From d03be26980adb76adf51b51962b39da44c4db4d1 Mon Sep 17 00:00:00 2001
From: Lars Kiesow <lkiesow@uos.de>
Date: Sun, 21 Jul 2024 21:49:51 +0200
Subject: [PATCH] Update linters

- Fix some complaints of the current `ansible-lint`
- Separate `ansible-lint` and `yamllint`
- Update `yamllint` configuration `ansible-lint` was complaining about
- Update `actions/checkout`
---
 .github/workflows/ansible_lint.yml | 7 ++++---
 .yamllint                          | 8 ++++++++
 tasks/main.yml                     | 6 +++---
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ansible_lint.yml b/.github/workflows/ansible_lint.yml
index d5cc834..af02664 100644
--- a/.github/workflows/ansible_lint.yml
+++ b/.github/workflows/ansible_lint.yml
@@ -10,10 +10,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: install dependencies
         run: pip3 install ansible ansible-lint yamllint
 
-      - name: lint playbook
-        run: yamllint -c .yamllint . && ansible-lint
+      - run: yamllint --strict -c .yamllint .
+
+      - run: ansible-lint
diff --git a/.yamllint b/.yamllint
index 0619c75..c524100 100644
--- a/.yamllint
+++ b/.yamllint
@@ -4,6 +4,14 @@ extends: default
 
 rules:
   line-length: disable
+  comments:
+    min-spaces-from-content: 1
+  comments-indentation: false
+  braces:
+    max-spaces-inside: 1
+  octal-values:
+    forbid-implicit-octal: true
+    forbid-explicit-octal: true
 
 ignore: |
   venv/
diff --git a/tasks/main.yml b/tasks/main.yml
index c140106..31ef239 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -6,7 +6,7 @@
 
 - name: Allow all internal communication (IPv4)
   when: opencast_firewall_ipv4
-  ansible.builtin.firewalld:
+  ansible.posix.firewalld:
     source: "{{ lookup('community.general.dig', item) }}"
     zone: trusted
     permanent: true
@@ -16,7 +16,7 @@
 
 - name: Allow all internal communication (IPv6)
   when: opencast_firewall_ipv6
-  ansible.builtin.firewalld:
+  ansible.posix.firewalld:
     source: "{{ lookup('community.general.dig', item, 'qtype=AAAA') }}"
     zone: trusted
     permanent: true
@@ -26,7 +26,7 @@
 
 - name: Allow https
   when: inventory_hostname in opencast_firewall_http_hosts
-  ansible.builtin.firewalld:
+  ansible.posix.firewalld:
     service: "{{ item }}"
     permanent: true
     immediate: true