# yaml-language-server: $schema=https://json.schemastore.org/github-action.json # permissions: # - contents: write # Required for committing and pushing fixes # - security-events: write # Required for uploading SARIF results --- name: Ansible Lint and Fix description: 'Lints and fixes Ansible playbooks, commits changes, and uploads SARIF report.' author: 'Ismo Vuorinen' branding: icon: 'play' color: 'green' inputs: token: description: 'GitHub token for authentication' required: false default: '' username: description: 'GitHub username for commits' required: false default: 'github-actions' email: description: 'GitHub email for commits' required: false default: 'github-actions@github.com' max-retries: description: 'Maximum number of retry attempts for pip install operations' required: false default: '3' outputs: files_changed: description: 'Number of files changed by linting' value: ${{ steps.lint.outputs.files_changed }} lint_status: description: 'Linting status (success/failure)' value: ${{ steps.lint.outputs.status }} sarif_path: description: 'Path to SARIF report file' value: 'ansible-lint.sarif' runs: using: composite steps: - name: Validate Inputs id: validate uses: ivuorinen/actions/validate-inputs@5cc7373a22402ee8985376bc713f00e09b5b2edb with: action-type: 'ansible-lint-fix' token: ${{ inputs.token }} email: ${{ inputs.email }} username: ${{ inputs.username }} max-retries: ${{ inputs.max-retries }} - name: Check for Ansible Files id: check-files shell: sh run: | set -eu # Check for both .yml and .yaml files if find . \( -name "*.yml" -o -name "*.yaml" \) -type f | grep -q .; then echo "files_found=true" >> "$GITHUB_OUTPUT" echo "Found Ansible files, proceeding with lint and fix." else echo "files_found=false" >> "$GITHUB_OUTPUT" echo "No Ansible files found. Skipping lint and fix." fi - name: Checkout Repository uses: actions/checkout@71cf2267d89c5cb81562390fa70a37fa40b1305e # v6-beta with: token: ${{ inputs.token || github.token }} - name: Setup Python if: steps.check-files.outputs.files_found == 'true' uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 with: python-version: '3.14' cache: 'pip' - name: Install ansible-lint id: install-ansible-lint if: steps.check-files.outputs.files_found == 'true' uses: step-security/retry@e1d59ce1f574b32f0915e3a8df055cfe9f99be5d # v3.0.4 with: timeout_minutes: 5 max_attempts: ${{ inputs.max-retries }} command: 'pip install ansible-lint==6.22.1' - name: Run ansible-lint if: steps.check-files.outputs.files_found == 'true' id: lint shell: sh run: | set -eu # Run ansible-lint and capture exit code if ansible-lint --write --parseable-severity --format sarif > ansible-lint.sarif; then lint_exit_code=0 else lint_exit_code=$? fi # Count files changed by linting files_changed=$(git diff --name-only | wc -l | tr -d '[:space:]') # Determine lint status if [ "$lint_exit_code" -eq 0 ]; then lint_status="success" else lint_status="failure" fi # Write outputs to GITHUB_OUTPUT printf 'files_changed=%s\n' "$files_changed" >> "$GITHUB_OUTPUT" printf 'status=%s\n' "$lint_status" >> "$GITHUB_OUTPUT" # Exit with the original ansible-lint exit code exit "$lint_exit_code" - name: Commit Fixes if: steps.check-files.outputs.files_found == 'true' uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0 with: commit_message: 'style: apply ansible lint fixes' commit_user_name: ${{ inputs.username }} commit_user_email: ${{ inputs.email }} - name: Upload SARIF Report if: steps.check-files.outputs.files_found == 'true' uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 with: sarif_file: ansible-lint.sarif