ansible-lint
ansible-lint documentation
- Version in MegaLinter: 24.2.0
- Visit Official Web Site
- See How to configure ansible-lint rules
- See How to disable ansible-lint rules in files
- See Index of problems detected by ansible-lint
Configuration in MegaLinter
- Enable ansible-lint by adding
ANSIBLE_ANSIBLE_LINT
in ENABLE_LINTERS variable - Disable ansible-lint by adding
ANSIBLE_ANSIBLE_LINT
in DISABLE_LINTERS variable
Variable | Description | Default value |
---|---|---|
ANSIBLE_ANSIBLE_LINT_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
ANSIBLE_ANSIBLE_LINT_COMMAND_REMOVE_ARGUMENTS | User custom arguments to remove from command line before calling the linter Ex: -s --foo "bar" |
|
ANSIBLE_ANSIBLE_LINT_FILE_EXTENSIONS | Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all filesEx: [".py", ""] |
[".yml", ".yaml"] |
ANSIBLE_ANSIBLE_LINT_FILE_NAMES_REGEX | File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files Ex: ["Dockerfile(-.+)?", "Jenkinsfile"] |
Include every file |
ANSIBLE_ANSIBLE_LINT_PRE_COMMANDS | List of bash commands to run before the linter | None |
ANSIBLE_ANSIBLE_LINT_POST_COMMANDS | List of bash commands to run after the linter | None |
ANSIBLE_ANSIBLE_LINT_UNSECURED_ENV_VARIABLES | List of env variables explicitly not filtered before calling ANSIBLE_ANSIBLE_LINT and its pre/post commands | None |
ANSIBLE_ANSIBLE_LINT_CONFIG_FILE | ansible-lint configuration file nameUse LINTER_DEFAULT to let the linter find it |
.ansible-lint |
ANSIBLE_ANSIBLE_LINT_RULES_PATH | Path where to find linter configuration file | Workspace folder, then MegaLinter default rules |
ANSIBLE_ANSIBLE_LINT_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
ANSIBLE_ANSIBLE_LINT_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
ANSIBLE_ANSIBLE_LINT_CLI_EXECUTABLE | Override CLI executable | ['ansible-lint'] |
ANSIBLE_DIRECTORY | Directory containing ANSIBLE files (use any to always activate the linter) |
ansible |
MegaLinter Flavours
This linter is available in the following flavours
Flavor | Description | Embedded linters | Info | |
---|---|---|---|---|
all | Default MegaLinter Flavor | 121 | ||
c_cpp | Optimized for pure C/C++ projects | 55 | ||
cupcake | MegaLinter for the most commonly used languages | 84 | ||
documentation | MegaLinter for documentation projects | 51 | ||
dotnet | Optimized for C, C++, C# or VB based projects | 64 | ||
dotnetweb | Optimized for C, C++, C# or VB based projects with JS/TS | 73 | ||
go | Optimized for GO based projects | 53 | ||
java | Optimized for JAVA based projects | 54 | ||
javascript | Optimized for JAVASCRIPT or TYPESCRIPT based projects | 60 | ||
php | Optimized for PHP based projects | 54 | ||
python | Optimized for PYTHON based projects | 62 | ||
ruby | Optimized for RUBY based projects | 51 | ||
rust | Optimized for RUST based projects | 51 | ||
salesforce | Optimized for Salesforce based projects | 55 | ||
security | Optimized for security | 24 | ||
swift | Optimized for SWIFT based projects | 51 | ||
terraform | Optimized for TERRAFORM based projects | 55 |
Behind the scenes
How are identified applicable files
- Activated only if sub-directory
ansible
is found. (directory name can be overridden withANSIBLE_DIRECTORY
) - File extensions:
.yml
,.yaml
- File name don't ends with:
vault.yml
,vault.yaml
,galaxy.yml
,galaxy.yaml
How the linting is performed
ansible-lint is called once on the whole project directory (project
CLI lint mode)
- filtering can not be done using MegaLinter configuration variables,it must be done using ansible-lint configuration or ignore file (if existing)
VALIDATE_ALL_CODEBASE: false
doesn't make ansible-lint analyze only updated files
Example calls
ansible-lint -v
ansible-lint -v -c .ansible-lint
Help content
WARNING: PATH altered to expand ~ in it. Read https://stackoverflow.com/a/44704799/99834 and correct your system configuration.
usage: ansible-lint [-h] [-P | -L | -T]
[-f {brief,full,md,json,codeclimate,quiet,pep8,sarif}]
[--sarif-file SARIF_FILE] [-q]
[--profile {min,basic,moderate,safety,shared,production}]
[-p] [--project-dir PROJECT_DIR] [-r RULESDIR] [-R] [-s]
[--fix [WRITE_LIST]] [--show-relpath] [-t TAGS] [-v]
[-x SKIP_LIST] [--generate-ignore] [-w WARN_LIST]
[--enable-list ENABLE_LIST] [--nocolor] [--force-color]
[--exclude EXCLUDE_PATHS [EXCLUDE_PATHS ...]]
[-c CONFIG_FILE] [-i IGNORE_FILE] [--offline] [--version]
[lintables ...]
positional arguments:
lintables One or more files or paths. When missing it will enable auto-detection mode.
options:
-h, --help show this help message and exit
-P, --list-profiles List all profiles, no formatting options available.
-L, --list-rules List all the rules. For listing rules only the following formats for argument -f are supported: {brief, full, md} with 'brief' as default.
-T, --list-tags List all the tags and the rules they cover. Increase the verbosity level with `-v` to include 'opt-in' tag and its rules.
-f {brief,full,md,json,codeclimate,quiet,pep8,sarif}, --format {brief,full,md,json,codeclimate,quiet,pep8,sarif}
stdout formatting, json being an alias for codeclimate. (default: None)
--sarif-file SARIF_FILE
SARIF output file
-q quieter, reduce verbosity, can be specified twice.
--profile {min,basic,moderate,safety,shared,production}
Specify which rules profile to be used.
-p, --parseable parseable output, same as '-f pep8'
--project-dir PROJECT_DIR
Location of project/repository, autodetected based on location of configuration file.
-r RULESDIR, --rules-dir RULESDIR
Specify custom rule directories. Add -R to keep using embedded rules from /venvs/ansible-lint/lib/python3.12/site-packages/ansiblelint/rules
-R Keep default rules when using -r
-s, --strict Return non-zero exit code on warnings as well as errors
--fix [WRITE_LIST] Allow ansible-lint to perform auto-fixes, including YAML reformatting. You can limit the effective rule transforms (the 'write_list') by passing a keywords 'all' or 'none' or a comma separated list of rule ids or rule tags. YAML reformatting happens whenever '--fix' or '--fix=' is used. '--fix' and '--fix=all' are equivalent: they allow all transforms to run. Presence of --fix in command overrides config file value.
--show-relpath Display path relative to CWD
-t TAGS, --tags TAGS only check rules whose id/tags match these values
-v Increase verbosity level (-vv for more)
-x SKIP_LIST, --skip-list SKIP_LIST
only check rules whose id/tags do not match these values. e.g: --skip-list=name,run-once
--generate-ignore Generate a text file '.ansible-lint-ignore' that ignores all found violations. Each line contains filename and rule id separated by a space.
-w WARN_LIST, --warn-list WARN_LIST
only warn about these rules, unless overridden in config file. Current version default value is: experimental, jinja[spacing], fqcn[deep]
--enable-list ENABLE_LIST
activate optional rules by their tag name
--nocolor disable colored output, same as NO_COLOR=1
--force-color Force colored output, same as FORCE_COLOR=1
--exclude EXCLUDE_PATHS [EXCLUDE_PATHS ...]
path to directories or files to skip. This option is repeatable.
-c CONFIG_FILE, --config-file CONFIG_FILE
Specify configuration file to use. By default it will look for '.ansible-lint', '.config/ansible-lint.yml', or '.config/ansible-lint.yaml'
-i IGNORE_FILE, --ignore-file IGNORE_FILE
Specify ignore file to use. By default it will look for '.ansible-lint-ignore' or '.config/ansible-lint-ignore.txt'
--offline Disable installation of requirements.yml and schema refreshing
--version
The following environment variables are also recognized but there is no guarantee that they will work in future versions:
ANSIBLE_LINT_CUSTOM_RULESDIR: Used for adding another folder into the lookup path for new rules.
ANSIBLE_LINT_IGNORE_FILE: Define it to override the name of the default ignore file `.ansible-lint-ignore`
ANSIBLE_LINT_WRITE_TMP: Tells linter to dump fixes into different temp files instead of overriding original. Used internally for testing.
ANSIBLE_LINT_SKIP_SCHEMA_UPDATE: Tells ansible-lint to skip schema refresh.
ANSIBLE_LINT_NODEPS: Avoids installing content dependencies and avoids performing checks that would fail when modules are not installed. Far less violations will be reported.
Installation on mega-linter Docker image
- PIP packages (Python):