ssh connection: fix sshpass pipe fd leaks (#86141)

When using sshpass the file descriptors leaks would happen in the reset
method that used _build_command that creates the pipe but the command
would not go through _bare_run which closes the pipe.

Another scenario would be _bare_run failing and not all code path would
properly close the pipe.

This patch fixes the issues by:
* move creating the pipe from _build_command closer to where it is used
  in _bare_run
* wrap _bare_run with closing the pipe in case of a failure
* no need to re-create pipe in the retry code
* unrelated but simplify the reset method

.azure-pipelines/azure-pipelines.yml

@@ -31,7 +31,7 @@ variables:
   - name: fetchDepth
     value: 500
   - name: defaultContainer
-    value: quay.io/ansible/azure-pipelines-test-container:4.0.1
+    value: quay.io/ansible/azure-pipelines-test-container:7.0.0
 
 pool: Standard
 
@@ -54,14 +54,12 @@ stages:
           nameFormat: Python {0}
           testFormat: units/{0}
           targets:
-            - test: 2.7
-            - test: 3.6
-            - test: 3.7
-            - test: 3.8
             - test: 3.9
             - test: '3.10'
             - test: 3.11
             - test: 3.12
+            - test: 3.13
+            - test: 3.14
   - stage: Windows
     dependsOn: []
     jobs:
@@ -70,43 +68,50 @@ stages:
           nameFormat: Server {0}
           testFormat: windows/{0}/1
           targets:
-            - test: 2016
-            - test: 2019
-            - test: 2022
+            - name: 2016 WinRM HTTP
+              test: 2016/winrm/http
+            - name: 2019 WinRM HTTPS
+              test: 2019/winrm/https
+            - name: 2022 WinRM HTTPS
+              test: 2022/winrm/https
+            - name: 2022 PSRP HTTP
+              test: 2022/psrp/http
+            - name: 2022 SSH Key
+              test: 2022/ssh/key
+            - name: 2025 PSRP HTTP
+              test: 2025/psrp/http
+            - name: 2025 SSH Key
+              test: 2025/ssh/key
   - stage: Remote
     dependsOn: []
     jobs:
       - template: templates/matrix.yml  # context/target
         parameters:
           targets:
-            - name: macOS 13.2
-              test: macos/13.2
-            - name: RHEL 7.9
-              test: rhel/7.9
-            - name: RHEL 8.8 py36
-              test: rhel/8.8@3.6
-            - name: RHEL 8.8 py311
-              test: rhel/8.8@3.11
-            - name: RHEL 9.2 py39
-              test: rhel/9.2@3.9
-            - name: RHEL 9.2 py311
-              test: rhel/9.2@3.11
-            - name: FreeBSD 13.2
-              test: freebsd/13.2
+            - name: macOS 15.3
+              test: macos/15.3
+            - name: RHEL 9.6 py39
+              test: rhel/9.6@3.9
+            - name: RHEL 9.6 py312
+              test: rhel/9.6@3.12
+            - name: RHEL 10.0
+              test: rhel/10.0
+            - name: FreeBSD 13.5
+              test: freebsd/13.5
+            - name: FreeBSD 14.3
+              test: freebsd/14.3
           groups:
             - 1
             - 2
       - template: templates/matrix.yml  # context/controller
         parameters:
           targets:
-            - name: macOS 13.2
-              test: macos/13.2
-            - name: RHEL 8.8
-              test: rhel/8.8
-            - name: RHEL 9.2
-              test: rhel/9.2
-            - name: FreeBSD 13.2
-              test: freebsd/13.2
+            - name: macOS 15.3
+              test: macos/15.3
+            - name: RHEL 9.6
+              test: rhel/9.6
+            - name: RHEL 10.0
+              test: rhel/10.0
           groups:
             - 3
             - 4
@@ -114,54 +119,58 @@ stages:
       - template: templates/matrix.yml  # context/controller (ansible-test container management)
         parameters:
           targets:
-            - name: Alpine 3.18
-              test: alpine/3.18
-            - name: Fedora 38
-              test: fedora/38
-            - name: RHEL 8.8
-              test: rhel/8.8
-            - name: RHEL 9.2
-              test: rhel/9.2
-            - name: Ubuntu 22.04
-              test: ubuntu/22.04
+            - name: Alpine 3.22
+              test: alpine/3.22
+            - name: Fedora 42
+              test: fedora/42
+            - name: RHEL 9.6
+              test: rhel/9.6
+            - name: RHEL 10.0
+              test: rhel/10.0
+            - name: Ubuntu 24.04
+              test: ubuntu/24.04
           groups:
             - 6
   - stage: Docker
     dependsOn: []
     jobs:
-      - template: templates/matrix.yml
+      - template: templates/matrix.yml  # context/target
         parameters:
           testFormat: linux/{0}
           targets:
-            - name: Alpine 3
-              test: alpine3
-            - name: CentOS 7
-              test: centos7
-            - name: Fedora 38
-              test: fedora38
-            - name: openSUSE 15
-              test: opensuse15
-            - name: Ubuntu 20.04
-              test: ubuntu2004
+            - name: Alpine 3.22
+              test: alpine322
+            - name: Fedora 42
+              test: fedora42
             - name: Ubuntu 22.04
               test: ubuntu2204
+            - name: Ubuntu 24.04
+              test: ubuntu2404
           groups:
             - 1
             - 2
-      - template: templates/matrix.yml
+      - template: templates/matrix.yml  # context/controller
         parameters:
           testFormat: linux/{0}
           targets:
-            - name: Alpine 3
-              test: alpine3
-            - name: Fedora 38
-              test: fedora38
-            - name: Ubuntu 22.04
-              test: ubuntu2204
+            - name: Alpine 3.22
+              test: alpine322
+            - name: Fedora 42
+              test: fedora42
+            - name: Ubuntu 24.04
+              test: ubuntu2404
           groups:
             - 3
             - 4
             - 5
+      - template: templates/matrix.yml  # context/target (dnf-oldest, dnf-latest)
+        parameters:
+          testFormat: linux/{0}
+          targets:
+            - name: Fedora 42
+              test: fedora42
+          groups:
+            - 7
   - stage: Galaxy
     dependsOn: []
     jobs:
@@ -170,9 +179,9 @@ stages:
           nameFormat: Python {0}
           testFormat: galaxy/{0}/1
           targets:
-            - test: '3.10'
-            - test: 3.11
             - test: 3.12
+            - test: 3.13
+            - test: 3.14
   - stage: Generic
     dependsOn: []
     jobs:
@@ -181,9 +190,9 @@ stages:
           nameFormat: Python {0}
           testFormat: generic/{0}/1
           targets:
-            - test: '3.10'
-            - test: 3.11
             - test: 3.12
+            - test: 3.13
+            - test: 3.14
   - stage: Incidental_Windows
     displayName: Incidental Windows
     dependsOn: []
@@ -193,20 +202,20 @@ stages:
           nameFormat: Server {0}
           testFormat: i/windows/{0}
           targets:
-            - test: 2016
-            - test: 2019
-            - test: 2022
-  - stage: Incidental
-    dependsOn: []
-    jobs:
-      - template: templates/matrix.yml
-        parameters:
-          testFormat: i/{0}/1
-          targets:
-            - name: IOS Python
-              test: ios/csr1000v/
-            - name: VyOS Python
-              test: vyos/1.1.8/
+            - name: 2016 WinRM HTTP
+              test: 2016/winrm/http
+            - name: 2019 WinRM HTTPS
+              test: 2019/winrm/https
+            - name: 2022 WinRM HTTPS
+              test: 2022/winrm/https
+            - name: 2022 PSRP HTTP
+              test: 2022/psrp/http
+            - name: 2022 SSH Key
+              test: 2022/ssh/key
+            - name: 2025 PSRP HTTP
+              test: 2025/psrp/http
+            - name: 2025 SSH Key
+              test: 2025/ssh/key
   - stage: Summary
     condition: succeededOrFailed()
     dependsOn:
@@ -218,6 +227,5 @@ stages:
       - Galaxy
       - Generic
       - Incidental_Windows
-      - Incidental
     jobs:
       - template: templates/coverage.yml

.azure-pipelines/commands/generic.sh

@@ -13,6 +13,9 @@ else
     target="shippable/generic/"
 fi
 
+stage="${S:-prod}"
+
 # shellcheck disable=SC2086
 ansible-test integration --color -v --retry-on-error "${target}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} ${UNSTABLE:+"$UNSTABLE"} \
+    --remote-terminate always --remote-stage "${stage}" \
     --docker default --python "${python}"

.azure-pipelines/commands/incidental/ios.sh

@@ -1 +0,0 @@
-network.sh

.azure-pipelines/commands/incidental/network.sh

@@ -1,40 +0,0 @@
-#!/usr/bin/env bash
-
-set -o pipefail -eux
-
-declare -a args
-IFS='/:' read -ra args <<< "$1"
-
-platform="${args[0]}"
-version="${args[1]}"
-python_version="${args[2]}"
-
-target="shippable/${platform}/incidental/"
-
-stage="${S:-prod}"
-provider="${P:-default}"
-
-# python versions to test in order
-# all versions run full tests
-IFS=' ' read -r -a python_versions <<< \
-    "$(PYTHONPATH="${PWD}/test/lib" python -c 'from ansible_test._internal import constants; print(" ".join(constants.CONTROLLER_PYTHON_VERSIONS))')"
-
-if [ "${python_version}" ]; then
-    # limit tests to a single python version
-    python_versions=("${python_version}")
-fi
-
-for python_version in "${python_versions[@]}"; do
-    # terminate remote instances on the final python version tested
-    if [ "${python_version}" = "${python_versions[-1]}" ]; then
-        terminate="always"
-    else
-        terminate="never"
-    fi
-
-    # shellcheck disable=SC2086
-    ansible-test network-integration --color -v --retry-on-error "${target}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} ${UNSTABLE:+"$UNSTABLE"} \
-        --platform "${platform}/${version}" \
-        --docker default --python "${python_version}" \
-        --remote-terminate "${terminate}" --remote-stage "${stage}" --remote-provider "${provider}"
-done

.azure-pipelines/commands/incidental/vyos.sh

@@ -1 +0,0 @@
-network.sh

.azure-pipelines/commands/incidental/windows.sh

@@ -6,6 +6,8 @@ declare -a args
 IFS='/:' read -ra args <<< "$1"
 
 version="${args[1]}"
+connection="${args[2]}"
+connection_setting="${args[3]}"
 
 target="shippable/windows/incidental/"
 
@@ -26,11 +28,7 @@ if [ -s /tmp/windows.txt ] || [ "${CHANGED:+$CHANGED}" == "" ]; then
     echo "Detected changes requiring integration tests specific to Windows:"
     cat /tmp/windows.txt
 
-    echo "Running Windows integration tests for multiple versions concurrently."
-
-    platforms=(
-        --windows "${version}"
-    )
+    echo "Running Windows integration tests for the version ${version}."
 else
     echo "No changes requiring integration tests specific to Windows were detected."
     echo "Running Windows integration tests for a single version only: ${single_version}"
@@ -39,14 +37,10 @@ else
         echo "Skipping this job since it is for: ${version}"
         exit 0
     fi
-
-    platforms=(
-        --windows "${version}"
-    )
 fi
 
 # shellcheck disable=SC2086
 ansible-test windows-integration --color -v --retry-on-error "${target}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} ${UNSTABLE:+"$UNSTABLE"} \
-    "${platforms[@]}" \
-    --docker default --python "${python_default}" \
-    --remote-terminate always --remote-stage "${stage}" --remote-provider "${provider}"
+    --controller "docker:default,python=${python_default}" \
+    --target "remote:windows/${version},connection=${connection}+${connection_setting},provider=${provider}" \
+    --remote-terminate always --remote-stage "${stage}"

.azure-pipelines/commands/windows.sh

@@ -6,7 +6,9 @@ declare -a args
 IFS='/:' read -ra args <<< "$1"
 
 version="${args[1]}"
-group="${args[2]}"
+connection="${args[2]}"
+connection_setting="${args[3]}"
+group="${args[4]}"
 
 target="shippable/windows/group${group}/"
 
@@ -31,11 +33,7 @@ if [ -s /tmp/windows.txt ] || [ "${CHANGED:+$CHANGED}" == "" ]; then
     echo "Detected changes requiring integration tests specific to Windows:"
     cat /tmp/windows.txt
 
-    echo "Running Windows integration tests for multiple versions concurrently."
-
-    platforms=(
-        --windows "${version}"
-    )
+    echo "Running Windows integration tests for the version ${version}."
 else
     echo "No changes requiring integration tests specific to Windows were detected."
     echo "Running Windows integration tests for a single version only: ${single_version}"
@@ -44,17 +42,13 @@ else
         echo "Skipping this job since it is for: ${version}"
         exit 0
     fi
-
-    platforms=(
-        --windows "${version}"
-    )
 fi
 
-for version in "${python_versions[@]}"; do
+for py_version in "${python_versions[@]}"; do
     changed_all_target="all"
     changed_all_mode="default"
 
-    if [ "${version}" == "${python_default}" ]; then
+    if [ "${py_version}" == "${python_default}" ]; then
         # smoketest tests
         if [ "${CHANGED}" ]; then
             # with change detection enabled run tests for anything changed
@@ -80,7 +74,7 @@ for version in "${python_versions[@]}"; do
     fi
 
     # terminate remote instances on the final python version tested
-    if [ "${version}" = "${python_versions[-1]}" ]; then
+    if [ "${py_version}" = "${python_versions[-1]}" ]; then
         terminate="always"
     else
         terminate="never"
@@ -88,7 +82,8 @@ for version in "${python_versions[@]}"; do
 
     # shellcheck disable=SC2086
     ansible-test windows-integration --color -v --retry-on-error "${ci}" ${COVERAGE:+"$COVERAGE"} ${CHANGED:+"$CHANGED"} ${UNSTABLE:+"$UNSTABLE"} \
-        "${platforms[@]}" --changed-all-target "${changed_all_target}" --changed-all-mode "${changed_all_mode}" \
-        --docker default --python "${version}" \
-        --remote-terminate "${terminate}" --remote-stage "${stage}" --remote-provider "${provider}"
+        --changed-all-target "${changed_all_target}" --changed-all-mode "${changed_all_mode}" \
+        --controller "docker:default,python=${py_version}" \
+        --target "remote:windows/${version},connection=${connection}+${connection_setting},provider=${provider}" \
+        --remote-terminate "${terminate}" --remote-stage "${stage}"
 done

.azure-pipelines/scripts/combine-coverage.py

@@ -7,8 +7,7 @@ Keep in mind that Azure Pipelines does not enforce unique job display names (onl
 It is up to pipeline authors to avoid name collisions when deviating from the recommended format.
 """
 
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations
 
 import os
 import re

.azure-pipelines/scripts/dependencies/.pip-tools.toml

@@ -0,0 +1,6 @@
+[tool.pip-tools]
+allow-unsafe = true  # weird outdated default
+annotation-style = "line"  # put the source tracking comments inline
+generate-hashes = false  # pip bug https://github.com/pypa/pip/issues/9243
+resolver = "backtracking"  # modern depresolver
+strip-extras = true  # so that output files are true pip constraints

.azure-pipelines/scripts/dependencies/codecov.in

@@ -0,0 +1 @@
+codecov-cli

.azure-pipelines/scripts/dependencies/codecov.txt

@@ -0,0 +1,18 @@
+#
+# This file is autogenerated by pip-compile with Python 3.13
+# by the following command:
+#
+#    pip-compile --allow-unsafe --annotation-style=line --output-file=codecov.txt --strip-extras codecov.in
+#
+certifi==2025.8.3         # via requests, sentry-sdk
+charset-normalizer==3.4.3  # via requests
+click==8.2.1              # via codecov-cli
+codecov-cli==11.2.3       # via -r codecov.in
+idna==3.10                # via requests
+ijson==3.4.0              # via codecov-cli
+pyyaml==6.0.2             # via codecov-cli
+requests==2.32.5          # via responses
+responses==0.21.0         # via codecov-cli
+sentry-sdk==2.38.0        # via codecov-cli
+test-results-parser==0.5.4  # via codecov-cli
+urllib3==2.5.0            # via requests, responses, sentry-sdk

.azure-pipelines/scripts/publish-codecov.py

@@ -4,15 +4,20 @@ Upload code coverage reports to codecov.io.
 Multiple coverage files from multiple languages are accepted and aggregated after upload.
 Python coverage, as well as PowerShell and Python stubs can all be uploaded.
 """
+from __future__ import annotations
 
 import argparse
 import dataclasses
 import pathlib
-import shutil
+import shlex
 import subprocess
 import tempfile
 import typing as t
-import urllib.request
+import venv
+
+
+SCRIPTS_DIR = pathlib.Path(__file__).parent.resolve()
+DEPS_DIR = SCRIPTS_DIR / 'dependencies'
 
 
 @dataclasses.dataclass(frozen=True)
@@ -42,6 +47,49 @@ def parse_args() -> Args:
     return Args(**kwargs)
 
 
+def run(
+    *args: str | pathlib.Path,
+    dry_run: bool = False,
+) -> None:
+    """
+    Log and run given command.
+
+    The command is not actually executed if ``dry_run`` is truthy.
+    """
+    cmd = [str(arg) for arg in args]
+
+    dry_prefix = '[would run] ' if dry_run else ''
+    print(f'==> {dry_prefix}{shlex.join(cmd)}', flush=True)
+
+    if not dry_run:
+        subprocess.run(cmd, check=True)
+
+
+def install_codecov(dest: pathlib.Path, dry_run: bool = False) -> pathlib.Path:
+    """Populate a transitively pinned venv with ``codecov-cli``."""
+    requirement_file = DEPS_DIR / 'codecov.in'
+    constraint_file = requirement_file.with_suffix('.txt')
+
+    venv_dir = dest / 'venv'
+    python_bin = venv_dir / 'bin' / 'python'
+    codecov_bin = venv_dir / 'bin' / 'codecovcli'
+
+    venv.create(venv_dir, with_pip=True)
+
+    run(
+        python_bin,
+        '-m',
+        'pip',
+        'install',
+        f'--constraint={constraint_file!s}',
+        f'--requirement={requirement_file!s}',
+        '--disable-pip-version-check',
+        dry_run=dry_run,
+    )
+
+    return codecov_bin
+
+
 def process_files(directory: pathlib.Path) -> t.Tuple[CoverageFile, ...]:
     processed = []
     for file in directory.joinpath('reports').glob('coverage*.xml'):
@@ -56,45 +104,67 @@ def process_files(directory: pathlib.Path) -> t.Tuple[CoverageFile, ...]:
     return tuple(processed)
 
 
-def upload_files(codecov_bin: pathlib.Path, files: t.Tuple[CoverageFile, ...], dry_run: bool = False) -> None:
+def upload_files(codecov_bin: pathlib.Path, config_file: pathlib.Path, files: t.Tuple[CoverageFile, ...], dry_run: bool = False) -> None:
     for file in files:
         cmd = [
-            str(codecov_bin),
-            '--name', file.name,
-            '--file', str(file.path),
+            codecov_bin,
+            '--disable-telem',
+            '--codecov-yml-path',
+            config_file,
+            'upload-process',
+            '--disable-search',
+            '--disable-file-fixes',
+            '--plugin',
+            'noop',
+            '--name',
+            file.name,
+            '--file',
+            file.path,
         ]
+
         for flag in file.flags:
-            cmd.extend(['--flags', flag])
+            cmd.extend(['--flag', flag])
 
         if dry_run:
-            print(f'DRY-RUN: Would run command: {cmd}')
-            continue
-
-        subprocess.run(cmd, check=True)
+            cmd.append('--dry-run')
 
+        run(*cmd)
 
-def download_file(url: str, dest: pathlib.Path, flags: int, dry_run: bool = False) -> None:
-    if dry_run:
-        print(f'DRY-RUN: Would download {url} to {dest} and set mode to {flags:o}')
-        return
 
-    with urllib.request.urlopen(url) as resp:
-        with dest.open('w+b') as f:
-            # Read data in chunks rather than all at once
-            shutil.copyfileobj(resp, f, 64 * 1024)
+def report_upload_completion(
+    codecov_bin: pathlib.Path,
+    config_file: pathlib.Path,
+    dry_run: bool = False,
+) -> None:
+    """Notify Codecov backend that all reports we wanted are in."""
+    cmd = [
+        codecov_bin,
+        '--disable-telem',
+        f'--codecov-yml-path={config_file}',
+        'send-notifications',
+    ]
 
-    dest.chmod(flags)
+    run(*cmd, dry_run=dry_run)
 
 
-def main():
+def main() -> None:
     args = parse_args()
-    url = 'https://ci-files.testing.ansible.com/codecov/linux/codecov'
-    with tempfile.TemporaryDirectory(prefix='codecov-') as tmpdir:
-        codecov_bin = pathlib.Path(tmpdir) / 'codecov'
-        download_file(url, codecov_bin, 0o755, args.dry_run)
 
+    with tempfile.TemporaryDirectory(prefix='codecov-') as tmpdir:
+        config_file = pathlib.Path(tmpdir) / 'config.yml'
+        # Refs:
+        # * https://docs.codecov.com/docs/codecovyml-reference#codecovnotifymanual_trigger
+        # * https://docs.codecov.com/docs/notifications#preventing-notifications-until-youre-ready-to-send-notifications
+        config_file.write_text('codecov:\n  notify:\n    manual_trigger: true')
+
+        codecov_bin = install_codecov(
+            pathlib.Path(tmpdir),
+            dry_run=args.dry_run,
+        )
         files = process_files(args.path)
-        upload_files(codecov_bin, files, args.dry_run)
+        upload_files(codecov_bin, config_file, files, args.dry_run)
+        # Ref: https://docs.codecov.com/docs/cli-options#send-notifications
+        report_upload_completion(codecov_bin, config_file, args.dry_run)
 
 
 if __name__ == '__main__':

.azure-pipelines/scripts/report-coverage.sh

@@ -12,6 +12,6 @@ if ! ansible-test --help >/dev/null 2>&1; then
     pip install https://github.com/ansible/ansible/archive/devel.tar.gz --disable-pip-version-check
 fi
 
-# Generate stubs using docker (if supported) otherwise fall back to using a virtual environment instead.
-# The use of docker is required when Powershell code is present, but Ansible 2.12 was the first version to support --docker with coverage.
-ansible-test coverage xml --group-by command --stub --docker --color -v || ansible-test coverage xml --group-by command --stub --venv --color -v
+# Generate stubs using docker.
+# The use of docker is mandatory when Powershell code is present.
+ansible-test coverage xml --group-by command --stub --docker --color -v

.azure-pipelines/scripts/time-command.py

@@ -1,8 +1,7 @@
 #!/usr/bin/env python
 """Prepends a relative timestamp to each input line from stdin and writes it to stdout."""
 
-from __future__ import (absolute_import, division, print_function)
-__metaclass__ = type
+from __future__ import annotations
 
 import sys
 import time

.azure-pipelines/templates/coverage.yml

@@ -7,6 +7,7 @@ jobs:
   - job: Coverage
     displayName: Code Coverage
     container: $[ variables.defaultContainer ]
+    timeoutInMinutes: 10
     workspace:
       clean: all
     steps:

.azure-pipelines/templates/test.yml

@@ -12,6 +12,7 @@ jobs:
     - job: test_${{ replace(replace(replace(replace(job.test, '/', '_'), '.', '_'), '-', '_'), '@', '_') }}
       displayName: ${{ job.name }}
       container: $[ variables.defaultContainer ]
+      timeoutInMinutes: 65
       workspace:
         clean: all
       steps:

.claude/commands/review.md

@@ -0,0 +1,55 @@
+---
+description: Review an Ansible PR following the project's standardized process from CLAUDE.md
+argument-hint: <pr_number>
+allowed-tools: [TodoWrite, Bash(gh pr view:*), Bash(gh pr diff:*), Bash(gh pr checkout:*), Bash(gh pr checks:*), Read, Grep, Glob, Search]
+---
+
+PR Review Command
+=================
+
+Review an Ansible PR following the project's standardized process from `CLAUDE.md`.
+
+Usage
+-----
+
+```bash
+/review <pr_number>
+```
+
+Arguments
+---------
+
+- `pr_number` (required): The GitHub PR number to review
+
+Implementation
+--------------
+
+This command implements the PR Review Guidelines documented in the `PR Review Guidelines` section of CLAUDE.md.
+
+Review Process Steps
+--------------------
+
+The command follows these numbered steps from CLAUDE.md:
+
+1. **Create TodoWrite list** for systematic review tracking
+2. **Get PR details**: `gh pr view <number>` to understand scope, motivation and the desired outcome
+3. **Get PR diff**: `gh pr diff <number>` to see all changes
+4. **Check required components FIRST**:
+   - Verify changelog fragment exists in `changelogs/fragments/`
+   - Verify changelog uses correct section (check `changelogs/config.yaml`)
+   - Verify tests exist and specifically cover the changed code paths
+   - Unit tests should be pytest style, and functional rather than tightly coupled to mocking
+   - Integration tests required for almost all plugin changes
+5. **Checkout PR branch**: `gh pr checkout <number>` to examine code holistically
+6. **Review existing feedback**: `gh pr view <number> --comments` for all comments and previous reviews
+7. **Verify all issues addressed**: Ensure bot failures, reviewer requests, and discussion points are resolved
+8. **Call out unresolved feedback**: Explicitly mention any discussions/requests that remain unaddressed
+
+Critical Review Elements
+------------------------
+
+- **Licensing**: Verify GPLv3/BSD-2-Clause compatibility for any new dependencies
+- **Test scope**: Tests must exercise actual changed code, not just add random coverage
+- **Changelog validation**: Fragment structure follows sections defined in `changelogs/config.yaml`
+
+Each step is tracked in TodoWrite for visibility and systematic completion. A review round should not exceed 20 feedback items.

.git-blame-ignore-revs

@@ -2,3 +2,5 @@
 # Bulk PowerShell sanity fixes
 6def4a3180fe03981ba64c6d8db28fed3bb39c0c
 716631189cb5a3f66b3add98f39e64e98bc17bf7
+# Bulk update of strings from triple single quotes to triple double quotes
+a0495fc31497798a7a833ba7406a9729e1528dd8

.github/CONTRIBUTING.md

@@ -4,22 +4,75 @@ Hi! Nice to see you here!
 
 ## QUESTIONS ?
 
-Please see the [Community Guide](https://docs.ansible.com/ansible/latest/community/index.html) for information on how to ask questions on the [mailing lists](https://docs.ansible.com/ansible/latest/community/communication.html#mailing-list-information) and IRC.
+If you have questions about anything related to Ansible, get in touch with us!
+See [Communicating with the Ansible community](https://docs.ansible.com/ansible/devel/community/communication.html) to find out how.
 
-The GitHub issue tracker is not the best place for questions for various reasons, but both IRC and the mailing list are very helpful places for those things, as the community page explains best.
+The [Community Guide](https://docs.ansible.com/ansible/devel/community/index.html) also explains how to contribute
+and interact with the project, including how to submit bug reports and code to Ansible.
+
+Please note that the GitHub issue tracker is not the best place to ask questions for several reasons.
+You'll get more helpful, and quicker, responses in the forum.
 
 ## CONTRIBUTING ?
 
-By contributing you agree that these contributions are your own (or approved by your employer) and you grant a full, complete, irrevocable copyright license to all users and developers of the project, present and future, pursuant to the license of the project. You can also read the same [CLA](https://docs.ansible.com/ansible/latest/community/contributor_license_agreement.html) on the Ansible docsite.
+By contributing to this project you agree to the [Developer Certificate of Origin (DCO)](#developer-certificate-of-origin-dco).
+
+The Ansible project is licensed under the [GPL-3.0](COPYING) or later. Some portions of the code fall under other licenses as noted in individual files.
 
-Please review the [Community Guide](https://docs.ansible.com/ansible/latest/community/index.html) for more information on contributing to Ansible.
+The Ansible project accepts contributions through GitHub pull requests.
+Please review the [Community Guide](https://docs.ansible.com/ansible/devel/community/index.html) for more information on contributing to Ansible.
 
 ## BUG TO REPORT ?
 
-First and foremost, also check the [Community Guide](https://docs.ansible.com/ansible/latest/community/index.html).
+First and foremost, also check the [Community Guide](https://docs.ansible.com/ansible/devel/community/index.html).
 
-You can report bugs or make enhancement requests at the [Ansible GitHub issue page](http://github.com/ansible/ansible/issues/new/choose) by filling out the issue template that will be presented.
+You can report bugs or make enhancement requests at
+the [Ansible GitHub issue page](http://github.com/ansible/ansible/issues/new/choose) by filling out the issue template that will be presented.
 
-Also please make sure you are testing on the latest released version of Ansible or the development branch; see the [Installation Guide](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) for details.
+Also please make sure you are testing on the latest released version of Ansible or the development branch.
+See the [Installation Guide](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) for details.
 
 Thanks!
+
+## DEVELOPER CERTIFICATE OF ORIGIN (DCO)
+
+This document was created by the Linux Kernel community and is a simple statement that you, as a contributor, have the legal right to make the contribution.
+
+```text
+Developer Certificate of Origin
+Version 1.1
+
+Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+1 Letterman Drive
+Suite D4700
+San Francisco, CA, 94129
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+Developer's Certificate of Origin 1.1
+
+By making a contribution to this project, I certify that:
+
+(a) The contribution was created in whole or in part by me and I
+    have the right to submit it under the open source license
+    indicated in the file; or
+
+(b) The contribution is based upon previous work that, to the best
+    of my knowledge, is covered under an appropriate open source
+    license and I have the right under that license to submit that
+    work with modifications, whether created in whole or in part
+    by me, under the same open source license (unless I am
+    permitted to submit under a different license), as indicated
+    in the file; or
+
+(c) The contribution was provided directly to me by some other
+    person who certified (a), (b) or (c) and I have not modified
+    it.
+
+(d) I understand and agree that this project and the contribution
+    are public and that a record of the contribution (including all
+    personal information I submit with it, including my sign-off) is
+    maintained indefinitely and may be redistributed consistent with
+    this project or the open source license(s) involved.
+```

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -19,13 +19,14 @@ body:
       Also test if the latest release and devel branch are affected too.
 
 
-      **Tip:** If you are seeking community support, please consider
-      [starting a mailing list thread or chatting in IRC][ML||IRC].
+      **Tip:** If you are seeking community support, please see
+      [Communicating with the Ansible community][communication] to
+      get in touch and ask questions.
 
 
 
-      [ML||IRC]:
-      https://docs.ansible.com/ansible-core/devel/community/communication.html?utm_medium=github&utm_source=issue_form--bug_report.yml#mailing-list-information
+      [communication]:
+      https://docs.ansible.com/ansible/devel/community/communication.html
 
       [issue search]: ../search?q=is%3Aissue&type=issues
 
@@ -46,23 +47,7 @@ body:
 - type: dropdown
   attributes:
     label: Issue Type
-    description: >
-      Please select the single available option in the drop-down.
-
-      <details>
-        <summary>
-          <em>Why?</em>
-        </summary>
-
-        We would do it by ourselves but unfortunatelly, the curent
-        edition of GitHub Issue Forms Alpha does not support this yet 🤷
-
-
-        _We will make it easier in the future, once GitHub
-        supports dropdown defaults. Promise!_
-
-      </details>
-    # FIXME: Once GitHub allows defining the default choice, update this
+    description: This is a marker for our automatic bot. Do not change it.
     options:
     - Bug Report
   validations:
@@ -87,7 +72,7 @@ body:
 
 
       [collections org]: /ansible-collections
-    placeholder: dnf, apt, yum, pip, user etc.
+    placeholder: dnf, apt, pip, user etc.
   validations:
     required: true
 
@@ -120,7 +105,8 @@ body:
     label: Configuration
     description: >-
       Paste verbatim output from `ansible-config dump --only-changed -t all` below, under the prompt line.
-      (if using a version older than ansible-core 2.12 you should omit the '-t all')
+      Remember to redact secret values. You can easily filter Galaxy server secrets using grep,
+      for example `ansible-config dump --only-changed -t all | grep -Ev 'token|password|client_secret'`.
       Please don't wrap it with triple backticks — your
       whole input will be turned into a code snippet automatically.
     render: console
@@ -151,7 +137,7 @@ body:
   attributes:
     label: Steps to Reproduce
     description: |
-      Describe exactly how to reproduce the problem, using a minimal test-case. It would *really* help us understand your problem if you could also pased any playbooks, configs and commands you used.
+      Describe exactly how to reproduce the problem, using a minimal test-case. It would *really* help us understand your problem if you could also provide any playbooks, configs and commands you used.
 
       **HINT:** You can paste https://gist.github.com links for larger files.
     value: |
@@ -258,7 +244,7 @@ body:
     description: |
       Read the [Ansible Code of Conduct][CoC] first.
 
-      [CoC]: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--bug_report.yml
+      [CoC]: https://docs.ansible.com/ansible/devel/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--bug_report.yml
     options:
     - label: I agree to follow the Ansible Code of Conduct
       required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -2,7 +2,7 @@
 blank_issues_enabled: false  # default: true
 contact_links:
 - name: 🔐 Security bug report 🔥
-  url: https://docs.ansible.com/ansible/latest/community/reporting_bugs_and_features.html?utm_medium=github&utm_source=issue_template_chooser
+  url: https://docs.ansible.com/ansible/devel/community/reporting_bugs_and_features.html?utm_medium=github&utm_source=issue_template_chooser
   about: |
     Please learn how to report security vulnerabilities here.
 
@@ -11,15 +11,15 @@ contact_links:
     a prompt response.
 
     For more information, see
-    https://docs.ansible.com/ansible/latest/community/reporting_bugs_and_features.html
+    https://docs.ansible.com/ansible/devel/community/reporting_bugs_and_features.html
 - name: 📝 Ansible Code of Conduct
-  url: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_template_chooser
+  url: https://docs.ansible.com/ansible/devel/community/code_of_conduct.html?utm_medium=github&utm_source=issue_template_chooser
   about: ❤ Be nice to other members of the community. ☮ Behave.
-- name: 💬 Talks to the community
-  url: https://docs.ansible.com/ansible/latest/community/communication.html?utm_medium=github&utm_source=issue_template_chooser#mailing-list-information
+- name: 💬 Talk to the community
+  url: https://docs.ansible.com/ansible/devel/community/communication.html?utm_medium=github&utm_source=issue_template_chooser#forum
   about: Please ask and answer usage questions here
 - name: ⚡ Working groups
-  url: https://github.com/ansible/community/wiki
+  url: https://forum.ansible.com/g?utm_medium=github&utm_source=issue_template_chooser
   about: Interested in improving a specific area? Become a part of a working group!
 - name: 💼 For Enterprise
   url: https://www.ansible.com/products/engine?utm_medium=github&utm_source=issue_template_chooser

.github/ISSUE_TEMPLATE/documentation_report.yml

@@ -22,12 +22,14 @@ body:
       Also test if the latest release and devel branch are affected too.
 
 
-      **Tip:** If you are seeking community support, please consider
-      [starting a mailing list thread or chatting in IRC][ML||IRC].
+      **Tip:** If you are seeking community support, please see
+      [Communicating with the Ansible community][communication] to
+      get in touch and ask questions.
 
 
-      [ML||IRC]:
-      https://docs.ansible.com/ansible-core/devel/community/communication.html?utm_medium=github&utm_source=issue_form--documentation_report.yml#mailing-list-information
+
+      [communication]:
+      https://docs.ansible.com/ansible/devel/community/communication.html
 
       [issue search]: ../search?q=is%3Aissue&type=issues
 
@@ -82,20 +84,7 @@ body:
 - type: dropdown
   attributes:
     label: Issue Type
-    description: >
-      Please select the single available option in the drop-down.
-
-      <details>
-        <summary>
-          <em>Why?</em>
-        </summary>
-
-
-        _We will make it easier in the future, once GitHub
-        supports dropdown defaults. Promise!_
-
-      </details>
-    # FIXME: Once GitHub allows defining the default choice, update this
+    description: This is a marker for our automatic bot. Do not change it.
     options:
     - Documentation Report
   validations:
@@ -141,6 +130,8 @@ body:
     label: Configuration
     description: >-
       Paste verbatim output from `ansible-config dump --only-changed -t all` below, under the prompt line.
+      Remember to redact secret values. You can easily filter Galaxy server secrets using grep,
+      for example `ansible-config dump --only-changed -t all | grep -Ev 'token|password|client_secret'`.
       (if using a version older than ansible-core 2.12 you should omit the '-t all')
       Please don't wrap it with triple backticks — your
       whole input will be turned into a code snippet automatically.
@@ -205,7 +196,7 @@ body:
     description: |
       Read the [Ansible Code of Conduct][CoC] first.
 
-      [CoC]: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--documentation_report.yml
+      [CoC]: https://docs.ansible.com/ansible/devel/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--documentation_report.yml
     options:
     - label: I agree to follow the Ansible Code of Conduct
       required: true

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -21,8 +21,7 @@ body:
 
       If unsure, consider filing a [new proposal] instead outlining your
       use-cases, the research and implementation considerations. Then,
-      start a discussion on one of the public [IRC meetings] we have just
-      for this.
+      start a discussion in the [Ansible forum][forum].
 
 
       <details>
@@ -44,21 +43,22 @@ body:
       Also test if the devel branch does not already implement this.
 
 
-      **Tip:** If you are seeking community support, please consider
-      [starting a mailing list thread or chatting in IRC][ML||IRC].
+      **Tip:** If you are seeking community support, please see
+      [Communicating with the Ansible community][communication] to
+      get in touch and ask questions.
 
 
 
       [contribute to collections]:
       https://docs.ansible.com/ansible-core/devel/community/contributing_maintained_collections.html?utm_medium=github&utm_source=issue_form--feature_request.yml
 
-      [IRC meetings]:
-        https://docs.ansible.com/ansible-core/devel/community/communication.html?utm_medium=github&utm_source=issue_form--feature_request.yml#irc-meetings
+      [communication]:
+      https://docs.ansible.com/ansible/devel/community/communication.html
 
       [issue search]: ../search?q=is%3Aissue&type=issues
 
-      [ML||IRC]:
-      https://docs.ansible.com/ansible-core/devel/community/communication.html?utm_medium=github&utm_source=issue_form--feature_request.yml#mailing-list-information
+      [forum help]:
+      https://forum.ansible.com/c/help/6
 
       [new proposal]: ../../proposals/issues/new
 
@@ -101,23 +101,7 @@ body:
 - type: dropdown
   attributes:
     label: Issue Type
-    description: >
-      Please select the single available option in the drop-down.
-
-      <details>
-        <summary>
-          <em>Why?</em>
-        </summary>
-
-        We would do it by ourselves but unfortunatelly, the curent
-        edition of GitHub Issue Forms Alpha does not support this yet 🤷
-
-
-        _We will make it easier in the future, once GitHub
-        supports dropdown defaults. Promise!_
-
-      </details>
-    # FIXME: Once GitHub allows defining the default choice, update this
+    description: This is a marker for our automatic bot. Do not change it.
     options:
     - Feature Idea
   validations:
@@ -139,7 +123,7 @@ body:
 
 
       [collections org]: /ansible-collections
-    placeholder: dnf, apt, yum, pip, user etc.
+    placeholder: dnf, apt, pip, user etc.
   validations:
     required: true
 
@@ -185,7 +169,7 @@ body:
     description: |
       Read the [Ansible Code of Conduct][CoC] first.
 
-      [CoC]: https://docs.ansible.com/ansible/latest/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--feature_request.yml
+      [CoC]: https://docs.ansible.com/ansible/devel/community/code_of_conduct.html?utm_medium=github&utm_source=issue_form--feature_request.yml
     options:
     - label: I agree to follow the Ansible Code of Conduct
       required: true

.github/ISSUE_TEMPLATE/internal_issue.md

@@ -0,0 +1,10 @@
+---
+name: Internal Issue
+about: Free-form issue creation for core maintainer use only.
+title: ''
+labels: [core-internal]
+assignees: ''
+---
+
+
+@ansibot bot_skip

.github/ISSUE_TEMPLATE/pre_release.yml

@@ -0,0 +1,42 @@
+name: Pre-Release Bug Report
+description: File a bug report against a pre-release version
+labels:
+  - bug
+  - pre_release
+assignees:
+  - nitzmahone
+  - mattclay
+body:
+  - type: markdown
+    attributes:
+      value: |
+        ## Bug Report
+  - type: textarea
+    attributes:
+      label: Ansible Version
+      description: Paste the full output from `ansible --version` below.
+      render: console
+      placeholder: $ ansible --version
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Summary
+      description: Describe the issue with any relevant steps to reproduce.
+    validations:
+      required: true
+  - type: dropdown
+    attributes:
+      label: <!-- Bot instructions (ignore this) -->
+      options:
+        - |
+          <!--
+          ### Component Name
+          bin/ansible
+          ### Issue Type
+          Bug Report
+          ### Configuration
+          ### OS / Environment
+          -->
+    validations:
+      required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,25 +0,0 @@
-##### SUMMARY
-
-<!--- Describe the change below, including rationale and design decisions -->
-
-<!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
-
-##### ISSUE TYPE
-
-<!--- Pick one below and delete the rest -->
-
-- Bugfix Pull Request
-- Docs Pull Request
-- Feature Pull Request
-- Test Pull Request
-
-##### ADDITIONAL INFORMATION
-
-<!--- Include additional information to help people understand the change here -->
-<!--- A step-by-step reproduction of the problem is helpful if there is no related issue -->
-
-<!--- Paste verbatim command output below, e.g. before and after your change -->
-
-```paste below
-
-```

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1 @@
+PULL_REQUEST_TEMPLATE/Unclear purpose or motivation.md

.github/PULL_REQUEST_TEMPLATE/Bug fix.md

@@ -0,0 +1,9 @@
+##### SUMMARY
+
+<!--- Describe the change below, including rationale and design decisions -->
+
+<!--- Add "Fixes #1234" or steps to reproduce the problem if there is no corresponding issue -->
+
+##### ISSUE TYPE
+
+- Bugfix Pull Request

.github/PULL_REQUEST_TEMPLATE/Documentation change.md

@@ -0,0 +1,9 @@
+##### SUMMARY
+
+<!--- Describe the change below, including rationale -->
+
+<!--- Add "Fixes #1234" if there is a corresponding issue -->
+
+##### ISSUE TYPE
+
+- Docs Pull Request

.github/PULL_REQUEST_TEMPLATE/New feature.md

@@ -0,0 +1,9 @@
+##### SUMMARY
+
+<!--- Describe the change below, including rationale and design decisions -->
+
+<!--- Add "Fixes #1234" if there is a corresponding issue -->
+
+##### ISSUE TYPE
+
+- Feature Pull Request

.github/PULL_REQUEST_TEMPLATE/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1 @@
+Unclear purpose or motivation.md

.github/PULL_REQUEST_TEMPLATE/Tests.md

@@ -0,0 +1,9 @@
+##### SUMMARY
+
+<!--- Describe the change below, including rationale and design decisions -->
+
+<!--- Add "Fixes #1234" if there is a corresponding issue -->
+
+##### ISSUE TYPE
+
+- Test Pull Request

.github/PULL_REQUEST_TEMPLATE/Unclear purpose or motivation.md

@@ -0,0 +1,14 @@
+##### SUMMARY
+
+<!--- Describe the change below, including rationale and design decisions -->
+
+<!--- Add "Fixes #1234" or steps to reproduce the problem if there is no corresponding issue -->
+
+##### ISSUE TYPE
+
+<!--- Pick one below and delete the rest -->
+
+- Bugfix Pull Request
+- Docs Pull Request
+- Feature Pull Request
+- Test Pull Request

.github/RELEASE_NAMES.txt

@@ -1,3 +1,7 @@
+2.20.0  Good Times Bad Times
+2.19.0  What Is and What Should Never Be
+2.18.0  Fool in the Rain
+2.17.0  Gallows Pole
 2.16.0  All My Love
 2.15.0  Ten Years Gone
 2.14.0  C'mon Everybody

.gitignore

@@ -92,9 +92,14 @@ Vagrantfile
 /lib/ansible_base.egg-info/
 # First used in the `devel` branch during Ansible 2.11 development.
 /lib/ansible_core.egg-info/
+# First used in the `devel` branch during Ansible 2.18 development.
+/ansible_core.egg-info/
 # vendored lib dir
 lib/ansible/_vendor/*
 !lib/ansible/_vendor/__init__.py
+# PowerShell signed hashlist
+lib/ansible/config/powershell_signatures.psd1
+*.authenticode
 # test stuff
 /test/integration/cloud-config-*.*
 !/test/integration/cloud-config-*.*.template
@@ -122,3 +127,5 @@ test/units/.coverage.*
 /SYMLINK_CACHE.json
 changelogs/.plugin-cache.yaml
 .ansible-test-timeout.json
+# Agents
+CLAUDE.local.md

