openstack/tripleo-quickstart-extras
Code Issues Proposed changes

Merge "Add ansible linter rule for set pipefail"

Browse Source
This commit is contained in:
Zuul
2018-05-01 09:25:07 +00:00
committed by Gerrit Code Review
parent 68640b12e1 69ad943add
commit 82479b4fd3
8 changed files with 65 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ci-scripts/ansible-lint.sh
View File

@@ -15,7 +15,7 @@ SKIPLIST="ANSIBLE0006,ANSIBLE0007,ANSIBLE0010,ANSIBLE0012,ANSIBLE0013,ANSIBLE001
# lint the playbooks separately to avoid linting the roles multiple times
pushd playbooks
for playbook in `find . -type f -regex '.*\.y[a]?ml'`; do
ansible-lint -vvv -x $SKIPLIST $playbook || lint_error=1
ansible-lint -vvv -x $SKIPLIST -R -r ../ci-scripts/ansible_rules $playbook || lint_error=1
done
popd
@@ -23,7 +23,7 @@ popd
# Due to https://github.com/willthames/ansible-lint/issues/210, the roles
# directories need to contain a trailing slash at the end of the path.
for rolesdir in `find ./roles -maxdepth 1 -type d`; do
ansible-lint -vvv -x $SKIPLIST $rolesdir/ || lint_error=1
ansible-lint -vvv -x $SKIPLIST -R -r ./ci-scripts/ansible_rules $rolesdir/ || lint_error=1
done
## exit with 1 if we had a least an error or warning.

53
ci-scripts/ansible_rules/ShellPipefail.py Normal file
View File

@@ -0,0 +1,53 @@
# Copyright Red Hat, Inc. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from ansiblelint import AnsibleLintRule
def incorrect_task(task, cmd):
if 'shell' not in task:
return False
if 'register' in task:
return False
if task.get('ignore_errors'):
return False
if isinstance(task['shell'], dict):
args = task['shell']['cmd'].split()
else:
args = task['shell'].split()
if not set(args).isdisjoint(cmd) and 'pipefail' not in args:
return True
return False
class ShellPipefail(AnsibleLintRule):
id = 'OOOQ0001'
shortdesc = 'Shell should have a pipefail'
description = 'Shell commands should have "set -o pipefail" if using PIPE'
tags = ['shell']
cmd = ["|", "timestamper_cmd"]
def matchplay(self, file, play):
ret = []
if play.get('block') and not play.get('ignore_errors'):
block = play['block']
for task in block:
if incorrect_task(task, self.cmd):
ret.append((file, self.shortdesc))
else:
if incorrect_task(play, self.cmd):
ret.append((file, self.shortdesc))
return ret

1
roles/build-test-packages/tasks/main.yml
View File

@@ -146,6 +146,7 @@
- name: Copy the generated rpms
shell: >
set -o pipefail &&
rm -rf {{ build_repo_dir }}/gating_repo/*;
find {{ build_repo_dir }}/DLRN/data/repos -type f -name '*.rpm' -print0 | xargs -0 cp -t {{ build_repo_dir }}/gating_repo;

1
roles/collect-logs/tasks/collect.yml
View File

@@ -256,6 +256,7 @@
- name: Gather the logs to /tmp
become: yes
shell: >
set -o pipefail &&
rsync --quiet --recursive --copy-links --prune-empty-dirs
--filter '. /tmp/{{ inventory_hostname }}-rsync-filter' / /tmp/{{ inventory_hostname }};
find /tmp/{{ inventory_hostname }} -type d -print0 | xargs -0 chmod 755;

2
roles/collect-logs/tasks/publish.yml
View File

@@ -10,6 +10,7 @@
- name: fetch and gzip the console log
shell: >
set -o pipefail &&
curl -k "{{ lookup('env', 'BUILD_URL') }}/timestamps/?time=yyyy-MM-dd%20HH:mm:ss.SSS%20|&appendLog&locale=en_GB"
| gzip > {{ artcl_collect_dir }}/console.txt.gz
when: lookup('env', 'BUILD_URL') != ""
@@ -52,6 +53,7 @@
- name: Rename compressed text based files to end with txt.gz extension
shell: >
set -o pipefail &&
find {{ artcl_collect_dir }}/ -type f |
awk 'function rename(orig)
{ new=orig; sub(/\.gz$/, ".txt.gz", new); system("mv " orig " " new) }

3
roles/modify-image/tasks/manual.yml
View File

@@ -31,7 +31,7 @@
become: true
- name: Extract initramfs image
shell: gunzip -c {{ image_to_modify_abs_path.stdout }} | cpio -i
shell: set -o pipefail && gunzip -c {{ image_to_modify_abs_path.stdout }} | cpio -i
become: true
args:
chdir: "{{ mount_tempdir }}"
@@ -62,6 +62,7 @@
- name: Close initramfs image
shell: >
set -o pipefail &&
pushd {{ mount_tempdir }};
find . -print | cpio -o -H newc | gzip > {{ image_to_modify_abs_path.stdout }};
popd;

1
roles/validate-tempest/tasks/stackviz.yml
View File

@@ -59,6 +59,7 @@
- name: Collecting data from tempest
shell: >
set -o pipefail &&
{% if tempest_format == 'venv' %}source {{ working_dir }}/tempest_git/.venv/bin/activate; {% endif %}
{{ testr_command }} last --subunit | subunit-1to2 | stackviz-export {{ tempest_dstat_opt | default('') }} --env --stdin {{ working_dir }}/stackviz_static/data
args:

3
roles/validate-tempest/tasks/tempest-results.yml
View File

@@ -8,6 +8,7 @@
- name: Generate testrepository.subunit results file
shell: >
set -o pipefail &&
{% if tempest_format == 'venv' %}source {{ working_dir }}/tempest_git/.venv/bin/activate; {% endif %}
{{ testr_command }} last --subunit | subunit-1to2 > {{ working_dir }}/tempest/testrepository.subunit
args:
@@ -15,6 +16,7 @@
- name: Generate HTML results file
shell: |
set -o pipefail &&
{% if tempest_format == 'venv' %}source {{ working_dir }}/tempest_git/.venv/bin/activate; {% endif %}
subunit2html $(find {{ working_dir }}/tempest/{{ testr_dir }} -name [0-9] \
| head -1) {{ working_dir }}/tempest/tempest.html \
@@ -29,6 +31,7 @@
- name: Generate XML results file
shell: >
set -o pipefail &&
{% if tempest_format == 'venv' %}source {{ working_dir }}/tempest_git/.venv/bin/activate; {% endif %}
subunit2junitxml
{% if need_subunit1to2.rc == 0 %}