chore: fix multiple linting issues

ekoops · ekoops · commit d7668af8a5ca · 2025-12-03T14:14:02.000+01:00
Signed-off-by: Leonardo Di Giovanna &lt;leonardodigiovanna1@gmail.com&gt;
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -1,7 +1,7 @@
 name: Main CI
 on:
   push:
-    branches: 
+    branches:
       - main
     paths:
       - 'images/**'
diff --git a/.github/workflows/matrix-gen-ci.yml b/.github/workflows/matrix-gen-ci.yml
@@ -10,7 +10,7 @@ jobs:
     steps:
       - name: Checkout repo ⤵️
         uses: actions/checkout@v4
-    
+
       - name: Build matrix_gen
         working-directory: ./matrix_gen
         run: go build .
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -1,7 +1,7 @@
 name: PR CI
 on:
   pull_request:
-    branches: 
+    branches:
       - main
     paths:
       - 'images/**'
diff --git a/.github/workflows/reusable_build_images.yml b/.github/workflows/reusable_build_images.yml
@@ -1,6 +1,6 @@
 name: Build and Push docker images
 on:
-  workflow_call:    
+  workflow_call:
     inputs:
       version:
         description: 'docker images version to be built/tagged'
@@ -26,7 +26,7 @@ jobs:
       matrix:
         arch: [amd64, arm64]
     runs-on: ${{ (matrix.arch == 'arm64' && 'ubuntu-22.04-arm') || 'ubuntu-22.04' }}
-    steps:  
+    steps:
       - name: Checkout repo
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
@@ -42,12 +42,12 @@ jobs:
         if: inputs.push
         run: |
           echo "PUSH=true" >> $GITHUB_ENV
-          
+
       - name: Set LATEST env var
         if: inputs.is_latest
         run: |
           echo "LATEST=true" >> $GITHUB_ENV
-          
+
       - name: Set TAG env var
         run: |
           echo "TAG=${{ inputs.version }}" >> $GITHUB_ENV
diff --git a/action.yml b/action.yml
@@ -10,7 +10,7 @@ inputs:
     description: 'libs repo to be tested, eg: falcosecurity/libs'
     required: false
     default: 'falcosecurity/libs'
-  build_matrix:  
+  build_matrix:
     description: 'Whether to generate matrixes as matrix artifact'
     required: false
     default: 'false'
@@ -24,7 +24,7 @@ outputs:
     value: ${{ steps.store-outputs.outputs.ansible }}
   matrix_output:
     description: "Uploaded matrix artifact name"
-    value: ${{ steps.store-outputs.outputs.matrix }}  
+    value: ${{ steps.store-outputs.outputs.matrix }}
 
 runs:
   using: "composite"
@@ -47,7 +47,7 @@ runs:
       working-directory: ${{ github.action_path }}/ansible-playbooks
       shell: bash
       run: ansible-playbook bootstrap.yml --extra-vars "@vars.yml"
-      
+
     - name: Common setup
       working-directory: ${{ github.action_path }}/ansible-playbooks
       shell: bash
@@ -57,38 +57,38 @@ runs:
       working-directory: ${{ github.action_path }}/ansible-playbooks
       shell: bash
       run: ansible-playbook git-repos.yml --extra-vars "@vars.yml"
-     
+
     - name: Run scap-open tests
       working-directory: ${{ github.action_path }}/ansible-playbooks
       shell: bash
       run: |
-        ansible-playbook scap-open.yml --extra-vars "@vars.yml" || : 
-          
+        ansible-playbook scap-open.yml --extra-vars "@vars.yml" || :
+
     - name: Tar output files
       shell: bash
       run: tar -cvf $GITHUB_ACTION_PATH/ansible_output.tar ~/ansible_output_${{ github.run_id }}
-    
+
     - name: Build matrix_gen and generate matrix
       if: inputs.build_matrix == 'true'
       working-directory: ${{ github.action_path }}/matrix_gen
       env:
         GOPATH: /root/go
         GOCACHE: /root/.cache/go-build
-      shell: bash  
+      shell: bash
       run: |
         go build .
         ./matrix_gen --root-folder ~/ansible_output_${{ github.run_id }} --output-file matrix.md
-        
+
     - name: Set output
       id: store-outputs
       shell: bash
       run: |
         echo "ansible=${{ github.action_path }}/ansible_output.tar" >> $GITHUB_OUTPUT
-        echo "matrix=${{ github.action_path }}/matrix_gen/matrix.md" >> $GITHUB_OUTPUT    
-          
+        echo "matrix=${{ github.action_path }}/matrix_gen/matrix.md" >> $GITHUB_OUTPUT
+
     - name: Cleanup
       if: always()
       working-directory: ${{ github.action_path }}/ansible-playbooks
       shell: bash
       run: |
-        ansible-playbook clean-up.yml --extra-vars "@vars.yml" || : 
+        ansible-playbook clean-up.yml --extra-vars "@vars.yml" || :
diff --git a/ansible-playbooks/group_vars/all/vars.yml b/ansible-playbooks/group_vars/all/vars.yml
@@ -98,4 +98,4 @@ remote_repos_folder: "/root"
 cached_files_path: "/root/kernel_testing_ci_cache"
 
 # Directory where ephemeral, run-specific files are stored.
-runtime_root: "{{ playbook_dir }}/runtime"
+runtime_root: "{{ playbook_dir }}/runtime"
diff --git a/ansible-playbooks/roles/bootstrap/tasks/main.yml b/ansible-playbooks/roles/bootstrap/tasks/main.yml
@@ -27,11 +27,11 @@
 
 - name: Set run files directory for the current run run_id={{ run_id }}
   ansible.builtin.set_fact:
-    run_files_path: "{{ runtime_root }}/{{ run_id }}"
+    bootstrap_run_files_path: "{{ runtime_root }}/{{ run_id }}"
 
 - name: Create the run files directory run_id={{ run_id }}
   ansible.builtin.file:
-    path: "{{ run_files_path }}"
+    path: "{{ bootstrap_run_files_path }}"
     state: directory
     mode: '0755'
 
@@ -108,11 +108,11 @@
   ansible.builtin.shell: |
     # Enable Bash safety only if running under Bash.
     [ -n "$BASH_VERSION" ] && eval "set -eo pipefail"
-    
+
     CID=""
     TMP_DIR=""
     LOOPDEV=""
-    
+
     cleanup() {
       EXIT_STATUS=$?
       [ "$EXIT_STATUS" -ne 0 ] && rm -rf "{{ disk_image }}" || :
@@ -123,27 +123,27 @@
         rm -rf "$TMP_DIR" || :
       fi
     }
-    
+
     # Trigger cleanup at exit.
     trap cleanup EXIT
-    
+
     # Create an initial empty disk image.
     truncate -s 5G "{{ disk_image }}"
     mkfs.ext4 -F "{{ disk_image }}"
-    
+
     # Create container.
     CID=$(docker create "{{ item.rootfs }}" /bin/sh) || exit 1
-    
+
     # Create a temporary directory.
     TMP_DIR=$(mktemp -d) || exit 1
-    
+
     # Attach loop device explicitly
     LOOPDEV=$(losetup -f --show "{{ disk_image }}")
 
     # Mount disk on a loop device and copy the image content into the disk.
     mount -o loop "{{ disk_image }}" "$TMP_DIR"
     docker export "$CID" | tar -C "$TMP_DIR" -xf -
-    
+
     # Finalize and check disk integrity.
     sync
     umount "$TMP_DIR"
@@ -155,7 +155,7 @@
   vars:
     rootfs_basename: "{{ item.rootfs | basename | regex_replace(':', '.') }}"
     original_image: "{{ cached_files_path }}/{{ rootfs_basename }}.ext4"
-    working_image: "{{ run_files_path }}/{{ rootfs_basename }}.ext4"
+    working_image: "{{ bootstrap_run_files_path }}/{{ rootfs_basename }}.ext4"
   # Create a lightweight CoW clone (if fs supports reflinks) and preserve raw disk sparseness.
   ansible.builtin.command: >
     cp --sparse=always --reflink=auto "{{ original_image }}" "{{ working_image }}"
@@ -168,7 +168,7 @@
 - name: Setup ssh inside rootfs ext4 image clones
   vars:
     rootfs_basename: "{{ item.rootfs | basename | regex_replace(':', '.') }}"
-    disk_image: "{{ run_files_path }}/{{ rootfs_basename }}.ext4"
+    disk_image: "{{ bootstrap_run_files_path }}/{{ rootfs_basename }}.ext4"
   become: true
   block:
     - name: Ensure filesystem is clean before modifying rootfs ext4 image clones
@@ -191,21 +191,22 @@
       loop: "{{ machines | union(builders) }}"
       when: item.arch == ansible_facts['architecture']
 
