Conversation
malor
force-pushed
the
ci
branch
5 times, most recently
from
a0082a9 to
5c52153
Compare
Apparantely, there were some changes in the recent Ansible releases and strings are no longer allowed in boolean context. Instead, we need to use an additional filter to verify that a string is non-empty. See https://docs.ansible.com/projects/ansible/latest/porting_guides/porting_guide_12.html for more details.
apt-key is deprecated and is going to be removed in the next Debian stable release. The suggested migration path is to use the so called DEB822 source format. Among other things, this new format allows to specify the package signing key. Conveniently, Ansible provides a module that supports DEB822-style source definitions. Configured keys are fetched and stashed in /etc/apt/trusted.gpg.d, similarly to how this was handled with apt-key. The crucial difference is that the scope of each key is limited to a single source now.
* ansible-lint version we pin is incompatible with the new ansible-core version * The new version is unhappy about variable names (that, apparentely, should use the role name prefix by convention) and requires using Python 3.13
| uses: actions/setup-python@v4 | ||
| with: | ||
| python-version: '3.12' | ||
| python-version: '3.13' |
There was a problem hiding this comment.
The latest ansible-lint version somehow requires 3.13 specifically and won't work otherwise.
| hooks: | ||
| - id: ansible-lint | ||
| args: [-x, meta-no-info] | ||
| args: [-x, "meta-no-info,no-handler"] |
There was a problem hiding this comment.
See the comment below on why we need this now.
| state: present | ||
| filename: caddy | ||
| with_items: "{{ caddy_apt_repo }}" | ||
| - name: Update apt cache if needed |
There was a problem hiding this comment.
deb822_repository does not trigger apt cache update when a source is added or updated. The suggestion in the documentation is to update the cache based on the change status. ansible-lint points out that it's what handlers are for... but handlers are normally executed after all other actions of a play, which does not work for us. We could make it a handler and add another task to flush all pending handlers, but that feels a bit silly? We might as well just do it explicitly.
There was a problem hiding this comment.
My personal preference is what you do right now. At least that's what I'm doing in my other ansible playbooks. I feel like running 'flush_handlers' is a hack.
| - id: trailing-whitespace | ||
|
|
||
| - repo: https://github.com/ansible-community/ansible-lint.git | ||
| rev: v6.22.0 |
There was a problem hiding this comment.
This version no longer works with recent ansible-core.
| file: restore.yml | ||
| with_items: "{{ postgres_users }}" | ||
| when: item.backup_restore is defined and item.backup_restore | ||
| when: item.backup_restore is defined and item.backup_restore | length > 0 |
There was a problem hiding this comment.
This is a new requirement from https://docs.ansible.com/projects/ansible/latest/porting_guides/porting_guide_12.html.
| positional_args: | ||
| - "{{ item.username }}" | ||
| register: existing_tables | ||
| register: postgres_existing_tables |
There was a problem hiding this comment.
This is a new lint warning: all variables must use the role prefix.
| name: acl | ||
| name: | ||
| - acl | ||
| - python3-debian |
There was a problem hiding this comment.
This is a dependency of the deb822_repository Ansible module.
| state: present | ||
| filename: caddy | ||
| with_items: "{{ caddy_apt_repo }}" | ||
| - name: Update apt cache if needed |
There was a problem hiding this comment.
My personal preference is what you do right now. At least that's what I'm doing in my other ansible playbooks. I feel like running 'flush_handlers' is a hack.
2 participants
apt-keyis deprecated and is going to be removed in the next Debian stable release. The suggested migration path is to use the so called DEB822 source format. Among other things, this new format allows to specify the package signing key. Conveniently, Ansible provides a module that supports DEB822-style source definitions.Configured keys are fetched and stashed in
/etc/apt/trusted.gpg.d, similarly to how this was handled withapt-key. The crucial difference is that the scope of each key is limited to a single source now.This also includes minor changes to make the linter happy and fix the playbook execution on recent Ansible versions. See the inline comments and individual commits for details.