feat: add ansible lint, update taskfiles, and makejinja to not strip trailing newlines

.github/tests/config-k0s.yaml

@@ -1,4 +1,3 @@
-# Test: k0s
 ---
 ci_test: true
 

.github/workflows/e2e.yaml

@@ -112,13 +112,10 @@ jobs:
         shell: bash
         run: task configure --yes
 
-      - name: Run configure again to ensure idempotency
-        shell: bash
-        run: task configure --yes
-
-      - name: Run kubeconform
+      - name: Run Ansible lint
+        if: ${{ steps.config-env.outputs.distribution == 'k3s' || steps.config-env.outputs.distribution == 'k0s' }}
         shell: bash
-        run: ./.github/scripts/kubeconform.sh ./kubernetes
+        run: task ansible:lint
 
       - name: List Hosts with Ansible
         if: ${{ steps.config-env.outputs.distribution == 'k3s' || steps.config-env.outputs.distribution == 'k0s' }}

.taskfiles/Ansible/Taskfile.yaml

@@ -4,7 +4,10 @@ version: "3"
 
 vars:
   PYTHON_BIN: python3
+  ANSIBLE_LINT_FILE: "{{.ANSIBLE_DIR}}/.ansible-lint"
   ANSIBLE_INVENTORY_FILE: "{{.ANSIBLE_DIR}}/inventory/hosts.yaml"
+  ANSIBLE_REQUIREMENTS_FILE: "{{.ROOT_DIR}}/requirements.yaml"
+  PIP_REQUIREMENTS_FILE: "{{.ROOT_DIR}}/requirements.txt"
 
 env:
   PATH: "{{.ROOT_DIR}}/.venv/bin:$PATH"
@@ -31,66 +34,66 @@ tasks:
         playbook: Playbook to run (required)
     prompt: Run Ansible playbook '{{.playbook}}'... continue?
     deps: ["deps"]
-    cmd: |
-      .venv/bin/ansible-playbook --inventory {{.ANSIBLE_INVENTORY_FILE}} \
-          {{.ANSIBLE_DIR}}/playbooks/{{.playbook}}.yaml {{.CLI_ARGS}}
+    cmd: .venv/bin/ansible-playbook --inventory {{.ANSIBLE_INVENTORY_FILE}} {{.ANSIBLE_DIR}}/playbooks/{{.playbook}}.yaml {{.CLI_ARGS}}
     preconditions:
-      - { msg: "Argument (playbook) is required", sh: "test -n {{.playbook}}" }
-      - { msg: "Venv not found",                  sh: "test -d {{.ROOT_DIR}}/.venv" }
-      - { msg: "Inventory not found",             sh: "test -f {{.ANSIBLE_INVENTORY_FILE}}" }
-      - { msg: "Playbook not found",              sh: "test -f {{.ANSIBLE_DIR}}/playbooks/{{.playbook}}.yaml" }
+      - sh: test -n {{.playbook}}
+      - sh: test -d {{.ROOT_DIR}}/.venv
+      - sh: test -f {{.ANSIBLE_INVENTORY_FILE}}
+      - sh: test -f {{.ANSIBLE_DIR}}/playbooks/{{.playbook}}.yaml
 
   poweroff:
     desc: Shutdown all the k8s nodes
     deps: ["deps"]
-    cmd: |
-      .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} \
-          -a '/usr/bin/systemctl poweroff' --become
+    cmd: .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} -a '/usr/bin/systemctl poweroff' --become
     preconditions:
-      - { msg: "Venv not found",      sh: "test -d {{.ROOT_DIR}}/.venv" }
-      - { msg: "Inventory not found", sh: "test -f {{.ANSIBLE_INVENTORY_FILE}}" }
+      - sh: test -d {{.ROOT_DIR}}/.venv
+      - sh: test -f {{.ANSIBLE_INVENTORY_FILE}}
 
   list:
     desc: List all the hosts
     deps: ["deps"]
-    cmd: |
-      .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} \
-          --list-hosts
+    cmd: .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} --list-hosts
     preconditions:
-      - { msg: "Venv not found",      sh: "test -d {{.ROOT_DIR}}/.venv" }
-      - { msg: "Inventory not found", sh: "test -f {{.ANSIBLE_INVENTORY_FILE}}" }
+      - sh: test -d {{.ROOT_DIR}}/.venv
+      - sh: test -f {{.ANSIBLE_INVENTORY_FILE}}
 
