Inconsistent test with pre-commit

[jedla01]

Issue Type

• Bug report

Ansible and Ansible Lint details

ansible 2.8.5.post0
  config file = None
  configured module search path = ['/Users/pjedlicka/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/pjedlicka/ansible-dev/ansible/lib/ansible
  executable location = /Users/pjedlicka/ansible-dev/ansible/bin/ansible
  python version = 3.6.5 (v3.6.5:f59c0932b4, Mar 28 2018, 03:03:55) [GCC 4.2.1 (Apple Inc. build 5666) (dot 3)]

ansible-lint 4.1.1a0

• ansible installation method: source
• ansible-lint installation method: pip

Desired Behaviour

While developing an ansible role, where root of repository is the root of a role, having set no ansible-lint rules executions nor custom rules, the output from ansible-lint . and pre-commit run --all-files should be same or results from from should be at least subset of errors found to the other test. (As running ansible-lint is not run against tests folder).

Actual Behaviour (Bug report only)

When running ansible-lint . in to role folder I am getting errors in tasks, mostly 305 Use shell only when shell functionality is required. While running pre-commit run --all-files or run on the file directly founds no errors at all. Pre-commit config:

---
repos:
  - repo: https://github.com/ansible/ansible-lint.git
    rev: v4.1.1a0
    hooks:
      - id: ansible-lint
        files: \.(yaml|yml)$

  - repo: https://github.com/adrienverge/yamllint.git
    rev: v1.17.0
    hooks:
      - id: yamllint
        files: \.(yaml|yml)$

• Ansible-lint output:

  roles/abc$ ansible-lint .
  [305] Use shell only when shell functionality is required
  roles/abc/tasks/main.yml:4

• Pre-commit output: pre-commit run --files tasks/main.yml Ansible-lint.............................................................Passed

[Woytek-Polnik]

I've passed through this

1. pre-commit with default options- types: [file] - tracks only files! not dicts ! They use identity lib which allows to set types: [dictionary], but in case of git it will be only submodule dict. So there is no way with pre-commit to pass directories at all. I tried and ended with pre-commit hook which wraps ansible-lint:

• Disable pre-commit concurrency, so 1 process with get all files.
• From gathered files filter only those which have /tasks/ in path
• For each file path extract before part before /tasks/- it should be path to the role
• Use unique/set to have just 1 run for the role

So this work for roles

2. for playbooks

• override pre-commit entrypoint of ansible-lint from ansible-lint . to just ansible-lint
• limit files to types: [yaml] - so you have only .yaml and .yml
• limit search path to only where you have playbooks

[webknjaz]

@ssbarnea ^

[nicolas-g]

I've passed through this

@Woytek-Polnik can you paste your config so we can use it as an example?

[ssbarnea]

@jedla01 Please pot link to repo which reproduces the issue with latest version of ansible-lint, I am 99% sure that https://pypi.org/project/ansible-lint/4.2.0/ fixed it.

[jedla01]

Thanks all. The original test were conducted on non-public role repo. I will retest with the last ansible-lint version and in case of issue, I will create public repo with example.

[Woytek-Polnik]

I've passed through this

@Woytek-Polnik can you paste your config so we can use it as an example?

https://github.com/zerodowntime/ansible-lint-roles-precommit-hook maybe will be helpfull

# Ansible lint roles
- repo: https://github.com/zerodowntime/ansible-lint-roles-precommit-hook.git
  rev: v1.0.0
  hooks:
    - id: ansible-lint-roles
      files: /tasks/ # reflects tasks
      exclude: (roles.d) # I have own roles in `roles` dir and 3rd-party roles in `roles.d`
      args: [-c, .ansible-lint.yml]
      stages: [commit]

# Ansible lint playbooks
- repo: https://github.com/ansible/ansible-lint.git
  rev: v4.2.0rc1
  hooks:
    - id: ansible-lint
      name: Ansible lint for playbooks
      types: [text, yaml] # reflects yaml changes
      files: /playbooks/ # we have all playbooks in 1 dir so we can contrain its path
      args: [-c, .ansible-lint.yml]
      pass_filenames: true
      always_run: false
      stages: [manual] # I have it manually because in playbooks I use `lookup env pwd` which breaks my paths

# Ansible lint inventory
- repo: https://github.com/ansible/ansible-lint.git
  rev: v4.2.0rc1
  hooks:
    - id: ansible-lint
      name: Ansible lint for inventory
      types: [text, yaml] # reflects yaml changes
      files: /inventory/
      exclude: vault
      args: [-c, .ansible-lint.yml]
      pass_filenames: true
      stages: [commit]

[webknjaz]

is this still relevant?

[jedla01]

No relevant anymore.