AGENTS.md

@@ -0,0 +1,321 @@
+# AGENTS.md
+
+This file provides guidance to Claude Code (claude.ai/code) and other compatible agentic tools when working with code in this repository.
+
+**Note:** This file is for AI assistant use only. For human developers, see the [Ansible Developer Guide](https://docs.ansible.com/ansible-core/devel/dev_guide/index.html).
+
+## ⚠️ IMPORTANT: Always Start Here
+
+**BEFORE starting any PR review or development task:**
+
+1. **Read this file first** - Don't work from memory or assumptions
+2. **Use TodoWrite** to create a task list and track progress systematically
+3. **Follow the numbered steps** in the relevant process sections
+4. **Reference Quick Reference** for correct commands and patterns
+
+## ⚠️ CRITICAL: Licensing Requirements
+
+**NEVER suggest, recommend, or approve code that violates these requirements:**
+
+- **ansible-core**: All code must be **GPLv3 compatible**
+- **lib/ansible/module_utils/**: Defaults to **BSD-2-Clause** (more permissive)
+- **External dependencies**: Only recommend libraries compatible with these licenses
+- **PR reviews**: Always verify any new dependencies or suggested libraries are license-compatible
+- **When in doubt**: Ask about licensing compatibility rather than assuming
+
+**This is non-negotiable** - licensing violations can create serious legal issues for the project.
+
+## Quick Reference
+
+Most commonly used commands and patterns:
+
+```bash
+# Testing
+ansible-test sanity -v --docker default                   # Run all sanity tests
+ansible-test sanity -v --docker default --test <test>     # Run specific sanity test
+ansible-test units -v --docker default                    # Run unit tests
+ansible-test integration -v --docker ubuntu2404           # Run integration tests
+
+# PR Review and CI
+gh pr view <number>                                       # Get PR details
+gh pr view <number> --comments                            # Check for ansibot CI failures
+gh pr checks <number>                                     # Get Azure Pipelines URLs
+gh pr checkout <number>                                   # Switch to PR branch
+gh pr diff <number>                                       # See all changes
+```
+
+**Container Selection:**
+
+- Sanity/Unit tests: `--docker default`
+- Integration tests: `--docker ubuntu2204`, `--docker ubuntu2404`, etc. (NOT default/base)
+
+**Critical Reminders:**
+
+- **Licensing**: See [Licensing Requirements](#️-critical-licensing-requirements) - GPLv3/BSD-2-Clause only
+
+## Development Environment Setup
+
+Ansible development typically uses an editable install after forking and cloning:
+
+```bash
+# After forking and cloning the repository
+pip install -e .
+```
+
+**Note:** ansible-core and all CLIs (including ansible-test) require a POSIX OS. On Windows, use WSL (Windows Subsystem for Linux).
+
+## Testing and CI
+
+### Basic Testing Commands
+
+```bash
+# Run sanity tests - these are linting/static analysis (pylint, mypy, pep8, etc.)
+ansible-test sanity -v --docker default
+
+# List available sanity tests
+ansible-test sanity --list-tests
+
+# Run specific sanity tests
+ansible-test sanity -v --docker default --test pep8 --test pylint
+
+# Run sanity on specific files (paths relative to repo root)
+ansible-test sanity -v --docker default lib/ansible/modules/command.py
+
+# Run unit tests (recommended with Docker)
+ansible-test units -v --docker default
+
+# Run specific unit test (paths relative to repo root, targets in test/units/)
+ansible-test units -v --docker default test/units/modules/test_command.py
+
+# Run integration tests (choose appropriate container - NOT base/default)
+ansible-test integration -v --docker ubuntu2404
+
+# Run specific integration target (directory name in test/integration/targets/)
+ansible-test integration -v --docker ubuntu2404 setup_remote_tmp_dir
+
+# Run with coverage
+ansible-test units -v --docker default --coverage
+
+# Alternative: use --venv if Docker/Podman unavailable (less reliable for units/integration)
+ansible-test sanity -v --venv
+```
+
+Available Docker containers for testing can be found in `./test/lib/ansible_test/_data/completion/docker.txt`.
+The `base` and `default` containers are for sanity/unit tests only. For integration tests, use distro-specific
+containers, depending on the modules being tested.
+
+**Test isolation options:**
+
+- `--docker` (supports Docker or Podman) - preferred for reliable, isolated testing
+- `--venv` - fallback when containers unavailable, but unit tests may be unreliable due to host environment differences
+
+### Helping Developers with CI Failures
+
+When developers submit PRs and encounter CI failures, use these approaches to help diagnose and resolve issues:
+
+**1. Check for ansibot comments:**
+
+```bash
+# Get all PR comments to find ansibot CI failure reports
+gh pr view <number> --comments
+```
+
+Look for comments from `ansibot` that contain:
+- Test failure details with specific error messages
+- File paths and line numbers for failures
+- Links to sanity test documentation (e.g., `[explain](https://docs.ansible.com/...`)
+
+**2. Get CI check status and URLs:**
+
+```bash
+# See all CI check results with Azure Pipelines URLs
+gh pr checks <number>
+```
+
+This shows:
+- Overall CI status (pass/fail) with timing
+- Direct links to Azure DevOps build results
+- Individual job results (Sanity Test 1/2, Docker tests, Units, etc.)
+
+**3. Common CI failure patterns:**
+
+- **Sanity failures**: Usually have specific fixes (trailing whitespace, import errors, etc.)
+- **Integration test failures**: May require platform-specific containers or test adjustments
+- **Unit test failures**: Often indicate actual code issues that need debugging
+
+**4. CI failure analysis workflow:**
+
+1. Check ansibot comments first for immediate error details
+2. Use `gh pr checks <number>` to get Azure Pipelines URLs for detailed logs
+3. Focus on failed jobs (marked as `fail`) and examine their specific error output
+4. For sanity test failures, the error messages usually indicate exactly what needs to be fixed
+5. For test failures, run the same tests locally using `ansible-test` to reproduce and debug
+
+## PR Review Guidelines
+
+### PR Review Checklist
+
+Use this checklist for EVERY PR review:
+
+```text
+□ Created TodoWrite list for review steps
+□ Step 1: Get PR details with gh pr view <number>
+□ Step 2: Get PR diff with gh pr diff <number>
+□ Step 3: Check required components (changelog, tests)
+□ Step 4: Checkout PR branch with gh pr checkout <number>
+□ Step 5: Review existing feedback with gh pr view <number> --comments
+□ Step 6: Verify all issues addressed
+□ Step 7: Call out any unresolved feedback
+□ Mark each TodoWrite item as completed when done
+```
+
+When assisting with PR reviews, verify:
+
+### Required Components
+
+- Changelog fragment exists in `changelogs/fragments/`
+- Appropriate tests are included and cover the changed code
+  - Unit tests should be pytest style, and functional rather than tightly coupled to mocking
+  - Integration tests required for almost all plugin changes (tests the public API)
+  - Tests should exercise the actual changed code, not just add random coverage
+
+### Review Process
+
+Follow these steps in order for thorough PR reviews:
+
+1. **Get PR details**: Use `gh pr view <number>` to understand the PR scope and description
+2. **Get PR diff**: Use `gh pr diff <number>` to see all changes
+3. **Check required components FIRST**:
+   - Verify changelog fragment exists and uses correct section (check `changelogs/config.yaml` for valid sections)
+   - Verify tests exist and specifically cover the changed code paths
+4. **Checkout PR branch**: Use `gh pr checkout <number>` to examine code holistically with changes applied
+5. **Review existing feedback**: Use `gh pr view <number> --comments` to see all comments and previous review feedback
+6. **Verify all issues addressed**: Ensure all bot failures, reviewer requests, and discussion points are resolved
+7. **Call out any unresolved review feedback**: Explicitly mention any discussions or requests that remain unaddressed
+
+### Common Review Issues to Check
+
+- **Changelog section errors**: Verify changelog uses valid section from `changelogs/config.yaml`. Fragment structure follows sections defined there.
+- **Test scope**: Ensure tests exercise the actual changed code, not just add random coverage.
+  Integration tests required for almost all plugin changes (tests the public API).
+  Tests should be functional rather than tightly coupled to mocking.
+
+### Review Task Management
+
+- Use TodoWrite tool to track review steps for complex PRs
+- Mark tasks as in_progress when actively working on them
+- Complete tasks immediately after finishing each step
+- This provides visibility to users about review progress
+
+### Review Tools
+
+- `gh pr view <number>` - Get PR details and description
+- `gh pr view <number> --comments` - See all comments and review feedback
+- `gh pr diff <number>` - Get complete diff of changes
+- `gh pr checkout <number>` - Switch to PR branch for holistic examination
+- `Read` tool - Examine specific changed files in detail
+- `Grep` tool - Search for related code patterns or test coverage (uses ripgrep/rg)
+
+## Development Guidelines
+
+### Code Style Notes
+
+- Line limit is 160 characters (not 80)
+- E402 (module level import not at top) is ignored
+- In `lib/ansible/modules/`, imports must come after DOCUMENTATION, EXAMPLES, and RETURN definitions
+- Don't add obvious comments about code
+- Use native type hints with `from __future__ import annotations` (converts to strings at runtime)
+- Don't document module parameters in docstrings - migrate to type hints instead
+- **No trailing whitespace**: Always clean up trailing spaces on lines, especially when editing existing files
+
+### Python Version Support
+
+- Controller code: support range defined in `pyproject.toml`
+- Modules/module_utils: minimum version in `lib/ansible/module_utils/basic.py` (`_PY_MIN`) up to max from `pyproject.toml`
+- Modules support a wider Python version range than controller code
+
+### Dependencies and Imports
+
+- Prefer Python stdlib over external dependencies
+- Use existing code from within the Ansible project
+- `lib/ansible/modules/` can only import from `lib/ansible/module_utils/` (modules are packaged for remote execution)
+- `lib/ansible/module_utils/` cannot import from outside itself
+
+## Documentation Standards
+
+### Module and Plugin Documentation
+
+- Modules and plugins require DOCUMENTATION, EXAMPLES, and RETURN blocks as static YAML string variables
+- These blocks cannot be dynamically generated - they are parsed via AST/token parsing
+- Alternative: "sidecar" documentation as `.yml` files with same stem name adjacent to plugin files
+- All modules should have a `main()` function and `if __name__ == '__main__':` block
+- Use `version_added` fields in documentation following existing version format patterns
+
+### Changelog Requirements
+
+- Changes require entries in `changelogs/fragments/` as YAML files
+- Create a new fragment file per PR (never reuse existing fragments to avoid merge conflicts)
+- Fragment structure follows sections defined in `changelogs/config.yaml` under the `sections` key
+- Naming: `{issue_number}-{short-description}.yml` or `{component}-{description}.yml` if no issue
+- Format: `- {component} - {description} ({optional URL to GH issue})`
+- Content supports Sphinx markup (use double backticks for code references)
+
+## Repository Management
+
+### Plugin Development
+
+- New plugins should go into collections, not ansible-core
+- ansible-core rarely accepts new plugins; core team makes these decisions
+
+### Branch and Release Management
+
+- All PRs target the `devel` branch
+- Use GitHub templates when creating issues/PRs (`.github/ISSUE_TEMPLATE/` and `.github/PULL_REQUEST_TEMPLATE/`)
+- For issues: fill out the `component` field with project root relative file path
+- For PRs: adjust the issue type in the template as listed in `.github/PULL_REQUEST_TEMPLATE/PULL_REQUEST_TEMPLATE.md`
+- Validate issues are fixed in `devel` before reporting against stable releases
+- Bug fixes: backported to latest stable only
+- Critical bug fixes: backported to latest and previous stable
+- Security issues: contact security@ansible.com privately, not via GitHub
+
+### Backwards Compatibility
+
+- Backwards compatibility is prioritized over most other concerns
+- Deprecation cycle: 4 releases (deprecation + 2 releases + removal)
+- Use `Display.deprecated` or `AnsibleModule.deprecate` with version from `lib/ansible/release.py` plus 3
+- Example: deprecating in 2.19 means removal in 2.22
+
+## Code Structure Reference
+
+### Core Structure
+
+- `lib/ansible/` - Main Ansible library code
+  - `cli/` - Command-line interface implementations (ansible, ansible-playbook, etc.)
+  - `executor/` - Task execution engine and strategies (includes PowerShell support in `powershell/`)
+  - `inventory/` - Inventory management and parsing
+  - `modules/` - Core modules (built-in automation modules)
+  - `module_utils/` - Shared utilities for modules (includes C# in `csharp/` and PowerShell in `powershell/`)
+  - `plugins/` - Plugin framework (filters, tests, lookups, etc.)
+  - `vars/` - Variable management
+  - `config/` - Configuration handling
+  - `collections/` - Ansible Collections framework
+
+### Key Components
+
+- **CLI Layer**: Entry points in `lib/ansible/cli/` handle command parsing and dispatch
+- **Executor**: `lib/ansible/executor/` contains the core execution engine that runs tasks and plays
+- **Module System**: Modules in `lib/ansible/modules/` are the units of work; they're executed remotely
+- **Plugin Architecture**: `lib/ansible/plugins/` provides extensibility through filters, tests, lookups, etc.
+- **Inventory**: `lib/ansible/inventory/` manages host and group definitions
+- **Collections**: Modern packaging format for distributing Ansible content
+
+### Testing Infrastructure
+
+- `test/units/` - Unit tests mirroring the lib structure
+- `test/integration/` - Integration tests organized by target (named after plugin/functionality being tested)
+  - Some targets have `context/controller` or `context/target` in their `aliases` file when not easily inferable
+  - Only modules run on target hosts; all other plugins execute locally in the ansible process
+- `test/lib/` - Test utilities and frameworks
+- `ansible-test` - Unified testing tool for all test types
+
+For CI failure debugging, see [Helping Developers with CI Failures](#helping-developers-with-ci-failures).