   ping:
     desc: Ping all the hosts
     deps: ["deps"]
-    cmd: |
-      .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} \
-          --one-line -m 'ping'
+    cmd: .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} --one-line -m 'ping'
     preconditions:
-      - { msg: "Venv not found",      sh: "test -d {{.ROOT_DIR}}/.venv" }
-      - { msg: "Inventory not found", sh: "test -f {{.ANSIBLE_INVENTORY_FILE}}" }
+      - sh: test -d {{.ROOT_DIR}}/.venv
+      - sh: test -f {{.ANSIBLE_INVENTORY_FILE}}
 
   uptime:
     desc: Uptime of all the hosts
     deps: ["deps"]
-    cmd: |
-      .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} \
-          --one-line -a 'uptime'
+    cmd: .venv/bin/ansible kubernetes --inventory {{.ANSIBLE_INVENTORY_FILE}} --one-line -a 'uptime'
     preconditions:
-      - { msg: "Venv not found",      sh: "test -d {{.ROOT_DIR}}/.venv" }
-      - { msg: "Inventory not found", sh: "test -f {{.ANSIBLE_INVENTORY_FILE}}" }
+      - sh: test -d {{.ROOT_DIR}}/.venv
+      - sh: test -f {{.ANSIBLE_INVENTORY_FILE}}
+
+  lint:
+    desc: Lint Ansible
+    deps: ["deps"]
+    cmd: ./.venv/bin/ansible-lint --config-file {{.ANSIBLE_LINT_FILE}} {{.ANSIBLE_DIR}}/**/*.yaml
+    preconditions:
+      - sh: test -d {{.ANSIBLE_DIR}}
+      - sh: test -f {{.ANSIBLE_LINT_FILE}}
 
   .venv:
     internal: true
     cmds:
-      - true && {{.PYTHON_BIN}} -m venv {{.ROOT_DIR}}/.venv
+      - "{{.PYTHON_BIN}} -m venv {{.ROOT_DIR}}/.venv"
       - .venv/bin/python3 -m pip install --upgrade pip setuptools wheel
-      - .venv/bin/python3 -m pip install --upgrade --requirement "{{.ROOT_DIR}}/requirements.txt"
-      - .venv/bin/ansible-galaxy install --role-file "{{.ROOT_DIR}}/requirements.yaml" {{if eq .force "true"}}--force{{end}}
-    vars:
-      force: '{{.force | default "true"}}'
+      - .venv/bin/python3 -m pip install --upgrade --requirement "{{.PIP_REQUIREMENTS_FILE}}"
+      - .venv/bin/ansible-galaxy install --role-file "{{.ANSIBLE_REQUIREMENTS_FILE}}" {{if eq .force "true"}}--force{{end}}
     sources:
-      - "{{.ROOT_DIR}}/requirements.txt"
-      - "{{.ROOT_DIR}}/requirements.yaml"
+      - "{{.PIP_REQUIREMENTS_FILE}}"
+      - "{{.ANSIBLE_REQUIREMENTS_FILE}}"
     generates:
       - "{{.ROOT_DIR}}/.venv/pyvenv.cfg"
+    preconditions:
+      - sh: command -v {{.PYTHON_BIN}}
+    vars:
+      force: '{{.force | default "true"}}'

.taskfiles/Flux/Taskfile.yaml

@@ -12,22 +12,26 @@ tasks:
     desc: Bootstrap Flux into a Kubernetes cluster
     cmds:
       # Install essential Prometheus Operator CRDs
-      - kubectl apply --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
-      - kubectl apply --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
-      - kubectl apply --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml
-      - kubectl apply --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
+      - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_podmonitors.yaml
+      - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_prometheusrules.yaml
+      - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_scrapeconfigs.yaml
+      - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename https://raw.githubusercontent.com/prometheus-operator/prometheus-operator/{{.PROMETHEUS_OPERATOR_VERSION}}/example/prometheus-operator-crd/monitoring.coreos.com_servicemonitors.yaml
       # Install Flux
-      - kubectl apply --server-side --kustomize {{.KUBERNETES_DIR}}/bootstrap
+      - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --kustomize {{.KUBERNETES_DIR}}/bootstrap
       # Install Secrets and Kustomizations
-      - cat {{.ROOT_DIR}}/age.key | kubectl -n flux-system create secret generic sops-age --from-file=age.agekey=/dev/stdin
-      - sops --decrypt {{.KUBERNETES_DIR}}/flux/vars/cluster-secrets.sops.yaml | kubectl apply --server-side --filename -
-      - sops --decrypt {{.KUBERNETES_DIR}}/flux/vars/cluster-secrets-user.sops.yaml | kubectl apply --server-side --filename -
-      - kubectl apply --server-side --filename {{.KUBERNETES_DIR}}/flux/vars/cluster-settings.yaml
-      - kubectl apply --server-side --filename {{.KUBERNETES_DIR}}/flux/vars/cluster-settings-user.yaml
-      - kubectl apply --server-side --kustomize {{.KUBERNETES_DIR}}/flux/config
+      - cat {{.SOPS_AGE_FILE}} | kubectl -n flux-system create secret generic sops-age --from-file=age.agekey=/dev/stdin
+      - sops --decrypt {{.KUBERNETES_DIR}}/flux/vars/cluster-secrets.sops.yaml | kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename -
+      - sops --decrypt {{.KUBERNETES_DIR}}/flux/vars/cluster-secrets-user.sops.yaml | kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename -
+      - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename {{.KUBERNETES_DIR}}/flux/vars/cluster-settings.yaml
+      - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename {{.KUBERNETES_DIR}}/flux/vars/cluster-settings-user.yaml
+      - kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --kustomize {{.KUBERNETES_DIR}}/flux/config
     preconditions:
-      - { msg: "Flux already appears installed", sh: "kubectl get namespace flux-system &>/dev/null && exit 1 || exit 0" }
-      - { msg: "Age private key not found",      sh: "test -f {{.ROOT_DIR}}/age.key" }
+      - sh: command -v flux
+      - sh: command -v kubectl
+      - sh: command -v sops
+      - sh: test -f {{.SOPS_AGE_FILE}}
+      - sh: test -f {{.KUBECONFIG_FILE}}
+      - sh: kubectl get namespace flux-system &>/dev/null && exit 1 || exit 0
 
   apply:
     desc: Apply a Flux Kustomization resource for a cluster
@@ -36,27 +40,36 @@ tasks:
         path: Path containing the Flux Kustomization resource (ks.yaml) (required)
         ns: Namespace the Flux Kustomization exists in (default: flux-system)
     cmd: |
-      flux build ks $(basename {{.path}}) \
+      flux --kubeconfig {{.KUBECONFIG_FILE}} build ks $(basename {{.path}}) \
           --namespace {{.ns}} \
           --kustomization-file {{.KUBERNETES_DIR}}/apps/{{.path}}/ks.yaml \
           --path {{.KUBERNETES_DIR}}/apps/{{.path}} \
           {{- if contains "not found" .ks }}--dry-run \{{ end }}
       | \
-      kubectl apply --server-side \
+      kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side \
           --field-manager=kustomize-controller -f -
+    preconditions:
+      - sh: command -v flux
+      - sh: command -v kubectl
+      - sh: test -f {{.KUBECONFIG_FILE}}
+      - sh: test -f {{.KUBERNETES_DIR}}/apps/{{.path}}/ks.yaml
     vars:
       path: '{{ or .path (fail "Argument (path) is required") }}'
       ns: '{{.ns | default "flux-system"}}'
       ks:
-        sh: flux --namespace {{.ns}} get kustomizations $(basename {{.path}}) 2>&1
-    preconditions:
-      - { msg: "Kustomization file not found", sh: "test -f {{.KUBERNETES_DIR}}/apps/{{.path}}/ks.yaml" }
+        sh: flux --kubeconfig {{.KUBECONFIG_FILE}} --namespace {{.ns}} get kustomizations $(basename {{.path}}) 2>&1
 
   reconcile:
     desc: Force update Flux to pull in changes from your Git repository
-    cmd: flux reconcile --namespace flux-system kustomization cluster --with-source
+    cmd: flux --kubeconfig {{.KUBECONFIG_FILE}} reconcile --namespace flux-system kustomization cluster --with-source
+    preconditions:
+      - sh: command -v flux
+      - sh: test -f {{.KUBECONFIG_FILE}}
 
   github-deploy-key:
-    cmd: sops --decrypt {{.KUBERNETES_DIR}}/bootstrap/github-deploy-key.sops.yaml | kubectl apply --server-side --filename -
+    cmd: sops --decrypt {{.KUBERNETES_DIR}}/bootstrap/github-deploy-key.sops.yaml | kubectl apply --kubeconfig {{.KUBECONFIG_FILE}} --server-side --filename -
     preconditions:
-      - { msg: "Flux is not installed", sh: "kubectl get namespace flux-system &>/dev/null && exit 0 || exit 1" }
+      - sh: command -v kubectl
+      - sh: command -v sops
+      - sh: test -f {{.KUBECONFIG_FILE}}
+      - sh: kubectl get namespace flux-system &>/dev/null && exit 0 || exit 1

.taskfiles/K0s/Taskfile.yaml

@@ -7,27 +7,34 @@ env:
 
 tasks:
 
-  kubeconfig:
-    desc: Gets k0s cluster kubeconfig
-    cmds:
-      - k0sctl kubeconfig --config {{.ROOT_DIR}}/k0s-config.yaml > kubeconfig
-    preconditions:
-      - { msg: "k0s-config.yaml not found", sh: "test -f {{.ROOT_DIR}}/k0s-config.yaml" }
-
   apply:
-    desc: Apply k0s cluster k0s-config.yaml
+    desc: Apply k0s cluster config
     cmds:
-      - k0sctl apply --config {{.ROOT_DIR}}/k0s-config.yaml
+      - k0sctl apply --config {{.K0S_CONFIG_FILE}}
       - task: kubeconfig
     preconditions:
-      - { msg: "k0s-config.yaml not found", sh: "test -f {{.ROOT_DIR}}/k0s-config.yaml" }
+      - sh: command -v k0sctl
+      - sh: test -f {{.K0S_CONFIG_FILE}}
 
   reset:
-    desc: Resets the k0s cluster
+    desc: Resets k0s cluster
+    deps: [":ansible:deps"]
     cmds:
-      - k0sctl reset --config {{.ROOT_DIR}}/k0s-config.yaml
+      - k0sctl reset --config {{.K0S_CONFIG_FILE}}
       - task: :ansible:run
         vars:
           playbook: cluster-nuke
     preconditions:
-      - { msg: "k0s-config.yaml not found", sh: "test -f {{.ROOT_DIR}}/k0s-config.yaml" }
+      - sh: command -v k0sctl
+      - sh: test -f {{.K0S_CONFIG_FILE}}
+
+  kubeconfig:
+    desc: Gets k0s cluster kubeconfig
+    cmd: k0sctl kubeconfig --config {{.K0S_CONFIG_FILE}} > {{.KUBECONFIG_FILE}}
+    sources:
+      - "{{.K0S_CONFIG_FILE}}"
+    generates:
+      - "{{.KUBECONFIG_FILE}}"
+    preconditions:
+      - sh: command -v k0sctl
+      - sh: test -f {{.K0S_CONFIG_FILE}}

.taskfiles/Kubernetes/Taskfile.yaml

@@ -2,6 +2,9 @@
 # yaml-language-server: $schema=https://taskfile.dev/schema.json
 version: "3"
 
+vars:
+  KUBECONFORM_SCRIPT: "{{.TASKFILE_DIR}}/.taskfiles/Kubernetes/kubeconform.sh"
+
 tasks:
 
   mount:
@@ -47,7 +50,7 @@ tasks:
       ns: '{{.ns | default "default"}}'
       claim: '{{ or .claim (fail "Argument (claim) is required") }}'
     preconditions:
-      - { msg: "PVC not found", sh: "kubectl -n {{.ns}} get persistentvolumeclaim {{.claim}}" }
+      - sh: kubectl -n {{.ns}} get persistentvolumeclaim {{.claim}}
 
   resources:
     desc: Gather common resources in your cluster, useful when asking for support
@@ -65,3 +68,11 @@ tasks:
         certificaterequests
         ingresses
         pods
+
+  kubeconform:
+    desc: Validate Kubernetes manifests with kubeconform
+    cmd: bash {{.KUBECONFORM_SCRIPT}} {{.KUBERNETES_DIR}}
+    preconditions:
+      - sh: command -v kubeconform
+      - sh: command -v kustomize
+      - sh: test -f {{.KUBECONFORM_SCRIPT}}

