Fix ansible-lint violations in gitlab_runner role

Author: tobiashuste

.github/workflows/gitlab_runner.yml

@@ -34,8 +34,8 @@ env:
 jobs:
 
   test:
-    name: Run Molecule tests.
-    runs-on: ubuntu-24.04
+    name: "Run Molecule tests."
+    runs-on: "ubuntu-24.04"
     env:
       PY_COLORS: 1
       ANSIBLE_FORCE_COLOR: 1
@@ -70,5 +70,5 @@ jobs:
         run: "pipenv run molecule test -s gitlab_runner"
         env:
           MOLECULE_IMAGE: "${{ matrix.image }}"
-          AUTHENTICATION_TOKEN: ${{ secrets.authentication_token }}
+          AUTHENTICATION_TOKEN: "${{ secrets.authentication_token }}"
         working-directory: "ansible_collections/hifis/toolkit"

molecule/gitlab_runner/converge.yml

@@ -4,8 +4,8 @@
 # SPDX-License-Identifier: Apache-2.0
 
 ---
-- name: Converge
-  hosts: all
+- name: "Converge"
+  hosts: "all"
   tasks:
     - name: "Include gitlab_runner role"
       ansible.builtin.include_role:

molecule/gitlab_runner/molecule.yml

@@ -5,31 +5,31 @@
 
 ---
 dependency:
-  name: galaxy
+  name: "galaxy"
   options:
     requirements-file: "molecule/gitlab_runner/requirements.yml"
 driver:
-  name: podman
+  name: "podman"
 platforms:
-  - name: instancegitlabciopenstack1
-    image: ${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:24.04}
+  - name: "instancegitlabciopenstack1"
+    image: "${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:24.04}"
     pre_build_image: true
     override_command: false
     privileged: true  # Required to run Docker in Podman
     systemd: true
     tty: true
-  - name: instancegitlabciopenstack2
-    image: ${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:24.04}
+  - name: "instancegitlabciopenstack2"
+    image: "${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:24.04}"
     pre_build_image: true
     override_command: false
     privileged: true  # Required to run Docker in Podman
     systemd: true
     tty: true
 provisioner:
-  name: ansible
+  name: "ansible"
   playbooks:
-    prepare: prepare.yml
-    converge: converge.yml
+    prepare: "prepare.yml"
+    converge: "converge.yml"
   inventory:
     hosts:
       all:
@@ -53,7 +53,7 @@ provisioner:
           - name: "test01"
             url: "https://gitlab.com"
             description: "Molecule test runner"
-            authentication_token: ${AUTHENTICATION_TOKEN}
+            authentication_token: "${AUTHENTICATION_TOKEN}"
             executor: "docker"
             environment: ["CI_CPUS=8", "DOCKER_TLS_CERTDIR=/certs"]
             docker_security_opts: ["seccomp=unconfined"]
@@ -65,7 +65,7 @@ provisioner:
             docker_image: "python:3.8"
             docker_network_mtu: 1442
             tags: ["docker", "hifis"]
-            locked: True
+            locked: true
             limit: 10
       instancegitlabciopenstack2:
         gitlab_runner_version: "16.11.0"
@@ -79,15 +79,15 @@ provisioner:
           - name: "test01"
             url: "https://gitlab.com"
             description: "Molecule test runner"
-            authentication_token: ${AUTHENTICATION_TOKEN}
+            authentication_token: "${AUTHENTICATION_TOKEN}"
             executor: "docker+machine"
             environment: ["CI_CPUS=8", "DOCKER_TLS_CERTDIR=/certs"]
             docker_volumes: ["/cache", "/certs/client", "/opt/docker/daemon.json:/etc/docker/daemon.json:ro"]
             docker_image: "python:3.8"
             docker_shm_size: 2147483648
-            docker_disable_cache: True
+            docker_disable_cache: true
             tags: ["docker", "hifis"]
-            locked: True
+            locked: true
             limit: 10
             machine_idle_count: 5
             machine_idle_time: 7200
@@ -119,19 +119,19 @@ provisioner:
             cache_bucket_location: "eu-west-1"
             cache_insecure: "false"
 verifier:
-  name: ansible
+  name: "ansible"
 scenario:
-  name: gitlab_runner
+  name: "gitlab_runner"
   test_sequence:
-    - destroy
-    - dependency
-    - syntax
-    - create
-    - prepare
-    - check
-    - converge
-    - idempotence
-    - check
-    - side_effect
-    - verify
-    - destroy
+    - "destroy"
+    - "dependency"
+    - "syntax"
+    - "create"
+    - "prepare"
+    - "check"
+    - "converge"
+    - "idempotence"
+    - "check"
+    - "side_effect"
+    - "verify"
+    - "destroy"

