Feature/issue 1/create os user (#2)

* init push with missing files

* added missing quotes

* linting

* linting

* linting

* linting

* linting

* linting

* added delete list example

* added password prompt and changed user module

* removed vars and added reference to binaries.yaml

* added binaries vars file

* linting

* linting

* updated README

* typo

* typo

* added file mode for ssh/config

* added file mode for sudoers file

* added skip rule no-log-password

* added deletion variable

* init extra deletion task

* added deletion task with extra vars condition

* init LICENSE

* changed license to apache-2.0

* example pre-tasks for password prompt (unfinished)

* formatting

* removed password prompt pre-task

* removed

* changed back to pre password-prompt version

* added description

* added delete task run command and ssh playbook example

* linting

* linting

* linting

* Update README.md

* Update lint.yml

---------

Co-authored-by: andre-ebert-sva <[email protected]>

.ansible-lint

@@ -0,0 +1,129 @@
+---
+# .ansible-lint
+
+profile: null # min, basic, moderate,safety, shared, production
+
+# Allows dumping of results in SARIF format
+# sarif_file: result.sarif
+
+# exclude_paths included in this file are parsed relative to this file's location
+# and not relative to the CWD of execution. CLI arguments passed to the --exclude
+# option are parsed relative to the CWD of execution.
+exclude_paths:
+  - .cache/ # implicit unless exclude_paths is defined in config
+  - test/fixtures/formatting-before/
+  - test/fixtures/formatting-prettier/
+# parseable: true
+# quiet: true
+# strict: true
+# verbosity: 1
+
+# Mock modules or roles in order to pass ansible-playbook --syntax-check
+mock_modules:
+  - zuul_return
+  # note the foo.bar is invalid as being neither a module or a collection
+  - fake_namespace.fake_collection.fake_module
+  - fake_namespace.fake_collection.fake_module.fake_submodule
+mock_roles:
+  - mocked_role
+  - author.role_name # old standalone galaxy role
+  - fake_namespace.fake_collection.fake_role # role within a collection
+
+# Enable checking of loop variable prefixes in roles
+loop_var_prefix: "^(__|{role}_)"
+
+# Enforce variable names to follow pattern below, in addition to Ansible own
+# requirements, like avoiding python identifiers. To disable add `var-naming`
+# to skip_list.
+var_naming_pattern: "^[a-z_][a-z0-9_]*$"
+
+use_default_rules: true
+# Load custom rules from this specific folder
+# rulesdir:
+#   - ./rule/directory/
+
+# Ansible-lint is able to recognize and load skip rules stored inside
+# `.ansible-lint-ignore` (or `.config/ansible-lint-ignore.txt`) files.
+# To skip a rule just enter filename and tag, like "playbook.yml package-latest"
+# on a new line.
+# Optionally you can add comments after the tag, prefixed by "#". We discourage
+# the use of skip_list below because that will hide violations from the output.
+# When putting ignores inside the ignore file, they are marked as ignored, but
+# still visible, making it easier to address later.
+skip_list:
+  - name[prefix] # Rule for checking task and subtask names (not the same)
+  - name[play] # Rule for checking if all plays have names (not test.yml)
+  - name[template] # Rule that only allows Jinja2 at the end of task names
+  - yaml[line-length] # Rule for checking if the line is longer than 110 characters
+  - key-order[task] # Rule for checking your Task order to: name, when, block
+  - meta-incorrect # Rule for checking if meta config doesn't have default values
+  - no-log-password # Rule for not logging outputs because of passwords
+
+# Ansible-lint does not automatically load rules that have the 'opt-in' tag.
+# You must enable opt-in rules by listing each rule 'id' below.
+enable_list:
+  - args
+  - empty-string-compare # opt-in
+  - no-log-password # opt-in
+  - no-same-owner # opt-in
+  # add yaml here if you want to avoid ignoring yaml checks when yamllint
+  # library is missing. Normally its absence just skips using that rule.
+  - yaml
+# Report only a subset of tags and fully ignore any others
+# tags:
+#   - jinja[spacing]
+
+# Ansible-lint does not fail on warnings from the rules or tags listed below
+warn_list:
+  - skip_this_tag
+  - experimental # experimental is included in the implicit list
+  - role-name
+  - yaml[document-start]  # you can also use sub-rule matches
+
+# Some rules can transform files to fix (or make it easier to fix) identified
+# errors. `ansible-lint --fix` will reformat YAML files and run these transforms.
+# By default it will run all transforms (effectively `write_list: ["all"]`).
+# You can disable running transforms by setting `write_list: ["none"]`.
+# Or only enable a subset of rule transforms by listing rules/tags here.
+# write_list:
+#   - all
+
+# Offline mode disables installation of requirements.yml and schema refreshing
+offline: true
+
+# Define required Ansible's variables to satisfy syntax check
+extra_vars:
+  foo: bar
+  multiline_string_variable: |
+    line1
+    line2
+  complex_variable: ":{;\t$()"
+
+# Uncomment to enforce action validation with tasks, usually is not
+# needed as Ansible syntax check also covers it.
+# skip_action_validation: false
+
+# List of additional kind:pattern to be added at the top of the default
+# match list, first match determines the file kind.
+kinds:
+  # - playbook: "**/examples/*.{yml,yaml}"
+  # - galaxy: "**/folder/galaxy.yml"
+  # - tasks: "**/tasks/*.yml"
+  # - vars: "**/vars/*.yml"
+  # - meta: "**/meta/main.yml"
+  - yaml: "**/*.yaml-too"
+
+# List of additional collections to allow in only-builtins rule.
+# only_builtins_allow_collections:
+#   - example_ns.example_collection
+
+# List of additions modules to allow in only-builtins rule.
+# only_builtins_allow_modules:
+#   - example_module
+
+# Allow setting custom prefix for name[prefix] rule
+task_name_prefix: "{stem} | "
+# Complexity related settings
+
+# Limit the depth of the nested blocks:
+# max_block_depth: 20

.github/workflows/lint.yml

@@ -1,18 +1,37 @@
-name: linting
+---
+name: Ansible lint
 on:
-  # Triggers the workflow on push or pull request events but only for the "main" branch
   push:
-    branches: [ "main" ]
+    branches:
+    - main
+    - feature/*
+    - fix/*
   pull_request:
-    branches: [ "main" ]
-
+    branches:
+    - main
+    - feature/*
+    - fix/*
   workflow_dispatch:
+
 jobs:
-  linting:
-    continue-on-error: true
-    runs-on: self-hosted
-    steps:
-      - uses: actions/checkout@v3
+  yaml-lint:
+    name: Lint yaml files
+    uses: stuttgart-things/stuttgart-things/.github/workflows/lint-yaml.yaml@yaml-lint-1
+    with:
+      runs-on: ghr-create-os-user-cicd
+      environment-name: k8s
+      continue-error: true
+      yamllint-version: 1
+      lintprofile-path: .yamllint
+      artifact-name: yaml-lint
 
-      - name: Ansible Lint
-        uses: ansible/[email protected]
+  ansible-lint:
+    name: Lint ansible code
+    uses: stuttgart-things/stuttgart-things/.github/workflows/lint-ansible.yaml@main # ansible-lint-24.2.1
+    with:
+      runs-on: ghr-create-os-user-cicd
+      environment-name: k8s
+      continue-error: true
+      ansible-image: eu.gcr.io/stuttgart-things/sthings-ansible:9.3.0-1
+      playbook: tests/test.yml
+    needs: yaml-lint

.gitignore

@@ -0,0 +1 @@
+/tests/inventory

.yamllint

@@ -0,0 +1,13 @@
+---
+extends: default
+
+rules:
+  # 80 chars should be enough, but don't fail if a line is longer
+  line-length:
+    max: 110
+    level: warning
+  indentation: enable
+
+  # don't bother me with this rule
+  comments: disable
+  comments-indentation: disable