Fix linting issues.

The super-linter.env currently has the following additions that are to be addressed in the future:
VALIDATE_GITHUB_ACTIONS=false
VALIDATE_SHELL_SHFMT=false
VALIDATE_YAML=false

Most of the linting for the above has been addressed with just a single issue remaining that blocks the linter from being enabled.

Author: maxstack

.ansible-lint.yml

@@ -1,9 +1,22 @@
 ---
 skip_list:
-  - var-naming[no-role-prefix]
+  - role-name
+  # Unresolved issues with parsing jinja in multiline strings
+  # https://github.com/ansible/ansible-lint/issues/3935
+  - jinja[spacing]
   - galaxy[no-changelog]
-  - galaxy[version-incorrect]
   - meta-runtime[unsupported-version]
+
+warn_list:
+  - name[missing]
+  - name[play]
+  - var-naming
+
 exclude_paths:
   - actionlint.yml
+  - .ansible/
   - .github/
+  # The following are files with syntax errors.
+  # Rule 'syntax-check' is unskippable, you cannot use it in 'skip_list' or 'warn_list'. Still, you could exclude the file.
+  - ansible/roles/filebeat/tasks/runtime.yml
+  - environments/common/files/filebeat/filebeat.yml

.checkov.yaml

@@ -0,0 +1,4 @@
+---
+skip-check:
+  # Requires all blocks to have rescue: - not considered appropriate
+  - CKV2_ANSIBLE_3

.editorconfig

@@ -3,6 +3,6 @@
 
 # shfmt will default to indenting shell scripts with tabs,
 # define the indent as 2 spaces
-[bin/*]
+[{.github/bin,dev}/*.sh]
 indent_style = space
 indent_size = 2

.github/bin/create-merge-branch.sh

@@ -44,7 +44,7 @@ if git show-branch "remotes/origin/$BRANCH_NAME" >/dev/null 2>&1; then
 fi
 
 echo "[INFO] Merging release tag - $RELEASE_TAG"
-git merge --strategy recursive -X theirs --no-commit $RELEASE_TAG
+git merge --strategy recursive -X theirs --no-commit "$RELEASE_TAG"
 
 # Check if the merge resulted in any changes being staged
 if [ -n "$(git status --short)" ]; then
@@ -54,7 +54,7 @@ if [ -n "$(git status --short)" ]; then
   # NOTE(scott): The GitHub create-pull-request action does
   # the commiting for us, so we only need to make branches
   # and commits if running outside of GitHub actions.
-  if [ ! $GITHUB_ACTIONS ]; then
+  if [ ! "$GITHUB_ACTIONS" ]; then
     echo "[INFO] Checking out temporary branch '$BRANCH_NAME'..."
     git checkout -b "$BRANCH_NAME"
 
@@ -74,8 +74,8 @@ if [ -n "$(git status --short)" ]; then
 
   # Write a file containing the branch name and tag
   # for automatic PR or MR creation that follows
-  echo "BRANCH_NAME=\"$BRANCH_NAME\"" > .mergeenv
-  echo "RELEASE_TAG=\"$RELEASE_TAG\"" >> .mergeenv
+  echo "BRANCH_NAME=\"$BRANCH_NAME\"" >.mergeenv
+  echo "RELEASE_TAG=\"$RELEASE_TAG\"" >>.mergeenv
 else
   echo "[INFO] Merge resulted in no changes"
-fi
+fi

.github/bin/get-s3-image.sh

@@ -13,14 +13,14 @@ echo "Checking if image $image_name exists in OpenStack"
 image_exists=$(openstack image list --name "$image_name" -f value -c Name)
 
 if [ -n "$image_exists" ]; then
-    echo "Image $image_name already exists in OpenStack."
+  echo "Image $image_name already exists in OpenStack."
 else
-    echo "Image $image_name not found in OpenStack. Getting it from S3."
+  echo "Image $image_name not found in OpenStack. Getting it from S3."
 
-    wget https://object.arcus.openstack.hpc.cam.ac.uk/swift/v1/AUTH_3a06571936a0424bb40bc5c672c4ccb1/$bucket_name/$image_name --progress=dot:giga
+  wget "https://object.arcus.openstack.hpc.cam.ac.uk/swift/v1/AUTH_3a06571936a0424bb40bc5c672c4ccb1/$bucket_name/$image_name --progress=dot:giga"
 
-    echo "Uploading image $image_name to OpenStack..."
-    openstack image create --file $image_name --disk-format qcow2 $image_name --progress
+  echo "Uploading image $image_name to OpenStack..."
+  openstack image create --file "$image_name" --disk-format qcow2 "$image_name" --progress
 
-    echo "Image $image_name has been uploaded to OpenStack."
-fi
+  echo "Image $image_name has been uploaded to OpenStack."
+fi

.github/linters/.checkov.yaml

@@ -0,0 +1 @@
+../../.checkov.yaml

.github/linters/.python-lint

@@ -0,0 +1 @@
+../../.python-lint

.github/linters/.shellcheckrc

@@ -0,0 +1 @@
+../../.shellcheckrc

.github/linters/.yamllint.yml

@@ -0,0 +1 @@
+../../.yamllint.yml

.github/workflows/extra.yml

@@ -18,6 +18,12 @@ on:
       - 'ansible/roles/lustre/**'
       - '.github/workflows/extra.yml'
 
+permissions:
+  contents: read
+  packages: write
+  # To report GitHub Actions status checks
+  statuses: write
+
 jobs:
   doca:
     name: extra-build
@@ -44,7 +50,7 @@ jobs:
       ARK_PASSWORD: ${{ secrets.ARK_PASSWORD }}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Load current fat images into GITHUB_ENV
         # see https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#example-of-a-multiline-string
@@ -58,7 +64,7 @@ jobs:
       - name: Record settings
         run: |
           echo CI_CLOUD: ${{ env.CI_CLOUD }}
-          echo FAT_IMAGES: ${FAT_IMAGES}
+          echo "FAT_IMAGES: ${FAT_IMAGES}"
 
       - name: Setup ssh
         run: |
@@ -97,7 +103,7 @@ jobs:
           
           PACKER_LOG=1 packer build \
           -on-error=${{ vars.PACKER_ON_ERROR }} \
-          -var-file=$PKR_VAR_environment_root/${{ env.CI_CLOUD }}.pkrvars.hcl \
+          -var-file="$PKR_VAR_environment_root/${{ env.CI_CLOUD }}.pkrvars.hcl" \
           -var "source_image_name=${{ fromJSON(env.FAT_IMAGES)['cluster_image'][matrix.build.source_image_name_key] }}" \
           -var "image_name=${{ matrix.build.image_name }}" \
           -var "inventory_groups=${{ matrix.build.inventory_groups }}" \
@@ -109,14 +115,14 @@ jobs:
         run: |
           . venv/bin/activate
           IMAGE_ID=$(jq --raw-output '.builds[-1].artifact_id' packer/packer-manifest.json)
-          while ! openstack image show -f value -c name $IMAGE_ID; do
+          while ! openstack image show -f value -c name "$IMAGE_ID"; do
             sleep 5
           done
-          IMAGE_NAME=$(openstack image show -f value -c name $IMAGE_ID)
+          IMAGE_NAME=$(openstack image show -f value -c name "$IMAGE_ID")
           echo "image-name=${IMAGE_NAME}" >> "$GITHUB_OUTPUT"
           echo "image-id=$IMAGE_ID" >> "$GITHUB_OUTPUT"
-          echo $IMAGE_ID > image-id.txt
-          echo $IMAGE_NAME > image-name.txt
+          echo "$IMAGE_ID" > image-id.txt
+          echo "$IMAGE_NAME" > image-name.txt
 
       - name: Make image usable for further builds
         run: |