Refactoring sonarqube issues

.github/workflows/cd-baremtal.yaml

@@ -41,7 +41,8 @@ jobs:
         name: Produce BYOE package
         run: |
           pip3 install poetry
-          poetry export   --without-hashes >package/etc/requirements.txt
+          poetry self add poetry-plugin-export
+          poetry export --without-hashes >package/etc/requirements.txt
           tar rvf /tmp/baremetal.tar -C package/etc .
           tar rvf /tmp/baremetal.tar -C . pyproject.toml
           tar rvf /tmp/baremetal.tar -C . poetry.lock

.github/workflows/ci-lite.yaml

@@ -62,7 +62,7 @@ jobs:
         with:
           semantic_version: 18
           extra_plugins: |
-            @semantic-release/exec
+            @semantic-release/exec@v6.0.3
             @semantic-release/git
             semantic-release-helm
             @google/[email protected]
@@ -86,7 +86,7 @@ jobs:
             type=ref,event=tag
       - name: matrix
         id: matrix
-        uses: splunk/addonfactory-test-matrix-action@v2.1.9
+        uses: splunk/addonfactory-test-matrix-action@v3.0.0
 
   security-fossa-scan:
     continue-on-error: true
@@ -430,7 +430,7 @@ jobs:
         with:
           semantic_version: 18
           extra_plugins: |
-            @semantic-release/exec
+            @semantic-release/exec@v6.0.3
             @semantic-release/git
             semantic-release-helm
             @google/[email protected]

.github/workflows/ci-main.yaml

@@ -62,14 +62,15 @@ jobs:
         with:
           semantic_version: 18
           extra_plugins: |
-            @semantic-release/exec
+            @semantic-release/exec@v6.0.3
             @semantic-release/git
             semantic-release-helm
             @google/[email protected]
             [email protected]
           dry_run: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          RUNNER_DEBUG: 1
       - name: Docker meta
         id: docker_action_meta
         uses: docker/metadata-action@v5
@@ -86,7 +87,7 @@ jobs:
             type=ref,event=tag
       - name: matrix
         id: matrix
-        uses: splunk/addonfactory-test-matrix-action@v2.1.9
+        uses: splunk/addonfactory-test-matrix-action@v3.0.0
 
   security-fossa-scan:
     continue-on-error: true
@@ -456,7 +457,7 @@ jobs:
         with:
           semantic_version: 18
           extra_plugins: |
-            @semantic-release/exec
+            @semantic-release/exec@v6.0.3
             @semantic-release/git
             semantic-release-helm
             @google/[email protected]

ansible/Dockerfile

@@ -1,16 +1,17 @@
 # install requirements in venv
 FROM python:3.10 AS venv_builder
-RUN pip install ansible~=6.1.0 --no-cache-dir
-RUN pip install pywinrm>=0.4.2 --no-cache-dir
-RUN pip install ansible-lint>=6.0.0 --no-cache-dir
+RUN pip install ansible~=6.1.0 --no-cache-dir \
+    && pip install pywinrm>=0.4.2 --no-cache-dir \
+    && pip install ansible-lint>=6.0.0 --no-cache-dir
 
 WORKDIR /opt
 COPY ./ansible .
 COPY ./charts .
 
-RUN apt-get update -y
-RUN apt-get install parallel -y
-RUN apt-get install sshpass
+RUN apt update -y \
+    && apt install --no-install-recommends -y build-essential parallel \
+    && apt install --no-install-recommends -y sshpass \
+    && apt clean
 
 ENV ANSIBLE_CONFIG /opt/ansible.cfg
 ENV ANSIBLE_HOST_KEY_CHECKING False

ansible/app/docker-compose.yml

@@ -1,3 +1,4 @@
+---
 version: "3.7"
 services:
   sc4s:
@@ -7,18 +8,18 @@ services:
         condition: on-failure
     image: ghcr.io/splunk/splunk-connect-for-syslog/container3:latest
     ports:
-       - target: 514
-         published: 514
-         protocol: tcp
-       - target: 514
-         published: 514
-         protocol: udp
-       - target: 601
-         published: 601
-         protocol: tcp
-       - target: 6514
-         published: 6514
-         protocol: tcp
+      - target: 514
+        published: 514
+        protocol: tcp
+      - target: 514
+        published: 514
+        protocol: udp
+      - target: 601
+        published: 601
+        protocol: tcp
+      - target: 6514
+        published: 6514
+        protocol: tcp
     env_file:
       - /opt/sc4s/env_file
     volumes:
@@ -30,4 +31,4 @@ services:
 #     - /opt/sc4s/tls:/etc/syslog-ng/tls:z
 