CLAUDE.md

@@ -0,0 +1,3 @@
+- @AGENTS.md
+- @~/.claude/ansible.md
+- @CLAUDE.local.md

MANIFEST.in

@@ -1,11 +1,10 @@
 include COPYING
-include bin/*
 include changelogs/CHANGELOG*.rst
 include changelogs/changelog.yaml
 include licenses/*.txt
 include requirements.txt
 recursive-include packaging *.py *.j2
 recursive-include test/integration *
-recursive-include test/sanity *.in *.json *.py *.txt
+recursive-include test/sanity *.in *.json *.py *.txt *.ini
 recursive-include test/support *.py *.ps1 *.psm1 *.cs *.md
 recursive-include test/units *

README.md

@@ -1,9 +1,9 @@
 [![PyPI version](https://img.shields.io/pypi/v/ansible-core.svg)](https://pypi.org/project/ansible-core)
 [![Docs badge](https://img.shields.io/badge/docs-latest-brightgreen.svg)](https://docs.ansible.com/ansible/latest/)
-[![Chat badge](https://img.shields.io/badge/chat-IRC-brightgreen.svg)](https://docs.ansible.com/ansible/latest/community/communication.html)
+[![Chat badge](https://img.shields.io/badge/chat-IRC-brightgreen.svg)](https://docs.ansible.com/ansible/devel/community/communication.html)
 [![Build Status](https://dev.azure.com/ansible/ansible/_apis/build/status/CI?branchName=devel)](https://dev.azure.com/ansible/ansible/_build/latest?definitionId=20&branchName=devel)
-[![Ansible Code of Conduct](https://img.shields.io/badge/code%20of%20conduct-Ansible-silver.svg)](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html)
-[![Ansible mailing lists](https://img.shields.io/badge/mailing%20lists-Ansible-orange.svg)](https://docs.ansible.com/ansible/latest/community/communication.html#mailing-list-information)
+[![Ansible Code of Conduct](https://img.shields.io/badge/code%20of%20conduct-Ansible-silver.svg)](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html)
+[![Ansible mailing lists](https://img.shields.io/badge/mailing%20lists-Ansible-orange.svg)](https://docs.ansible.com/ansible/devel/community/communication.html#mailing-list-information)
 [![Repository License](https://img.shields.io/badge/license-GPL%20v3.0-brightgreen.svg)](COPYING)
 [![Ansible CII Best Practices certification](https://bestpractices.coreinfrastructure.org/projects/2372/badge)](https://bestpractices.coreinfrastructure.org/projects/2372)
 
@@ -40,21 +40,33 @@ features and fixes, directly. Although it is reasonably stable, you are more lik
 breaking changes when running the `devel` branch. We recommend getting involved
 in the Ansible community if you want to run the `devel` branch.
 
-## Get Involved
+## Communication
 
-* Read [Community Information](https://docs.ansible.com/ansible/latest/community) for all
+Join the Ansible forum to ask questions, get help, and interact with the
+community.
+
+* [Get Help](https://forum.ansible.com/c/help/6): Find help or share your Ansible knowledge to help others.
+  Use tags to filter and subscribe to posts, such as the following:
+  * Posts tagged with [ansible](https://forum.ansible.com/tag/ansible)
+  * Posts tagged with [ansible-core](https://forum.ansible.com/tag/ansible-core)
+  * Posts tagged with [playbook](https://forum.ansible.com/tag/playbook)
+* [Social Spaces](https://forum.ansible.com/c/chat/4): Meet and interact with fellow enthusiasts.
+* [News & Announcements](https://forum.ansible.com/c/news/5): Track project-wide announcements including social events.
+* [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): Get release announcements and important changes.
+
+For more ways to get in touch, see [Communicating with the Ansible community](https://docs.ansible.com/ansible/devel/community/communication.html).
+
+## Contribute to Ansible
+
+* Check out the [Contributor's Guide](./.github/CONTRIBUTING.md).
+* Read [Community Information](https://docs.ansible.com/ansible/devel/community) for all
   kinds of ways to contribute to and interact with the project,
-  including mailing list information and how to submit bug reports and
-  code to Ansible.
-* Join a [Working Group](https://github.com/ansible/community/wiki),
-  an organized community devoted to a specific technology domain or platform.
+  including how to submit bug reports and code to Ansible.
 * Submit a proposed code update through a pull request to the `devel` branch.
 * Talk to us before making larger changes
   to avoid duplicate efforts. This not only helps everyone
   know what is going on, but it also helps save time and effort if we decide
   some changes are needed.
-* For a list of email lists, IRC channels and Working Groups, see the
-  [Communication page](https://docs.ansible.com/ansible/latest/community/communication.html)
 
 ## Coding Guidelines
 
@@ -67,7 +79,7 @@ We document our Coding Guidelines in the [Developer Guide](https://docs.ansible.
 
 * The `devel` branch corresponds to the release actively under development.
 * The `stable-2.X` branches correspond to stable releases.
-* Create a branch based on `devel` and set up a [dev environment](https://docs.ansible.com/ansible/latest/dev_guide/developing_modules_general.html#common-environment-setup) if you want to open a PR.
+* Create a branch based on `devel` and set up a [dev environment](https://docs.ansible.com/ansible/devel/dev_guide/developing_modules_general.html#common-environment-setup) if you want to open a PR.
 * See the [Ansible release and maintenance](https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html) page for information about active branches.
 
 ## Roadmap

bin/ansible-connection

@@ -1 +0,0 @@
-../lib/ansible/cli/scripts/ansible_connection_cli_stub.py

changelogs/changelog.yaml

@@ -1,2 +1,2 @@
-ancestor: 2.15.0
+ancestor: 2.20.0
 releases: {}

changelogs/fragments/20802-until-default.yml

@@ -1,2 +0,0 @@
-minor_changes:
-  - tasks - the ``retries`` keyword can be specified without ``until`` in which case the task is retried until it succeeds but at most ``retries`` times (https://github.com/ansible/ansible/issues/20802)

changelogs/fragments/22396-indicate-which-args-are-multi.yml

@@ -1,3 +0,0 @@
-minor_changes:
-- CLI argument parsing - Automatically prepend to the help of CLI arguments that support being specified multiple times.
-  (https://github.com/ansible/ansible/issues/22396)

changelogs/fragments/27816-fetch-unreachable.yml

@@ -1,2 +0,0 @@
-bugfixes:
-- fetch - Handle unreachable errors properly (https://github.com/ansible/ansible/issues/27816)

changelogs/fragments/50603-tty-check.yaml

@@ -1,4 +0,0 @@
----
-minor_changes:
-  - "ansible-vault create: Now raises an error when opening the editor without
-    tty. The flag --skip-tty-check restores previous behaviour."

changelogs/fragments/71916-user-expires-int.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - user - set expiration value correctly when unable to retrieve the current value from the system (https://github.com/ansible/ansible/issues/71916)

changelogs/fragments/73643-handlers-prevent-multiple-runs.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - Prevent running same handler multiple times when included via ``include_role`` (https://github.com/ansible/ansible/issues/73643)

changelogs/fragments/74723-support-wildcard-win_fetch.yml

@@ -1,3 +0,0 @@
-bugfixes:
-- win_fetch - Add support for using file with wildcards in file name.
-  (https://github.com/ansible/ansible/issues/73128)

changelogs/fragments/75063-allow-dev-nul-as-skeleton-for-new-homedir.yml

@@ -1,3 +0,0 @@
-bugfixes:
-  - modules/user.py - Add check for valid directory when creating new user homedir (allows /dev/null as skeleton) (https://github.com/ansible/ansible/issues/75063)
-  

changelogs/fragments/76372-fix-pip-virtualenv-command-parsing.yml

@@ -1,6 +0,0 @@
----
-bugfixes:
-  - >-
-    Fixed `pip` module failure in case of usage quotes for
-    `virtualenv_command` option for the venv command.
-    (https://github.com/ansible/ansible/issues/76372)

changelogs/fragments/78487-galaxy-collections-path-warnings.yml

@@ -1,6 +0,0 @@
----
-minor_changes:
-- >-
-  Add ``GALAXY_COLLECTIONS_PATH_WARNING`` option to disable the warning
-  given by ``ansible-galaxy collection install`` when installing a collection
-  to a path that isn't in the configured collection paths.

changelogs/fragments/79129-ansible-managed-filename-format.yaml

@@ -1,6 +0,0 @@
----
-bugfixes:
-  - template - Fix for formatting issues when a template path contains
-    valid jinja/strftime pattern (especially line break one) and
-    using the template path in ansible_managed
-    (https://github.com/ansible/ansible/pull/79129)

changelogs/fragments/79364_replace.yml

@@ -1,2 +0,0 @@
-bugfixes:
-- replace - handle exception when bad escape character is provided in replace (https://github.com/ansible/ansible/issues/79364).

changelogs/fragments/79677-fix-argspec-type-check.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - module/role argument spec - validate the type for options that are None when the option is required or has a non-None default (https://github.com/ansible/ansible/issues/79656).

changelogs/fragments/79734-ansible-test-change-detection.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - "ansible-test local change detection - use ``git merge-base <branch> HEAD`` instead of ``git merge-base --fork-point <branch>`` (https://github.com/ansible/ansible/pull/79734)."

changelogs/fragments/79844-fix-timeout-mounts-linux.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - setup gather_timeout - Fix timeout in get_mounts_facts for linux.

changelogs/fragments/79999-ansible-user-tweak-macos-defaults.yaml

@@ -1,2 +0,0 @@
-minor_changes:
-  - 'ansible_user_module - tweaked macos user defaults to reflect expected defaults (https://github.com/ansible/ansible/issues/44316)'

changelogs/fragments/80089-prevent-module-build-date-issue.yml

@@ -1,5 +0,0 @@
-bugfixes:
-- ansiballz - Prevent issue where the time on the control host could
-  change part way through building the ansiballz file, potentially causing
-  a pre-1980 date to be used during ansiballz unpacking leading to a zip
-  file error (https://github.com/ansible/ansible/issues/80089)

changelogs/fragments/80128-symbolic-modes-X-use-computed.yml

@@ -1,3 +0,0 @@
-bugfixes:
-  - file modules - Make symbolic modes with X use the computed permission, not original file (https://github.com/ansible/ansible/issues/80128)
-  - copy unit tests - Fixing "dir all perms" documentation and formatting for easier reading.

changelogs/fragments/80257-iptables-chain-creation-does-not-populate-a-rule.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - iptables - remove default rule creation when creating iptables chain to be more similar to the command line utility (https://github.com/ansible/ansible/issues/80256).

changelogs/fragments/80258-defensive-display-non-utf8.yml

@@ -1,4 +0,0 @@
-bugfixes:
-- Display - Defensively configure writing to stdout and stderr with a custom encoding error handler that will replace invalid characters
-  while providing a deprecation warning that non-utf8 text will result in an error in a future version.
-- module responses - Ensure that module responses are utf-8 adhereing to JSON RFC and expectations of the core code.

changelogs/fragments/80334-reduce-ansible-galaxy-api-calls.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - ansible-galaxy - reduce API calls to servers by fetching signatures only for final candidates.

