diff --git a/.dockerfile_lint/default_rules.yaml b/.dockerfile_lint/default_rules.yaml
new file mode 100644
index 0000000..04d4523
--- /dev/null
+++ b/.dockerfile_lint/default_rules.yaml
@@ -0,0 +1,182 @@
+# https://github.com/projectatomic/dockerfile_lint
+---
+ profile:
+ name: "Default"
+ description: "Default Profile. Checks basic syntax."
+ line_rules:
+ LABEL:
+ paramSyntaxRegex: /.+/
+ defined_namevals:
+ Name:
+ valueRegex: /[\w]+/
+ message: "Label 'name' is missing or has invalid format"
+ level: "error"
+ required: true
+ Version:
+ valueRegex: /[\w.${}()"'\\\/~<>\-?\%:]+/
+ message: "Label 'version' is missing or has invalid format"
+ level: "error"
+ required: true
+ Maintainer:
+ valueRegex: /[\w]+/
+ message: "Label 'maintainer' is missing or has invalid format"
+ level: "error"
+ required: true
+
+ FROM:
+ paramSyntaxRegex: /^[\w./\-:]+(:[\w.]+)?(-[\w]+)?( as \w+)?$/i
+ rules:
+ -
+ label: "is_latest_tag"
+ regex: /latest/
+ level: "error"
+ message: "base image uses 'latest' tag"
+ description: "using the 'latest' tag may cause unpredictable builds. It is recommended that a specific tag is used in the FROM line or *-released which is the latest supported release."
+ reference_url:
+ - "https://docs.docker.com/engine/reference/builder/"
+ - "#from"
+ -
+ label: "no_tag"
+ regex: /^[:]/
+ level: "error"
+ message: "No tag is used"
+ description: "lorem ipsum tar"
+ reference_url:
+ - "https://docs.docker.com/engine/reference/builder/"
+ - "#from"
+ -
+ label: "specified_registry"
+ regex: /[\w]+?\.[\w-]+(\:|\.)([\w.]+|(\d+)?)([/?:].*)?/
+ level: "warn"
+ message: "using a specified registry in the FROM line"
+ description: "using a specified registry may supply invalid or unexpected base images"
+ reference_url:
+ - "https://docs.docker.com/engine/reference/builder/"
+ - "#entrypoint"
+ RUN:
+ paramSyntaxRegex: /.+/
+ rules:
+ -
+ label: "no_yum_clean_all"
+ regex: /yum(?!.+clean all|.+\.repo|-config|\.conf)/g
+ level: "warn"
+ message: "yum clean all is not used"
+ description: "the yum cache will remain in this layer making the layer unnecessarily large"
+ reference_url:
+ - "http://docs.projectatomic.io/container-best-practices/#"
+ - "_clear_packaging_caches_and_temporary_package_downloads"
+ -
+ label: "yum_update_all"
+ regex: /yum(.+update all|.+upgrade|.+update|\.config)/
+ level: "info"
+ message: "updating the entire base image may add unnecessary size to the container"
+ description: "update the entire base image may add unnecessary size to the container"
+ reference_url:
+ - "http://docs.projectatomic.io/container-best-practices/#"
+ - "_clear_packaging_caches_and_temporary_package_downloads"
+ -
+ label: "no_dnf_clean_all"
+ regex: /dnf(?!.+clean all|.+\.repo)/g
+ level: "warn"
+ message: "dnf clean all is not used"
+ description: "the dnf cache will remain in this layer making the layer unnecessarily large"
+ reference_url:
+ - "http://docs.projectatomic.io/container-best-practices/#"
+ - "_clear_packaging_caches_and_temporary_package_downloads"
+ -
+ label: "no_rvm_cleanup_all"
+ regex: /rvm install(?!.+cleanup all)/g
+ level: "warn"
+ message: "rvm cleanup is not used"
+ description: "the rvm cache will remain in this layer making the layer unnecessarily large"
+ reference_url:
+ - "http://docs.projectatomic.io/container-best-practices/#"
+ - "_clear_packaging_caches_and_temporary_package_downloads"
+ -
+ label: "no_gem_clean_all"
+ regex: /gem install(?!.+cleanup|.+\rvm cleanup all)/g
+ level: "warn"
+ message: "gem cleanup all is not used"
+ description: "the gem cache will remain in this layer making the layer unnecessarily large"
+ reference_url:
+ - "http://docs.projectatomic.io/container-best-practices/#"
+ - "_clear_packaging_caches_and_temporary_package_downloads"
+ -
+ label: "no_apt-get_clean"
+ regex: /apt-get install(?!.+clean)/g
+ level: "warn"
+ message: "apt-get clean is not used"
+ description: "the apt-get cache will remain in this layer making the layer unnecessarily large"
+ reference_url:
+ - "http://docs.projectatomic.io/container-best-practices/#"
+ - "_clear_packaging_caches_and_temporary_package_downloads"
+ -
+ label: "privileged_run_container"
+ regex: /privileged/
+ level: "warn"
+ message: "a privileged run container is allowed access to host devices"
+ description: "Does this run need to be privileged?"
+ reference_url:
+ - "http://docs.docker.com/engine/reference/run/#"
+ - "runtime-privilege-and-linux-capabilities"
+ -
+ label: "installing_ssh"
+ regex: /openssh-server/
+ level: "warn"
+ message: "installing SSH in a container is not recommended"
+ description: "Do you really need SSH in this image?"
+ reference_url: "https://github.com/jpetazzo/nsenter"
+ -
+ label: "no_ampersand_usage"
+ regex: / ; /
+ level: "warn"
+ message: "using ; instead of &&"
+ description: "RUN do_1 && do_2: The ampersands change the resulting evaluation into do_1 and then do_2 only if do_1 was successful."
+ reference_url:
+ - "http://docs.projectatomic.io/container-best-practices/#"
+ - "#_using_semi_colons_vs_double_ampersands"
+ EXPOSE:
+ paramSyntaxRegex: /^[\d-\s\w/\\]+$/
+ rules: []
+ ENV:
+ paramSyntaxRegex: /.+/
+ rules: []
+ ADD:
+ paramSyntaxRegex: /^~?([\w-.~:/?#\[\]\\\/*@!$&'()*+,;=.{}"]+[\s]*)+$/
+ COPY:
+ paramSyntaxRegex: /.+/
+ rules: []
+ ENTRYPOINT:
+ paramSyntaxRegex: /.+/
+ rules: []
+ VOLUME:
+ paramSyntaxRegex: /.+/
+ rules: []
+ USER:
+ paramSyntaxRegex: /^[a-z0-9_][a-z0-9_]{0,40}$/
+ rules: []
+ WORKDIR:
+ paramSyntaxRegex: /^~?[\w\d-\/.{}$\/:]+[\s]*$/
+ rules: []
+ ONBUILD:
+ paramSyntaxRegex: /.+/
+ rules: []
+ required_instructions:
+ -
+ instruction: "ENTRYPOINT"
+ count: 1
+ level: "info"
+ message: "There is no 'ENTRYPOINT' instruction"
+ description: "None"
+ reference_url:
+ - "https://docs.docker.com/engine/reference/builder/"
+ - "#entrypoint"
+ -
+ instruction: "CMD"
+ count: 1
+ level: "info"
+ message: "There is no 'CMD' instruction"
+ description: "None"
+ reference_url:
+ - "https://docs.docker.com/engine/reference/builder/"
+ - "#cmd"
diff --git a/.dockerfile_lint/github_actions.yaml b/.dockerfile_lint/github_actions.yaml
new file mode 100644
index 0000000..bafa907
--- /dev/null
+++ b/.dockerfile_lint/github_actions.yaml
@@ -0,0 +1,138 @@
+# https://github.com/projectatomic/dockerfile_lint
+profile:
+ name: "GitHub Actions"
+ description: "Checks for GitHub Actions."
+ includes:
+ - default_rules.yaml
+general:
+ # It appears these get duplicated rather than overriding. The hope was to use this as a counter to the
+ # `required_instructions` section, but perhaps it defines the `line_rules` map. It would be great to either be able
+ # to set `required_instructions` to a 0 value or have an `invalid_instructions` section?
+ valid_instructions:
+ - FROM
+ - RUN
+ - CMD
+ - LABEL
+ - ENV
+ - ADD
+ - COPY
+ - ENTRYPOINT
+ - WORKDIR
+ - ONBUILD
+ - ARG
+ - STOPSIGNAL
+ - SHELL
+line_rules:
+ # Invalid Lines
+ ADD:
+ paramSyntaxRegex: /.+/
+ rules:
+ -
+ label: "add_antipattern"
+ regex: /.+/
+ level: "info"
+ message: "Avoid using ADD"
+ description: "It is generally an anti-pattern to us ADD, use COPY instead."
+ EXPOSE:
+ paramSyntaxRegex: /.+/
+ rules:
+ -
+ label: "expose_invalid"
+ regex: /.+/
+ level: "error"
+ message: "There should not be an 'EXPOSE' instruction"
+ description: "Actions should not expose ports."
+ HEALTHCHECK:
+ paramSyntaxRegex: /.+/
+ rules:
+ -
+ label: "healthcheck_invalid"
+ regex: /.+/
+ level: "error"
+ message: "There should not be a 'HEALTHCHECK' instruction"
+ description: "Actions should not require HEALTHCHECKs."
+ MAINTAINER:
+ paramSyntaxRegex: /.+/
+ rules:
+ -
+ label: "maintainer_deprecated"
+ regex: /.+/
+ level: "info"
+ message: "the MAINTAINER command is deprecated"
+ description: "MAINTAINER is deprecated in favor of using LABEL since Docker v1.13.0"
+ reference_url:
+ - "https://github.com/docker/cli/blob/master/docs/deprecated.md"
+ - "#maintainer-in-dockerfile"
+ SHELL:
+ paramSyntaxRegex: /.+/
+ rules:
+ -
+ label: "shell_invalid"
+ regex: /.+/
+ level: "info"
+ message: "There should not be a 'SHELL' instruction"
+ description: "Actions generally rely on sh and setting an alternative shell may have unexpected consequences."
