chore: Better linting.
This commit is contained in:
parent
9b42e51137
commit
19a65164f4
@ -1,6 +1,6 @@
|
||||
---
|
||||
exclude_paths:
|
||||
- ./molecule
|
||||
# - ./molecule
|
||||
- ./.travis.yml
|
||||
- ./.github
|
||||
parseable: true
|
||||
|
@ -31,3 +31,9 @@ rules:
|
||||
new-lines:
|
||||
type: unix
|
||||
truthy: disable
|
||||
quoted-strings:
|
||||
quote-type: any
|
||||
required: only-when-needed
|
||||
key-ordering: disable
|
||||
document-end:
|
||||
present: false
|
||||
|
@ -1,8 +1,8 @@
|
||||
---
|
||||
|
||||
## General
|
||||
sonarqube_image: sonarqube
|
||||
sonarqube_db_image: postgres
|
||||
sonarqube_image: "sonarqube"
|
||||
sonarqube_db_image: "postgres"
|
||||
|
||||
sonarqube_http_port: 9000
|
||||
sonarqube_api_port: 9001
|
||||
@ -14,7 +14,7 @@ sonarqube_nofile: 131072
|
||||
sonarqube_nproc: 8192
|
||||
|
||||
# Sonarqube paths
|
||||
sonarqube_root_path: /var/local
|
||||
sonarqube_root_path: "/var/local"
|
||||
sonarqube_config_path: "{{ sonarqube_root_path }}/conf/sonarqube"
|
||||
|
||||
sonarqube_db_user: "changeme"
|
||||
|
@ -1,25 +1,25 @@
|
||||
---
|
||||
|
||||
galaxy_info:
|
||||
author: Laur Ivan (laur.ivan@gmail.com)
|
||||
namespace: laurivan
|
||||
role_name: sonarqube
|
||||
description: Sonarqube Role
|
||||
author: "Laur Ivan (laur.ivan@gmail.com)"
|
||||
namespace: "laurivan"
|
||||
role_name: "sonarqube"
|
||||
description: "Sonarqube Role"
|
||||
min_ansible_version: "2.4"
|
||||
min_ansible_container_version: "2.4"
|
||||
license: MIT
|
||||
license: "MIT"
|
||||
galaxy_tags:
|
||||
- sonarqube
|
||||
- testing
|
||||
- security
|
||||
- "sonarqube"
|
||||
- "testing"
|
||||
- "security"
|
||||
platforms:
|
||||
- name: Debian
|
||||
- name: "Debian"
|
||||
versions:
|
||||
- bullseye
|
||||
- buster
|
||||
- "bullseye"
|
||||
- "buster"
|
||||
|
||||
- name: Ubuntu
|
||||
- name: "Ubuntu"
|
||||
versions:
|
||||
- bionic
|
||||
- focal
|
||||
- jammy
|
||||
- "bionic"
|
||||
- "focal"
|
||||
- "jammy"
|
||||
|
@ -1,27 +1,27 @@
|
||||
---
|
||||
- name: Clean up
|
||||
hosts: all
|
||||
- name: "Clean up"
|
||||
hosts: "all"
|
||||
gather_facts: true
|
||||
tasks:
|
||||
- name: Load the defaults
|
||||
- name: "Load the defaults"
|
||||
ansible.builtin.include_vars:
|
||||
dir: "../../defaults"
|
||||
|
||||
- name: Check if the docker-compose file exists.
|
||||
- name: "Check if the docker-compose file exists."
|
||||
ansible.builtin.stat:
|
||||
path: "{{ sonarqube_config_path | expanduser | realpath }}/docker-compose.yml"
|
||||
register: docker_compose_file
|
||||
path: "{{ sonarqube_config_path | expanduser | realpath }}/docker-compose.yml"
|
||||
register: "docker_compose_file"
|
||||
|
||||
- name: Remove docker-compose.
|
||||
- name: "Remove docker-compose."
