---
# Ansible Lint Configuration
# Enforces quality standards for playbooks and roles
# Documentation: https://ansible-lint.readthedocs.io/

# Exclude paths from linting
exclude_paths:
  - .cache/
  - .git/
  - outputs/
  - scripts/

# Enable offline mode (do not check for latest Ansible version)
offline: true

# Skip specific rules (with justification)
skip_list:
  - 'yaml[line-length]'  # Advisory: Many legitimate cases exceed 160 chars
  - 'name[casing]'  # Advisory: Emoji and stylistic choices in task names
  # NOTE: no-changed-when removed from skip_list — now enforced as a warning
  # (warn_list below). Stack playbooks and the swarm_stack_deploy role MUST
  # be fully compliant. Bootstrap playbooks with legitimate raw/command use
  # may suppress per-task with: # noqa: no-changed-when
  - 'command-instead-of-module'  # Advisory: Some Proxmox/specialized commands lack modules
  - 'var-naming[no-role-prefix]'  # Advisory: swarm_stack_deploy intentionally exposes a
  # short 'stack_*' public API namespace. Renaming to 'swarm_stack_deploy_*' would be a
  # breaking change for all callers. Suppress globally; revisit in Phase 3 refactor.

# Warn on specific rules (advisory, not blocking)
warn_list:
  - 'experimental'  # Flag new/experimental syntax for review
  - 'jinja[spacing]'  # Encourage spacing in templates
  - 'risky-file-permissions'  # Flag overly permissive file modes
  - 'no-changed-when'  # Promoted from skip: visible on all command/shell tasks missing changed_when
                       # NEXT PHASE: move to blocking by removing from warn_list entirely

# Additional quality checks
kinds:
  - playbook: "playbooks/**/*.yml"
  - tasks: "roles/*/tasks/**/*.yml"
  - vars: "group_vars/**/*.yml"
  - defaults: "roles/*/defaults/**/*.yml"
  - handlers: "roles/*/handlers/**/*.yml"

# Profile to use (min, basic, moderate, safety, shared, production)
profile: moderate

# Treat warnings as errors (disable initially until baseline is clean)
# strict: false