molecule/gitlab_runner/prepare.yml

@@ -4,31 +4,31 @@
 # SPDX-License-Identifier: Apache-2.0
 
 ---
-- name: Prepare
-  hosts: all
+- name: "Prepare"
+  hosts: "all"
   tasks:
-    - name: Install necessary packages
-      when: ansible_os_family == 'Debian'
+    - name: "Install necessary packages"
+      when: "ansible_os_family == 'Debian'"
       block:
-        - name: Install missing dependencies
+        - name: "Install missing dependencies"
           ansible.builtin.apt:
             name:
-              - sudo              # for `become` privilege escalation
-              - iproute2          # for gathering network facts
-              - ca-certificates   # for Gitlab-Runner download
-              - gpg
-              - python3-debian
-            state: present
-            update_cache: yes
-    - name: Set up iptables
-      when: ansible_distribution == 'Debian'
+              - "sudo"              # for `become` privilege escalation
+              - "iproute2"          # for gathering network facts
+              - "ca-certificates"   # for Gitlab-Runner download
+              - "gpg"
+              - "python3-debian"
+            state: "present"
+            update_cache: true
+    - name: "Set up iptables"
+      when: "ansible_distribution == 'Debian'"
       block:
         - name: "Install missing dependencies"
           ansible.builtin.apt:
             name:
               - "iptables"
             state: "present"
-            update_cache: yes
+            update_cache: true
         - name: "Use legacy iptables"
           community.general.alternatives:
             name: "iptables"

molecule/gitlab_runner/requirements.yml

@@ -5,4 +5,4 @@
 
 ---
 roles:
-  - name: geerlingguy.docker
+  - name: "geerlingguy.docker"

molecule/gitlab_runner/verify.yml

@@ -4,123 +4,123 @@
 # SPDX-License-Identifier: Apache-2.0
 
 ---
-- name: Verify
-  hosts: all
+- name: "Verify"
+  hosts: "all"
   tasks:
-    - name: Gather package facts
+    - name: "Gather package facts"
       ansible.builtin.package_facts:
-        manager: auto
+        manager: "auto"
 
-    - name: Gather service facts
+    - name: "Gather service facts"
       ansible.builtin.service_facts:
 
-    - name: Assert that docker is installed
-      when: gitlab_runner_install_docker
+    - name: "Assert that docker is installed"
+      when: "gitlab_runner_install_docker"
       ansible.builtin.assert:
         that:
           - "'docker-ce' in ansible_facts.packages"
 
-    - name: Assert that docker is not installed
-      when: not gitlab_runner_install_docker
+    - name: "Assert that docker is not installed"
+      when: "not gitlab_runner_install_docker"
       ansible.builtin.assert:
         that:
           - "'docker-ce' not in ansible_facts.packages"
 
-    - name: Assert that Docker systemd service is running
-      when: gitlab_runner_install_docker
+    - name: "Assert that Docker systemd service is running"
+      when: "gitlab_runner_install_docker"
       ansible.builtin.assert:
         that:
           - "ansible_facts.services['docker.service'].state == 'running'"
           - "ansible_facts.services['docker.service'].status == 'enabled'"
 
-    - name: Check that docker-machine is properly installed
-      ansible.builtin.command: docker-machine version
+    - name: "Check that docker-machine is properly installed"
+      ansible.builtin.command: "docker-machine version"
       changed_when: false
-      register: machine_version
+      register: "machine_version"
       when: "gitlab_runner_list | selectattr('executor', 'equalto', 'docker+machine') | list | length > 0"
       failed_when: "'0.16.2-gitlab.25' not in machine_version.stdout"
 
-    - name: Assert that Gitlab-Runner is installed
+    - name: "Assert that Gitlab-Runner is installed"
       ansible.builtin.assert:
         that:
           - "'gitlab-runner' in ansible_facts.packages"
 
-    - name: Assert that installed GitLab Runner version is equal to the desired one
+    - name: "Assert that installed GitLab Runner version is equal to the desired one"
       ansible.builtin.assert:
         that:
           - "ansible_facts.packages['gitlab-runner'][0].version == gitlab_runner_version + '-1'"
       when:
-        - gitlab_runner_version is defined
+        - "gitlab_runner_version is defined"
 
-    - name: Assert that ignition.json file was created
+    - name: "Assert that ignition.json file was created"
       ansible.builtin.stat:
-        path: /etc/gitlab-runner/ignition.json
-      register: ignition
-      failed_when: not ignition.stat.isreg
+        path: "/etc/gitlab-runner/ignition.json"
+      register: "ignition"
+      failed_when: "not ignition.stat.isreg"
 
-    - name: Determine generated SSH public key
-      when: gitlab_runner_ssh_public_key | default("") | length == 0 or gitlab_runner_ssh_public_key | default("") | length == 0
+    - name: "Determine generated SSH public key"
+      when: "gitlab_runner_ssh_public_key | default('') | length == 0 or gitlab_runner_ssh_public_key | default('') | length == 0"
       block:
-        - name: Assert that SSH key pair was created
+        - name: "Assert that SSH key pair was created"
           ansible.builtin.stat:
-            path: /etc/gitlab-runner/gitlab_runner_key
-          register: ssh_key
-          failed_when: not ssh_key.stat.isreg or ssh_key.stat.mode != "0600"
+            path: "/etc/gitlab-runner/gitlab_runner_key"
+          register: "ssh_key"
+          failed_when: "not ssh_key.stat.isreg or ssh_key.stat.mode != '0600'"
 
-        - name: Read generated SSH public key
-          ansible.builtin.command: cat /etc/gitlab-runner/gitlab_runner_key.pub
-          register: generated_pub_key
+        - name: "Read generated SSH public key"
+          ansible.builtin.command: "cat /etc/gitlab-runner/gitlab_runner_key.pub"
+          register: "generated_pub_key"
           changed_when: false
 
-        - name: Store generated SSH public key in variable
+        - name: "Store generated SSH public key in variable"
           ansible.builtin.set_fact:
             gitlab_runner_ssh_key: "{{ generated_pub_key.stdout | trim }}"
 
-    - name: Store predefined SSH public key in variable
+    - name: "Store predefined SSH public key in variable"
       ansible.builtin.set_fact:
         gitlab_runner_ssh_key: "{{ lookup('file', gitlab_runner_ssh_public_key) | trim }}"
       when:
-        - gitlab_runner_ssh_public_key | default("") | length > 0
-        - gitlab_runner_ssh_private_key | default("") | length > 0
+        - "gitlab_runner_ssh_public_key | default('') | length > 0"
+        - "gitlab_runner_ssh_private_key | default('') | length > 0"
 
-    - name: Read flatcar linux config
-      ansible.builtin.command: cat /etc/gitlab-runner/ignition.json
-      register: flatcar_linux_config
+    - name: "Read flatcar linux config"
+      ansible.builtin.command: "cat /etc/gitlab-runner/ignition.json"
+      register: "flatcar_linux_config"
       changed_when: false
 
-    - name: Assert that SSH public key exists in flatcar linux config
+    - name: "Assert that SSH public key exists in flatcar linux config"
       ansible.builtin.assert:
         that:
-          - flatcar_linux_config.stdout.find(gitlab_runner_ssh_key) != -1
+          - "flatcar_linux_config.stdout.find(gitlab_runner_ssh_key) != -1"
 
-    - name: Store authentication token environment variable as Ansible fact.
+    - name: "Store authentication token environment variable as Ansible fact."
       ansible.builtin.set_fact:
         gitlab_runner_authentication_token: "{{ lookup('env', 'AUTHENTICATION_TOKEN') }}"
 
-    - name: Assert that the runner was registered successfully
-      ansible.builtin.command: gitlab-runner list
+    - name: "Assert that the runner was registered successfully"
+      ansible.builtin.command: "gitlab-runner list"
       changed_when: false
-      register: runners
+      register: "runners"
       failed_when: "'test01' not in runners.stderr"
       # Do not verify runner registration in forks
       when: "gitlab_runner_authentication_token | length > 0"
 
-    - name: Assert that the verify command is successful
-      ansible.builtin.command: gitlab-runner verify
+    - name: "Assert that the verify command is successful"
+      ansible.builtin.command: "gitlab-runner verify"
       changed_when: false
-      register: runners_verify
-      failed_when: runners_verify.rc != 0
+      register: "runners_verify"
+      failed_when: "runners_verify.rc != 0"
 
     - name: "Assert that metrics endpoint is activated"
       when: "gitlab_runner_listen_address is defined and gitlab_runner_listen_address | length > 0"
       ansible.builtin.uri:
         url: "http://{{ gitlab_runner_listen_address }}/metrics"
-        return_content: yes
+        return_content: true
       register: "metrics"
       failed_when: '"# TYPE gitlab_runner_version_info" not in metrics.content'
 
-    - name: Unregister GitLab-Runner
-      ansible.builtin.command: gitlab-runner unregister --all-runners
+    - name: "Unregister GitLab-Runner"
+      ansible.builtin.command: "gitlab-runner unregister --all-runners"
       changed_when: false
       # Do not verify runner registration in forks
       when: "gitlab_runner_authentication_token | length > 0"

requirements.yml

@@ -11,4 +11,4 @@ collections:
   - name: "community.general"
 
 roles:
-  - name: geerlingguy.docker
+  - name: "geerlingguy.docker"

roles/gitlab_runner/defaults/main.yml

@@ -21,8 +21,8 @@ gitlab_runner_transpiler_binary_checksum: "sha256:28003c61b991d17d66c23cd3f30520
 gitlab_runner_install_docker: true
 
 gitlab_runner_namerservers:
-    - 9.9.9.9
-    - 149.112.112.112
+    - "9.9.9.9"
+    - "149.112.112.112"
 
 gitlab_runner_mtu: 1450