Run ansible-lint on Ubuntu Noble

We ran into issues getting ansible-lint to run on Noble without updating
everything to current ish versions due to Python 3.12 compatibility
issues. Updating everything in this way created a bunch of new lint
errors we need to fix so we worked around the problem previously by
pinning back to Jammy.

Now we move the job back to Noble (the default Nodeset) and update the
tooling and fix the linter errors. This should allow us to move forward
in a productive manner on modern platforms.

The linter errors we fix include:

 * Naming every play
 * Ensuring every play name starts with a capital letter
 * Using fully qualified collection names for action modules
   (archive, git_config, and synchronize)
 * Quoting octal file modes

Change-Id: I96560c5ce2a5af39d39b3fc339862932a856bd13
This commit is contained in:
Clark Boylan 2024-08-21 12:24:57 -07:00
parent dd63733b55
commit 2db422f0b8
67 changed files with 149 additions and 89 deletions

View File

@ -1,6 +1,7 @@
# This is a variant of https://opendev.org/opendev/base-jobs/src/branch/master/playbooks/docs/promote.yaml # This is a variant of https://opendev.org/opendev/base-jobs/src/branch/master/playbooks/docs/promote.yaml
# updated to calculate the service type. # updated to calculate the service type.
- hosts: localhost - name: Promote API Documentation
hosts: localhost
tasks: tasks:
- name: Check execution context - name: Check execution context
when: "zuul.branch is not defined" when: "zuul.branch is not defined"

View File

@ -1,4 +1,5 @@
- hosts: all - name: Run Bindep Against Fallback File
hosts: all
roles: roles:
- role: bindep - role: bindep
bindep_profile: test bindep_profile: test

View File

@ -1,3 +1,4 @@
- hosts: all - name: Post Run For Zuul main.yaml Checks
hosts: all
roles: roles:
- fetch-tox-output - fetch-tox-output

View File

@ -1,4 +1,5 @@
- hosts: all - name: Pre Run for Zuul main.yaml Checks
hosts: all
roles: roles:
- ensure-tox - ensure-tox
- revoke-sudo - revoke-sudo

View File

@ -1,4 +1,5 @@
- hosts: localhost - name: Check Release Approvals
hosts: localhost
roles: roles:
- role: check-release-approval - role: check-release-approval
change: "{{ zuul.change }}" change: "{{ zuul.change }}"

View File

@ -1,3 +1,4 @@
- hosts: all - name: Run NPM
hosts: all
roles: roles:
- role: npm - role: npm

View File

@ -1,4 +1,5 @@
- hosts: all - name: Process Stackviz Artifacts
hosts: all
tasks: tasks:
- name: Rename tarball and move it to a subdir named dist as well - name: Rename tarball and move it to a subdir named dist as well
@ -19,7 +20,7 @@
delegate_to: localhost delegate_to: localhost
- name: Collect artifacts - name: Collect artifacts
synchronize: ansible.posix.synchronize:
dest: "{{ zuul.executor.work_root }}/artifacts/" dest: "{{ zuul.executor.work_root }}/artifacts/"
mode: pull mode: pull
src: "{{ zuul.project.src_dir }}/dist/" src: "{{ zuul.project.src_dir }}/dist/"

View File

@ -1,4 +1,5 @@
- hosts: all - name: Prepare a Javascript Dev Env
hosts: all
roles: roles:
- bindep - bindep
- test-setup - test-setup

View File

@ -1,4 +1,5 @@
- hosts: all - name: Fetch Javascript Artifacts for Publication
hosts: all
roles: roles:
- fetch-javascript-output - fetch-javascript-output
- fetch-javascript-content-tarball - fetch-javascript-content-tarball

