ignored rules in ".ansible-lint-ignore" are treated different in outputs/exports (compared to "noqa" or "skip_list")

[4ch1m]

Summary

Ignored rules/items from an .ansible-lint-ignore file are still listed in the console report (suffixed with # ignored) and still appear in the "parseable" output, whereas they completely disappear when being ignored via noqa-comment or listed in the config file via skip_list.

Issue Type

• Bug Report

OS / ENVIRONMENT

Tested on Linux.

ansible-lint --version

ansible-lint 6.13.1 using ansible 2.14.1

STEPS TO REPRODUCE

The linter result for this simple example ...

- name: Test
  file:
    path: /tmp/test
    state: directory
    mode: "0755"

... will be different based on how "ignores" are being set.

---

Putting ...

skip_list:
    - "fqcn[action-core]"

... into the .ansible-lint config file or using ...

file: # noqa: fqcn[action-core]

... directly will provide the expected result:

ansible-lint --parseable --format json tasks/test.yml
[]

✔️
(The standard output without --parseable also will not list any issues.)

---

However, if you only use an ignore-file (.ansible-lint-ignore) with the listed rule ...

tasks/test.yml fqcn[action-core]

... , then you will get this:

ansible-lint tasks/test.yml
WARNING  Listing 1 violation(s) marked as ignored, likely already known
fqcn[action-core]: Use FQCN for builtin module actions (file). # ignored
tasks/test.yml:1 Use `ansible.builtin.file` or `ansible.legacy.file` instead.


Passed with production profile: 0 failure(s), 1 warning(s) on 1 files.

❌ It does tell you that it was ignored (via the # ignored suffix); but I would not expect this output at all.

If you run the same command with --parseable, you'll get this:

ansible-lint --parseable --format json tasks/test.yml
[{"type": "issue", "check_name": "fqcn[action-core]", "categories": ["formatting"], "url": "https://ansible-lint.readthedocs.io/rules/fqcn/", "severity": "major", "level": "error", "description": "Use FQCN for builtin module actions (file).", "fingerprint": "2080882d98b8a2ebf0104187d3f23bf4bb63af03304490ca81bce4ec6da6a7dc", "location": {"path": "tasks/test.yml", "lines": {"begin": 1}}, "content": {"body": "Use `ansible.builtin.file` or `ansible.legacy.file` instead."}}]

Passed with production profile: 0 failure(s), 1 warning(s) on 1 files.

❌ Which is completely incorrect imho; since there is no way to determine if this was intentionally "ignored" in the first place.

Desired Behavior

Ignored rules from .ansible-lint-ignore should be treated the same way as noqa: or skip_list directives; and not appear in any report/output anymore.

This is loosely related to #3066 ; I hope this can be changed as well.

Again... thanks for reading.

[4ch1m]

After spending some time with the project's code and preparing PR #3075, I realized that part of the described behaviour above was made as a deliberate decision:

ansible-lint/.ansible-lint

Lines 46 to 52 in b2bb9f6

	# Ansible-lint is able to recognize and load skip rules stored inside
	# `.ansible-lint-ignore` files. To skip a rule just enter filename and tag,
	# like "playbook.yml package-latest" on a new line. Optionally you can add
	# comments after the tag, prefixed by "#". We discourage the use of skip_list
	# below because that will hide violations from the output. When putting ignores
	# inside the ignore file, they are marked as ignored, but still visible, making
	# it easier to address later.

However, I kindly would ask to reconsider this.

All three possible ways of ignoring rules ...

• noqa inline -> for individual tasks
• skip_list in config file -> for general deactivation
• .ansible-lint-ignore -> for deactivation on file level

... are powerful features to customize the linter.

The final output/result of the linter should be identical; no matter which approach is chosen to "silence" a rule.

As already mentioned in issue #3066:
IMHO this would be an intuitively expected result; and also help/streamline integration into other tools (e.g. intellij-ansible-lint).

Thank you.

[ssbarnea]

You are right, this is mostly by design so I am going to close it as wontfix. Still, based on feedback received from users we might change this behavior.

I hope that you are using the SARIF output format for integration with your IntelliJ extension as that is the most advanced format. I think that this format is flexible enough so we could change the reporting level for the ignored violations to make them "info" level. A PR to do this would be welcomed.