" min_ansible_version: "2.4"
min_ansible_container_version: "2.4" min_ansible_container_version: "2.4"
license: MIT license: "MIT"
galaxy_tags: galaxy_tags:
- sonarqube - "sonarqube"
- testing - "testing"
- security - "security"
platforms: platforms:
- name: Debian - name: "Debian"
versions: versions:
- bullseye - "bullseye"
- buster - "buster"
- name: Ubuntu - name: "Ubuntu"
versions: versions:
- bionic - "bionic"
- focal - "focal"
- jammy - "jammy"

22
molecule/default/cleanup.yml
View File

@ -1,27 +1,27 @@
--- ---
- name: Clean up - name: "Clean up"
hosts: all hosts: "all"
gather_facts: true gather_facts: true
tasks: tasks:
- name: Load the defaults - name: "Load the defaults"
ansible.builtin.include_vars: ansible.builtin.include_vars:
dir: "../../defaults" dir: "../../defaults"
- name: Check if the docker-compose file exists. - name: "Check if the docker-compose file exists."
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ sonarqube_config_path | expanduser | realpath }}/docker-compose.yml" path: "{{ sonarqube_config_path | expanduser | realpath }}/docker-compose.yml"
register: docker_compose_file register: "docker_compose_file"
- name: Remove docker-compose. - name: "Remove docker-compose."
community.docker.docker_compose: community.docker.docker_compose:
project_src: "{{ sonarqube_config_path | expanduser | realpath }}/" project_src: "{{ sonarqube_config_path | expanduser | realpath }}/"
build: false build: false
state: absent state: "absent"
when: docker_compose_file.stat.exists when: "docker_compose_file.stat.exists"
become: false become: false
- name: Remove the docker-compose file - name: "Remove the docker-compose file"
ansible.builtin.file: ansible.builtin.file:
path: "{{ sonarqube_config_path | expanduser | realpath }}/docker-compose.yml" path: "{{ sonarqube_config_path | expanduser | realpath }}/docker-compose.yml"
state: absent state: "absent"
when: docker_compose_file.stat.exists when: "docker_compose_file.stat.exists"

4
molecule/default/converge.yml
View File

@ -1,5 +1,5 @@
--- ---
- name: Converge - name: "Converge"
hosts: sonarqube_group hosts: "sonarqube_group"
roles: roles:
- role: "laurivan.sonarqube" - role: "laurivan.sonarqube"

18
molecule/default/destroy.yml
View File

@ -1,27 +1,27 @@
--- ---
- name: Destroy - name: "Destroy"
hosts: localhost hosts: "localhost"
connection: local connection: "local"
gather_facts: false gather_facts: false
no_log: "{{ molecule_no_log }}" no_log: "{{ molecule_no_log }}"
tasks: tasks:
# Developer must implement. # Developer must implement.
- name: Remove the docker image - name: "Remove the docker image"
community.docker.docker_container: community.docker.docker_container:
name: sonarqube name: "sonarqube"
state: absent state: "absent"
# Mandatory configuration for Molecule to function. # Mandatory configuration for Molecule to function.
- name: Populate instance config - name: "Populate instance config"
ansible.builtin.set_fact: ansible.builtin.set_fact:
instance_conf: {} instance_conf: {}
- name: Dump instance config - name: "Dump instance config"
ansible.builtin.copy: ansible.builtin.copy:
content: | content: |
# Molecule managed # Molecule managed
{{ instance_conf | to_json | from_json | to_yaml }} {{ instance_conf | to_json | from_json | to_yaml }}
dest: "{{ molecule_instance_config }}" dest: "{{ molecule_instance_config }}"
mode: 0600 mode: 0600
when: server.changed | default(false) | bool when: "server.changed | default(false) | bool"

