silence linters

suhancz · May 16, 2024 · 5dada98 · 5dada98
1 parent b3e5b2a
commit 5dada98
Show file tree

Hide file tree

Showing 12 changed files with 22 additions and 17 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,10 +1,13 @@
-#checkov:skip=CKV_DOCKER_2: no need for health check
-#checkov:skip=CKV_DOCKER_3: no need for special user
-#checkov:skip=CKV_DOCKER_7: I prefer the latest, like it, or not ;)
+# checkov:skip=CKV_DOCKER_2: no need for health check
+# checkov:skip=CKV_DOCKER_3: no need for special user
+# checkov:skip=CKV_DOCKER_7: I prefer the latest, like it, or not ;)
+# hadolint ignore=DL3007
 FROM quay.io/almalinuxorg/8-init:latest
 ENV container docker
 
-RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in ; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done);
+WORKDIR /
+
+RUN "(cd /lib/systemd/system/sysinit.target.wants/; for i in ; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done);"
 
 RUN rm -rf /lib/systemd/system/multi-user.target.wants/ \
 && rm -rf /etc/systemd/system/.wants/ \
@@ -14,6 +17,7 @@ RUN rm -rf /lib/systemd/system/multi-user.target.wants/ \
 && rm -rf /lib/systemd/system/basic.target.wants/ \
 && rm -f /lib/systemd/system/anaconda.target.wants/*
 
+# hadolint ignore=DL3041
 RUN dnf -y install dnf-plugin-config-manager epel-release \
 && dnf config-manager --set-enabled powertools \
 && rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8 \
@@ -22,6 +26,7 @@ RUN dnf -y install dnf-plugin-config-manager epel-release \
 && rpm --import https://mirror.apheleia-it.ch/repos/Kolab:/16/key.asc \
 && rpm -Uvh https://mirror.apheleia-it.ch/repos/Kolab:/16/kolab-16-for-el8.rpm \
 && dnf update --allowerasing -y \
-&& dnf -y install kolab
+&& dnf -y install kolab \
+&& dnf clean all
 VOLUME [ “/sys/fs/cgroup” ]
 CMD ["/usr/sbin/init"]
diff --git a/tasks/backups.yml b/tasks/backups.yml
@@ -112,7 +112,7 @@
     - pdns
     - wg_vpn
 - name: Restore backups
-  #checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition and the tags
+  # checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition and the tags
   tags: restore
   when: mariadb_backup_path is defined or ldap_backup_path is defined or opendkim_backup_path is defined or opendmarc_backup_path is defined or vsftpd_backup_path is defined or ssl_backup_path is defined or kolab_backup_path is defined or imap_backup_path is defined or postfix_backup_path is defined or pdns_backup_path is defined or wg_vpn_backup_path is defined
   block:

diff --git a/tasks/convert_user_to_ldif.yml b/tasks/convert_user_to_ldif.yml
@@ -5,7 +5,7 @@
   changed_when: passwd_mig_content.rc == 0
   failed_when: (passwd_mig_content.rc != 0) and (passwd_mig_content.stderr | length > 0)
 - name: "Migrate already existing user {{ user_data_item.name }}"
-  #checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only
+  # checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only
   when: passwd_mig_content.changed
   block:
     - name: Set passwd line

diff --git a/tasks/httpd.yml b/tasks/httpd.yml
@@ -13,7 +13,7 @@
     - http
     - https
 - name: Set up SELinux rules
-  #checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only
+  # checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only
   when: getenforce.stdout != 'Disabled'
   block:
     - name: Set SELinux booleans

diff --git a/tasks/imapsync.yml b/tasks/imapsync.yml
@@ -1,6 +1,6 @@
 ---
 - name: Sync old IMAP account to the current mailbox
-  #checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition and the tags
+  # checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition and the tags
   no_log: yes
   when: current_user.old_imap_mail is defined
   tags: imapsync

diff --git a/tasks/kolab.yml b/tasks/kolab.yml
@@ -432,7 +432,7 @@
     state: restarted
 
 - name: Enable domains
-  #checkov:skip=CKV2_ANSIBLE_3: Block is used for the tag only
+  # checkov:skip=CKV2_ANSIBLE_3: Block is used for the tag only
   tags: ldap
   block:
     # The editing domains in the Kolab API is not documented at the tome of this writing, so I go plain LDAP here

diff --git a/tasks/os.yml b/tasks/os.yml
@@ -25,7 +25,7 @@
 
 - name: Enable IPv6
   when: ansible_default_ipv6.address is not defined
-  #checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition
+  # checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition
   block:
     - name: Enable IPv6 via sysctl
       ansible.posix.sysctl:

diff --git a/tasks/packages.yml b/tasks/packages.yml
@@ -34,7 +34,7 @@
     backup: yes
     create: yes
 - name: Set up Remi repository
-  #checkov:skip=CKV2_ANSIBLE_4: The Remi repo doesn't provide GPG keys
+  # checkov:skip=CKV2_ANSIBLE_4: The Remi repo doesn't provide GPG keys
   ansible.builtin.dnf:
     name: "https://rpms.remirepo.net/enterprise/remi-release-{{ ansible_distribution_major_version }}.rpm"
     disable_gpg_check: yes
@@ -483,7 +483,7 @@
 #     remote_src: yes
 #     backup: yes
 - name: Download as-is executables
-  #checkov:skip=CKV2_ANSIBLE_2: HTTPS comes from a loop variable
+  # checkov:skip=CKV2_ANSIBLE_2: HTTPS comes from a loop variable
   tags: imapsync
   ansible.builtin.get_url:
     url: "{{ item.url }}"

diff --git a/tasks/postfix.yml b/tasks/postfix.yml
@@ -184,7 +184,7 @@
     backup: yes
   notify: Restart postfix
 - name: Set up HELO access whitelist
-  #checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only
+  # checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only
   when: helo_access is defined
   block:
     - name: Create HELO access whitelist

diff --git a/tasks/poweradmin.yml b/tasks/poweradmin.yml
@@ -1,6 +1,6 @@
 ---
 - name: Get latest PowerAdmin version
-  #checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only
+  # checkov:skip=CKV2_ANSIBLE_3: Block is used for the when condition only
   tags:
     - dyndns
     - poweradmin

diff --git a/tasks/read_wireguard_config.yml b/tasks/read_wireguard_config.yml
@@ -4,7 +4,7 @@
     path: "{{ wg_config_file }}"
   register: wg_config_file_info
 - name: Read existing WireGuard config into variable
-  #checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition
+  # checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition
   when: wg_config_file_info.stat.exists
   block:
     - name: Read WireGuard config file

diff --git a/tasks/webdav.yml b/tasks/webdav.yml
@@ -80,7 +80,7 @@
     state: mounted
     fstype: fuse.bindfs
 - name: Set up SELinux rules for WebDAV
-  #checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition and the tags
+  # checkov:skip=CKV2_ANSIBLE_3: Block is only used for the when condition and the tags
   tags: wireguard
   when: getenforce.stdout != 'Disabled'
   block: