Enforce ansible-lint
I ran ansible-lint on our apps
role and found that, next to cosmetics, ansible-lint found a few nasty things like
the pipefail issue, which prevented us to recognize that cert-manager was not deployed fine.
We should either created a gitlab-ci job or enforce ourselves to do pre-commit linting (which is a good idea anyhow).
❯ ansible-lint ansible/roles/apps
[301] Commands should not change things if nothing needs doing
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/cert-manager.yml:2
Task/Handler: Install CRDs for cert-manager
[204] Lines should be no longer than 160 chars
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/cert-manager.yml:5
command: '/snap/bin/kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-{{ cert_manager.crd_version }}/deploy/manifests/00-crds.yaml'
[301] Commands should not change things if nothing needs doing
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/cert-manager.yml:7
Task/Handler: Prevent validation deadlock for cert-manager
[301] Commands should not change things if nothing needs doing
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/cert-manager.yml:43
Task/Handler: Apply cert-manager helmfile
[306] Shells that use pipes should set the pipefail option
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/helmfiles.yml:18
Task/Handler: Apply helmfiles
[306] Shells that use pipes should set the pipefail option
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/init.yml:67
Task/Handler: Remove failed helm deployments
[602] Don't compare to empty string
/home/varac/projects/work/greenhost/openappstack/ansible/roles/apps/tasks/init.yml:71
when: helm_failed_deployments.stdout != ""