 volumes:
-  splunk-sc4s-var:
+  splunk-sc4s-var:

ansible/docker-compose.yml

@@ -3,9 +3,9 @@
 ## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
 ##
 ##
+---
 version: "3.7"
 services:
-
   ansible_sc4s:
     build:
       context: ../

ansible/inventory/inventory.yaml

@@ -1,7 +1,8 @@
+---
 all:
   hosts:
   children:
     node:
       hosts:
         node_1:
-          ansible_host:
+          ansible_host:

ansible/inventory/inventory_microk8s.yaml

@@ -1,3 +1,4 @@
+---
 all:
   hosts:
   children:

ansible/inventory/inventory_microk8s_ha.yaml

@@ -1,3 +1,4 @@
+---
 all:
   hosts:
   children:

ansible/inventory/inventory_swarm.yaml

@@ -1,3 +1,4 @@
+---
 all:
   hosts:
   children:

ansible/playbooks/docker.yml

@@ -1,6 +1,6 @@
 ---
 - hosts: node_1
-  become: yes
+  become: true
   vars:
     iface: "{{ swarm_iface | default('eth0') }}"
   tasks:

ansible/playbooks/docker_swarm.yml

@@ -1,6 +1,6 @@
 ---
 - hosts: manager[0]
-  become: yes
+  become: true
   vars:
     iface: "{{ swarm_iface | default('eth0') }}"
   tasks:
@@ -10,7 +10,7 @@
     - include_tasks: ../tasks/docker_swarm/create_swarm.yml
 
 - hosts: manager, !manager[0]
-  become: yes
+  become: true
   vars:
     iface: "{{ swarm_iface | default('eth0') }}"
   tasks:
@@ -20,14 +20,14 @@
     - include_tasks: ../tasks/docker_swarm/join_managers.yml
 
 - hosts: worker
-  become: yes
+  become: true
   tasks:
     - name: Docker installation role
       include_role:
         name: install_docker
     - include_tasks: ../tasks/docker_swarm/join_workers.yml
 
 - hosts: manager[0]
-  become: yes
+  become: true
   tasks:
     - include_tasks: ../tasks/docker_swarm/deploy_stack.yml

ansible/playbooks/microk8s.yml

@@ -1,9 +1,10 @@
 ---
 - hosts: node_1
-  become: yes
+  become: true
   vars:
     microk8s_plugins:
-    # Do not provide here metallb here as the installation process is different to standard plugins
+      # Do not provide here metallb here as the installation process
+      # is different to standard plugins
       helm3: true
       dns: true
       community: true

ansible/playbooks/microk8s_ha.yml

@@ -1,9 +1,10 @@
 ---
 - hosts: manager
-  become: yes
+  become: true
   vars:
     microk8s_plugins:
-      # Do not provide here metallb here as the installation process is different to standard plugins
+      # Do not provide here metallb here as the installation process
+      # is different to standard plugins
       helm3: true
       dns: true
       community: true
@@ -19,10 +20,11 @@
     - include_tasks: ../tasks/mk8s/update_etc_hosts.yml
 
 - hosts: workers
-  become: yes
+  become: true
   vars:
     microk8s_plugins:
-      # Do not provide here metallb here as the installation process is different to standard plugins
+      # Do not provide here metallb here as the installation process
+      # is different to standard plugins
       helm3: true
       dns: true
       community: true

ansible/playbooks/podman.yml

@@ -1,6 +1,6 @@
 ---
 - hosts: node_1
-  become: yes
+  become: true
   tasks:
     - name: Podman installation role
       include_role:

ansible/roles/install_docker/tasks/install_docker_debian.yml

@@ -1,7 +1,7 @@
 ---
 - name: Ensure dependencies are installed
   apt:
-    update-cache: yes
+    update-cache: true
     name:
       - ca-certificates
       - curl

ansible/roles/install_docker/tasks/install_docker_rhel.yml

@@ -13,9 +13,10 @@
 - name: Add Docker Repository (RedHat, centOS)
   shell: |
     dnf install -y yum-utils
-    yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+    yum-config-manager --add-repo
+    https://download.docker.com/linux/centos/docker-ce.repo
   args:
-    warn: no
+    warn: false
 
 - name: Install docker-ce (RedHat, CentOS)
   yum:

ansible/tasks/docker/deploy_app.yml

@@ -3,7 +3,7 @@
   file:
     path: "{{ item }}"
     state: directory
-    mode: 0755
+    mode: 0750
   loop:
     - /opt/sc4s
     - /opt/sc4s/tls
@@ -16,15 +16,15 @@
     dest: "/lib/systemd/system/sc4s.service"
     owner: "{{ ansible_user }}"
     group: "{{ ansible_user }}"
-    mode: u=rw,g=rw,o=r
+    mode: u=rw,g=rw
 
 - name: Copying env_file file on the server
   copy:
     src: "/opt/ansible/resources/env_file"
     dest: "/opt/sc4s/env_file"
     owner: "{{ ansible_user }}"
     group: "{{ ansible_user }}"
-    mode: u=rw,g=rw,o=r
+    mode: u=rw,g=rw
 
 - name: Create a volume
   docker_volume:
@@ -33,7 +33,6 @@
 - name: Enable sc4s service
   ansible.builtin.systemd:
     name: sc4s
-    enabled: yes
-    daemon_reload: yes
+    enabled: true
+    daemon_reload: true
     state: started
-

ansible/tasks/docker_swarm/create_swarm.yml

@@ -30,4 +30,4 @@
 
     - name: "set fact: join_token_worker"
       set_fact:
-        join_token_worker: "{{ join_token_worker_command['stdout'] }}"
+        join_token_worker: "{{ join_token_worker_command['stdout'] }}"

ansible/tasks/docker_swarm/deploy_stack.yml

@@ -5,13 +5,13 @@
     dest: "/home/{{ ansible_user }}/docker-compose.yml"
     owner: "{{ ansible_user }}"
     group: "{{ ansible_user }}"
-    mode: u=rw,g=rw,o=r
+    mode: u=rw,g=rw
 
 - name: Create sc4s dependency directories
   file:
     path: "{{ item }}"
     state: directory
-    mode: 0755
+    mode: 0750
   loop:
     - /opt/sc4s
     - /opt/sc4s/tls
@@ -24,7 +24,7 @@
     dest: "/opt/sc4s/env_file"
     owner: "{{ ansible_user }}"
     group: "{{ ansible_user }}"
-    mode: u=rw,g=rw,o=r
+    mode: u=rw,g=rw
 
 - name: Create a volume
   docker_volume:
@@ -36,4 +36,3 @@
     name: SC4S
     compose:
       - "/home/{{ ansible_user }}/docker-compose.yml"
-

ansible/tasks/docker_swarm/join_managers.yml

@@ -7,7 +7,8 @@
 
 - name: v2
   add_host:
-    hostname: "{{ groups['manager'] | map('extract', hostvars, ['ansible_host']) | join(':2377,') }}:2377"
+    hostname: "{{ groups['manager'] |
+      map('extract', hostvars, ['ansible_host']) | join(':2377,') }}:2377"
     groups: main_nodes_ips_with_port
   with_items: "{{ ansible_play_hosts | default(play_hosts) }}"
 
@@ -17,4 +18,4 @@
     state: join
     timeout: 60
     join_token: "{{ hostvars[first_swarm_manager_host].join_token_manager }}"
-    remote_addrs:  "{{ groups['main_nodes_ips_with_port'][0] }}:2377"
+    remote_addrs: "{{ groups['main_nodes_ips_with_port'][0] }}:2377"

ansible/tasks/docker_swarm/join_workers.yml

@@ -5,7 +5,8 @@
 
 - name: v2
   add_host:
-    hostname: "{{ groups['manager'] | map('extract', hostvars, ['ansible_host']) | join(':3000,') }}:3000"
+    hostname: "{{ groups['manager'] | map('extract', hostvars,
+      ['ansible_host']) | join(':3000,') }}:3000"
     groups: main_nodes_ips_with_port
   with_items: "{{ ansible_play_hosts | default(play_hosts) }}"
 
@@ -14,4 +15,4 @@
     state: join
     timeout: 60
     join_token: "{{ hostvars[first_swarm_manager_host].join_token_worker }}"
-    remote_addrs:  "{{ groups['main_nodes_ips_with_port'][0] }}:2377"
+    remote_addrs: "{{ groups['main_nodes_ips_with_port'][0] }}:2377"