View File

@ -1,18 +1,20 @@
- hosts: all - name: Fetch Javascript Artifacts for Publication
hosts: all
roles: roles:
- fetch-javascript-output - fetch-javascript-output
- version-from-git - version-from-git
- fetch-javascript-tarball - fetch-javascript-tarball
- hosts: all - name: Publish Javascript Artifacts to NPM
hosts: all
tasks: tasks:
# project_ver is set by set_fact in version-from-git, but that runs on # project_ver is set by set_fact in version-from-git, but that runs on
# the remote host, which puts the fact into the hostvars of that host. # the remote host, which puts the fact into the hostvars of that host.
# Now that we're running on localhost, we need to reach in to the remote # Now that we're running on localhost, we need to reach in to the remote
# hosts vars to get the value. # hosts vars to get the value.
- name: Upload to NPM - name: Upload to NPM
delegate_to: localhost
block: block:
- name: Upload to npm - name: Upload to npm
include_role: include_role:
name: upload-npm name: upload-npm
delegate_to: localhost

View File

@ -1,4 +1,5 @@
- hosts: all - name: Run npm pack
hosts: all
roles: roles:
- role: npm - role: npm
npm_command: pack npm_command: pack

View File

@ -1,4 +1,5 @@
- hosts: all - name: Run GitHub Mirror Script
hosts: all
tasks: tasks:
- name: Ensure pip - name: Ensure pip
include_role: include_role:

View File

@ -1,7 +1,7 @@
- name: enable ua subscription - name: Enable ua subscription
hosts: all hosts: all
tasks: tasks:
- name: enable ua subscription for fips - name: Enable ua subscription for fips
include_role: include_role:
name: enable-ua-subscription name: enable-ua-subscription
when: enable_fips | default(false) when: enable_fips | default(false)

View File

@ -1,3 +1,4 @@
- hosts: all - name: Fetch Tox Output
hosts: all
roles: roles:
- fetch-tox-output - fetch-tox-output

View File

@ -1,4 +1,5 @@
- hosts: all - name: Prepare a Tox Runtime Environment
hosts: all
roles: roles:
- bindep - bindep
- ensure-tox - ensure-tox

View File

@ -1,3 +1,4 @@
- hosts: all - name: Run Tox
hosts: all
roles: roles:
- tox - tox

View File

@ -1,4 +1,5 @@
- hosts: all - name: Prepare a Code Proposal Environment
hosts: all
pre_tasks: pre_tasks:
- name: Ensure pip - name: Ensure pip
include_role: include_role:
@ -24,7 +25,7 @@
copy: copy:
dest: '{{ ansible_user_dir }}/scripts/' dest: '{{ ansible_user_dir }}/scripts/'
src: '{{ item }}' src: '{{ item }}'
mode: 0755 mode: '0755'
with_items: with_items:
- generate_puppetfile.sh - generate_puppetfile.sh
- propose_update.sh - propose_update.sh

View File

@ -1,4 +1,5 @@
- hosts: all - name: Propose Constraints Update
hosts: all
tasks: tasks:
- name: Propose constraints update - name: Propose constraints update

View File

@ -1,4 +1,5 @@
- hosts: all - name: Propose Constraints Update
hosts: all
tasks: tasks:
- name: Pause in order to allow pypi to catch up - name: Pause in order to allow pypi to catch up
ansible.builtin.pause: ansible.builtin.pause:

View File

@ -1,4 +1,5 @@
- hosts: all - name: Run propose_update.sh Script
hosts: all
tasks: tasks:
- name: Run propose_update.sh script - name: Run propose_update.sh script

View File

@ -1,4 +1,5 @@
- hosts: all - name: Run Twine Checks Against Sdist Tarball
hosts: all
roles: roles:
- build-python-release - build-python-release
- ensure-twine - ensure-twine

View File

@ -1,4 +1,5 @@
- hosts: all - name: Collect Artifacts
hosts: all
post_tasks: post_tasks:
- name: Find tarballs and wheels in dist folder. - name: Find tarballs and wheels in dist folder.
@ -20,13 +21,14 @@
delegate_to: localhost delegate_to: localhost
- name: Collect tarball artifacts. - name: Collect tarball artifacts.
synchronize: ansible.posix.synchronize:
dest: "{{ zuul.executor.work_root }}/artifacts/" dest: "{{ zuul.executor.work_root }}/artifacts/"
mode: pull mode: pull
src: "{{ item.path }}" src: "{{ item.path }}"
verify_host: true verify_host: true
with_items: "{{ result.files }}" with_items: "{{ result.files }}"
- hosts: localhost - name: Sign Artifacts
hosts: localhost
roles: roles:
- sign-artifacts - sign-artifacts

View File

@ -1,4 +1,5 @@
- hosts: all - name: Prepare Python Package Build Environment
hosts: all
roles: roles:
# We use ensure-pip to make sure the wheel module is installed # We use ensure-pip to make sure the wheel module is installed
- ensure-pip - ensure-pip

View File

@ -1,3 +1,4 @@
- hosts: all - name: Build Python Release
hosts: all
roles: roles:
- build-python-release - build-python-release

View File

@ -1,4 +1,5 @@
- hosts: all - name: Run make-index
hosts: all
tasks: tasks:
- name: Run make-index - name: Run make-index
command: ./make-index command: ./make-index

View File

@ -1,4 +1,5 @@
- hosts: all - name: Prepare for Publication
hosts: all
roles: roles:
- role: write-root-marker - role: write-root-marker
root_marker_dir: "{{ zuul.project.src_dir }}/" root_marker_dir: "{{ zuul.project.src_dir }}/"

View File

@ -1,4 +1,5 @@
- hosts: all - name: Fetch Sphinx Output
hosts: all
roles: roles:
- role: prepare-docs-for-afs - role: prepare-docs-for-afs
when: zuul_success | bool when: zuul_success | bool
@ -7,7 +8,8 @@
zuul_executor_dest: "{{ zuul.executor.work_root }}/artifacts" zuul_executor_dest: "{{ zuul.executor.work_root }}/artifacts"
when: zuul_success | bool when: zuul_success | bool
- hosts: localhost - name: Publish Sphinx Output to AFS
hosts: localhost
roles: roles:
- role: set-service-type-data-fact - role: set-service-type-data-fact
when: zuul_success | bool when: zuul_success | bool

View File

@ -1,4 +1,5 @@
- hosts: localhost - name: Update to AFS
hosts: localhost
pre_tasks: pre_tasks:
# Note that "{{ afs.path }}" is a valid afs_target and thus # Note that "{{ afs.path }}" is a valid afs_target and thus
# afs_subpath can be empty, we need this for openstack-manuals # afs_subpath can be empty, we need this for openstack-manuals

View File

@ -1,6 +1,8 @@
- hosts: localhost - name: Publish Artifacts to AFS
hosts: localhost
tasks: tasks:
- name: Upload to AFS - name: Upload to AFS
when: zuul_success | bool
block: block:
- name: Create AFS token - name: Create AFS token
include_role: include_role:
@ -14,4 +16,3 @@
- name: Destroy AFS token - name: Destroy AFS token
include_role: include_role:
name: destroy-afs-token name: destroy-afs-token
when: zuul_success | bool

View File

@ -1,4 +1,5 @@
- hosts: all - name: Fetch Sphinx Output
hosts: all
roles: roles:
- fetch-tox-output - fetch-tox-output
- role: write-root-marker - role: write-root-marker

View File

@ -1,4 +1,5 @@
- hosts: all - name: Fetch Sphinx Output
hosts: all
roles: roles:
- role: fetch-sphinx-output - role: fetch-sphinx-output
sphinx_output_src: "{{ zuul.project.src_dir }}/_out/" sphinx_output_src: "{{ zuul.project.src_dir }}/_out/"

View File

@ -1,4 +1,5 @@
- hosts: localhost - name: Publish Puppet Modules to PuppetForge
hosts: localhost
tasks: tasks:
- name: Find all puppet tarballs in artifacts - name: Find all puppet tarballs in artifacts
find: find:

View File

@ -1,4 +1,5 @@
- hosts: localhost - name: Publish Python Package to PyPI
hosts: localhost
roles: roles:
- role: ensure-twine - role: ensure-twine
when: zuul_success | bool when: zuul_success | bool

View File

@ -1,4 +1,5 @@
- hosts: all - name: Fetch Release Notes
hosts: all
roles: roles:
- role: write-root-marker - role: write-root-marker
root_marker_dir: "{{ zuul_work_dir }}/{{ sphinx_build_dir }}/html" root_marker_dir: "{{ zuul_work_dir }}/{{ sphinx_build_dir }}/html"

View File

@ -1,4 +1,5 @@
- hosts: localhost - name: Publish Release to AFS
hosts: localhost
roles: roles:
- role: create-afs-token - role: create-afs-token
when: zuul_success | bool when: zuul_success | bool

View File

@ -1,4 +1,5 @@
- hosts: localhost - name: Publish StarlingX Web Content
hosts: localhost
roles: roles:
- role: create-afs-token - role: create-afs-token
when: zuul_success | bool when: zuul_success | bool

View File

@ -1,3 +1,4 @@
- hosts: localhost - name: Trigger Read The Docs Build
hosts: localhost
roles: roles:
- trigger-readthedocs - trigger-readthedocs

View File

@ -1,4 +1,5 @@
- hosts: all - name: Publish Wheels to Mirror
hosts: all
# We don't want the python2 & python3 hosts copying to AFS at the # We don't want the python2 & python3 hosts copying to AFS at the
# same time. In some cases for generic wheels they can have # same time. In some cases for generic wheels they can have
# produced a file with the same name and thus we open a window to # produced a file with the same name and thus we open a window to

View File

@ -1,4 +1,5 @@
- hosts: all - name: Fetch Puppet Module
hosts: all
roles: roles:
- fetch-puppet-module-output - fetch-puppet-module-output
@ -10,6 +11,7 @@
args: args:
chdir: "{{ zuul.project.src_dir }}/pkg" chdir: "{{ zuul.project.src_dir }}/pkg"
- hosts: localhost - name: Sign Artifacts
hosts: localhost
roles: roles:
- sign-artifacts - sign-artifacts

View File

@ -1,4 +1,5 @@
- hosts: all - name: Setup Puppet Module Build Environment
hosts: all
roles: roles:
- ensure-pdk-dependencies - ensure-pdk-dependencies
- revoke-sudo - revoke-sudo

View File

@ -1,3 +1,4 @@
- hosts: all - name: Build Puppet Module
hosts: all
roles: roles:
- build-puppet-module - build-puppet-module

View File

@ -1,4 +1,5 @@
- hosts: all - name: Create Branch Specific Python Tarball
hosts: all
roles: roles:
- fetch-python-sdist-output - fetch-python-sdist-output

View File

@ -1,3 +1,4 @@
- hosts: all - name: Add Launchpad Credentials
hosts: all
roles: roles:
- add-launchpad-credentials - add-launchpad-credentials

View File

@ -1,4 +1,5 @@
- hosts: all - name: Cleanup Credentials
hosts: all
roles: roles:
- remove-sshkey - remove-sshkey
- remove-launchpad-credentials - remove-launchpad-credentials

View File

@ -1,4 +1,5 @@
- hosts: all - name: Prepare Release Environment
hosts: all
pre_tasks: pre_tasks:
# This is tempoarary until v2 is gone and we can rework things # This is tempoarary until v2 is gone and we can rework things
- name: Update origin remote to enable notes fetching - name: Update origin remote to enable notes fetching

View File

@ -1,4 +1,5 @@
- hosts: all - name: Tag and Push Release
hosts: all
tasks: tasks:
- name: Run release scripts - name: Run release scripts
shell: shell:

View File

@ -1,4 +1,5 @@
- hosts: all - name: Prepare Reno Build Environment
hosts: all
roles: roles:
- role: bindep - role: bindep
bindep_profile: doc bindep_profile: doc

View File

@ -1,4 +1,5 @@
- hosts: all - name: Build Releasenotes
hosts: all
roles: roles:
- role: ensure-if-python - role: ensure-if-python
# Releasenotes do not need the package itself to be installed # Releasenotes do not need the package itself to be installed

View File

@ -2,7 +2,8 @@
# It uses upload-afs-syncronize instead of upload-afs-roots to add content # It uses upload-afs-syncronize instead of upload-afs-roots to add content
# but not delete. It is also simplified for repository # but not delete. It is also simplified for repository
# openstack/service-types-authority. # openstack/service-types-authority.
- hosts: localhost - name: Upload Service Types to AFS
hosts: localhost
tasks: tasks:
- name: Check execution context - name: Check execution context
when: "zuul.branch is not defined" when: "zuul.branch is not defined"

View File

@ -1,4 +1,5 @@
# TODO(mordred) ZOMG DELETE THIS # TODO(mordred) ZOMG DELETE THIS
- hosts: all - name: Run Neutron Horizon Hack
hosts: all
roles: roles:
- neutron-horizon-hack - neutron-horizon-hack

View File

@ -1,4 +1,5 @@
- hosts: all - name: Fetch Infra Sphinx Docs
hosts: all
roles: roles:
- role: prepare-infra-docs-for-afs - role: prepare-infra-docs-for-afs
when: zuul_success | bool when: zuul_success | bool

View File

@ -1,4 +1,5 @@
- hosts: all - name: Fetch Sphinx Docs
hosts: all
roles: roles:
- role: prepare-docs-for-afs - role: prepare-docs-for-afs
when: zuul_success | bool when: zuul_success | bool

View File

@ -1,4 +1,5 @@
- hosts: all - name: Prepare Sphinx Build Environment
hosts: all
roles: roles:
- role: bindep - role: bindep
bindep_profile: compile doc bindep_profile: compile doc

View File

@ -1,4 +1,5 @@
- hosts: all - name: Build Sphinx Docs
hosts: all
roles: roles:
- ensure-if-python - ensure-if-python
- sphinx - sphinx

View File

@ -1,6 +1,8 @@
- hosts: localhost - name: Upload to AFS
hosts: localhost
tasks: tasks:
- name: Upload to AFS - name: Upload to AFS
when: zuul_success | bool
block: block:
- name: Create AFS token - name: Create AFS token
include_role: include_role:
@ -14,4 +16,3 @@
- name: Destroy AFS token - name: Destroy AFS token
include_role: include_role:
name: destroy-afs-token name: destroy-afs-token
when: zuul_success | bool

View File

@ -1,3 +1,4 @@
- hosts: all - name: Fetch Translation Subunit Output
hosts: all
roles: roles:
- fetch-translations-subunit-output - fetch-translations-subunit-output

View File

@ -1,4 +1,5 @@
- hosts: all - name: Prepare Translations Processing Environment
hosts: all
roles: roles:
- role: ensure-sphinx - role: ensure-sphinx
doc_building_packages: doc_building_packages:

View File

@ -1,4 +1,5 @@
- hosts: all - name: Propose Transaltion Updates
hosts: all
roles: roles:
- prepare-zanata-client - prepare-zanata-client
- legacy-zuul-git-prep-upper-constraints - legacy-zuul-git-prep-upper-constraints

View File

@ -1,4 +1,5 @@
- hosts: all - name: Upstream Translation Updates
hosts: all
roles: roles:
- prepare-zanata-client - prepare-zanata-client
- legacy-zuul-git-prep-upper-constraints - legacy-zuul-git-prep-upper-constraints
@ -9,6 +10,7 @@
args: args:
chdir: "{{ zuul.project.src_dir }}" chdir: "{{ zuul.project.src_dir }}"
- hosts: all - name: Fetch Translation Output
hosts: all
roles: roles:
- fetch-translation-output - fetch-translation-output

View File

@ -1,4 +1,5 @@
- hosts: localhost - name: Release AFS Volume
hosts: localhost
roles: roles:
- role: create-afs-token - role: create-afs-token

View File

@ -1,6 +1,6 @@
--- ---
- name: Configure Git - name: Configure Git
git_config: community.general.git_config:
name: "{{ item.key }}" name: "{{ item.key }}"
scope: "{{ git_config_scope }}" scope: "{{ git_config_scope }}"
value: "{{ item.value }}" value: "{{ item.value }}"

View File

@ -3,6 +3,6 @@
# src is relative to the dir the playbook is in on the executor # src is relative to the dir the playbook is in on the executor
dest: "{{ ansible_user_dir }}/scripts/" dest: "{{ ansible_user_dir }}/scripts/"
src: '{{ item }}' src: '{{ item }}'
mode: 0755 mode: '0755'
with_items: with_items:
- common.sh - common.sh

View File

@ -4,6 +4,6 @@
state: directory state: directory
- name: Copy the release-tools directory to the remote node - name: Copy the release-tools directory to the remote node
synchronize: ansible.posix.synchronize:
src: "release-tools/" src: "release-tools/"
dest: "{{ ansible_user_dir }}/scripts/release-tools" dest: "{{ ansible_user_dir }}/scripts/release-tools"

View File

@ -4,7 +4,7 @@
register: subunit register: subunit
- name: Collect test-results - name: Collect test-results
synchronize: ansible.posix.synchronize:
dest: "{{ zuul.executor.log_root }}" dest: "{{ zuul.executor.log_root }}"
mode: pull mode: pull
src: "{{ zuul_work_dir }}/testrepository.subunit.gz" src: "{{ zuul_work_dir }}/testrepository.subunit.gz"

View File

@ -13,7 +13,7 @@
path: "{{ zuul_logserver_root }}/{{ zuul_log_path }}" path: "{{ zuul_logserver_root }}/{{ zuul_log_path }}"
state: directory state: directory
recurse: yes recurse: yes
mode: 0775 mode: '0775'
# Use chmod instead of file because ansible 2.5 file with recurse and # Use chmod instead of file because ansible 2.5 file with recurse and
# follow can't really handle symlinks to . # follow can't really handle symlinks to .
@ -25,7 +25,7 @@
- skip_ansible_lint - skip_ansible_lint
- name: Upload logs to log server - name: Upload logs to log server
synchronize: ansible.posix.synchronize:
src: "{{ zuul.executor.log_root }}/" src: "{{ zuul.executor.log_root }}/"
dest: "{{ zuul_logserver_root }}/{{ zuul_log_path }}/" dest: "{{ zuul_logserver_root }}/{{ zuul_log_path }}/"
rsync_opts: rsync_opts:
@ -34,16 +34,16 @@
no_log: "{{ not zuul_log_verbose }}" no_log: "{{ not zuul_log_verbose }}"
# After this point there are no more logs # After this point there are no more logs
- name: gzip console log and json output - name: Gzip console log and json output
delegate_to: localhost delegate_to: localhost
archive: community.general.archive:
path: "{{ zuul.executor.log_root }}/{{ item }}" path: "{{ zuul.executor.log_root }}/{{ item }}"
with_items: with_items:
- job-output.txt - job-output.txt
- job-output.json - job-output.json
- name: Upload console log and json output - name: Upload console log and json output
synchronize: ansible.posix.synchronize:
src: "{{ zuul.executor.log_root }}/{{ item }}.gz" src: "{{ zuul.executor.log_root }}/{{ item }}.gz"
dest: "{{ zuul_logserver_root }}/{{ zuul_log_path }}/{{ item }}.gz" dest: "{{ zuul_logserver_root }}/{{ zuul_log_path }}/{{ item }}.gz"
verify_host: true verify_host: true

View File

@ -33,10 +33,8 @@ deps =
# keep this in sync with what Zuul uses so we don't allow though # keep this in sync with what Zuul uses so we don't allow though
# things from a later ansible that would actually fail in # things from a later ansible that would actually fail in
# production. # production.
ansible>=5,<6 ansible>=8,<9
# pin these two until someone has time to update all our skips to >=6.16 ansible-lint<25.0.0
ansible-lint>=6.0.0,<6.5.0
ansible-compat<4
hacking>=7.0.0,<8.0.0 hacking>=7.0.0,<8.0.0
bashate>=0.2 bashate>=0.2
commands = commands =

View File

@ -3472,8 +3472,7 @@
- specs/.* - specs/.*
- other-requirements.txt - other-requirements.txt
- tox.ini - tox.ini
- openstack-zuul-jobs-linters: - openstack-zuul-jobs-linters
nodeset: ubuntu-jammy
- project-config-dib - project-config-dib
- project-config-gerrit - project-config-gerrit
- project-config-grafana: - project-config-grafana:
@ -3496,8 +3495,7 @@
files: *project-config-grafana-files files: *project-config-grafana-files
- build-openstack-specs-site: - build-openstack-specs-site:
files: *specs-site files: *specs-site
- openstack-zuul-jobs-linters: - openstack-zuul-jobs-linters
nodeset: ubuntu-jammy
- project-config-dib - project-config-dib
- project-config-gerrit - project-config-gerrit
- project-config-grafana: - project-config-grafana: