updated requirements file used by linter

.ansible-lint

@@ -1,16 +1,10 @@
 ---
 profile: production
-offline: true
+offline: false
 
 skip_list:
   - "galaxy[no-changelog]"
 
-warn_list:
-  # seems to be a bug, see https://github.com/ansible/ansible-lint/issues/4172
-  - "fqcn[canonical]"
-  # @matferna: really not sure why lint thinks it can't find jmespath, it is installed and functional
-  - "jinja[invalid]"
-
 exclude_paths:
   # would be better to move the roles here to the top-level roles directory
   - collections/ansible_collections/demo/compliance/roles/

.github/workflows/README.md

@@ -1,25 +0,0 @@
-# GitHub Actions
-## Background
-We want to make attempts to run our integration tests in the same manner wether using GitHub actions or on a developers's machine locally. For this reason, the tests are curated to run using conatiner images. As of this writing, two images exist which we would like to test against:
-  - quay.io/ansible-product-demos/apd-ee-24:latest
-  - quay.io/ansible-product-demos/apd-ee-25:latest
-
-These images are built given the structure defined in their respective EE [definitions][../execution_environments]. Because they differ (mainly due to their python versions), each gets some special handling.
-
-## Troubleshooting GitHub Actions
-
-### Interactive
-It is likely the most straight-forward approach to interactively debug issues. The following podman command can be run from the project root directory to replicate the GitHub action:
-```
-podman run \
-           --user root  \
-           -v $(pwd):/runner:Z \
-           -it \
-           <image> \
-           /bin/bash
-```
-`<image>` is one of `quay.io/ansible-product-demos/apd-ee-25:latest`, `quay.io/ansible-product-demos/apd-ee-24:latest`
-It is not exact because GitHub seems to run closer to a sidecar container paradigm, and uses docker instead of podman, but hopefully it's close enough.
-
-For the 24 EE, the python interpreriter verions is set for our pre-commit script like so: `USE_PYTHON=python3.9 ./.github/workflows/run-pc.sh`
-The 25 EE is similary run but without the need for this variable: `./.github/workflows/run-pc.sh`

.github/workflows/pre-commit.yml

@@ -4,23 +4,17 @@ on:
  - push
  - pull_request_target
 
-jobs:
-  pre-commit-25:
-    container:
-      image: quay.io/ansible-product-demos/apd-ee-25
-      options: --user root
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - run: ./.github/workflows/run-pc.sh
-      shell: bash
-  pre-commit-24:
-    container:
-      image: quay.io/ansible-product-demos/apd-ee-24
-      options: --user root
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - run: USE_PYTHON=python3.9 ./.github/workflows/run-pc.sh
-      shell: bash
+env:
+  ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_CERTIFIED_TOKEN }}
+  ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN: ${{ secrets.ANSIBLE_GALAXY_SERVER_VALIDATED_TOKEN }}
 
+jobs:
+  pre-commit:
+    name: pre-commit
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-python@v5
+    - uses: pre-commit/action@v3.0.1
+
+...

.github/workflows/run-pc.sh

@@ -1,24 +0,0 @@
-#!/bin/bash -x
-
-dnf install git-lfs -y
-
-PYTHON_VARIANT="${USE_PYTHON:-python3.11}"
-PATH="$PATH:$HOME/.local/bin"
-
-# intsall pip
-eval "${PYTHON_VARIANT} -m pip install --user --upgrade pip"
-
-# try to fix 2.4 incompatibility 
-eval "${PYTHON_VARIANT} -m pip install --user --upgrade setuptools wheel twine check-wheel-contents"
-
-# intsall pre-commit
-eval "${PYTHON_VARIANT} -m pip install --user pre-commit"
-
-# view pip packages
-eval "${PYTHON_VARIANT} -m pip freeze --local"
-
-# fix permissions on directory
-git config --global --add safe.directory $(pwd)
-
-# run pre-commit
-pre-commit run --config $(pwd)/.pre-commit-gh.yml --show-diff-on-failure --color=always 

.pre-commit-config.yaml

@@ -14,12 +14,13 @@ repos:
       - id: check-json
       - id: check-symlinks
 
-  - repo: local
+  - repo: https://github.com/ansible/ansible-lint.git
+    # get latest release tag from https://github.com/ansible/ansible-lint/releases/
+    rev: v6.20.3
     hooks:
       - id: ansible-lint
-        name: ansible-navigator lint --eei quay.io/ansible-product-demos/apd-ee-25:latest --mode stdout
-        language: python
-        entry: bash -c "ansible-navigator lint --eei quay.io/ansible-product-demos/apd-ee-25 -v --force-color --mode stdout"
+        additional_dependencies:
+          - jmespath
 
   - repo: https://github.com/psf/black-pre-commit-mirror
     rev: 23.11.0

.pre-commit-gh.yml

@@ -1,30 +0,0 @@
----
-repos:
-  - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.4.0
-    hooks:
-      - id: trailing-whitespace
-        exclude: rhel[89]STIG/.*$
-
-      - id: check-yaml
-        exclude: \.j2.(yaml|yml)$|\.(yaml|yml).j2$
-        args: [--unsafe]   # see https://github.com/pre-commit/pre-commit-hooks/issues/273
-
-      - id: check-toml
-      - id: check-json
-      - id: check-symlinks
-
-  - repo: https://github.com/ansible/ansible-lint.git
-    # get latest release tag from https://github.com/ansible/ansible-lint/releases/
-    rev: v6.20.3
-    hooks:
-      - id: ansible-lint
-        additional_dependencies:
-          - jmespath
-
-  - repo: https://github.com/psf/black-pre-commit-mirror
-    rev: 23.11.0
-    hooks:
-      - id: black
-        exclude: rhel[89]STIG/.*$
-...

ansible.cfg

@@ -1,5 +1,5 @@
 [defaults]
-collections_path=./collections:/usr/share/ansible/collections
+collections_path=./collections
 roles_path=./roles
 
 [galaxy]

roles/requirements.yml

@@ -2,65 +2,45 @@
 roles:
   # RHEL 7 compliance roles from ComplianceAsCode
   - name: redhatofficial.rhel7-cis
-    src: https://github.com/RedHatOfficial/ansible-role-rhel7-cis
     version: 0.1.72
   - name: redhatofficial.rhel7-cjis
-    src: https://github.com/RedHatOfficial/ansible-role-rhel7-cjis
     version: 0.1.72
   - name: redhatofficial.rhel7-cui
-    src: https://github.com/RedHatOfficial/ansible-role-rhel7-cui
     version: 0.1.72
   - name: redhatofficial.rhel7-hipaa
-    src: https://github.com/RedHatOfficial/ansible-role-rhel7-hipaa
     version: 0.1.72
   - name: redhatofficial.rhel7-ospp
-    src: https://github.com/RedHatOfficial/ansible-role-rhel7-ospp
     version: 0.1.72
   - name: redhatofficial.rhel7-pci-dss
-    src: https://github.com/RedHatOfficial/ansible-role-rhel7-pci-dss
     version: 0.1.72
   - name: redhatofficial.rhel7-stig
-    src: https://github.com/RedHatOfficial/ansible-role-rhel7-stig
     version: 0.1.72
   # RHEL 8 compliance roles from ComplianceAsCode
   - name: redhatofficial.rhel8-cis
-    src: https://github.com/RedHatOfficial/ansible-role-rhel8-cis
     version: 0.1.72
   - name: redhatofficial.rhel8-cjis
-    src: https://github.com/RedHatOfficial/ansible-role-rhel8-cjis
     version: 0.1.72
   - name: redhatofficial.rhel8-cui
-    src: https://github.com/RedHatOfficial/ansible-role-rhel8-cui
     version: 0.1.72
   - name: redhatofficial.rhel8-hipaa
-    src: https://github.com/RedHatOfficial/ansible-role-rhel8-hipaa
     version: 0.1.72
   - name: redhatofficial.rhel8-ospp
-    src: https://github.com/RedHatOfficial/ansible-role-rhel8-ospp
     version: 0.1.72
   - name: redhatofficial.rhel8-pci-dss
-    src: https://github.com/RedHatOfficial/ansible-role-rhel8-pci-dss
     version: 0.1.72
   - name: redhatofficial.rhel8-stig
-    src: https://github.com/RedHatOfficial/ansible-role-rhel8-stig
     version: 0.1.72
   # RHEL 9 compliance roles from ComplianceAsCode
   - name: redhatofficial.rhel9-cis
-    src: https://github.com/RedHatOfficial/ansible-role-rhel9-cis
     version: 0.1.72
   - name: redhatofficial.rhel9-cui
-    src: https://github.com/RedHatOfficial/ansible-role-rhel9-cui
     version: 0.1.72
   - name: redhatofficial.rhel9-hipaa
-    src: https://github.com/RedHatOfficial/ansible-role-rhel9-hipaa
     version: 0.1.72
   - name: redhatofficial.rhel9-ospp
-    src: https://github.com/RedHatOfficial/ansible-role-rhel9-ospp
     version: 0.1.72
   - name: redhatofficial.rhel9-pci-dss
-    src: https://github.com/RedHatOfficial/ansible-role-rhel9-pci-dss
     version: 0.1.72
   - name: redhatofficial.rhel9-stig
-    src: https://github.com/RedHatOfficial/ansible-role-rhel9-stig
     version: 0.1.72
 ...

windows/helpdesk_new_user_portal.yml

@@ -10,7 +10,7 @@
         # Example result: ['&Qw2|E[-']
 
     - name: Create new user
-      microsoft.ad.user:
+      community.windows.win_domain_user:
         name: "{{ firstname }} {{ surname }}"
         firstname: "{{ firstname }}"
         surname: "{{ surname }}"

windows/join_ad_domain.yml

@@ -16,7 +16,7 @@
     - name: Ensure Demo OU exists
       run_once: true
       delegate_to: "{{ domain_controller }}"
-      microsoft.ad.ou:
+      community.windows.win_domain_ou:
         name: Demo
         state: present
 
@@ -26,7 +26,7 @@
 
     - name: Join ansible.local domain
       register: r_domain_membership
-      microsoft.ad.membership:
+      ansible.windows.win_domain_membership:
         dns_domain_name: ansible.local
         hostname: "{{ inventory_hostname.split('.')[0] }}"
         domain_admin_user: "{{ ansible_user }}@ansible.local"