changelogs/fragments/80406-validate-modules-semantic-markup.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - "validate-modules sanity test - replace semantic markup parsing and validating code with the code from `antsibull-docs-parser 0.2.0 <https://github.com/ansible-community/antsibull-docs-parser/releases/tag/0.2.0>`__ (https://github.com/ansible/ansible/pull/80406)."

changelogs/fragments/80449-fix-symbolic-mode-error-msg.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - file modules - fix validating invalid symbolic modes.

changelogs/fragments/80459-handlers-nested-includes-vars.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - include_role - expose variables from parent roles to role's handlers (https://github.com/ansible/ansible/issues/80459)

changelogs/fragments/80460-add-symbolic-links-with-dir.yml

@@ -1,3 +0,0 @@
----
-minor_changes:
-  - include_vars - os.walk now follows symbolic links when traversing directories (https://github.com/ansible/ansible/pull/80460)

changelogs/fragments/80476-fix-loop-task-post-validation.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - Fix post-validating looped task fields so the strategy uses the correct values after task execution.

changelogs/fragments/80488-pip-pkg-resources.yml

@@ -1,3 +0,0 @@
-bugfixes:
-- pip module - Update module to prefer use of the python ``packaging`` and ``importlib.metadata`` modules due to ``pkg_resources`` being deprecated
-  (https://github.com/ansible/ansible/issues/80488)

changelogs/fragments/80506-syntax-check-playbook-only.yml

@@ -1,3 +0,0 @@
-bugfixes:
-- syntax check - Limit ``--syntax-check`` to ``ansible-playbook`` only, as that is the only CLI affected by this argument
-  (https://github.com/ansible/ansible/issues/80506)

changelogs/fragments/80520-fix-current-hostname-openbsd.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - The ``hostname`` module now also updates both current and permanent hostname on OpenBSD. Before it only updated the permanent hostname (https://github.com/ansible/ansible/issues/80520).

changelogs/fragments/80523_-_adding_short_option_for_--ask-vault-pass.yml

@@ -1,2 +0,0 @@
-minor_changes:
-  - cli - Added short option '-J' for asking for vault password (https://github.com/ansible/ansible/issues/80523).

changelogs/fragments/80605-template-overlay-native-jinja.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - "Properly disable ``jinja2_native`` in the template module when jinja2 override is used in the template (https://github.com/ansible/ansible/issues/80605)"

changelogs/fragments/80648-fix-ansible-galaxy-cache-signatures-bug.yml

@@ -1,3 +0,0 @@
-bugfixes:
-  - ansible-galaxy - fix installing signed collections (https://github.com/ansible/ansible/issues/80648).
-  - ansible-galaxy collection verify - fix verifying signed collections when the keyring is not configured.

changelogs/fragments/80721-ansible-galaxy.yml

@@ -1,2 +0,0 @@
-minor_changes:
-- ansible-galaxy - Remove internal configuration argument ``v3`` (https://github.com/ansible/ansible/pull/80721)

changelogs/fragments/80738-abs-unarachive-src.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - unarchive - fix unarchiving sources that are copied to the remote node using a relative temporory directory path (https://github.com/ansible/ansible/issues/80710).

changelogs/fragments/80841-display-type-annotation.yml

@@ -1,4 +0,0 @@
-minor_changes:
-  - Add Python type hints to the Display class (https://github.com/ansible/ansible/issues/80841)
-bugfixes:
-  - vars_prompt - internally convert the ``unsafe`` value to ``bool``

changelogs/fragments/80880-register-handlers-immediately-if-iterating-handlers.yml

@@ -1,4 +0,0 @@
-bugfixes:
-- "From issue https://github.com/ansible/ansible/issues/80880, when notifying a
-  handler from another handler, handler notifications must be registered
-  immediately as the flush_handler call is not recursive."

changelogs/fragments/80887-dnf5-api-change.yml

@@ -1,3 +0,0 @@
-bugfixes:
-- dnf5 - Update dnf5 module to handle API change for setting the download directory
-  (https://github.com/ansible/ansible/issues/80887)

changelogs/fragments/80943-ansible-galaxy-collection-subdir-install.yml

@@ -1,3 +0,0 @@
-bugfixes:
-- ansible-galaxy - Fix variable type error when installing subdir collections
-  (https://github.com/ansible/ansible/issues/80943)

changelogs/fragments/80968-replace-deprecated-ast-attr.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - Fix ``ast`` deprecation warnings for ``Str`` and ``value.s`` when using Python 3.12.

changelogs/fragments/80985-fix-smgl-family-mapping.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - distribution facts - fix Source Mage family mapping

changelogs/fragments/81005-use-overlay-overrides.yml

@@ -1,2 +0,0 @@
-bugfixes:
-- templating - In the template action and lookup, use local jinja2 environment overlay overrides instead of mutating the templars environment

changelogs/fragments/81013-handlers-listen-last-defined-only.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - handlers - the ``listen`` keyword can affect only one handler with the same name, the last one defined as it is a case with the ``notify`` keyword (https://github.com/ansible/ansible/issues/81013)

changelogs/fragments/81029-connection-types.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - "paramiko_ssh, psrp, and ssh connection plugins - ensure that all values for options that should be strings are actually converted to strings (https://github.com/ansible/ansible/pull/81029)."

changelogs/fragments/81064-daemonize-fixes.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - "``ansible.module_utils.service`` - fix inter-process communication in ``daemonize()``"

changelogs/fragments/81082-deprecated-importlib-abc.yml

@@ -1,5 +0,0 @@
----
-minor_changes:
-  - Use ``importlib.resources.abc.TraversableResources`` instead of deprecated
-    ``importlib.abc.TraversableResources`` where available
-    (https:/github.com/ansible/ansible/pull/81082).

changelogs/fragments/81083-add-blockinfile-append-and-prepend-new-line-options.yml

@@ -1,2 +0,0 @@
-minor_changes:
-  - blockinfile - add append_newline and prepend_newline options (https://github.com/ansible/ansible/issues/80835).

changelogs/fragments/81104-inventory-script-plugin-raise-execution-error.yml

@@ -1,2 +0,0 @@
-bugfixes:
-- Inventory scripts parser not treat exception when getting hostsvar (https://github.com/ansible/ansible/issues/81103)

changelogs/fragments/81319-cloudstack-test-container-bump-version.yml

@@ -1,2 +0,0 @@
-minor_changes:
-  - ansible-test - Updated the CloudStack test container to version 1.6.1.

changelogs/fragments/81332-fix-pkg-mgr-in-kylin.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - pkg_mgr.py - Fix `ansible_pkg_mgr` is unknown in Kylin Linux (https://github.com/ansible/ansible/issues/81332)

changelogs/fragments/81450-list-filters.yml

@@ -1,4 +0,0 @@
-bugfixes:
-  - "ansible-console - fix filtering by collection names when a collection search path was set (https://github.com/ansible/ansible/pull/81450)."
-minor_changes:
-  - "ansible-doc - allow to filter listing of collections and metadata dump by more than one collection (https://github.com/ansible/ansible/pull/81450)."

changelogs/fragments/81494-remove-duplicated-file-attribute-constant.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - Import ``FILE_ATTRIBUTES`` from ``ansible.module_utils.common.file`` in ``ansible.module_utils.basic`` instead of defining it twice.

changelogs/fragments/81555-add-warning-for-illegal-filenames-in-roles.yaml

@@ -1,5 +0,0 @@
-minor_changes:
-  - ansible-galaxy - used to crash out with a "Errno 20 Not a directory" error when extracting files from a role when hitting a file with an illegal name (https://github.com/ansible/ansible/pull/81553). Now it gives a warning identifying the culprit file and the rule violation (e.g., ``my$class.jar`` has a ``$`` in the name) before crashing out, giving the user a chance to remove the invalid file and try again. (https://github.com/ansible/ansible/pull/81555).
-
-known_issues:
-  - ansible-galaxy - dies in the middle of installing a role when that role contains Java inner classes (files with $ in the file name).  This is by design, to exclude temporary or backup files. (https://github.com/ansible/ansible/pull/81553).

changelogs/fragments/81613-remove-unusued-private-lock.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - lib/ansible/utils/encrypt.py - remove unused private ``_LOCK`` (https://github.com/ansible/ansible/issues/81613)

changelogs/fragments/81656-cf_readfp-deprecated.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - Replace uses of ``configparser.ConfigParser.readfp()`` which was removed in Python 3.12 with ``configparser.ConfigParser.read_file()`` (https://github.com/ansible/ansible/issues/81656)

changelogs/fragments/81662-blockinfile-exc.yml

@@ -1,2 +0,0 @@
-bugfixes:
-  - "blockinfile - avoid crash with Python 3 if creating the directory fails when ``create=true`` (https://github.com/ansible/ansible/pull/81662)."

changelogs/fragments/85193-runtime-metadata.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - ansible-test - The runtime-metadata sanity test now ignores pre-release and build identifiers in collection versions. This prevents errors if a tombstone version is ``X.0.0``, while the collection's version is ``X.0.0-prerelease`` (https://github.com/ansible/ansible/issues/85193)."

changelogs/fragments/85254-apt-version-comparison-bugfix.yaml

@@ -0,0 +1,2 @@
+bugfixes:
+  - apt - Stop the >= operator from being ignored for packages that are not already installed (https://github.com/ansible/ansible/pull/85254)

changelogs/fragments/85259-fix-human_to_bytes.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - "Fix ``AnsibleModule.human_to_bytes()``, which was never adjusted after the standalone ``human_to_bytes()`` got a new parameter ``default_unit`` (https://github.com/ansible/ansible/pull/85259)."

changelogs/fragments/85623-fix-pip-check-mode-vcs.yml

@@ -0,0 +1,5 @@
+bugfixes:
+  - >-
+    ``ansible.builtin.pip`` - Running the built-in pip module with ``check_mode`` and packages coming from VCS URLs, archives, or local filepaths now correctly outputs the ``changed`` status of the task.
+    Previously, it was always reported as changed due to improper package name resolution. 
+    (https://github.com/ansible/ansible/pull/85623)