|
||||
community.docker.docker_compose:
|
||||
project_src: "{{ sonarqube_config_path | expanduser | realpath }}/"
|
||||
project_src: "{{ sonarqube_config_path | expanduser | realpath }}/"
|
||||
build: false
|
||||
state: absent
|
||||
when: docker_compose_file.stat.exists
|
||||
state: "absent"
|
||||
when: "docker_compose_file.stat.exists"
|
||||
become: false
|
||||
|
||||
- name: Remove the docker-compose file
|
||||
- name: "Remove the docker-compose file"
|
||||
ansible.builtin.file:
|
||||
path: "{{ sonarqube_config_path | expanduser | realpath }}/docker-compose.yml"
|
||||
state: absent
|
||||
when: docker_compose_file.stat.exists
|
||||
path: "{{ sonarqube_config_path | expanduser | realpath }}/docker-compose.yml"
|
||||
state: "absent"
|
||||
when: "docker_compose_file.stat.exists"
|
||||
|
@ -1,5 +1,5 @@
|
||||
---
|
||||
- name: Converge
|
||||
hosts: sonarqube_group
|
||||
- name: "Converge"
|
||||
hosts: "sonarqube_group"
|
||||
roles:
|
||||
- role: "laurivan.sonarqube"
|
||||
|
@ -1,27 +1,27 @@
|
||||
---
|
||||
- name: Destroy
|
||||
hosts: localhost
|
||||
connection: local
|
||||
- name: "Destroy"
|
||||
hosts: "localhost"
|
||||
connection: "local"
|
||||
gather_facts: false
|
||||
no_log: "{{ molecule_no_log }}"
|
||||
tasks:
|
||||
# Developer must implement.
|
||||
- name: Remove the docker image
|
||||
- name: "Remove the docker image"
|
||||
community.docker.docker_container:
|
||||
name: sonarqube
|
||||
state: absent
|
||||
name: "sonarqube"
|
||||
state: "absent"
|
||||
|
||||
# Mandatory configuration for Molecule to function.
|
||||
|
||||
- name: Populate instance config
|
||||
- name: "Populate instance config"
|
||||
ansible.builtin.set_fact:
|
||||
instance_conf: {}
|
||||
|
||||
- name: Dump instance config
|
||||
- name: "Dump instance config"
|
||||
ansible.builtin.copy:
|
||||
content: |
|
||||
# Molecule managed
|
||||
{{ instance_conf | to_json | from_json | to_yaml }}
|
||||
dest: "{{ molecule_instance_config }}"
|
||||
mode: 0600
|
||||
when: server.changed | default(false) | bool
|
||||
when: "server.changed | default(false) | bool"
|
||||
|
@ -1,37 +1,37 @@
|
||||
---
|
||||
dependency:
|
||||
name: galaxy
|
||||
name: "galaxy"
|
||||
options:
|
||||
ignore-certs: true
|
||||
ignore-errors: true
|
||||
role-file: molecule/requirements.yml
|
||||
requirements-file: molecule/requirements.yml
|
||||
role-file: "molecule/requirements.yml"
|
||||
requirements-file: "molecule/requirements.yml"
|
||||
driver:
|
||||
name: docker
|
||||
name: "docker"
|
||||
lint: |
|
||||
yamllint .
|
||||
ansible-lint .
|
||||
platforms:
|
||||
- name: sonarqube
|
||||
- name: "sonarqube"
|
||||
groups:
|
||||
- sonarqube_group
|
||||
- "sonarqube_group"
|
||||
image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest"
|
||||
privileged: true
|
||||
pre_build_image: true
|
||||
capabilities:
|
||||
- SYS_ADMIN
|
||||
- "SYS_ADMIN"
|
||||
tmpfs:
|
||||
- /tmp
|
||||
- /run
|
||||
- /run/lock
|
||||
- "/tmp"
|
||||
- "/run"
|
||||
- "/run/lock"
|
||||
volumes:
|
||||
- '/sys/fs/cgroup:/sys/fs/cgroup:ro'
|
||||
- '/var/run/docker.sock:/tmp/docker_mounted.sock'
|
||||
command: '/lib/systemd/systemd'
|
||||
stop_signal: 'RTMIN+3'
|
||||
provisioner:
|
||||
name: ansible
|
||||
name: "ansible"
|
||||
playbooks:
|
||||
converge: ${MOLECULE_PLAYBOOK:-converge.yml}
|
||||
converge: "${MOLECULE_PLAYBOOK:-converge.yml}"
|
||||
verifier:
|
||||
name: ansible
|
||||
name: "ansible"
|
||||
|
@ -1,38 +1,38 @@
|
||||
---
|
||||
- name: Setup the test machine
|
||||
hosts: sonarqube
|
||||
- name: "Setup the test machine"
|
||||
hosts: "sonarqube"
|
||||
tasks:
|
||||
- name: Check if /var/run/docker.sock already exists
|
||||
- name: "Check if /var/run/docker.sock already exists"
|
||||
ansible.builtin.stat:
|
||||
path: "/var/run/docker.sock"
|
||||
register: docker_sock_stat
|
||||
register: "docker_sock_stat"
|
||||
|
||||
- name: Create docker.sock
|
||||
- name: "Create docker.sock"
|
||||
ansible.builtin.raw: touch /var/run/docker.sock
|
||||
become: true
|
||||
changed_when: false
|
||||
when: not docker_sock_stat.stat.exists
|
||||
when: "not docker_sock_stat.stat.exists"
|
||||
|
||||
- name: Move docker.sock from tmp
|
||||
- name: "Move docker.sock from tmp"
|
||||
ansible.builtin.raw: >
|
||||
mount --move /tmp/docker_mounted.sock /var/run/docker.sock
|
||||
become: true
|
||||
changed_when: false
|
||||
when: not docker_sock_stat.stat.exists
|
||||
when: "not docker_sock_stat.stat.exists"
|
||||
|
||||
- name: Update apt cache.
