Add ansible lint pr workflow

.ansible-lint

@@ -0,0 +1,129 @@
+---
+# .ansible-lint
+
+profile: production # min, basic, moderate,safety, shared, production
+
+# Allows dumping of results in SARIF format
+# sarif_file: result.sarif
+
+# exclude_paths included in this file are parsed relative to this file's location
+# and not relative to the CWD of execution. CLI arguments passed to the --exclude
+# option are parsed relative to the CWD of execution.
+exclude_paths:
+  - .github/
+  - .ansible-lint
+# parseable: true
+# quiet: true
+# strict: true
+# verbosity: 1
+
+# Mock modules or roles in order to pass ansible-playbook --syntax-check
+#mock_modules:
+#  - zuul_return
+# note the foo.bar is invalid as being neither a module or a collection
+#  - fake_namespace.fake_collection.fake_module
+#  - fake_namespace.fake_collection.fake_module.fake_submodule
+#mock_roles:
+#  - mocked_role
+#  - author.role_name # old standalone galaxy role
+#  - fake_namespace.fake_collection.fake_role # role within a collection
+
+# Enable checking of loop variable prefixes in roles
+loop_var_prefix: "^(__|{role}_)"
+
+# Enforce variable names to follow pattern below, in addition to Ansible own
+# requirements, like avoiding python identifiers. To disable add `var-naming`
+# to skip_list.
+var_naming_pattern: "^[a-z_][a-z0-9_]*$"
+
+use_default_rules: true
+# Load custom rules from this specific folder
+# rulesdir:
+#   - ./rule/directory/
+
+# Ansible-lint is able to recognize and load skip rules stored inside
+# `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files.
+# To skip a rule just enter filename and tag, like "playbook.yml package-latest"
+# on a new line.
+# Optionally you can add comments after the tag, prefixed by "#". We discourage
+# the use of skip_list below because that will hide violations from the output.
+# When putting ignores inside the ignore file, they are marked as ignored, but
+# still visible, making it easier to address later.
+skip_list:
+  - risky-shell-pipe
+#  - skip_this_tag
+
+# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
+# You must enable opt-in rules by listing each rule 'id' below.
+enable_list:
+  - args
+  - empty-string-compare # opt-in
+  - no-log-password # opt-in
+  - no-same-owner # opt-in
+  - name[prefix] # opt-in
+  - galaxy-version-incorrect # opt-in
+  # add yaml here if you want to avoid ignoring yaml checks when yamllint
+  # library is missing. Normally its absence just skips using that rule.
+  - yaml
+# Report only a subset of tags and fully ignore any others
+# tags:
+#   - jinja[spacing]
+
+# Ansible-lint does not fail on warnings from the rules or tags listed below
+#warn_list:
+#  - skip_this_tag
+#  - experimental # experimental is included in the implicit list
+# - role-name
+# - yaml[document-start]  # you can also use sub-rule matches
+
+# Some rules can transform files to fix (or make it easier to fix) identified
+# errors. `ansible-lint --fix` will reformat YAML files and run these transforms.
+# By default it will run all transforms (effectively `write_list: ["all"]`).
+# You can disable running transforms by setting `write_list: ["none"]`.
+# Or only enable a subset of rule transforms by listing rules/tags here.
+# write_list:
+#   - all
+
+# Offline mode disables installation of requirements.yml and schema refreshing
+offline: true
+
+  # Define required Ansible's variables to satisfy syntax check
+  #extra_vars:
+  #  foo: bar
+  #  multiline_string_variable: |
+  #    line1
+  #    line2
+  #  complex_variable: ":{;\t$()"
+
+  # Uncomment to enforce action validation with tasks, usually is not
+  # needed as Ansible syntax check also covers it.
+  # skip_action_validation: false
+
+  # List of additional kind:pattern to be added at the top of the default
+  # match list, first match determines the file kind.
+  #kinds:
+  # - playbook: "**/examples/*.{yml,yaml}"
+  # - galaxy: "**/folder/galaxy.yml"
+  # - tasks: "**/tasks/*.yml"
+  # - vars: "**/vars/*.yml"
+# - meta: "**/meta/main.yml"
+#  - yaml: "**/*.yaml-too"
+
+# List of additional collections to allow in only-builtins rule.
+# only_builtins_allow_collections:
+#   - example_ns.example_collection
+
+# List of additions modules to allow in only-builtins rule.
+# only_builtins_allow_modules:
+#   - example_module
+
+# Allow setting custom prefix for name[prefix] rule
+#task_name_prefix: "{stem} | "
+# Complexity related settings
+
+# Limit the depth of the nested blocks:
+# max_block_depth: 20
+
+# Also recognize these versions of Ansible as supported:
+# supported_ansible_also:
+#   - "2.14"

.github/workflows/pull-request.yml

@@ -0,0 +1,12 @@
+---
+name: Pull request
+
+on: pull_request
+
+jobs:
+  ansible-lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@main

.gitignore

@@ -0,0 +1 @@
+.idea

README.md

@@ -157,6 +157,22 @@ Example Playbook
       roles:
         - { role: f500.php8, php8_version: 8.0, php8_enable_fpm: yes }
 
+Linting
+-------
+Github actions will check this role with ansible-lint. To run this locally, you will need to follow the following steps:
+
+```bash
+brew install ansible-lint
+brew install yamllint
+ansible-lint
+```
+
+to fix the linting errors, run:
+
+```bash
+ansible-lint --fix
+```
+
 License
 -------
 

defaults/main.yml

@@ -2,50 +2,48 @@
 
 php8_version: 8.0
 
-php8_enable_apache: no
-php8_enable_cgi: no
-php8_enable_fpm: no
+php8_enable_apache: false
+php8_enable_cgi: false
+php8_enable_fpm: false
 
