From 2dfa8ca9d682dd8d06b6d8cf0d1c9c7c48e9cc21 Mon Sep 17 00:00:00 2001 From: sjat Date: Sat, 30 May 2026 14:56:16 +0200 Subject: [PATCH] Harden lint setup and clean inventory placeholders - Pin pre-commit ansible-lint hook to ansible-core==2.17.* (was floating, crashed) - Add pre-commit to requirements.txt - Align .yamllint with ansible-lint (comments-indentation off, octal rules on) - Rewrite inventory placeholders to lint-clean empty-group form Co-Authored-By: Claude Opus 4.8 (1M context) --- .pre-commit-config.yaml | 4 ++-- .yamllint | 6 ++++++ inventories/production/hosts.yml | 22 ++++------------------ inventories/staging/hosts.yml | 8 +++++--- requirements.txt | 1 + 5 files changed, 18 insertions(+), 23 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index f325864..39c4698 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -16,11 +16,11 @@ repos: args: [-c, .yamllint] - repo: https://github.com/ansible/ansible-lint - rev: v24.9.2 + rev: v24.12.2 # keep in sync with requirements.txt hooks: - id: ansible-lint additional_dependencies: - - ansible-core>=2.17 + - ansible-core==2.17.* # pin (not >=) — keep in sync with requirements.txt # Secret scanning — catches plaintext credentials before they are committed. # Bump `rev` as new gitleaks releases land. diff --git a/.yamllint b/.yamllint index aa9214a..1ee0c62 100644 --- a/.yamllint +++ b/.yamllint @@ -13,6 +13,12 @@ rules: braces: min-spaces-inside: 0 max-spaces-inside: 1 + # Aligned with ansible-lint's requirements (it owns comment-indentation via its + # own yaml rule, and forbids octal ambiguity): + comments-indentation: false + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true ignore: | .venv/ diff --git a/inventories/production/hosts.yml b/inventories/production/hosts.yml index 3824946..36ef5de 100644 --- a/inventories/production/hosts.yml +++ b/inventories/production/hosts.yml @@ -1,5 +1,4 @@ --- -# Production inventory # Generated from Terraform outputs: make tf-inventory TF_ENV=production # Do not edit by hand — add hosts to terraform/environments/production/main.tf. # Exception: the control node is added here manually (see docs/runbooks/new-host.md). @@ -7,22 +6,9 @@ all: children: + control: + hosts: {} docker_hosts: - hosts: - # dns1: - # ansible_host: 10.20.0.10 - # dns2: - # ansible_host: 10.20.0.11 - # proxy: - # ansible_host: 10.20.0.12 - # homeassistant: - # ansible_host: 10.20.0.13 - + hosts: {} proxmox_hosts: - hosts: - # pve0: - # ansible_host: 10.10.0.200 - # pve1: - # ansible_host: 10.10.0.201 - # pve2: - # ansible_host: 10.10.0.202 + hosts: {} diff --git a/inventories/staging/hosts.yml b/inventories/staging/hosts.yml index a3e657e..c12b6ed 100644 --- a/inventories/staging/hosts.yml +++ b/inventories/staging/hosts.yml @@ -6,7 +6,9 @@ all: children: + control: + hosts: {} docker_hosts: - hosts: - # staging01: - # ansible_host: 10.20.0.50 + hosts: {} + proxmox_hosts: + hosts: {} diff --git a/requirements.txt b/requirements.txt index 675c598..1f521ed 100644 --- a/requirements.txt +++ b/requirements.txt @@ -6,6 +6,7 @@ ansible-lint==24.* molecule==24.* molecule-plugins[docker]==23.* yamllint==1.35.* +pre-commit==3.* # Runs lint + secret-scan hooks (.pre-commit-config.yaml) docker==7.* # Python SDK for Docker (used by Molecule) pytest==8.* # Required by Molecule test runner pytest-testinfra==10.* # Optional: infra assertions in verify.yml