-
Notifications
You must be signed in to change notification settings - Fork 654
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
no-changed-when behavior is inconsistent #2629
Comments
I have always thought that this rule is about |
@bluikko No, this is about the block, not Please consider the above example given for this issue. In that example, all of these tasks would pass ansible-lint were they not in the ---
- name: Check ccache version
ansible.builtin.command: "ccache --version"
environment:
PATH: "{{ ccache_install_prefix }}/bin:{{ ansible_pkg_mgr_path }}"
changed_when: false
failed_when: false
register: ccache_version_cmd
- name: Run configure script
ansible.builtin.command: "./configure --prefix={{ ccache_install_prefix }}"
args:
chdir: "{{ ccache_build_dir }}/ccache-{{ ccache_version }}"
when: >
ccache_version_cmd.rc != 0 or
ccache_version not in ccache_version_cmd.stdout_lines[0]
- name: Build ccache
ansible.builtin.command: "make -j{{ ccache_make_jobs }}"
args:
chdir: "{{ ccache_build_dir }}/ccache-{{ ccache_version }}"
when: >
ccache_version_cmd.rc != 0 or
ccache_version not in ccache_version_cmd.stdout_lines[0]
- name: Install ccache
become: true
ansible.builtin.command: "make install"
args:
chdir: "{{ ccache_build_dir }}/ccache-{{ ccache_version }}"
when: >
ccache_version_cmd.rc != 0 or
ccache_version not in ccache_version_cmd.stdout_lines[0] The purpose of the |
Update: this behavior still exists in ansible-lint 6.13.0. |
This rule is about Please check https://ansible-lint.readthedocs.io/rules/no-changed-when/ and see that there is nothing about a blocks or when blocks in it. @nre-ableton Is there anything we can do to make this rule less confusing? |
@ssbarnea Well, the documentation you linked to above does state:
As you of course know, one purpose of a
This is the root of what I believe is ansible-lint's incorrect behavior. It examines tasks in a So let me make a much simpler example. In this playbook, ---
- name: Run test tasks
hosts: localhost
gather_facts: false
tasks:
- name: Set foo
ansible.builtin.set_fact:
foo: true
- name: First task
ansible.builtin.command: "uname"
when: foo
- name: Block
when: foo
block:
- name: Second task
ansible.builtin.command: "uname" However, ansible-lint raises an error only for the second task when examining this playbook: But clearly, the second task is also conditional, and "does not change things if nothing needs doing", and ansible-lint doesn't understand this. The reason I am so insistent about this bug being fixed is because I really like Edit: I think the root of our misunderstanding is that (I believe) you see |
Isn't this the bug? Both tasks should raise error because both of them are missing |
- avoid looking for `when:` when evaluating rule - clarify documentation - ensure rule works w/ and w/o fqcn actions Fixes: #2629
@nre-ableton @bluikko Please review #3050 which should address all issues I identified on this thread. Please note that new version will not look at |
I like the change and running the modified rule works fine. I thought this is how it worked already until @nre-ableton raised this issue for the first time - but I had not looked at the rule source where the Edit: my reason is that why would having a |
@ssbarnea Thanks, I'll have a more thorough look at that PR today. My first impression is that it'll probably work. However, I think that it is still important to not execute |
The rule does not seem to trigger for a task in role's handlers file but I suspect that may be a known limitation? |
@ssbarnea Excuse me for the spam but documentation in |
- avoid looking for `when:` when evaluating rule - clarify documentation - ensure rule works w/ and w/o fqcn actions Fixes: #2629
@bluikko Not spam at all, I just removed it. Let me know if you spot other things in it and thanks! |
I would not say that they are not idempotent, just that their idempotency cannot be determined by Ansible itself, it needs a human review of the executed content. |
Yes, agreed, and I think that ansible-lint could be a good tool to help enforce that. I'll make a feature request. |
See #3058 |
Summary
This issue is the same as #1894, but since I don't have permission to re-open issues, I'm filing a new one (with the sample code updated for new rules such as
key-order
). 🙂 I made two comments on the closed issue, but since it's a closed issue it is possible that they were not seen. For bookkeeping purposes, if the project admins want to close this issue as a dupe and reopen #1894, I'd be fine with that.Anyways, the original issue was claimed to have been fixed in 6.8.0b1, but is still easily reproducible in 6.8.4 with the below codeblock.
Issue Type
Ansible and Ansible Lint details
OS / ENVIRONMENT
Ubuntu Linux 22.04
STEPS TO REPRODUCE
For an example, see the
build-sources.yml
task file of theableton.ccache
role here. An abbreviated version of this file follows:In a
block
, conditions are applied to each task implicitly. But for the above code, ansible-lint emits ano-changed-when
violation because it doesn't realize that thecommand
tasks actually do have a condition attached to them. The result of runningansible-lint
on the above code is:Desired Behavior
no-changed-when
shouldn't be raised when tasks are inside of ablock
, and thatblock
has awhen
condition.The text was updated successfully, but these errors were encountered: