Improve linting and cleanup

requirements.yml

@@ -1,4 +1,4 @@
 ---
 collections:
-  - name: community.general
-    source: https://galaxy.ansible.com
+  - name: 'community.general'
+    version: ">=7.5.0,<=8.0.0"

tasks/backup.yml

@@ -11,20 +11,18 @@
     - name: Stopping gitea before upgrade
       become: true
       ansible.builtin.systemd:
-        name: gitea
-        state: stopped
+        name: 'gitea.service'
+        state: 'stopped'
       when: ansible_service_mgr == "systemd"
 
     - name: "Create backup directory"
       become: true
       ansible.builtin.file:
-        path: "{{ item }}"
-        state: directory
+        path: "{{ gitea_backup_location }}"
+        state: 'directory'
         owner: "{{ gitea_user }}"
         group: "{{ gitea_group }}"
         mode: 'u=rwx,g=rx,o='
-      with_items:
-        - "{{ gitea_backup_location }}"
 
     - name: Backing up gitea before upgrade
       become: true
@@ -36,10 +34,10 @@
     - name: Starting gitea because backup failed
       become: true
       ansible.builtin.systemd:
-        name: gitea
-        state: stopped
+        name: 'gitea.service'
+        state: 'started'
       when: ansible_service_mgr == "systemd"
 
-    - name: Print updateing error
-      ansible.builtin.debug:
+    - name: Print updateing error and cancel
+      ansible.builtin.fail:
         msg: "failed to backup gitea"

tasks/customize_footer.yml

@@ -7,7 +7,7 @@
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
     mode: 'u=rwX,g=rX,o='
-  with_items:
+  loop:
     - "{{ gitea_custom }}/templates"
     - "{{ gitea_custom }}/templates/custom"
 
@@ -19,6 +19,6 @@
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
     mode: '0644'
-  ignore_errors: true
+  failed_when: false
   tags: skip_ansible_lint
   notify: "Restart gitea"

tasks/customize_logo.yml

@@ -7,7 +7,7 @@
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
     mode: 'u=rwX,g=rX,o='
-  with_items:
+  loop:
     - "{{ gitea_custom }}/public"
     - "{{ gitea_custom }}/public/img"
 
@@ -20,7 +20,7 @@
     group: "{{ gitea_group }}"
     mode: '0644'
   tags: skip_ansible_lint
-  ignore_errors: true
+  failed_when: false
 
 - name: Transfer custom logo.png
   become: true
@@ -31,7 +31,7 @@
     group: "{{ gitea_group }}"
     mode: '0644'
   tags: skip_ansible_lint
-  ignore_errors: true
+  failed_when: false
 
 - name: Transfer custom favicon.png
   become: true
@@ -42,7 +42,7 @@
     group: "{{ gitea_group }}"
     mode: '0644'
   tags: skip_ansible_lint
-  ignore_errors: true
+  failed_when: false
 
 - name: Transfer custom apple-touch-icon.png
   become: true
@@ -53,4 +53,4 @@
     group: "{{ gitea_group }}"
     mode: '0644'
   tags: skip_ansible_lint
-  ignore_errors: true
+  failed_when: false

tasks/customize_public_files.yml

@@ -7,7 +7,7 @@
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
     mode: 'u=rwX,g=rX,o='
-  with_items:
+  loop:
     - "{{ gitea_custom }}/public"
 
 - name: Transfer custom public web data
@@ -19,6 +19,6 @@
     group: "{{ gitea_group }}"
     directory_mode: true
     mode: 'u=rwX,g=rX,o='
-  ignore_errors: true
+  failed_when: false
   tags: skip_ansible_lint
   notify: "Restart gitea"

tasks/directory.yml

@@ -7,7 +7,7 @@
     owner: "{{ gitea_user }}"
     group: "{{ gitea_group }}"
     mode: 'u=rwX,g=rX,o='
-  with_items:
+  loop:
     - "{{ gitea_configuration_path }}"
     - "{{ gitea_user_home }}"
     - "{{ gitea_home }}"

tasks/fail2ban.yml

@@ -25,5 +25,5 @@
   ansible.builtin.fail:
     msg: "the package fail2ban is not installed. no fail2ban filters deployed."
   when: "'fail2ban' not in ansible_facts.packages"
-  ignore_errors: true
+  failed_when: false
   tags: skip_ansible_lint_ignore-errors

tasks/install_forgejo.yml

@@ -54,7 +54,7 @@
       become: false
       failed_when: _gitea_gpg_key_status.rc not in (0, 2)
 
-    - name: Print gpg key status on verbosity
+    - name: Print gpg key status on verbosity  # noqa: H500
       ansible.builtin.debug:
         msg: "{{ _gitea_gpg_key_status.stdout }}"
         verbosity: 1

tasks/install_gitea.yml

@@ -53,7 +53,7 @@
       changed_when: false
       failed_when: _gitea_gpg_key_status.rc not in (0, 2)
 
-    - name: Print gpg key status on verbosity
+    - name: Print gpg key status on verbosity  # noqa: H500
       ansible.builtin.debug:
         msg: "{{ _gitea_gpg_key_status.stdout }}"
         verbosity: 1

tasks/main.yml

@@ -1,65 +1,81 @@
 ---
 - name: Perform optional versionscheck
-  ansible.builtin.include_tasks: versioncheck.yml
+  ansible.builtin.include_tasks:
+    file: 'versioncheck.yml'
   when: submodules_versioncheck|bool
 
 - name: Gather installed packages for checks later on
   ansible.builtin.package_facts:
-    manager: auto
+    manager: 'auto'
 
 - name: Prepare gitea/forgejo variable import
   block:
     - name: Gather variables for gitea or forgejo
-      ansible.builtin.include_vars: "{{ lookup('first_found', gitea_fork_variables) }}"
+      ansible.builtin.include_vars:
+        file: "{{ lookup('first_found', gitea_fork_variables) }}"
   rescue:
     - name: Gitea/Forejo import info
       ansible.builtin.fail:
         msg: "Currently only {{ gitea_supported_forks }} are supported."
 
