配置¶
自定义 Ansible-lint 如何运行自动化内容以满足您的需求。您可以忽略某些规则,启用opt-in规则,并控制其他各种设置。
Ansible-lint 从当前工作目录中的文件或您在命令行中指定的文件加载配置。
从命令行传递的任何配置选项都将覆盖配置文件中指定的选项。
使用本地配置文件¶
在当前工作目录中指定 Ansible-lint 配置,可以使用.ansible-lint、.ansible-lint.yml、.ansible-lint.yaml、.config/ansible-lint.yml或.config/ansible-lint.yaml。
注意
如果 Ansible-lint 无法在当前目录中找到配置文件,它会尝试在父目录中查找。但是,Ansible-lint 不会尝试加载 Git 仓库之外的配置。
指定配置文件¶
使用-c <filename> CLI 标志与 Ansible-lint 的命令行调用一起使用,例如
Ansible-lint 配置¶
支持以下值,其功能与它们的 CLI 对应项相同
---
# .ansible-lint
profile: null # min, basic, moderate,safety, shared, production
# Allows dumping of results in SARIF format
# sarif_file: result.sarif
# exclude_paths included in this file are parsed relative to this file's location
# and not relative to the CWD of execution. CLI arguments passed to the --exclude
# option are parsed relative to the CWD of execution.
exclude_paths:
- .cache/ # implicit unless exclude_paths is defined in config
- test/fixtures/formatting-before/
- test/fixtures/formatting-prettier/
# parseable: true
# quiet: true
# strict: true
# verbosity: 1
# Mock modules or roles in order to pass ansible-playbook --syntax-check
mock_modules:
- zuul_return
# note the foo.bar is invalid as being neither a module or a collection
- fake_namespace.fake_collection.fake_module
- fake_namespace.fake_collection.fake_module.fake_submodule
mock_roles:
- mocked_role
- author.role_name # old standalone galaxy role
- fake_namespace.fake_collection.fake_role # role within a collection
# Enable checking of loop variable prefixes in roles
loop_var_prefix: "^(__|{role}_)"
# Enforce variable names to follow pattern below, in addition to Ansible own
# requirements, like avoiding python identifiers. To disable add `var-naming`
# to skip_list.
var_naming_pattern: "^[a-z_][a-z0-9_]*$"
use_default_rules: true
# Load custom rules from this specific folder
# rulesdir:
# - ./rule/directory/
# Ansible-lint is able to recognize and load skip rules stored inside
# `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files.
# To skip a rule just enter filename and tag, like "playbook.yml package-latest"
# on a new line.
# Optionally you can add comments after the tag, prefixed by "#". We discourage
# the use of skip_list below because that will hide violations from the output.
# When putting ignores inside the ignore file, they are marked as ignored, but
# still visible, making it easier to address later.
skip_list:
- skip_this_tag
# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
# You must enable opt-in rules by listing each rule 'id' below.
enable_list:
- args
- empty-string-compare # opt-in
- no-log-password # opt-in
- no-same-owner # opt-in
- name[prefix] # opt-in
- galaxy-version-incorrect # opt-in
# add yaml here if you want to avoid ignoring yaml checks when yamllint
# library is missing. Normally its absence just skips using that rule.
- yaml
# Report only a subset of tags and fully ignore any others
# tags:
# - jinja[spacing]
# Ansible-lint does not fail on warnings from the rules or tags listed below
warn_list:
- skip_this_tag
- experimental # experimental is included in the implicit list
# - role-name
# - yaml[document-start] # you can also use sub-rule matches
# Some rules can transform files to fix (or make it easier to fix) identified
# errors. `ansible-lint --fix` will reformat YAML files and run these transforms.
# By default it will run all transforms (effectively `write_list: ["all"]`).
# You can disable running transforms by setting `write_list: ["none"]`.
# Or only enable a subset of rule transforms by listing rules/tags here.
# write_list:
# - all
# Offline mode disables installation of requirements.yml and schema refreshing
offline: true
# Define required Ansible's variables to satisfy syntax check
extra_vars:
foo: bar
multiline_string_variable: |
line1
line2
complex_variable: ":{;\t$()"
# Uncomment to enforce action validation with tasks, usually is not
# needed as Ansible syntax check also covers it.
# skip_action_validation: false
# List of additional kind:pattern to be added at the top of the default
# match list, first match determines the file kind.
kinds:
# - playbook: "**/examples/*.{yml,yaml}"
# - galaxy: "**/folder/galaxy.yml"
# - tasks: "**/tasks/*.yml"
# - vars: "**/vars/*.yml"
# - meta: "**/meta/main.yml"
- yaml: "**/*.yaml-too"
# List of additional collections to allow in only-builtins rule.
# only_builtins_allow_collections:
# - example_ns.example_collection
# List of additions modules to allow in only-builtins rule.
# only_builtins_allow_modules:
# - example_module
# Allow setting custom prefix for name[prefix] rule
task_name_prefix: "{stem} | "
# Complexity related settings
# Limit the depth of the nested blocks:
# max_block_depth: 20
# Also recognize these versions of Ansible as supported:
# supported_ansible_also:
# - "2.14"
忽略整个文件的规则¶
Ansible-lint 将从.ansible-lint-ignore或.config/ansible-lint-ignore.txt文件加载跳过规则,该文件应位于配置文件旁边。文件格式非常简单,包含要忽略的文件名和规则。它还支持以#开头的注释。
.ansible-lint-ignore
# this is just a comment
playbook.yml package-latest # disable package-latest rule for playbook.yml
playbook.yml deprecated-module
也可以通过向命令行添加--generate-ignore来创建该文件。请记住,这将覆盖任何现有的文件内容。
Pre-commit 设置¶
要将 Ansible-lint 与pre-commit工具一起使用,请将以下内容添加到本地存储库中的.pre-commit-config.yaml文件中。
不要将pre-commit工具与同名的 git hook 功能混淆。虽然pre-commit工具也可以使用 git hook,但它不需要它们,并且默认情况下也不会安装它们。
pre-commit.ci是一项托管服务,可以在每次更改时为您运行 pre-commit,但您也可以使用您选择的 CI 自己运行该工具。
将rev:更改为包含.pre-commit-hooks.yaml的 Ansible-lint 的提交 sha 或标签。
---
ci:
# This section is specific to pre-commit.ci, telling it to create a pull request
# to update the linter version tag every month.
autoupdate_schedule: monthly
# If you have other Ansible collection dependencies (requirements.yml)
# `pre-commit.ci` will not be able to install them because it runs in offline mode,
# and you will need to tell it to skip the hook.
# skip:
# - ansible-lint
repos:
- repo: https://github.com/ansible/ansible-lint
rev: ... # put latest release tag from https://github.com/ansible/ansible-lint/releases/
hooks:
- id: ansible-lint
# Uncomment if you need the full Ansible community bundle instead of ansible-core:
# additional_dependencies:
# - ansible
警告
pre-commit始终使用 python 虚拟环境。如果您碰巧使用的是Ansible 包而不是ansible-core,您可能会惊讶地发现 pre-commit 无法找到这些集合,即使您的本地 Ansible 也可以。这是因为它们安装在 pre-commit hook 安装的虚拟环境无法访问的位置。在这种情况下,您可能需要取消注释上面 hook 定义中的注释行,以便安装 bundle。
请注意,hook 可以找到安装到~/.ansible中的集合。