26
molecule/default/molecule.yml
View File

@ -1,37 +1,37 @@
--- ---
dependency: dependency:
name: galaxy name: "galaxy"
options: options:
ignore-certs: true ignore-certs: true
ignore-errors: true ignore-errors: true
role-file: molecule/requirements.yml role-file: "molecule/requirements.yml"
requirements-file: molecule/requirements.yml requirements-file: "molecule/requirements.yml"
driver: driver:
name: docker name: "docker"
lint: | lint: |
yamllint . yamllint .
ansible-lint . ansible-lint .
platforms: platforms:
- name: sonarqube - name: "sonarqube"
groups: groups:
- sonarqube_group - "sonarqube_group"
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest" image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest"
privileged: true privileged: true
pre_build_image: true pre_build_image: true
capabilities: capabilities:
- SYS_ADMIN - "SYS_ADMIN"
tmpfs: tmpfs:
- /tmp - "/tmp"
- /run - "/run"
- /run/lock - "/run/lock"
volumes: volumes:
- '/sys/fs/cgroup:/sys/fs/cgroup:ro' - '/sys/fs/cgroup:/sys/fs/cgroup:ro'
- '/var/run/docker.sock:/tmp/docker_mounted.sock' - '/var/run/docker.sock:/tmp/docker_mounted.sock'
command: '/lib/systemd/systemd' command: '/lib/systemd/systemd'
stop_signal: 'RTMIN+3' stop_signal: 'RTMIN+3'
provisioner: provisioner:
name: ansible name: "ansible"
playbooks: playbooks:
converge: ${MOLECULE_PLAYBOOK:-converge.yml} converge: "${MOLECULE_PLAYBOOK:-converge.yml}"
verifier: verifier:
name: ansible name: "ansible"

32
molecule/default/prepare.yml
View File

@ -1,38 +1,38 @@
--- ---
- name: Setup the test machine - name: "Setup the test machine"
hosts: sonarqube hosts: "sonarqube"
tasks: tasks:
- name: Check if /var/run/docker.sock already exists - name: "Check if /var/run/docker.sock already exists"
ansible.builtin.stat: ansible.builtin.stat:
path: "/var/run/docker.sock" path: "/var/run/docker.sock"
register: docker_sock_stat register: "docker_sock_stat"
- name: Create docker.sock - name: "Create docker.sock"
ansible.builtin.raw: touch /var/run/docker.sock ansible.builtin.raw: touch /var/run/docker.sock
become: true become: true
changed_when: false changed_when: false
when: not docker_sock_stat.stat.exists when: "not docker_sock_stat.stat.exists"
- name: Move docker.sock from tmp - name: "Move docker.sock from tmp"
ansible.builtin.raw: > ansible.builtin.raw: >
mount --move /tmp/docker_mounted.sock /var/run/docker.sock mount --move /tmp/docker_mounted.sock /var/run/docker.sock
become: true become: true
changed_when: false changed_when: false
when: not docker_sock_stat.stat.exists when: "not docker_sock_stat.stat.exists"
- name: Update apt cache. - name: "Update apt cache."
ansible.builtin.apt: update_cache=yes cache_valid_time=600 ansible.builtin.apt: update_cache=yes cache_valid_time=600
when: ansible_os_family == 'Debian' when: "ansible_os_family == 'Debian'"
- name: Install python requests - name: "Install python requests"
ansible.builtin.pip: ansible.builtin.pip:
name: name:
- requests - "requests"
- docker - "docker"
- docker-compose - "docker-compose"
- name: Install docker - name: "Install docker"
vars: vars:
docker_service_manage: false docker_service_manage: false
ansible.builtin.include_role: ansible.builtin.include_role:
name: geerlingguy.docker name: "geerlingguy.docker"

2
molecule/default/requirements.yml
View File

@ -1,4 +1,4 @@
--- ---
roles: roles:
- geerlingguy.docker - "geerlingguy.docker"
collections: [] collections: []

