stfc · gmatthews20 · May 12, 2026 · May 12, 2026
@@ -0,0 +1,30 @@
+name: OS Builders PR
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  lint:
+    name: Ansible Lint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+      # To report GitHub Actions status checks
+      statuses: write
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          # super-linter needs the full git history to get the
+          # list of files that changed across commits
+          fetch-depth: 0
+          submodules: true
+
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@5fac056c45595896c973fbde871f01f6cb14d74c
@@ -1,24 +1,23 @@
 - name: Remove duplicate /etc/logrotate.d/btmp
-  file:
+  ansible.builtin.file:
     path: "/etc/logrotate.d/btmp"
     state: absent
-  when: ansible_distribution == "Rocky" 
+  when: ansible_distribution == "Rocky"
   become: true
 
 - name: Remove duplicate /etc/logrotate.d/wtmp
-  file:
+  ansible.builtin.file:
     path: "/etc/logrotate.d/wtmp"
     state: absent
-  when: ansible_distribution == "Rocky" 
+  when: ansible_distribution == "Rocky"
   become: true
 
-
 - name: Clear Audit log
-  shell: "logrotate -f /etc/logrotate.conf"
+  ansible.builtin.shell: "logrotate -f /etc/logrotate.conf"
   become: true
 
 - name: Cleanout /var/log/*.gz
-  file:
+  ansible.builtin.file:
     path: "/var/log/*.gz"
     state: absent
   become: true
@@ -5,38 +5,38 @@
   ansible.builtin.meta: flush_handlers
 
 - name: Check if we are in a container from the GitHub workflows
-  become: true
   ansible.builtin.command: "cat /proc/self/cgroup"
   register: in_container_check
+  become: true
 
-- name: set_fact for checking container
+- name: Set_fact for checking container
   ansible.builtin.set_fact:
     in_container: "{{ in_container_check.stdout != '0::/' }}"
 
-- include_tasks: reboot.yml
+- ansible.builtin.include_tasks: reboot.yml
   when: in_container
 
-- include_tasks: get_package_facts.yml
-- include_tasks: run_quattor.yml
+- ansible.builtin.include_tasks: get_package_facts.yml
+- ansible.builtin.include_tasks: run_quattor.yml
   when: ansible_distribution == "Rocky"
-- include_tasks: get_package_facts.yml
-- include_tasks: cleanout_tmp.yml
-- include_tasks: cleanout_rc_directories.yml
-- include_tasks: cleanup_network_conf.yml
-- include_tasks: set_locale.yml
-- include_tasks: wazuh.yml
-- include_tasks: cleanup_quattor.yml
+- ansible.builtin.include_tasks: get_package_facts.yml
+- ansible.builtin.include_tasks: cleanout_tmp.yml
+- ansible.builtin.include_tasks: cleanout_rc_directories.yml
+- ansible.builtin.include_tasks: cleanup_network_conf.yml
+- ansible.builtin.include_tasks: set_locale.yml
+- ansible.builtin.include_tasks: wazuh.yml
+- ansible.builtin.include_tasks: cleanup_quattor.yml
   when: ansible_distribution == "Rocky"
-- include_tasks: run_pakiti.yml
-- include_tasks: cleanup_users.yml
-- include_tasks: cleanup_old_kernels.yml
-- include_tasks: remove_host_ssh_keys.yml
-- include_tasks: cleanup_packages.yml
+- ansible.builtin.include_tasks: run_pakiti.yml
+- ansible.builtin.include_tasks: cleanup_users.yml
+- ansible.builtin.include_tasks: cleanup_old_kernels.yml
+- ansible.builtin.include_tasks: remove_host_ssh_keys.yml
+- ansible.builtin.include_tasks: cleanup_packages.yml
 
 # Cleanup history of build
-- include_tasks: logrotate.yml
-- include_tasks: clear_audit_log.yml
-- include_tasks: remove_shell_history.yml
+- ansible.builtin.include_tasks: logrotate.yml
+- ansible.builtin.include_tasks: clear_audit_log.yml
+- ansible.builtin.include_tasks: remove_shell_history.yml
 
 - name: Mark next boot as first boot
   ansible.builtin.file:

@@ -4,5 +4,3 @@
     post_reboot_delay: 30
     connect_timeout: 3600
   become: true
-
-
@@ -1,5 +1,5 @@
 - name: Cleanout Host SSH Keys
-  file:
+  ansible.builtin.file:
     path: "/etc/ssh/*key*"
     state: absent
   become: true
@@ -1,11 +1,11 @@
 - name: Cleanout Host SSH Keys
-  file:
+  ansible.builtin.file:
     path: "/home/*/.bash_history"
     state: absent
   become: true
 
 - name: Cleanout Host SSH Keys
-  file:
+  ansible.builtin.file:
     path: "/root/.bash_history"
     state: absent
   become: true
@@ -1,5 +1,5 @@
 - name: Run pakiti
-  command:
+  ansible.builtin.command:
     cmd: "pakiti2-client"
   become: true
   when: in_container
@@ -1,5 +1,5 @@
-- name: run quattor
-  shell: "quattor-fetch && quattor-configure --all --verbose"
+- name: Run quattor
+  ansible.builtin.shell: "quattor-fetch && quattor-configure --all --verbose"
   ignore_errors: true
-  when: ansible_distribution == "Rocky" 
+  when: ansible_distribution == "Rocky"
   become: true
@@ -1,68 +1,66 @@
-# - name: set locale to set
-#   set_fact:
+# - name: Set locale to set
+#   ansible.builtin.set_fact:
 #     config_system_locale: "en_GB.UTF-8"
 #     config_system_language: "en_GB.UTF-8"
 
-- name: set locale to set
-  set_fact:
+- name: Set locale to set
+  ansible.builtin.set_fact:
     config_system_locale: "en_US.UTF-8"
     config_system_language: "en_US.UTF-8"
 
-- name: check if locale exists
-  shell: "locale -a | grep -i {{ config_system_locale | regex_replace('-', '') | quote }}"
+- name: Check if locale exists
+  ansible.builtin.shell: "locale -a | grep -i {{ config_system_locale | regex_replace('-', '') | quote }}"
   register: found_locale
-  changed_when: no
-  failed_when: no
+  changed_when: false
+  failed_when: false
   become: true
 
-- name: create locale
-  command: "localedef -i {{ config_system_locale | regex_replace('(.*)\\..*', '\\1') | quote }} -f {{ config_system_locale | regex_replace('.*\\.(.*)', '\\1') | quote }} {{ config_system_locale | quote }}"
+- name: Create locale
+  ansible.builtin.command: "localedef -i {{ config_system_locale | regex_replace('(.*)\\..*', '\\1') | quote }} -f {{ config_system_locale | regex_replace('.*\\.(.*)', '\\1') | quote }} {{ config_system_locale | quote }}"
   when: not ansible_check_mode and found_locale.rc != 0
   become: true
 
-- name: check if language exists
-  shell: "locale -a | grep -i {{ config_system_language | regex_replace('-', '') | quote }}"
+- name: Check if language exists
+  ansible.builtin.shell: "locale -a | grep -i {{ config_system_language | regex_replace('-', '') | quote }}"
   register: found_language
-  changed_when: no
-  failed_when: no
+  changed_when: false
+  failed_when: false
   become: true
 
-- name: create language
-  command: "localedef -i {{ config_system_language | regex_replace('(.*)\\..*', '\\1') | quote }} -f {{ config_system_language | regex_replace('.*\\.(.*)', '\\1') | quote }} {{ config_system_language | quote }}"
+- name: Create language
+  ansible.builtin.command: "localedef -i {{ config_system_language | regex_replace('(.*)\\..*', '\\1') | quote }} -f {{ config_system_language | regex_replace('.*\\.(.*)', '\\1') | quote }} {{ config_system_language | quote }}"
   when: not ansible_check_mode and found_language.rc != 0
   become: true
 
-- name: configure locale
+- name: Configure locale
   block:
     - name: Get current locale and language configuration
-      command: localectl status
+      ansible.builtin.command: localectl status
       register: locale_status
       changed_when: false
       become: true
 
     - name: Parse 'LANG' from current locale and language configuration
-      set_fact:
+      ansible.builtin.set_fact:
         locale_lang: "{{ locale_status.stdout | regex_search('LANG=([^\n]+)', '\\1') | first }}"
 
     - name: Parse 'LANGUAGE' from current locale and language configuration
-      set_fact:
+      ansible.builtin.set_fact:
         locale_language: "{{ locale_status.stdout | regex_search('LANGUAGE=([^\n]+)', '\\1') | default([locale_lang], true) | first }}"
 
     - name: Configure locale to '{{ config_system_locale }}' and language to '{{ config_system_language }}'
-      command: localectl set-locale LANG={{ config_system_locale }} LANGUAGE={{ config_system_language }}
+      ansible.builtin.command: localectl set-locale LANG={{ config_system_locale }} LANGUAGE={{ config_system_language }}
       become: true
 
     - name: Set locale keymap
-      command: localectl set-keymap gb
+      ansible.builtin.command: localectl set-keymap gb
       when: ansible_distribution == "Rocky"
       become: true
   when: in_container
-
 # - name: Set locale keymap
-#   command: loadkeys uk
+#   ansible.builtin.command: loadkeys uk
 #   when: ansible_distribution == "Ubuntu"
 
-
 # - name: Set locale x11 keymap
-#   command: localeclt set-x11-keymap gb
+#   ansible.builtin.command: localeclt set-x11-keymap gb
 #   when: ansible_distribution == "Rocky"
@@ -1,18 +1,16 @@
 - name: Set wazuh package name variable
-  set_fact:
+  ansible.builtin.set_fact:
     wazuh_package_name: "wazuh-agent"
 
 - name: Stop wazuh-agent service
-  become: true
   ansible.builtin.command:
     cmd: "systemctl stop wazuh-agent.service"
-  when: wazuh_package_name in ansible_facts.packages
   ignore_errors: True
   become: true
-  when: in_container
+  when: wazuh_package_name in ansible_facts.packages or in_container
 
 - name: Clean Wazuh agent history
-  file:
+  ansible.builtin.file:
     path: "/var/ossec/etc/client.keys"
     state: absent
   become: true
@@ -25,5 +25,5 @@
     dest: /etc/security/pwquality.conf
     owner: root
     group: root
-    mode: '0644'
+    mode: "0644"
   become: true
@@ -1,15 +1,14 @@
-
 - name: Install cron on Ubuntu
-  apt:
+  ansible.builtin.apt:
     name: "cron"
     state: present
-    update_cache: yes
+    update_cache: true
   when: ansible_distribution == "Ubuntu"
   become: true
 
 - name: Install cron on RL
-  yum:
+  ansible.builtin.dnf:
     name: "cronie"
     state: present
-  when: ansible_distribution == "Rocky" 
+  when: ansible_distribution == "Rocky"
   become: true
@@ -1,9 +1,9 @@
 - name: Ensure SELinux is set to permissive mode for Wazuh
   ansible.builtin.lineinfile:
     path: /etc/selinux/config
-    regexp: '^SELINUX='
+    regexp: "^SELINUX="
     line: SELINUX=permissive
     state: present
     create: true
   when: ansible_distribution == "Rocky"
-  become: true
+  become: true
@@ -15,4 +15,3 @@
     state: present
   become: true
   when: ansible_os_family == "RedHat"
-
@@ -1,17 +1,17 @@
-- include_tasks: update.yml
-- include_tasks: get-package-facts.yml
+- ansible.builtin.include_tasks: update.yml
+- ansible.builtin.include_tasks: get-package-facts.yml
 
-- include_tasks: cron.yml
-- include_tasks: locale.yml
+- ansible.builtin.include_tasks: cron.yml
+- ansible.builtin.include_tasks: locale.yml
 
-- include_tasks: ssh.yml
-- include_tasks: rsyslog.yml
-- include_tasks: wazuh.yml
+- ansible.builtin.include_tasks: ssh.yml
+- ansible.builtin.include_tasks: rsyslog.yml
+- ansible.builtin.include_tasks: wazuh.yml
 
 # Include Pakiti last, so it will report on the state of a complete system
-- include_tasks: ukescienceca.yml
-- include_tasks: pakiti.yml
-- include_tasks: qemu-guest-agent.yml
+- ansible.builtin.include_tasks: ukescienceca.yml
+- ansible.builtin.include_tasks: pakiti.yml
+- ansible.builtin.include_tasks: qemu-guest-agent.yml
 
-- include_tasks: disable_selinux.yml
-- include_tasks: add_user_security.yml
+- ansible.builtin.include_tasks: disable_selinux.yml
+- ansible.builtin.include_tasks: add_user_security.yml
Original file line number	Diff line number	Diff line change
Expand Up		@@ -4,5 +4,3 @@
		post_reboot_delay: 30
		connect_timeout: 3600
		become: true
Original file line number	Diff line number	Diff line change
Expand Up		@@ -15,4 +15,3 @@
		state: present
		become: true
		when: ansible_os_family == "RedHat"