-- import_role:
+- name: Run common/tasks/compute_tap_dev_map.yml
+  ansible.builtin.import_role:
     name: common
     tasks_from: compute_tap_dev_map
 
 - name: Verify any conflict in tap device map
   ansible.builtin.command: >
-    "{{ role_path }}/files/check_net_conflicts.sh" {{ tap_dev_map | to_json | quote }}
+    "{{ role_path }}/files/check_net_conflicts.sh" {{ common_tap_dev_map | to_json | quote }}
   changed_when: false
 
 - name: Create and configure tap devices for VMs
   become: true
   block:
     - name: Create tap devices
       vars:
-        tap_dev_name: "{{ tap_dev_map[item.name].name }}"
+        tap_dev_name: "{{ common_tap_dev_map[item.name].name }}"
       ansible.builtin.command: ip tuntap add dev "{{ tap_dev_name }}" mode tap
       args:
         creates: "/sys/class/net/{{ tap_dev_name }}/ifindex"
@@ -214,21 +215,22 @@
 
     - name: Set tap devices up
       vars:
-        tap_dev_name: "{{ tap_dev_map[item.name].name }}"
+        tap_dev_name: "{{ common_tap_dev_map[item.name].name }}"
       ansible.builtin.command: ip link set "{{ tap_dev_name }}" up
       loop: "{{ machines | union(builders) }}"
       when: item.arch == ansible_facts["architecture"]
       changed_when: false
 
     - name: Set IP addresses on tap devices
       vars:
-        tap_dev_name: "{{ tap_dev_map[item.name].name }}"
-        ip_addr: "{{ tap_dev_map[item.name].host_ip }}/30"
-      ansible.builtin.shell: |
-        ip -o addr show dev "{{ tap_dev_name }}" | grep -q "{{ ip_addr }}" || \
-        ip addr add "{{ ip_addr }}" dev "{{ tap_dev_name }}"
+        tap_dev_name: "{{ common_tap_dev_map[item.name].name }}"
+        ip_addr: "{{ common_tap_dev_map[item.name].host_ip }}/30"
+      ansible.builtin.command: ip addr add "{{ ip_addr }}" dev "{{ tap_dev_name }}"
       loop: "{{ machines | union(builders) }}"
-      when: item.arch == ansible_facts["architecture"]
+      when:
+        - item.arch == ansible_facts["architecture"]
+        - ip_addr not in lookup('pipe', 'ip -o addr show dev ' ~ tap_dev_name)
+      changed_when: true
 
 - name: Start dnsmasq services
   become: true
@@ -240,18 +242,16 @@
         owner: root
         group: root
         mode: "0644"
-      register: unit_file
+      notify: Reload systemd
 
-    - name: Reload systemd units
-      ansible.builtin.systemd:
-        daemon_reload: true
-      when: unit_file.changed
+    - name: Execute notified systemd reloading handler
+      ansible.builtin.meta: flush_handlers
 