|
||||
- name: "Update apt cache."
|
||||
ansible.builtin.apt: update_cache=yes cache_valid_time=600
|
||||
when: ansible_os_family == 'Debian'
|
||||
when: "ansible_os_family == 'Debian'"
|
||||
|
||||
- name: Install python requests
|
||||
- name: "Install python requests"
|
||||
ansible.builtin.pip:
|
||||
name:
|
||||
- requests
|
||||
- docker
|
||||
- docker-compose
|
||||
- "requests"
|
||||
- "docker"
|
||||
- "docker-compose"
|
||||
|
||||
- name: Install docker
|
||||
- name: "Install docker"
|
||||
vars:
|
||||
docker_service_manage: false
|
||||
ansible.builtin.include_role:
|
||||
name: geerlingguy.docker
|
||||
name: "geerlingguy.docker"
|
||||
|
@ -1,4 +1,4 @@
|
||||
---
|
||||
roles:
|
||||
- geerlingguy.docker
|
||||
- "geerlingguy.docker"
|
||||
collections: []
|
||||
|
@ -1,12 +1,6 @@
|
||||
---
|
||||
## TODO: Remember to adapt goss tests to your convenience
|
||||
|
||||
http:
|
||||
"http://localhost:{{ sonarqube_http_port }}/":
|
||||
status: 200
|
||||
|
||||
## Check if ports are really exposed
|
||||
# port:
|
||||
# # Check port at IPv6
|
||||
# # https://github.com/aelsabbahy/goss/issues/177
|
||||
# tcp6:<port>:
|
||||
# listening: true
|
||||
# ip:
|
||||
# - '::'
|
||||
|
@ -3,57 +3,57 @@
|
||||
# Tests need distributed to the appropriate ansible host/groups
|
||||
# prior to execution by `goss validate`.
|
||||
|
||||
- name: Verify sonarqube
|
||||
- name: "Verify sonarqube"
|
||||
hosts:
|
||||
- sonarqube
|
||||
- "sonarqube"
|
||||
become: true
|
||||
vars:
|
||||
goss_version: v0.3.16
|
||||
goss_arch: amd64
|
||||
goss_dst: /usr/local/bin/goss
|
||||
goss_sha256sum: 827e354b48f93bce933f5efcd1f00dc82569c42a179cf2d384b040d8a80bfbfb
|
||||
goss_version: "v0.3.16"
|
||||
goss_arch: "amd64"
|
||||
goss_dst: "/usr/local/bin/goss"
|
||||
goss_sha256sum: "827e354b48f93bce933f5efcd1f00dc82569c42a179cf2d384b040d8a80bfbfb"
|
||||
goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}"
|
||||
goss_test_directory: /tmp
|
||||
goss_format: documentation
|
||||
goss_test_directory: "/tmp"
|
||||
goss_format: "documentation"
|
||||
|
||||
vars_files:
|
||||
- ../../defaults/main.yml
|
||||
- "../../defaults/main.yml"
|
||||
|
||||
tasks:
|
||||
- name: Download and install Goss
|
||||
- name: "Download and install Goss"
|
||||
get_url:
|
||||
url: "{{ goss_url }}"
|
||||
dest: "{{ goss_dst }}"
|
||||
checksum: "sha256:{{ goss_sha256sum }}"
|
||||
mode: 0755
|
||||
register: download_goss
|
||||
until: download_goss is succeeded
|
||||
register: "download_goss"
|
||||
until: "download_goss is succeeded"
|
||||
retries: 3
|
||||
|
||||
- name: Copy Goss tests to remote
|
||||
- name: "Copy Goss tests to remote"
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ goss_test_directory }}/{{ item | basename }}"
|
||||
with_fileglob:
|
||||
- "tests/test_*.yml"
|
||||
|
||||
- name: Register test files
|
||||
- name: "Register test files"
|
||||
shell: "ls {{ goss_test_directory }}/test_*.yml"
|
||||
register: test_files
|
||||
register: "test_files"
|
||||
|
||||
- name: Execute Goss tests
|
||||
- name: "Execute Goss tests"
|
||||
command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}"
|
||||
register: test_results
|
||||
register: "test_results"
|
||||
with_items: "{{ test_files.stdout_lines }}"
|
||||
ignore_errors: true
|
||||
|
||||
- name: Display details about the Goss results
|
||||
- name: "Display details about the Goss results"
|
||||
debug:
|
||||
msg: "{{ item.stdout_lines }}"
|
||||
with_items: "{{ test_results.results }}"
|
||||
|
||||
- name: Fail when tests fail
|
||||
- name: "Fail when tests fail"
|
||||
fail:
|
||||
msg: "Goss failed to validate"
|
||||
when: item.rc != 0
|
||||
when: "item.rc != 0"
|
||||
with_items: "{{ test_results.results }}"
|
||||
|
@ -2,6 +2,7 @@ sonar.projectKey=ansible-role-sonarqube
|
||||
sonar.projectVersion=v1.1.4
|
||||
sonar.projectName=ansible-role-sonarqube
|
||||
|
||||
sonar.ansible-lint=.ansible-lint
|
||||
sonar.language=ansible,yaml
|
||||
sonar.sources=.
