improve linting

.github/dependabot.yml

@@ -0,0 +1,9 @@
+---
+# See https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/ansible-linting-check.yml

@@ -2,21 +2,21 @@
 name: Ansible Lint check
 
 # yamllint disable-line rule:truthy
-on:
+on: [push, pull_request]
-  push:
-    branches: '*'
-  pull_request:
-    branches: '*'
 
 jobs:
   build:
+    name: Ansible Lint
     runs-on: ubuntu-latest
 
     steps:
-      - name: 'checkout git repo'
+      - name: Checkout git repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
-
-      - name: 'Lint Ansible Playbook'
-        uses: ansible/ansible-lint-action@v6
         with:
-          targets: "."
+          submodules: true
+          fetch-depth: 0
+
+      - name: Run ansible-lint
+        uses: ansible-actions/ansible-lint-action@v1.0.2
+        with:
+          target: "./"

.github/workflows/galaxy.yml

@@ -0,0 +1,24 @@
+---
+name: Galaxy-NG Roles Import
+
+# yamllint disable-line rule:truthy
+on:
+  release:
+    types: ['created']
+
+jobs:
+  build:
+    name: Galaxy Role Importer
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: 'Checkout git repo'
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: 'Release on galaxy'
+        uses: ansible-actions/ansible-galaxy-action@v1.1.1
+        with:
+          galaxy_api_key: ${{ secrets.galaxy_api_key }}

.github/workflows/j2lint-check.yml

@@ -0,0 +1,22 @@
+---
+name: Jinja2 Linting check
+
+# yamllint disable-line rule:truthy
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: Jinja2 Linting
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Run j2lint
+        uses: ansible-actions/j2lint-action@v0.0.1
+        with:
+          target: "./"

.github/workflows/yamllint-check.yml

@@ -0,0 +1,22 @@
+---
+name: Yamllint check
+
+# yamllint disable-line rule:truthy
+on: [push, pull_request]
+
+jobs:
+  build:
+    name: Yamllint
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout git repo
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Run yamllint
+        uses: ansible-actions/yamllint-action@v0.0.1
+        with:
+          target: "./"

.github/workflows/yamllint.yaml

@@ -1,23 +0,0 @@
----
-name: 'Yamllint GitHub Actions'
-
-# yamllint disable-line rule:truthy
-on:
-  push:
-    branches: '*'
-  pull_request:
-    branches: '*'
-
-jobs:
-  yamllint:
-    name: 'Yamllint'
-    runs-on: ubuntu-latest
-    steps:
-      - name: 'checkout git repo'
-        uses: actions/checkout@v3
-
-      - name: 'Yamllint'
-        uses: karancode/yamllint-github-action@v2.0.0
-        with:
-          yamllint_file_or_dir: '.'
-          yamllint_config_filepath: './.yamllint'

handlers/main.yml

@@ -1,10 +1,10 @@
 ---
-- name: sudo apt update
+- name: Run sudo apt update
   become: true
   ansible.builtin.apt:
     update_cache: true
 
-- name: systemctl restart rspamd
+- name: Run systemctl restart rspamd
   become: true
   ansible.builtin.systemd:
     name: 'rspamd'

tasks/configure.yml

@@ -1,7 +1,7 @@
 ---
-- name: rspamd password generation
+- name: Rspamd password generation
   block:
-    - name: configure rspamd password
+    - name: Configure rspamd password
       become: true
       ansible.builtin.template:
         src: templates/worker-controller.inc.j2
@@ -9,9 +9,9 @@
         mode: '0640'
         owner: "{{ rspamd__default_owner }}"
         group: "{{ rspamd__default_group }}"
-      notify: systemctl restart rspamd
+      notify: Run systemctl restart rspamd
   rescue:
-    - name: you have to install passlib
+    - name: You have to install passlib
       ansible.builtin.fail:
         msg: 'I caught an error. Maybe you have to install passlib via pip3'
 
@@ -23,9 +23,9 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
-- name: milter_headers.conf
+- name: Configure milter_headers.conf
   become: true
   ansible.builtin.copy:
     src: files/milter_headers.conf
@@ -33,9 +33,9 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
-- name: milter_headers.conf
+- name: Configure classifier-bayes.conf
   become: true
   ansible.builtin.copy:
     src: files/classifier-bayes.conf
@@ -43,7 +43,7 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
 - name: Einstellug der redis.conf
   become: true
@@ -53,9 +53,9 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
-- name: classifier-bayes.conf
+- name: Modify classifier-bayes.conf
   become: true
   ansible.builtin.copy:
     src: files/classifier-bayes.conf
@@ -63,7 +63,7 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
 - name: Einstellug der eignene black/whitelist
   become: true
@@ -73,9 +73,9 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
-- name: multimap whitelist_ip.map
+- name: Multimap whitelist_ip.map
   become: true
   ansible.builtin.copy:
     src: "{{ rspamd__whitelist_ip_file }}"
@@ -83,9 +83,9 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
-- name: multimap whitelist_from.map
+- name: Multimap whitelist_from.map
   become: true
   ansible.builtin.copy:
     src: "{{ rspamd__whitelist_from_file }}"
@@ -93,9 +93,9 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
-- name: multimap blacklist_ip.map
+- name: Multimap blacklist_ip.map
   become: true
   ansible.builtin.copy:
     src: "{{ rspamd__blacklist_ip_file }}"
@@ -103,9 +103,9 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd
 
-- name: multimap blacklist_from.map
+- name: Multimap blacklist_from.map
   become: true
   ansible.builtin.copy:
     src: "{{ rspamd__blacklist_from_file }}"
@@ -113,4 +113,4 @@
     owner: "{{ rspamd__default_owner }}"
     group: "{{ rspamd__default_group }}"
     mode: '0640'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd

tasks/main.yml

@@ -1,18 +1,24 @@
 ---
-- include_tasks: versioncheck.yml
+- name: Run Optional Versioncheck
-  when: submodules_versioncheck|bool
+  ansible.builtin.include_tasks:
+    file: 'versioncheck.yml'
+  when: submodules_versioncheck | bool
 
-- name: add apt repos and install rspamd
+- name: Add apt repos and install rspamd
-  include_tasks: packages.yml
+  ansible.builtin.include_tasks:
+    file: 'packages.yml'
   when: ansible_os_family == 'Debian'
 
-- name: configure rspamd
+- name: Configure rspamd
-  include_tasks: configure.yml
+  ansible.builtin.include_tasks:
+    file: 'configure.yml'
 
-- name: rspamd dkim signing
+- name: Rspamd dkim signing
-  include_tasks: dkim.yml
+  ansible.builtin.include_tasks:
+    file: 'dkim.yml'
   when: rspamd__configure_dkim | bool
 
-- name: redis backend
+- name: Redis backend
-  include_tasks: redis.yml
+  ansible.builtin.include_tasks:
+    file: 'redis.yml'
   when: rspamd__configure_redis | bool

tasks/packages.yml

@@ -1,50 +1,51 @@
 ---
-- name: update repo-cache for debian/ubuntu
+- name: Update repo-cache for debian/ubuntu
   become: true
   ansible.builtin.apt:
     update_cache: true
     cache_valid_time: 3600
 
-- name: install requirements to add new package repos
+- name: Install requirements to add new package repos
   become: true
   ansible.builtin.apt:
-    name:
+    name: "{{ item }}"
-      - lsb-release
+    state: 'present'
-      - wget
+  loop:
-      - debian-goodies
+    - 'lsb-release'
-      - apt-dater-host
+    - 'wget'
-      - apt-transport-https
+    - 'debian-goodies'
-    state: present
+    - 'apt-dater-host'
+    - 'apt-transport-https'
 
-- name: add rspam repo key
+- name: Add rspam repo key
   become: true
   ansible.builtin.apt_key:
     url: 'https://rspamd.com/apt-stable/gpg.key'
-    state: present
+    state: 'present'
-  notify: sudo apt update
+  notify: Run sudo apt update
 
-- name: add rspamd repo
+- name: Add rspamd repo
   become: true
   ansible.builtin.apt_repository:
     repo: "deb https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
-    state: present
+    state: 'present'
-    mode: 0644
+    mode: '0644'
-  notify: sudo apt update
+  notify: Run sudo apt update
 
-- name: add rspamd srv-repo
+- name: Add rspamd srv-repo
   become: true
   ansible.builtin.apt_repository:
     repo: "deb-src https://rspamd.com/apt-stable/ {{ ansible_distribution_release }} main"
-    state: present
+    state: 'present'
-    mode: 0644
+    mode: '0644'
-  notify: sudo apt update
+  notify: Run sudo apt update
 
-- name: run update if something changed
+- name: Run update if something changed
   ansible.builtin.meta: flush_handlers
 
-- name: install rspamd
+- name: Install rspamd
   become: true
   ansible.builtin.apt:
-    name: rspamd
+    name: 'rspamd'
-    state: present
+    state: 'present'
-  notify: systemctl restart rspamd
+  notify: Run systemctl restart rspamd

tasks/redis.yml

@@ -1,6 +1,6 @@
 ---
-- name: install redis backend
+- name: Install redis backend
   become: true
   ansible.builtin.apt:
-    name: redis
+    name: 'redis'
-    state: present
+    state: 'present'

tasks/versioncheck.yml

@@ -7,38 +7,38 @@
   ansible.builtin.file:
     path: '/etc/.ansible-version'
     state: directory
-    mode: 0755
+    mode: '0755'
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool
 
-- name: check playbook version
+- name: Check playbook version
   become: true
   ansible.builtin.slurp:
     src: "/etc/.ansible-version/{{ playbook_version_path }}"
   register: playbook_version
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool
-  ignore_errors: true
   failed_when: false
 
-- name: Print remote role version
+- name: Print remote role version  # noqa: H500
   ansible.builtin.debug:
     msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool
 
-- name: Print locale role version
+- name: Print locale role version  # noqa: H500
   ansible.builtin.debug:
-    msg: "Local role version: '{{ playbook_version_number|string }}'."
+    msg: "Local role version: '{{ playbook_version_number | string }}'."
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool
 
 - name: Check if your version is outdated
   ansible.builtin.fail:
     msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
   when:
-    - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck|bool
+    - playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool
 
-- name: write new version to remote disk
+- name: Write new version to remote disk
   become: true
   ansible.builtin.copy:
     content: "{{ playbook_version_number }}"
     dest: "/etc/.ansible-version/{{ playbook_version_path }}"
     mode: '0644'
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool
+  tags: skip_ansible_lint_template-instead-of-copy