Skip to content

ansible-lint

GitHub stars sarif GitHub release (latest SemVer) GitHub last commit GitHub commit activity GitHub contributors

ansible-lint documentation

ansible-lint - GitHub

Configuration in MegaLinter

Variable Description Default value
ANSIBLE_ANSIBLE_LINT_ARGUMENTS User custom arguments to add in linter CLI call
Ex: -s --foo "bar"
ANSIBLE_ANSIBLE_LINT_FILE_EXTENSIONS Allowed file extensions. "*" matches any extension, "" matches empty extension. Empty list excludes all files
Ex: [".py", ""]
[".yml", ".yaml"]
ANSIBLE_ANSIBLE_LINT_FILE_NAMES_REGEX File name regex filters. Regular expression list for filtering files by their base names using regex full match. Empty list includes all files
Ex: ["Dockerfile(-.+)?", "Jenkinsfile"]
Include every file
ANSIBLE_ANSIBLE_LINT_PRE_COMMANDS List of bash commands to run before the linter None
ANSIBLE_ANSIBLE_LINT_POST_COMMANDS List of bash commands to run after the linter None
ANSIBLE_ANSIBLE_LINT_UNSECURED_ENV_VARIABLES List of env variables explicitly not filtered before calling ANSIBLE_ANSIBLE_LINT and its pre/post commands None
ANSIBLE_ANSIBLE_LINT_CONFIG_FILE ansible-lint configuration file nameUse LINTER_DEFAULT to let the linter find it .ansible-lint
ANSIBLE_ANSIBLE_LINT_RULES_PATH Path where to find linter configuration file Workspace folder, then MegaLinter default rules
ANSIBLE_ANSIBLE_LINT_DISABLE_ERRORS Run linter but consider errors as warnings false
ANSIBLE_ANSIBLE_LINT_DISABLE_ERRORS_IF_LESS_THAN Maximum number of errors allowed 0
ANSIBLE_ANSIBLE_LINT_CLI_EXECUTABLE Override CLI executable ['ansible-lint']
ANSIBLE_DIRECTORY Directory containing ANSIBLE files ansible

MegaLinter Flavours

This linter is available in the following flavours

Flavor Description Embedded linters Info
all Default MegaLinter Flavor 117 Docker Image Size (tag) Docker Pulls
cupcake MegaLinter for the most commonly used languages 85 Docker Image Size (tag) Docker Pulls
documentation MegaLinter for documentation projects 51 Docker Image Size (tag) Docker Pulls
dotnet Optimized for C, C++, C# or VB based projects 63 Docker Image Size (tag) Docker Pulls
dotnetweb Optimized for C, C++, C# or VB based projects with JS/TS 72 Docker Image Size (tag) Docker Pulls
go Optimized for GO based projects 53 Docker Image Size (tag) Docker Pulls
java Optimized for JAVA based projects 55 Docker Image Size (tag) Docker Pulls
javascript Optimized for JAVASCRIPT or TYPESCRIPT based projects 60 Docker Image Size (tag) Docker Pulls
php Optimized for PHP based projects 54 Docker Image Size (tag) Docker Pulls
python Optimized for PYTHON based projects 62 Docker Image Size (tag) Docker Pulls
ruby Optimized for RUBY based projects 51 Docker Image Size (tag) Docker Pulls
rust Optimized for RUST based projects 51 Docker Image Size (tag) Docker Pulls
salesforce Optimized for Salesforce based projects 54 Docker Image Size (tag) Docker Pulls
security Optimized for security 24 Docker Image Size (tag) Docker Pulls
swift Optimized for SWIFT based projects 51 Docker Image Size (tag) Docker Pulls
terraform Optimized for TERRAFORM based projects 55 Docker Image Size (tag) Docker Pulls

Behind the scenes

How are identified applicable files

  • Activated only if sub-directory ansible is found. (directory name can be overridden with ANSIBLE_DIRECTORY)
  • File extensions: .yml, .yaml
  • File name don't ends with: vault.yml, vault.yaml, galaxy.yml, galaxy.yaml

How the linting is performed

ansible-lint is called once on the whole project directory (project CLI lint mode)

  • filtering can not be done using MegaLinter configuration variables,it must be done using ansible-lint configuration or ignore file (if existing)
  • VALIDATE_ALL_CODEBASE: false doesn't make ansible-lint analyze only updated files

Example calls

ansible-lint -v
ansible-lint -v -c .ansible-lint

Help content

WARNING: PATH altered to expand ~ in it. Read https://stackoverflow.com/a/44704799/99834 and correct your system configuration.
usage: ansible-lint [-h] [-P | -L | -T]
                    [-f {brief,full,md,json,codeclimate,quiet,pep8,sarif}]
                    [--sarif-file SARIF_FILE] [-q]
                    [--profile {min,basic,moderate,safety,shared,production}]
                    [-p] [--project-dir PROJECT_DIR] [-r RULESDIR] [-R] [-s]
                    [--write [WRITE_LIST]] [--show-relpath] [-t TAGS] [-v]
                    [-x SKIP_LIST] [--generate-ignore] [-w WARN_LIST]
                    [--enable-list ENABLE_LIST] [--nocolor] [--force-color]
                    [--exclude EXCLUDE_PATHS [EXCLUDE_PATHS ...]]
                    [-c CONFIG_FILE] [-i IGNORE_FILE] [--offline] [--version]
                    [lintables ...]

positional arguments:
  lintables             One or more files or paths. When missing it will
                        enable auto-detection mode.

options:
  -h, --help            show this help message and exit
  -P, --list-profiles   List all profiles, no formatting options available.
  -L, --list-rules      List all the rules. For listing rules only the
                        following formats for argument -f are supported:
                        {brief, full, md} with 'brief' as default.
  -T, --list-tags       List all the tags and the rules they cover. Increase
                        the verbosity level with `-v` to include 'opt-in' tag
                        and its rules.
  -f {brief,full,md,json,codeclimate,quiet,pep8,sarif}, --format {brief,full,md,json,codeclimate,quiet,pep8,sarif}
                        stdout formatting, json being an alias for
                        codeclimate. (default: None)
  --sarif-file SARIF_FILE
                        SARIF output file
  -q                    quieter, reduce verbosity, can be specified twice.
  --profile {min,basic,moderate,safety,shared,production}
                        Specify which rules profile to be used.
  -p, --parseable       parseable output, same as '-f pep8'
  --project-dir PROJECT_DIR
                        Location of project/repository, autodetected based on
                        location of configuration file.
  -r RULESDIR, --rules-dir RULESDIR
                        Specify custom rule directories. Add -R to keep using
                        embedded rules from /venvs/ansible-
                        lint/lib/python3.11/site-packages/ansiblelint/rules
  -R                    Keep default rules when using -r
  -s, --strict          Return non-zero exit code on warnings as well as
                        errors
  --write [WRITE_LIST]  Allow ansible-lint to reformat YAML files and run rule
                        transforms (Reformatting YAML files standardizes
                        spacing, quotes, etc. A rule transform can fix or
                        simplify fixing issues identified by that rule). You
                        can limit the effective rule transforms (the
                        'write_list') by passing a keywords 'all' or 'none' or
                        a comma separated list of rule ids or rule tags. YAML
                        reformatting happens whenever '--write' or '--write='
                        is used. '--write' and '--write=all' are equivalent:
                        they allow all transforms to run. The effective list
                        of transforms comes from 'write_list' in the config
                        file, followed whatever '--write' args are provided on
                        the commandline. '--write=none' resets the list of
                        transforms to allow reformatting YAML without running
                        any of the transforms (ie '--write=none,rule-id' will
                        ignore write_list in the config file and only run the
                        rule-id transform).
  --show-relpath        Display path relative to CWD
  -t TAGS, --tags TAGS  only check rules whose id/tags match these values
  -v                    Increase verbosity level (-vv for more)
  -x SKIP_LIST, --skip-list SKIP_LIST
                        only check rules whose id/tags do not match these
                        values. e.g: --skip-list=name,run-once
  --generate-ignore     Generate a text file '.ansible-lint-ignore' that
                        ignores all found violations. Each line contains
                        filename and rule id separated by a space.
  -w WARN_LIST, --warn-list WARN_LIST
                        only warn about these rules, unless overridden in
                        config file. Current version default value is:
                        experimental, jinja[spacing], fqcn[deep]
  --enable-list ENABLE_LIST
                        activate optional rules by their tag name
  --nocolor             disable colored output, same as NO_COLOR=1
  --force-color         Force colored output, same as FORCE_COLOR=1
  --exclude EXCLUDE_PATHS [EXCLUDE_PATHS ...]
                        path to directories or files to skip. This option is
                        repeatable.
  -c CONFIG_FILE, --config-file CONFIG_FILE
                        Specify configuration file to use. By default it will
                        look for '.ansible-lint', '.config/ansible-lint.yml',
                        or '.config/ansible-lint.yaml'
  -i IGNORE_FILE, --ignore-file IGNORE_FILE
                        Specify ignore file to use. By default it will look
                        for '.ansible-lint-ignore' or '.config/ansible-lint-
                        ignore.txt'
  --offline             Disable installation of requirements.yml and schema
                        refreshing
  --version

Installation on mega-linter Docker image