generated from bisco/codex-bootstrap
Initial commit
This commit is contained in:
40
.codex/profiles/ansible.md
Normal file
40
.codex/profiles/ansible.md
Normal file
@@ -0,0 +1,40 @@
|
||||
# Ansible profile
|
||||
|
||||
Enable this profile for repositories containing Ansible playbooks, roles, inventories, or automation scripts.
|
||||
|
||||
## Rules
|
||||
|
||||
Codex MUST:
|
||||
|
||||
- prefer idempotent tasks;
|
||||
- use Ansible builtin modules instead of `shell` or `command` when possible;
|
||||
- use `service_facts` when checking service availability or service state;
|
||||
- use `become` explicitly when privilege escalation is needed;
|
||||
- avoid `ignore_errors` unless explicitly justified;
|
||||
- avoid `changed_when: false` unless semantically correct;
|
||||
- avoid storing secrets in plain YAML;
|
||||
- keep roles and tasks modular;
|
||||
- write comments in English;
|
||||
- preserve compatibility requirements stated in the repository.
|
||||
|
||||
## Validation examples
|
||||
|
||||
Use Docker-based validation commands configured for the project, for example:
|
||||
|
||||
```bash
|
||||
docker compose run --rm ansible ansible-playbook --syntax-check playbook.yml
|
||||
```
|
||||
|
||||
```bash
|
||||
docker compose run --rm ansible ansible-lint
|
||||
```
|
||||
|
||||
## Shell and command usage
|
||||
|
||||
`shell` and `command` are allowed only when there is no suitable module or when interacting with legacy tools.
|
||||
|
||||
When using `shell` or `command`, Codex SHOULD:
|
||||
|
||||
- make the task idempotent;
|
||||
- define `changed_when` and `failed_when` where needed;
|
||||
- explain why a module is not used.
|
||||
Reference in New Issue
Block a user