-php8_enable_dev: no
+php8_enable_dev: false
 
 php8_ini_directives_default:
-  allow_url_fopen: no
+  allow_url_fopen: false
   disable_functions: "exec, passthru, shell_exec, system, proc_open, popen, curl_exec, curl_multi_exec"
-  expose_php: no
-  session.cookie_httponly: yes
-  session.cookie_secure: yes
+  expose_php: false
+  session.cookie_httponly: true
+  session.cookie_secure: true
   session.hash_bits_per_character: 4
   session.hash_function: sha256
   session.sid_bits_per_character: 4
   session.sid_length: 64
-  session.use_strict_mode: yes
+  session.use_strict_mode: true
 
 php8_ini_directives_global: {}
 php8_ini_directives_cli: {}
 php8_ini_directives_apache: {}
 php8_ini_directives_cgi: {}
 php8_ini_directives_fpm: {}
-
 php8_extensions: []
 php8_versioned_extensions: []
-
 php8_fpm_pid: "/run/php/php{{ php8_version }}-fpm.pid"
 php8_fpm_error_log: "/var/log/php{{ php8_version }}-fpm.log"
 php8_fpm_log_level: warning
-php8_fpm_syslog_facility: ~
-php8_fpm_syslog_ident: ~
+php8_fpm_syslog_facility:
+php8_fpm_syslog_ident:
 php8_fpm_emergency_restart_threshold: 0
 php8_fpm_emergency_restart_interval: 0
 php8_fpm_process_control_timeout: 0
 php8_fpm_process_max: 0
-php8_fpm_process_priority: ~
-php8_fpm_daemonize: yes
-php8_fpm_rlimit_files: ~
-php8_fpm_rlimit_core: ~
+php8_fpm_process_priority:
+php8_fpm_daemonize: true
+php8_fpm_rlimit_files:
+php8_fpm_rlimit_core:
 php8_fpm_events_mechanism: epoll
 php8_fpm_systemd_interval: 10
 
-php8_fpm_pool_enabled: yes
+php8_fpm_pool_enabled: true
 php8_fpm_pool_name: www
 php8_fpm_pool_user: www-data
 php8_fpm_pool_group: www-data
@@ -54,9 +52,9 @@ php8_fpm_pool_listen_backlog: 512
 php8_fpm_pool_listen_owner: "{{ php8_fpm_pool_user }}"
 php8_fpm_pool_listen_group: "{{ php8_fpm_pool_group }}"
 php8_fpm_pool_listen_mode: "0660"
-php8_fpm_pool_listen_acl_users: ~
-php8_fpm_pool_listen_acl_groups: ~
-php8_fpm_pool_listen_allowed_clients: ~
+php8_fpm_pool_listen_acl_users:
+php8_fpm_pool_listen_acl_groups:
+php8_fpm_pool_listen_allowed_clients:
 php8_fpm_pool_pm: dynamic
 php8_fpm_pool_pm_max_children: 5
 php8_fpm_pool_pm_start_servers: 2
@@ -67,17 +65,17 @@ php8_fpm_pool_pm_max_requests: 512
 php8_fpm_pool_status_path: /status
 php8_fpm_pool_ping_path: /ping
 php8_fpm_pool_ping_response: pong
-php8_fpm_pool_access_log: ~
-php8_fpm_pool_access_format: ~
-php8_fpm_pool_slowlog: ~
+php8_fpm_pool_access_log:
+php8_fpm_pool_access_format:
+php8_fpm_pool_slowlog:
 php8_fpm_pool_request_slowlog_timeout: 0
 php8_fpm_pool_request_terminate_timeout: 0
-php8_fpm_pool_rlimit_files: ~
-php8_fpm_pool_rlimit_core: ~
-php8_fpm_pool_chroot: ~
+php8_fpm_pool_rlimit_files:
+php8_fpm_pool_rlimit_core:
+php8_fpm_pool_chroot:
 php8_fpm_pool_chdir: /var/www
-php8_fpm_pool_catch_workers_output: yes
-php8_fpm_pool_clear_env: yes
+php8_fpm_pool_catch_workers_output: true
+php8_fpm_pool_clear_env: true
 php8_fpm_pool_security_limit_extensions: .php
 php8_fpm_pool_env: {}
 php8_fpm_pool_php_admin_value: {}

handlers/main.yml

@@ -1,13 +1,12 @@
 ---
-
 - name: Restart Apache
-  service:
+  ansible.builtin.service:
     name: apache2
     state: restarted
   when: php8_enable_apache | bool
 
 - name: Restart PHP FPM
-  service:
+  ansible.builtin.service:
     name: "php{{ php8_version }}-fpm"
     state: restarted
   when: php8_enable_fpm | bool

meta/main.yml

@@ -2,15 +2,16 @@
 
 galaxy_info:
   role_name: php8
+  namespace: f500
   author: "Jasper N. Brouwer, Ramon de la Fuente"
   description: Install PHP version 8.X from deb.sury.org
   company: Future500
   license: LGPL-3.0
   min_ansible_version: "2.0"
   platforms:
-  - name: Debian
-    versions:
-      - bullseye
-      - bookworm
+    - name: Debian
+      versions:
+        - bullseye
+        - bookworm
   galaxy_tags:
     - web