     - name: Start dnsmasq service on each tap device
       vars:
-        tap_dev_name: "{{ tap_dev_map[item.name].name }}"
-        host_ip: "{{ tap_dev_map[item.name].host_ip }}"
-        guest_ip: "{{ tap_dev_map[item.name].guest_ip }}"
+        tap_dev_name: "{{ common_tap_dev_map[item.name].name }}"
+        host_ip: "{{ common_tap_dev_map[item.name].host_ip }}"
+        guest_ip: "{{ common_tap_dev_map[item.name].guest_ip }}"
       ansible.builtin.systemd:
         name: "dnsmasq-tap@{{ tap_dev_name }}:{{ host_ip }}:{{ guest_ip }}"
         state: started
@@ -264,21 +264,21 @@
     rootfs_basename: "{{ item.rootfs | basename | regex_replace(':', '.') }}"
     vmlinux_path: "{{ cached_files_path }}/{{ kernel_basename }}.vmlinux"
     initrd_path: "{{ cached_files_path }}/{{ kernel_basename }}.initrd"
-    rootfs_disk_path: "{{ run_files_path }}/{{ rootfs_basename }}.ext4"
-    tap_dev_name: "{{ tap_dev_map[item.name].name }}"
+    rootfs_disk_path: "{{ bootstrap_run_files_path }}/{{ rootfs_basename }}.ext4"
+    tap_dev_name: "{{ common_tap_dev_map[item.name].name }}"
   ansible.builtin.template:
     src: vmconfig.json.j2
-    dest: "{{ run_files_path }}/{{ item.name }}.json"
+    dest: "{{ bootstrap_run_files_path }}/{{ item.name }}.json"
     mode: '0755'
   loop: "{{ machines | union(builders) }}"
   when: item.arch == ansible_facts["architecture"]
 
 - name: Create virtual machines run_id={{ run_id }}
   vars:
     vm_name: "{{ item.name | regex_replace('[.]', '-') }}-{{ run_id }}"
-    vm_config_path: "{{ run_files_path }}/{{ item.name }}.json"
+    vm_config_path: "{{ bootstrap_run_files_path }}/{{ item.name }}.json"
     vm_socket_path: "/tmp/{{ run_id }}-{{ item.name }}.sock"
-    vm_logs_path: "{{ run_files_path }}/{{ item.name }}.log"
+    vm_logs_path: "{{ bootstrap_run_files_path }}/{{ item.name }}.log"
   ansible.builtin.shell: >
     RUST_LOG=debug nohup firecracker \
       --no-seccomp \
diff --git a/ansible-playbooks/roles/bootstrap/templates/inventory.ini.j2 b/ansible-playbooks/roles/bootstrap/templates/inventory.ini.j2
@@ -2,13 +2,13 @@
 [machines]
 {% for item in machines %}
 {% if item.arch == ansible_facts["architecture"] %}
-{{ item.name }} ansible_host={{ tap_dev_map[item.name].guest_ip }} ansible_ssh_common_args='-o BindInterface={{ tap_dev_map[item.name].name }}' ansible_ssh_private_key_file={{ prv_key_path }}
+{{ item.name }} ansible_host={{ common_tap_dev_map[item.name].guest_ip }} ansible_ssh_common_args='-o BindInterface={{ common_tap_dev_map[item.name].name }}' ansible_ssh_private_key_file={{ prv_key_path }}
 {% endif %}
 {% endfor %}
 
 [builders]
 {% for item in builders %}
 {% if item.arch == ansible_facts["architecture"] %}
-{{ item.name }} ansible_host={{ tap_dev_map[item.name].guest_ip }} ansible_ssh_common_args='-o BindInterface={{ tap_dev_map[item.name].name }}' ansible_ssh_private_key_file={{ prv_key_path }}
+{{ item.name }} ansible_host={{ common_tap_dev_map[item.name].guest_ip }} ansible_ssh_common_args='-o BindInterface={{ common_tap_dev_map[item.name].name }}' ansible_ssh_private_key_file={{ prv_key_path }}
 {% endif %}
 {% endfor %}
diff --git a/ansible-playbooks/roles/clean_up/tasks/main.yml b/ansible-playbooks/roles/clean_up/tasks/main.yml
diff --git a/ansible-playbooks/roles/common/tasks/compute_tap_dev_map.yml b/ansible-playbooks/roles/common/tasks/compute_tap_dev_map.yml
diff --git a/ansible-playbooks/roles/scap_open/tasks/main.yml b/ansible-playbooks/roles/scap_open/tasks/main.yml