|
||||
sonar.host.url=http://10.0.0.27:39000
|
||||
|
@ -1,7 +1,7 @@
|
||||
---
|
||||
- name: "SONARQUBE | Set up directories"
|
||||
ansible.builtin.file:
|
||||
state: directory
|
||||
state: "directory"
|
||||
path: "{{ item }}"
|
||||
owner: "{{ ansible_effective_user_id }}"
|
||||
group: "{{ ansible_effective_group_id }}"
|
||||
@ -9,7 +9,7 @@
|
||||
with_items:
|
||||
- "{{ sonarqube_skeleton_paths }}"
|
||||
tags:
|
||||
- sonarqube_configure
|
||||
- "sonarqube_configure"
|
||||
become: true
|
||||
|
||||
- name: "SONARQUBE | Write configuration files"
|
||||
@ -20,7 +20,7 @@
|
||||
with_items:
|
||||
- "{{ sonarqube_configuration_files }}"
|
||||
tags:
|
||||
- sonarqube_configure
|
||||
- "sonarqube_configure"
|
||||
|
||||
- name: "SONARQUBE | Set up nofiles and nproc for ansible user"
|
||||
community.general.pam_limits:
|
||||
@ -33,20 +33,26 @@
|
||||
# Type "-" for enforcing both soft and hard resource limits together for more details read `man limits.conf`.
|
||||
- { limit_type: '-', limit_item: 'nofile', value: "{{ sonarqube_nofile }}" }
|
||||
- { limit_type: '-', limit_item: 'nproc', value: "{{ sonarqube_nproc }}" }
|
||||
tags:
|
||||
- "sonarqube_configure"
|
||||
become: true
|
||||
|
||||
- name: "SONARQUBE | Set up the max files"
|
||||
ansible.posix.sysctl:
|
||||
name: fs.file-max
|
||||
name: "fs.file-max"
|
||||
value: "{{ sonarqube_fs_file_max }}"
|
||||
state: present
|
||||
state: "present"
|
||||
reload: true
|
||||
tags:
|
||||
- "sonarqube_configure"
|
||||
become: true
|
||||
|
||||
- name: "SONARQUBE | Set up the VM max_map_count"
|
||||
ansible.posix.sysctl:
|
||||
name: vm.max_map_count
|
||||
name: "vm.max_map_count"
|
||||
value: "{{ sonarqube_vm_max_map_count }}"
|
||||
state: present
|
||||
state: "present"
|
||||
reload: true
|
||||
tags:
|
||||
- "sonarqube_configure"
|
||||
become: true
|
||||
|
@ -4,4 +4,4 @@
|
||||
project_src: "{{ sonarqube_config_path | expanduser | realpath }}"
|
||||
build: false
|
||||
tags:
|
||||
- sonarqube_install
|
||||
- "sonarqube_install"
|
||||
|
@ -1,11 +1,11 @@
|
||||
---
|
||||
|
||||
- name: "SONARQUBE | Configure"
|
||||
ansible.builtin.import_tasks: config.yml
|
||||
ansible.builtin.import_tasks: "config.yml"
|
||||
tags:
|
||||
- sonarqube_configure
|
||||
- "sonarqube_configure"
|
||||
|
||||
- name: "SONARQUBE | Install"
|
||||
ansible.builtin.import_tasks: install.yml
|
||||
ansible.builtin.import_tasks: "install.yml"
|
||||
tags:
|
||||
- sonarqube_install
|
||||
- "sonarqube_install"
|
||||
|
Loading…
Reference in New Issue
Block a user