12
molecule/default/tests/test_app.yml
View File

@ -1,12 +1,6 @@
--- ---
## TODO: Remember to adapt goss tests to your convenience
http:
"http://localhost:{{ sonarqube_http_port }}/":
status: 200
## Check if ports are really exposed
# port:
# # Check port at IPv6
# # https://github.com/aelsabbahy/goss/issues/177
# tcp6:<port>:
# listening: true
# ip:
# - '::'

40
molecule/default/verify.yml
View File

@ -3,57 +3,57 @@
# Tests need distributed to the appropriate ansible host/groups # Tests need distributed to the appropriate ansible host/groups
# prior to execution by `goss validate`. # prior to execution by `goss validate`.
- name: Verify sonarqube - name: "Verify sonarqube"
hosts: hosts:
- sonarqube - "sonarqube"
become: true become: true
vars: vars:
goss_version: v0.3.16 goss_version: "v0.3.16"
goss_arch: amd64 goss_arch: "amd64"
goss_dst: /usr/local/bin/goss goss_dst: "/usr/local/bin/goss"
goss_sha256sum: 827e354b48f93bce933f5efcd1f00dc82569c42a179cf2d384b040d8a80bfbfb goss_sha256sum: "827e354b48f93bce933f5efcd1f00dc82569c42a179cf2d384b040d8a80bfbfb"
goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}"
goss_test_directory: /tmp goss_test_directory: "/tmp"
goss_format: documentation goss_format: "documentation"
vars_files: vars_files:
- ../../defaults/main.yml - "../../defaults/main.yml"
tasks: tasks:
- name: Download and install Goss - name: "Download and install Goss"
get_url: get_url:
url: "{{ goss_url }}" url: "{{ goss_url }}"
dest: "{{ goss_dst }}" dest: "{{ goss_dst }}"
checksum: "sha256:{{ goss_sha256sum }}" checksum: "sha256:{{ goss_sha256sum }}"
mode: 0755 mode: 0755
register: download_goss register: "download_goss"
until: download_goss is succeeded until: "download_goss is succeeded"
retries: 3 retries: 3
- name: Copy Goss tests to remote - name: "Copy Goss tests to remote"
template: template:
src: "{{ item }}" src: "{{ item }}"
dest: "{{ goss_test_directory }}/{{ item | basename }}" dest: "{{ goss_test_directory }}/{{ item | basename }}"
with_fileglob: with_fileglob:
- "tests/test_*.yml" - "tests/test_*.yml"
- name: Register test files - name: "Register test files"
shell: "ls {{ goss_test_directory }}/test_*.yml" shell: "ls {{ goss_test_directory }}/test_*.yml"
register: test_files register: "test_files"
- name: Execute Goss tests - name: "Execute Goss tests"
command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}"
register: test_results register: "test_results"
with_items: "{{ test_files.stdout_lines }}" with_items: "{{ test_files.stdout_lines }}"
ignore_errors: true ignore_errors: true
- name: Display details about the Goss results - name: "Display details about the Goss results"
debug: debug:
msg: "{{ item.stdout_lines }}" msg: "{{ item.stdout_lines }}"
with_items: "{{ test_results.results }}" with_items: "{{ test_results.results }}"
- name: Fail when tests fail - name: "Fail when tests fail"
fail: fail:
msg: "Goss failed to validate" msg: "Goss failed to validate"
when: item.rc != 0 when: "item.rc != 0"
with_items: "{{ test_results.results }}" with_items: "{{ test_results.results }}"

1
sonar-project.properties
View File

@ -2,6 +2,7 @@ sonar.projectKey=ansible-role-sonarqube
sonar.projectVersion=v1.1.4 sonar.projectVersion=v1.1.4
sonar.projectName=ansible-role-sonarqube sonar.projectName=ansible-role-sonarqube
sonar.ansible-lint=.ansible-lint
sonar.language=ansible,yaml sonar.language=ansible,yaml
sonar.sources=. sonar.sources=.
sonar.host.url=http://10.0.0.27:39000 sonar.host.url=http://10.0.0.27:39000