.taskfiles/Repo/Taskfile.yaml

@@ -11,23 +11,23 @@ tasks:
       - rm -rf {{.ROOT_DIR}}/.github/tests
       - rm -rf {{.ROOT_DIR}}/.github/workflows/e2e.yaml
       # Move bootstrap directory to gitignored directory
-      - mkdir -p {{.ROOT_DIR}}/.private
-      - mv {{.BOOTSTRAP_DIR}} {{.ROOT_DIR}}/.private/bootstrap-{{now | date "150405"}}
-      - mv {{.ROOT_DIR}}/makejinja.toml {{.ROOT_DIR}}/.private/makejinja-{{now | date "150405"}}.toml
+      - mv {{.BOOTSTRAP_DIR}} {{.PRIVATE_DIR}}/bootstrap-{{now | date "150405"}}
+      - mv {{.MAKEJINJA_CONFIG_FILE}} {{.PRIVATE_DIR}}/makejinja-{{now | date "150405"}}.toml
       # Update renovate.json5
       - sed -i {{if eq OS "darwin"}}''{{end}} 's/(..\.j2)\?(..\.j2)\?//g' {{.ROOT_DIR}}/.github/renovate.json5
     preconditions:
-      - { msg: "bootstrap dir not found",  sh: "test -d {{.BOOTSTRAP_DIR}}" }
-      - { msg: "renovate.json5 not found", sh: "test -f {{.ROOT_DIR}}/.github/renovate.json5" }
+      - sh: test -d {{.BOOTSTRAP_DIR}}
+      - sh: test -d {{.PRIVATE_DIR}}
+      - sh: test -f {{.ROOT_DIR}}/.github/renovate.json5
 
   reset:
     desc: Reset templated configuration files
     prompt: Reset templated configuration files... continue?
     cmds:
-      - rm -rf {{.ROOT_DIR}}/.sops.yaml
-      - rm -rf {{.ROOT_DIR}}/k0s-config.yaml
+      - rm -rf {{.SOPS_CONFIG_FILE}}
       - rm -rf {{.ANSIBLE_DIR}}
       - rm -rf {{.KUBERNETES_DIR}}
+      - rm -rf {{.K0S_CONFIG_FILE}}
 
   force-reset:
     desc: Reset repo back to HEAD

.taskfiles/Sops/Taskfile.yaml

@@ -6,9 +6,9 @@ tasks:
 
   age-keygen:
     desc: Initialize Age Key for Sops
-    cmd: age-keygen --output {{.ROOT_DIR}}/age.key
+    cmd: age-keygen --output {{.SOPS_AGE_FILE}}
     status:
-      - test -f "{{.ROOT_DIR}}/age.key"
+      - test -f "{{.SOPS_AGE_FILE}}"
 
   encrypt:
     desc: Encrypt a secret
@@ -19,16 +19,16 @@ tasks:
     vars:
       claim: '{{ or .file (fail "Argument (file) is required") }}'
     preconditions:
-      - { msg: "Sops config not found", sh: "test -f {{.ROOT_DIR}}/.sops.yaml" }
-      - { msg: "Age key not found",     sh: "test -f {{.ROOT_DIR}}/age.key" }
+      - sh: test -f {{.SOPS_CONFIG_FILE}}
+      - sh: test -f {{.SOPS_AGE_FILE}}
 
   encrypt:all:
     desc: Encrypt all Kubernetes SOPS secrets
     cmds:
       - for: { var: file }
         task: encrypt
         vars:
-          file: '{{.ITEM}}'
+          file: "{{.ITEM}}"
     vars:
       file:
         sh: find {{.KUBERNETES_DIR}} -type f -name "*.sops.*"