Ansible lint fixes, cleanup, and exclusions

.ansible-lint

@@ -1,3 +1,8 @@
 # .ansible-lint
 skip_list:
-  - '208'  
+  - '208'
+  - command-instead-of-module  # Using command rather than module.
+  - command-instead-of-shell  # Use shell only when shell functionality is required.
+  - no-changed-when  # Commands should not change things if nothing needs doing.
+  - risky-shell-pipe  # Shells that use pipes should set the pipefail option.
+  - literal-compare  # Don't compare to literal True/False.

roles/netbootxyz/tasks/generate_checksums.yml

@@ -1,25 +1,19 @@
 ---
 - name: Register a listing of all created iPXE bootloaders
-  command: ls -I {{ checksums_filename }} {{ netbootxyz_root }}/ipxe/
+  ansible.builtin.command: ls -I {{ checksums_filename }} {{ netbootxyz_root }}/ipxe/
   register: netboot_disks
-  tags:
-    - skip_ansible_lint
 
 - name: Generate date
-  command: date
+  ansible.builtin.command: date
   register: current_date
-  tags:
-    - skip_ansible_lint
 
 - name: Gather stat listing of directory
-  command: sha256sum -b {{ item }}
+  ansible.builtin.command: sha256sum -b {{ item }}
   with_items:
     - "{{ netboot_disks.stdout_lines }}"
   args:
     chdir: "{{ netbootxyz_root }}/ipxe/"
   register: netboot_disks_stat
-  tags:
-    - skip_ansible_lint
 
 - name: Generate ipxe disk checksums
   ansible.builtin.template:
@@ -27,10 +21,8 @@
     dest: "{{ netbootxyz_root }}/ipxe/{{ checksums_filename }}"
 
 - name: Generate site name banner for index
-  shell: toilet -f standard {{ site_name }} --html | grep span
+  ansible.builtin.shell: toilet -f standard {{ site_name }} --html | grep span
   register: index_title
-  tags:
-    - skip_ansible_lint
   when: ansible_os_family == "Debian"
 
 - name: Generate netboot.xyz index template

roles/netbootxyz/tasks/generate_disks_arm.yml

@@ -27,15 +27,13 @@
 # iPXE workaround
 # http://lists.ipxe.org/pipermail/ipxe-devel/2018-August/006254.html
 # apply patch to fix arm64 builds on amd64 builds
-- name: iPXE Workaround for arm
-  shell: sed -i '/WORKAROUND_CFLAGS/d' arch/arm64/Makefile
+- name: Workaround in iPXE for arm
+  ansible.builtin.shell: sed -i '/WORKAROUND_CFLAGS/d' arch/arm64/Makefile
   args:
     chdir: "{{ ipxe_source_dir }}/src"
-  tags:
-    - skip_ansible_lint
 
 - name: Compile iPXE bootloaders for EFI arm64
-  shell: |
+  ansible.builtin.shell: |
     make clean
     make CROSS_COMPILE=aarch64-linux-gnu- \
          ARCH=arm64 \
@@ -46,12 +44,10 @@
          bin-arm64-efi/snponly.efi
   args:
     chdir: "{{ ipxe_source_dir }}/src"
-  tags:
-    - skip_ansible_lint
   when: ipxe_debug_enabled | bool == false
 
 - name: Compile iPXE bootloader for EFI arm64 with debug flags
-  shell: |
+  ansible.builtin.shell: |
     make clean
     make CROSS_COMPILE=aarch64-linux-gnu- \
          ARCH=arm64 \
@@ -61,8 +57,6 @@
          bin-arm64-efi/snp.efi
   args:
     chdir: "{{ ipxe_source_dir }}/src"
-  tags:
-    - skip_ansible_lint
   when: ipxe_debug_enabled | bool
 
 - name: Copy iPXE arm64 EFI builds to http directory

roles/netbootxyz/tasks/generate_disks_efi.yml

@@ -25,7 +25,7 @@
   when: generate_signatures | bool
 
 - name: Compile iPXE bootloader for EFI
-  shell: |
+  ansible.builtin.shell: |
     make clean
     make EMBED={{ bootloader_filename }} \
          TRUST={{ trust_files }} \
@@ -34,12 +34,10 @@
          bin-x86_64-efi/snponly.efi
   args:
     chdir: "{{ ipxe_source_dir }}/src"
-  tags:
-    - skip_ansible_lint
   when: ipxe_debug_enabled | bool == false
 
 - name: Compile iPXE bootloader for EFI with debug flags
-  shell: |
+  ansible.builtin.shell: |
     make clean
     make EMBED={{ bootloader_filename }} \
          DEBUG={{ ipxe_debug_options }} \
@@ -49,8 +47,6 @@
          bin-x86_64-efi/snponly.efi
   args:
     chdir: "{{ ipxe_source_dir }}/src"
-  tags:
-    - skip_ansible_lint
   when: ipxe_debug_enabled | bool
 
 - name: Copy iPXE EFI builds to http directory

roles/netbootxyz/tasks/generate_disks_hybrid.yml

@@ -1,23 +1,19 @@
 ---
 
 - name: Generate hybrid ISO image
-  shell: |
+  ansible.builtin.shell: |
     ./util/genfsimg -o {{ netbootxyz_root }}/ipxe/{{ bootloader_filename }}.iso \
       -s {{ bootloader_filename }} \
       {{ netbootxyz_root }}/ipxe/{{ bootloader_filename }}.efi \
       {{ netbootxyz_root }}/ipxe/{{ bootloader_filename }}.lkrn
   args:
     chdir: "{{ ipxe_source_dir }}/src"
-  tags:
-    - skip_ansible_lint
 
