Résout les avertissements de ansible-lint

.ansible-lint

@@ -1,2 +1,5 @@
 exclude_paths:
   - .github/
+skip_list:
+  - name[casing]
+  - var-naming[no-role-prefix]

collections/requirements.yml

@@ -0,0 +1,8 @@
+---
+collections:
+  - name: community.general
+    version: 7.5.0
+  - name: community.mysql
+    version: 3.7.2
+  - name: ansible.posix
+    version: 1.5.4

playbook.yml

@@ -1,4 +1,5 @@
-- hosts: app
+- name: deploy zds-site
+  hosts: app
   become: true
   roles:
     - role: common

roles/app/tasks/fixtures.yml

@@ -1,4 +1,5 @@
 - name: install requirements in virtualenv to load fixtures
+  become: true
   become_user: "{{ appuser }}"
   ansible.builtin.pip:
     requirements: "{{ appdir }}/requirements-dev.txt"

roles/app/tasks/main.yml

@@ -30,7 +30,7 @@
 
 # User, directories, files and symlink creation
 
-- name: should have a {{ appuser }} user
+- name: should have a user named {{ appuser }}
   ansible.builtin.user:
     name: "{{ appuser }}"
     shell: /bin/false
@@ -60,6 +60,7 @@
     - bootstrap
 
 - name: checkout the application
+  become: true
   become_user: "{{ appuser }}"
   vars:
     refspec: "{{ '+refs/pull/*:refs/pull/*' if 'pull/' in appversion else '+refs/heads/*:refs/remotes/origin/*' }}"
@@ -176,6 +177,7 @@
 # Installation of backend, frontend and zmd dependencies
 
 - name: update pip in virtualenv  # some dependencies (like rust ones) require a recent pip
+  become: true
   become_user: "{{ appuser }}"
   ansible.builtin.pip:
     name:
@@ -187,6 +189,7 @@
     - bootstrap
 
 - name: install wheel and sqlparse in virtualenv
+  become: true
   become_user: "{{ appuser }}"
   ansible.builtin.pip:
     name:
@@ -198,6 +201,7 @@
     - bootstrap
 
 - name: install requirements in virtualenv
+  become: true
   become_user: "{{ appuser }}"
   ansible.builtin.pip:
     requirements: "{{ appdir }}/requirements-prod.txt"
@@ -208,13 +212,14 @@
     - upgrade
 
 - name: include nodejs installation
-  include_role:
+  ansible.builtin.include_role:
     name: common
     tasks_from: nodejs
   tags:
     - bootstrap
 
 - name: install frontend  # noqa no-changed-when
+  become: true
   become_user: "{{ appuser }}"
   ansible.builtin.command: yarn install --frozen-lockfile
   args:
@@ -224,6 +229,7 @@
     - upgrade
 
 - name: install zmarkdown
+  become: true
   become_user: "{{ appuser }}"
   community.general.npm:
     path: "{{ zmarkdown_dir }}"
@@ -235,6 +241,7 @@
 # Frontend building
 
 - name: build frontend  # noqa no-changed-when
+  become: true
   become_user: "{{ appuser }}"
   ansible.builtin.command: npm run build
   args:
@@ -244,6 +251,7 @@
     - upgrade
 
 - name: collect static files
+  become: true
   become_user: "{{ appuser }}"
   environment:
     DJANGO_SETTINGS_MODULE: "zds.settings.{{ env }}"
@@ -260,6 +268,7 @@
 # Start of maintenance, if needed
 
 - name: check if database migration is needed
+  become: true
   become_user: "{{ appuser }}"
   environment:
     DJANGO_SETTINGS_MODULE: "zds.settings.{{ env }}"
@@ -284,6 +293,7 @@
     - upgrade
 
 - name: migrate database
+  become: true
   become_user: "{{ appuser }}"
   environment:
     DJANGO_SETTINGS_MODULE: "zds.settings.{{ env }}"
@@ -298,6 +308,7 @@
     - upgrade
 
 - name: clear cache
+  become: true
   become_user: "{{ appuser }}"
   environment:
     DJANGO_SETTINGS_MODULE: "zds.settings.{{ env }}"
@@ -373,12 +384,14 @@
     - bootstrap
     - upgrade
 
-- include_tasks: fixtures.yml
+- name: load fixtures
+  ansible.builtin.include_tasks: fixtures.yml
   when: load_fixtures
   tags:
     - bootstrap
 
-- include_tasks: geodata.yml
+- name: setup geodata
+  ansible.builtin.include_tasks: geodata.yml
   when: secrets.geolite.license_key is defined
   tags:
     - bootstrap

roles/common/tasks/main.yml

@@ -30,7 +30,7 @@
     src: "{{ item.src }}"
     dest: "/etc/zsh/{{ item.path }}"
     mode: u=rw,g=r,o=r
-  with_filetree: zsh/
+  with_community.general.filetree: zsh/
   when: item.state == 'file'
 
 - name: ensure the system can use the HTTPS transport for APT

roles/firewall/tasks/main.yml

@@ -26,7 +26,7 @@
 
 - name: Log firewall only in /var/log/ufw.log
   # otherwise /var/log/{kern.log,messages,syslog} get full of [UFW BLOCK] messages
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: /etc/rsyslog.d/20-ufw.conf
     search_string: "#& stop"
     line: "& stop"

roles/latex/handlers/main.yml

@@ -1,7 +1,7 @@
-- name: run texhash
+- name: run texhash # noqa no-changed-when
   become: true
   become_user: "{{ appuser }}"
   ansible.builtin.shell: texhash $HOME/texmf
 
-- name: refresh font-config cache
+- name: refresh font-config cache # noqa no-changed-when
   ansible.builtin.command: fc-cache -f

roles/latex/tasks/main.yml

@@ -16,17 +16,18 @@
     - bootstrap
 
 - name: install pygments
-  pip:
+  ansible.builtin.pip:
     name: Pygments
     executable: pip3
   tags:
     - bootstrap
 
-- include_tasks: packages.yml
+- name: install latex packages
+  ansible.builtin.include_tasks: packages.yml
   tags:
     - bootstrap
 
-- name: clone the template  # noqa git-latest
+- name: clone the template  # noqa latest[git]
   become: true
   become_user: "{{ appuser }}"
   ansible.builtin.git:
@@ -52,6 +53,7 @@
   ansible.builtin.get_url:
     url: "{{ item[0].url }}/{{ item[1].ext | upper }}/{{ item[0].name }}-{{ item[2] }}.{{ item[1].ext }}"
     dest: /usr/local/share/fonts/{{ item[1].path }}/{{ item[0].slug }}/{{ item[0].name }}-{{ item[2] }}.{{ item[1].ext }}
+    mode: u=rw,g=r,o=r
   with_nested:
     - "{{ fonts }}"
     - "{{ fonttypes }}"

roles/latex/tasks/packages.yml

@@ -16,10 +16,11 @@
     - bootstrap
 
 - name: check ansible state
-  ansible.builtin.slurp: src=/opt/zds/texmf/ansible-state
+  ansible.builtin.slurp:
+    src: /opt/zds/texmf/ansible-state
   register: installed_packages
 
-- name: install packages  # noqa risky-shell-pipe
+- name: install packages  # noqa risky-shell-pipe no-changed-when
   become: true
   become_user: "{{ appuser }}"
   ansible.builtin.shell: >
@@ -53,5 +54,6 @@
   ansible.builtin.get_url:
     url: https://raw.githubusercontent.com/tabu-issues-for-future-maintainer/tabu/master/tabu.sty
     dest: /opt/zds/texmf/tex/latex/tabu/tabu.sty
+    mode: u=rw,g=r,o=r
   tags:
     - bootstrap

roles/mysql/tasks/main.yml

@@ -32,7 +32,7 @@
     enabled: true
 
 - name: install MySQLdb-python
-  pip:
+  ansible.builtin.pip:
     name: mysqlclient
     executable: pip3
 

roles/web/tasks/main.yml

@@ -36,7 +36,7 @@
     src: "{{ item.src }}"
     dest: "/etc/nginx/{{ item.path }}"
     mode: u=rw,g=r,o=r
-  with_filetree: nginx/
+  with_community.general.filetree: nginx/
   when: item.state == 'file'
   notify: reload nginx