20
tasks/config.yml
View File

@ -1,7 +1,7 @@
--- ---
- name: "SONARQUBE | Set up directories" - name: "SONARQUBE | Set up directories"
ansible.builtin.file: ansible.builtin.file:
state: directory state: "directory"
path: "{{ item }}" path: "{{ item }}"
owner: "{{ ansible_effective_user_id }}" owner: "{{ ansible_effective_user_id }}"
group: "{{ ansible_effective_group_id }}" group: "{{ ansible_effective_group_id }}"
@ -9,7 +9,7 @@
with_items: with_items:
- "{{ sonarqube_skeleton_paths }}" - "{{ sonarqube_skeleton_paths }}"
tags: tags:
- sonarqube_configure - "sonarqube_configure"
become: true become: true
- name: "SONARQUBE | Write configuration files" - name: "SONARQUBE | Write configuration files"
@ -20,7 +20,7 @@
with_items: with_items:
- "{{ sonarqube_configuration_files }}" - "{{ sonarqube_configuration_files }}"
tags: tags:
- sonarqube_configure - "sonarqube_configure"
- name: "SONARQUBE | Set up nofiles and nproc for ansible user" - name: "SONARQUBE | Set up nofiles and nproc for ansible user"
community.general.pam_limits: community.general.pam_limits:
@ -33,20 +33,26 @@
# Type "-" for enforcing both soft and hard resource limits together for more details read `man limits.conf`. # Type "-" for enforcing both soft and hard resource limits together for more details read `man limits.conf`.
- { limit_type: '-', limit_item: 'nofile', value: "{{ sonarqube_nofile }}" } - { limit_type: '-', limit_item: 'nofile', value: "{{ sonarqube_nofile }}" }
- { limit_type: '-', limit_item: 'nproc', value: "{{ sonarqube_nproc }}" } - { limit_type: '-', limit_item: 'nproc', value: "{{ sonarqube_nproc }}" }
tags:
- "sonarqube_configure"
become: true become: true
- name: "SONARQUBE | Set up the max files" - name: "SONARQUBE | Set up the max files"
ansible.posix.sysctl: ansible.posix.sysctl:
name: fs.file-max name: "fs.file-max"
value: "{{ sonarqube_fs_file_max }}" value: "{{ sonarqube_fs_file_max }}"
state: present state: "present"
reload: true reload: true
tags:
- "sonarqube_configure"
become: true become: true
- name: "SONARQUBE | Set up the VM max_map_count" - name: "SONARQUBE | Set up the VM max_map_count"
ansible.posix.sysctl: ansible.posix.sysctl:
name: vm.max_map_count name: "vm.max_map_count"
value: "{{ sonarqube_vm_max_map_count }}" value: "{{ sonarqube_vm_max_map_count }}"
state: present state: "present"
reload: true reload: true
tags:
- "sonarqube_configure"
become: true become: true

2
tasks/install.yml
View File

@ -4,4 +4,4 @@
project_src: "{{ sonarqube_config_path | expanduser | realpath }}" project_src: "{{ sonarqube_config_path | expanduser | realpath }}"
build: false build: false
tags: tags:
- sonarqube_install - "sonarqube_install"

8
tasks/main.yml
View File

@ -1,11 +1,11 @@
--- ---
- name: "SONARQUBE | Configure" - name: "SONARQUBE | Configure"
ansible.builtin.import_tasks: config.yml ansible.builtin.import_tasks: "config.yml"
tags: tags:
- sonarqube_configure - "sonarqube_configure"
- name: "SONARQUBE | Install" - name: "SONARQUBE | Install"
ansible.builtin.import_tasks: install.yml ansible.builtin.import_tasks: "install.yml"
tags: tags:
- sonarqube_install - "sonarqube_install"