 - name: Generate hybrid USB image
-  shell: |
+  ansible.builtin.shell: |
     ./util/genfsimg -o {{ netbootxyz_root }}/ipxe/{{ bootloader_filename }}.img \
       -s {{ bootloader_filename }} \
       {{ netbootxyz_root }}/ipxe/{{ bootloader_filename }}.efi \
       {{ netbootxyz_root }}/ipxe/{{ bootloader_filename }}.lkrn
   args:
     chdir: "{{ ipxe_source_dir }}/src"
-  tags:
-    - skip_ansible_lint

roles/netbootxyz/tasks/generate_disks_legacy.yml

@@ -21,7 +21,7 @@
   when: generate_signatures | bool
 
 - name: Compile iPXE bootloader for Legacy BIOS
-  shell: |
+  ansible.builtin.shell: |
     make clean
     make EMBED={{ bootloader_filename }} \
          TRUST={{ trust_files }} \
@@ -32,12 +32,10 @@
          bin/undionly.kpxe
   args:
     chdir: "{{ ipxe_source_dir }}/src"
-  tags:
-    - skip_ansible_lint
   when: ipxe_debug_enabled | bool == false
 
 - name: Compile iPXE bootloader for Legacy BIOS with debug flags
-  shell: |
+  ansible.builtin.shell: |
     make clean
     make EMBED={{ bootloader_filename }} \
          DEBUG={{ ipxe_debug_options }} \
@@ -49,8 +47,6 @@
          bin/undionly.kpxe
   args:
     chdir: "{{ ipxe_source_dir }}/src"
-  tags:
-    - skip_ansible_lint
   when: ipxe_debug_enabled | bool
 
 - name: Copy iPXE files for Legacy BIOS to http directory

roles/netbootxyz/tasks/generate_disks_linux.yml

@@ -25,19 +25,17 @@
   when: generate_signatures | bool
 
 - name: Compile iPXE Linux bootloader for Legacy BIOS
-  shell: |
+  ansible.builtin.shell: |
     make clean
     make EMBED={{ bootloader_filename }} \
          TRUST={{ trust_files }} \
          bin-x86_64-linux/slirp.linux
   args:
     chdir: "{{ ipxe_source_dir }}/src"
-  tags:
-    - skip_ansible_lint
   when: ipxe_debug_enabled | bool == false
 
 - name: Compile iPXE Linux bootloader for Legacy BIOS with debug flags
-  shell: |
+  ansible.builtin.shell: |
     make clean
     make EMBED={{ bootloader_filename }} \
          DEBUG={{ ipxe_debug_options }} \
@@ -45,8 +43,6 @@
          bin-x86_64-linux/slirp.linux
   args:
     chdir: "{{ ipxe_source_dir }}/src"
-  tags:
-    - skip_ansible_lint
   when: ipxe_debug_enabled | bool
 
 - name: Copy iPXE linux binary for Legacy BIOS to http directory

roles/netbootxyz/tasks/generate_disks_rpi.yml

@@ -49,12 +49,10 @@
     dest: "{{ pipxe_source_dir }}/Makefile"
 
 - name: Compile iPXE bootloader for RPI build
-  shell: |
+  ansible.builtin.shell: |
     make
   args:
     chdir: "{{ pipxe_source_dir }}"
-  tags:
-    - skip_ansible_lint
 
 - name: Copy iPXE RPI builds to http directory
   ansible.builtin.copy:

roles/netbootxyz/tasks/generate_menus.yml

@@ -60,13 +60,11 @@
     - generate_version_file | bool
 
 - name: Generate netboot.xyz source files templates
-  template:
+  ansible.builtin.template:
     src: "{{ item.src }}"
-    dest: "{{ netbootxyz_root }}/{{ item.path | regex_replace('.j2','') }}"
-  with_community.general.filetree: "templates/menu/"
+    dest: "{{ netbootxyz_root }}/{{ item.path | regex_replace('.j2', '') }}"
+  with_community.general.filetree: "{{ 'templates/menu/' }}"
   when: item.state == "file"
-  tags:
-    - skip_ansible_lint
 
 - name: Generate local-vars.ipxe if enabled
   ansible.builtin.template:

roles/netbootxyz/tasks/generate_menus_custom.yml

@@ -9,10 +9,8 @@
     - "{{ netbootxyz_root }}/custom"
 
 - name: Generate custom user menu templates
-  template:
+  ansible.builtin.template:
     src: "{{ item.src }}"
-    dest: "{{ netbootxyz_root }}/custom/{{ item.path | regex_replace('.j2','') }}"
+    dest: "{{ netbootxyz_root }}/custom/{{ item.path | regex_replace('.j2', '') }}"
   with_community.general.filetree: "{{ custom_templates_dir }}"
   when: item.state == "file"
-  tags:
-    - skip_ansible_lint

roles/netbootxyz/tasks/generate_signatures.yml

@@ -1,9 +1,7 @@
 ---
 - name: Gather list of source files
-  command: ls {{ netbootxyz_root }}
+  ansible.builtin.command: ls {{ netbootxyz_root }}
   register: source_files
-  tags:
-    - skip_ansible_lint
 
 - name: Create directories for signatures
   ansible.builtin.file:
@@ -13,7 +11,7 @@
     - "{{ sigs_dir }}"
 
 - name: Generate signatures for source files
-  shell: |
+  ansible.builtin.shell: |
     openssl cms -sign -binary -noattr -in {{ netbootxyz_root }}/{{ item }} \
     -signer {{ codesign_cert_filename }} -inkey {{ codesign_key_filename }} -certfile {{ cert_file_filename }} -outform DER \
     -out {{ sigs_dir }}/{{ item }}.sig
@@ -22,5 +20,3 @@
     warn: false
   with_items:
     - "{{ source_files.stdout_lines }}"
-  tags:
-    - skip_ansible_lint