fix: blackbox_exporter ansible-lint risky-octal

[tvenieris]

No description provided.

[SuperQ]

Same here, the github-actions bot labeling didn't trigger the blackbox_exporter roll checks.

@tvenieris Do you know why these are not getting caught in CI? The ansible-lint pipeline should catch these.

[codecov-commenter]

Codecov Report

❗ No coverage uploaded for pull request base (main@603aa0c). Click here to learn what that means.
The diff coverage is n/a.

❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.

@@           Coverage Diff            @@
##             main      #174   +/-   ##
========================================
  Coverage        ?   100.00%           
========================================
  Files           ?         2           
  Lines           ?        34           
  Branches        ?         2           
========================================
  Hits            ?        34           
  Misses          ?         0           
  Partials        ?         0           

Flag	Coverage Δ
integration	100.00% <0.00%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

[SuperQ]

This needs a rebase.

[tvenieris]

Same here, the github-actions bot labeling didn't trigger the blackbox_exporter roll checks.

@tvenieris Do you know why these are not getting caught in CI? The ansible-lint pipeline should catch these.

I don't think there's anything wrong with the CI. I am running ansible-lint at the top of the collection, inside the role or against a sample playbook and it just does not detect the risky-octal issue. So it's most likely an ansible-lint bug. The reason I am getting these errors is that I have embedded these roles into my own playbooks and there for reasons unknown the issue is detected.

[tvenieris]

Just to show you how things look from my end, this is an ansible-lint run against the prometheus-community/ansible collection:

$ ansible-lint -v
INFO     Identified /home/tvenieris/git/prometheus-community-ansible as project root due .git directory.
INFO     Running ansible-galaxy collection install -v -r requirements.yml
INFO     Provisioning collection community.general:>=1.0.0 from galaxy.yml
INFO     Running from /home/tvenieris/git/prometheus-community-ansible : ansible-galaxy collection install -vvv community.general:>=1.0.0
INFO     Set ANSIBLE_LIBRARY=/home/tvenieris/.cache/ansible-compat/ab148f/modules:/home/tvenieris/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
INFO     Set ANSIBLE_COLLECTIONS_PATH=/home/tvenieris/.cache/ansible-compat/ab148f/collections:/home/tvenieris/.cache/ansible-compat/ab148f/collections:/home/tvenieris/.ansible/collections:/
usr/share/ansible/collections
INFO     Set ANSIBLE_ROLES_PATH=/home/tvenieris/.cache/ansible-compat/ab148f/roles:roles:/home/tvenieris/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
INFO     Running from /home/tvenieris/git/prometheus-community-ansible : ansible-galaxy collection install -vvv --force .
INFO     Loading ignores from .gitignore
INFO     Excluded: .git
INFO     Loading ignores from .gitignore
INFO     Excluded: .git
WARNING  Skipped installing collection dependencies due to running in offline mode.
INFO     Provisioning collection community.general:>=1.0.0 from galaxy.yml
INFO     Running from /home/tvenieris/git/prometheus-community-ansible : ansible-galaxy collection install -vvv community.general:>=1.0.0
INFO     Set ANSIBLE_LIBRARY=/home/tvenieris/.cache/ansible-compat/ab148f/modules:/home/tvenieris/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
INFO     Set ANSIBLE_COLLECTIONS_PATH=/home/tvenieris/.cache/ansible-compat/ab148f/collections:/home/tvenieris/.ansible/collections:/usr/share/ansible/collections
INFO     Set ANSIBLE_ROLES_PATH=/home/tvenieris/.cache/ansible-compat/ab148f/roles:roles:/home/tvenieris/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
INFO     Executing syntax check on role roles/mysqld_exporter (0.73s)
INFO     Executing syntax check on playbook playbook.yml (0.75s)
INFO     Executing syntax check on playbook roles/node_exporter/molecule/alternative/converge.yml (0.76s)
INFO     Executing syntax check on playbook roles/systemd_exporter/molecule/alternative/prepare.yml (0.76s)
INFO     Executing syntax check on playbook roles/prometheus/molecule/latest/converge.yml (0.76s)
INFO     Executing syntax check on playbook roles/alertmanager/molecule/default/converge.yml (0.76s)
INFO     Executing syntax check on playbook roles/mysqld_exporter/molecule/alternative/prepare.yml (0.78s)
INFO     Executing syntax check on role roles/systemd_exporter (0.78s)
INFO     Executing syntax check on playbook roles/snmp_exporter/molecule/alternative/converge.yml (0.79s)
INFO     Executing syntax check on playbook roles/systemd_exporter/molecule/default/playbook.yml (0.80s)
INFO     Executing syntax check on playbook roles/alertmanager/molecule/alternative/converge.yml (0.81s)
INFO     Executing syntax check on playbook roles/prometheus/molecule/alternative/converge.yml (0.81s)
INFO     Executing syntax check on playbook roles/blackbox_exporter/molecule/alternative/converge.yml (0.70s)
INFO     Executing syntax check on role roles/blackbox_exporter (0.71s)
INFO     Executing syntax check on playbook roles/node_exporter/molecule/latest/converge.yml (0.74s)
INFO     Executing syntax check on playbook roles/snmp_exporter/molecule/default/converge.yml (0.73s)
INFO     Executing syntax check on role roles/node_exporter (0.75s)
INFO     Executing syntax check on playbook roles/mysqld_exporter/molecule/default/converge.yml (0.74s)
INFO     Executing syntax check on playbook roles/prometheus/molecule/default/converge.yml (0.78s)
INFO     Executing syntax check on playbook roles/systemd_exporter/molecule/latest/playbook.yml (0.76s)
INFO     Executing syntax check on playbook roles/alertmanager/molecule/alternative/prepare.yml (0.75s)
INFO     Executing syntax check on playbook roles/mysqld_exporter/molecule/alternative/converge.yml (0.78s)
INFO     Executing syntax check on role roles/prometheus (0.78s)
INFO     Executing syntax check on playbook roles/blackbox_exporter/molecule/default/converge.yml (0.80s)
INFO     Executing syntax check on playbook roles/mysqld_exporter/molecule/latest/converge.yml (0.59s)
INFO     Executing syntax check on playbook roles/systemd_exporter/molecule/alternative/playbook.yml (0.61s)
INFO     Executing syntax check on role roles/snmp_exporter (0.62s)
INFO     Executing syntax check on playbook roles/alertmanager/molecule/latest/converge.yml (0.66s)
INFO     Executing syntax check on playbook roles/prometheus/molecule/alternative/prepare.yml (0.63s)
INFO     Executing syntax check on role roles/alertmanager (0.62s)
INFO     Executing syntax check on playbook roles/node_exporter/molecule/alternative/prepare.yml (0.62s)
INFO     Executing syntax check on playbook roles/node_exporter/molecule/default/converge.yml (0.62s)
WARNING  Listing 1 violation(s) that are fatal
galaxy[version-incorrect]: collection version should be greater than or equal to 1.0.0 (warning)
galaxy.yml:4

Read documentation for instructions on how to ignore specific rule violations.

                    Rule Violation Summary
 count tag                       profile rule associated tags
     1 galaxy[version-incorrect] shared  metadata (warning)

Passed: 0 failure(s), 1 warning(s) on 218 files. Profile 'production' was required, but only 'safety' profile passed. Rating: 3/5 star

... and this is the octal-values issue getting detected in my own codebase:

$ ansible-lint -v playbook.yml
INFO     Identified /home/tvenieris/git/ordaa as project root due .git directory.
INFO     Set ANSIBLE_LIBRARY=/home/tvenieris/.cache/ansible-compat/6b49b2/modules:/home/tvenieris/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
INFO     Set ANSIBLE_COLLECTIONS_PATH=/home/tvenieris/.cache/ansible-compat/6b49b2/collections:/home/tvenieris/.ansible/collections:/usr/share/ansible/collections
INFO     Set ANSIBLE_ROLES_PATH=/home/tvenieris/.cache/ansible-compat/6b49b2/roles:roles:/home/tvenieris/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
INFO     Set ANSIBLE_LIBRARY=/home/tvenieris/.cache/ansible-compat/6b49b2/modules:/home/tvenieris/.ansible/plugins/modules:/usr/share/ansible/plugins/modules
INFO     Set ANSIBLE_COLLECTIONS_PATH=/home/tvenieris/.cache/ansible-compat/6b49b2/collections:/home/tvenieris/.ansible/collections:/usr/share/ansible/collections
INFO     Set ANSIBLE_ROLES_PATH=/home/tvenieris/.cache/ansible-compat/6b49b2/roles:roles:/home/tvenieris/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles
INFO     Executing syntax check on playbook playbook.yml (1.37s)
WARNING  Listing 1 violation(s) that are fatal
roles/prometheus_community_blackbox_exporter/tasks/configure.yml:30: yaml[octal-values]: Forbidden implicit octal value "0644"
Read documentation for instructions on how to ignore specific rule violations.

                Rule Violation Summary
 count tag                profile rule associated tags
     1 yaml[octal-values] basic   formatting, yaml

Failed: 1 failure(s), 0 warning(s) on 353 files. Last profile that met the validation criteria was 'min'.

[SuperQ]

Maybe if we included a test playbook at the top level.

[tvenieris]

Maybe if we included a test playbook at the top level.

I tried that, it did not make a difference. I even tried to include a make-shift inventory, again with no success.

[gardar]

@tvenieris Do you know why these are not getting caught in CI? The ansible-lint pipeline should catch these.

Could it be the same issue as this? ansible/ansible-lint-action#172
Wonder if it's fixed now

[tvenieris]

@gardar I have never used ansible-lint-action just plain ansible-lint which I have installed using pip. Actually, I forgot to include the version in my last comment:

$ ansible-lint --version
ansible-lint 6.17.2 using ansible-core:2.15.1 ansible-compat:4.1.2 ruamel-yaml:0.17.32 ruamel-yaml-clib:0.2.7

Therefore I doubt ansible/ansible-lint-action#172 is the root cause

[gardar]

Can you please rebase?