ci: Use supported ansible-lint action; run ansible-lint against the collection

.markdownlint.yaml

@@ -1,3 +1,4 @@
+---
 # Default state for all rules
 default: true
 

.sanity-ansible-ignore-2.12.txt

@@ -1,5 +1,2 @@
 plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
 plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
-plugins/modules/firewall_lib.py validate-modules:missing-examples
-roles/firewall/files/get_files_checksums.sh shebang!skip
-tests/firewall/files/test_ping.sh shebang!skip

.sanity-ansible-ignore-2.13.txt

@@ -1,5 +1,2 @@
 plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
 plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
-plugins/modules/firewall_lib.py validate-modules:missing-examples
-roles/firewall/files/get_files_checksums.sh shebang!skip
-tests/firewall/files/test_ping.sh shebang!skip

.sanity-ansible-ignore-2.14.txt

@@ -1,5 +1,2 @@
 plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
 plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
-plugins/modules/firewall_lib.py validate-modules:missing-examples
-roles/firewall/files/get_files_checksums.sh shebang!skip
-tests/firewall/files/test_ping.sh shebang!skip

.sanity-ansible-ignore-2.15.txt

@@ -1,5 +1,2 @@
 plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
 plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
-plugins/modules/firewall_lib.py validate-modules:missing-examples
-roles/firewall/files/get_files_checksums.sh shebang!skip
-tests/firewall/files/test_ping.sh shebang!skip

.sanity-ansible-ignore-2.9.txt

@@ -1,5 +1,2 @@
 plugins/modules/firewall_lib.py validate-modules:missing-gplv3-license
 plugins/modules/firewall_lib_facts.py validate-modules:missing-gplv3-license
-plugins/modules/firewall_lib.py validate-modules:missing-examples
-roles/firewall/files/get_files_checksums.sh shebang!skip
-tests/firewall/files/test_ping.sh shebang!skip

files/get_files_checksums.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 set -euo pipefail
 

library/firewall_lib.py

@@ -59,20 +59,23 @@
     required: false
     type: list
     elements: str
+    default: []
   port:
     description:
       List of ports or port range strings.
       The format of a port needs to be port=<port>[-<port>]/<protocol>.
     required: false
     type: list
     elements: str
+    default: []
   source_port:
     description:
       List of source port or port range strings.
       The format of a source port needs to be port=<port>[-<port>]/<protocol>.
     required: false
     type: list
     elements: str
+    default: []
   forward_port:
     description:
       List of forward port strings or dicts,
@@ -82,6 +85,7 @@
     aliases: ["port_forward"]
     required: false
     type: raw
+    default: []
   masquerade:
     description:
       The masquerade bool setting.
@@ -94,6 +98,7 @@
     required: false
     type: list
     elements: str
+    default: []
   source:
     description:
       List of source address, address range strings, or ipsets
@@ -104,26 +109,30 @@
     required: false
     type: list
     elements: str
+    default: []
   interface:
     description:
       List of interface name strings.
     required: false
     type: list
     elements: str
+    default: []
   interface_pci_id:
     description:
       List of inteface PCI device ID strings.
       PCI device ID needs to correspond to a named network interface.
     required: false
     type: list
     elements: str
+    default: []
   icmp_block:
     description:
       List of ICMP type strings to block.
       The ICMP type names needs to be defined in firewalld configuration.
     required: false
     type: list
     elements: str
+    default: []
   icmp_block_inversion:
     description:
       ICMP block inversion bool setting.
@@ -178,6 +187,7 @@
     required: false
     type: list
     elements: str
+    default: []
   permanent:
     description:
       The permanent bool flag.
@@ -222,12 +232,14 @@
     required: false
     type: list
     elements: str
+    default: []
   helper_module:
     description:
       List of netfiler kernel helper module names
     required: false
     type: list
     elements: str
+    default: []
   destination:
     description:
       List of IPv4/IPv6 addresses with optional mask
@@ -237,6 +249,7 @@
     required: false
     type: list
     elements: str
+    default: []
   __report_changed:
     description:
       If false, do not report changed true even if changed.
@@ -245,6 +258,11 @@
     default: true
 """
 
+EXAMPLES = """
+firewall:
+  - port: ['443/tcp', '443/udp']
+"""
+
 from ansible.module_utils.basic import AnsibleModule
 import re
 import os

tests/files/test_ping.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Author - Brennan Paciorek <[email protected]>
 # Description - Benchmark firewalld downtime while reloading and while restarting
 # by measuring how many packets are dropped while firewalld is restarting/reloading