 - name: Gather variables for each operating system
-  ansible.builtin.include_vars: "{{ lookup('first_found', gitea_variables) }}"
+  ansible.builtin.include_vars:
+    file: "{{ lookup('first_found', gitea_variables) }}"
 
 - name: Gather versioning information
-  ansible.builtin.include_tasks: "set_{{ gitea_fork | lower }}_version.yml"
+  ansible.builtin.include_tasks:
+    file: "set_{{ gitea_fork | lower }}_version.yml"
 
 - name: Backup gitea before update
-  ansible.builtin.include_tasks: backup.yml
+  ansible.builtin.include_tasks:
+    file: 'backup.yml'
   when: gitea_backup_on_upgrade|bool
 
 - name: Create gitea user and role
-  ansible.builtin.include_tasks: create_user.yml
+  ansible.builtin.include_tasks:
+    file: 'create_user.yml'
 
 - name: "Install or update {{ gitea_fork }}"
-  ansible.builtin.include_tasks: "install_{{ gitea_fork | lower }}.yml"
+  ansible.builtin.include_tasks:
+    file: "install_{{ gitea_fork | lower }}.yml"
 
 - name: Create directories
-  ansible.builtin.include_tasks: directory.yml
+  ansible.builtin.include_tasks:
+    file: 'directory.yml'
 
 - name: Setup gitea systemd service
-  ansible.builtin.include_tasks: install_systemd.yml
+  ansible.builtin.include_tasks:
+    file: 'install_systemd.yml'
   when: ansible_service_mgr == "systemd"
 
 - name: Generate JWT Secrets if undefined
-  ansible.builtin.include_tasks: jwt_secrets.yml
+  ansible.builtin.include_tasks:
+    file: 'jwt_secrets.yml'
 
 - name: Generate gitea secrets if undefined
-  ansible.builtin.include_tasks: gitea_secrets.yml
+  ansible.builtin.include_tasks:
+    file: 'gitea_secrets.yml'
 
 - name: Configure gitea
-  ansible.builtin.include_tasks: configure.yml
+  ansible.builtin.include_tasks:
+    file: 'configure.yml'
 
 - name: Deploy optional fail2ban rules
-  ansible.builtin.include_tasks: fail2ban.yml
-  when: gitea_fail2ban_enabled|bool
+  ansible.builtin.include_tasks:
+    file: 'fail2ban.yml'
+  when: gitea_fail2ban_enabled | bool
 
 - name: Optionally customize gitea
-  ansible.builtin.include_tasks: customize_logo.yml
-  when: gitea_customize_logo|bool
+  ansible.builtin.include_tasks:
+    file: 'customize_logo.yml'
+  when: gitea_customize_logo | bool
 
 - name: Optionally customize footer
-  ansible.builtin.include_tasks: customize_footer.yml
-  when: gitea_customize_footer|bool
+  ansible.builtin.include_tasks:
+    file: 'customize_footer.yml'
+  when: gitea_customize_footer | bool
 
 - name: Optionally deploy public files
-  ansible.builtin.include_tasks: customize_public_files.yml
-  when: gitea_customize_files|bool
+  ansible.builtin.include_tasks:
+    file: 'customize_public_files.yml'
+  when: gitea_customize_files | bool

tasks/set_forgejo_version.yml

@@ -2,7 +2,7 @@
 - name: "Check forgejo installed version"
   ansible.builtin.shell: "set -eo pipefail; {{ gitea_full_executable_path }} -v | cut -d' ' -f 3"
   args:
-    executable: /bin/bash
+    executable: '/bin/bash'
   register: gitea_active_version
   changed_when: false
   failed_when: false
@@ -97,11 +97,11 @@
     gitea_forgejo_signed_url: ['https://codeberg.org/attachments/ae5e50c6-e86e-4202-b95f-f142e8138e2f']
   when: ansible_check_mode
 
-- name: Show Download URLs
+- name: Show Download URLs  # noqa: H500
   ansible.builtin.debug:
     msg: "{{ item }}"
     verbosity: 1
-  with_items:
+  loop:
     - "gitea_forgejo_dl_url: {{ gitea_forgejo_dl_url | first }}"
     - "gitea_forgejo_checksum: {{ gitea_forgejo_checksum }}"
     - "gitea_forgejo_signed_url: {{ gitea_forgejo_signed_url | first }}"

tasks/versioncheck.yml

@@ -7,7 +7,7 @@
   ansible.builtin.file:
     path: '/etc/.ansible-version'
     state: directory
-    mode: 0755
+    mode: '0755'
   when: submodules_versioncheck | bool
 
 - name: Check playbook version
@@ -16,15 +16,14 @@
     src: "/etc/.ansible-version/{{ playbook_version_path }}"
   register: playbook_version
   when: submodules_versioncheck | bool
-  ignore_errors: true
   failed_when: false
 
-- name: Print remote role version
+- name: Print remote role version  # noqa: H500
   ansible.builtin.debug:
     msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
   when: submodules_versioncheck | bool
 
-- name: Print locale role version
+- name: Print locale role version  # noqa: H500
   ansible.builtin.debug:
     msg: "Local role version: '{{ playbook_version_number | string }}'."
   when: submodules_versioncheck | bool