+ USER:
+ paramSyntaxRegex: /.+/
+ rules:
+ -
+ label: "user_discouraged"
+ regex: /.+/
+ level: "warn"
+ message: "'USER' instruction exists"
+ description: "Actions don't expect a USER to be set."
+ VOLUME:
+ paramSyntaxRegex: /.+/
+ rules:
+ -
+ label: "volume_invalid"
+ regex: /.+/
+ level: "error"
+ message: "There should not be a 'VOLUME' instruction"
+ description: "Actions do not support volumes."
+
+ # Required Labels
+ LABEL:
+ paramSyntaxRegex: /.+/
+ defined_namevals:
+ com.github.actions.name:
+ valueRegex: /[\w]+/
+ message: "Label 'com.github.actions.name' is missing or has invalid format"
+ level: "error"
+ required: true
+ com.github.actions.description:
+ valueRegex: /[\w]+/
+ message: "Label 'com.github.actions.description' is missing or has invalid format"
+ level: "error"
+ required: true
+ com.github.actions.icon:
+ valueRegex: /[\w]+/
+ message: "Label 'com.github.actions.icon' is missing or has invalid format"
+ level: "error"
+ required: true
+ com.github.actions.color:
+ valueRegex: /[\w]+/
+ message: "Label 'com.github.actions.color' is missing or has invalid format"
+ level: "error"
+ required: true
+
+
+required_instructions:
+ -
+ instruction: "ENTRYPOINT"
+ count: 1
+ level: "error"
+ message: "There is no 'ENTRYPOINT' instruction"
+ description: "Actions require that a default ENTRYPOINT be set"
+ reference_url:
+ - "https://docs.docker.com/engine/reference/builder/"
+ - "#entrypoint"
+ -
+ instruction: "CMD"
+ count: 1
+ level: "info"
+ message: "There is no 'CMD' instruction"
+ description: "In most cases it is helpful to include reasonable defaults for CMD"
+ reference_url:
+ - "https://docs.docker.com/engine/reference/builder/"
+ - "#cmd"
diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..023ebc0
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+# ignore all files by default
+*
+# include required files with an exception
+!entrypoint.sh
+!LICENSE
+!README.md
+!THIRD_PARTY_NOTICE.md
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 0000000..f150931
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,27 @@
+name: CI
+
+on:
+ push:
+ branches:
+ - master # Push events on master branch
+ pull_request: # Run tests for any PRs
+
+jobs:
+ # Run tests.
+ # See also https://docs.docker.com/docker-hub/builds/automated-testing/
+ test:
+ runs-on: ubuntu-latest
+
+ steps:
+ - uses: actions/checkout@v2
+
+ - name: Dockerfile lint
+ uses: docker://replicated/dockerfilelint:09a5034
+ with:
+ args: Dockerfile
+
+ - name: Docker build
+ run: docker build . --file Dockerfile --tag image
+
+ - name: Docker run
+ run: docker run --entrypoint /opt/puppetlabs/bin/puppet image --version
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..6262b34
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,18 @@
+FROM centos:8
+
+LABEL name="puppet-parser-validate-action"
+LABEL repository="https://github.com/irasnyd/puppet-parser-validate-action"
+LABEL homepage="https://github.com/irasnyd/puppet-parser-validate-action"
+
+LABEL "com.github.actions.name"="puppet-parser-validate-action"
+LABEL "com.github.actions.description"="GitHub Action to run 'puppet parser validate' syntax check"
+LABEL "com.github.actions.icon"="share-2"
+LABEL "com.github.actions.color"="orange"
+
+LABEL "maintainer"="Ira W. Snyder "
+
+RUN yum -y install http://yum.puppetlabs.com/puppet5/el/8/x86_64/puppet-agent-5.5.19-1.el8.x86_64.rpm
+COPY entrypoint.sh /entrypoint.sh
+RUN ["chmod", "+x", "/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["./"]
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..4221c68
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Ira W. Snyder
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..ccc590c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,38 @@
+# GitHub Action for Puppet Parser Validate
+
+This Action for the [Puppet](https://puppet.com/) configuration management
+system enables you to syntax check your Puppet code.
+
+## Usage
+
+An example workflow for syntax checking Puppet code is shown below. It will
+run the `puppet parser validate` command with the path to the files you want
+to test as `args`.
+
+```yaml
+name: Puppet Parser Validate
+
+on: [push]
+
+jobs:
+ puppet-parser-validate:
+
+ runs-on: ubuntu-latest
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v2
+
+ - name: puppet-parser-validate
+ uses: irasnyd/puppet-parser-validate-action@master
+ with:
+ args: ./
+```
+
+## License
+
+The [Dockerfile](Dockerfile) and associated scripts and documentation in this
+project are released under the [MIT License](LICENSE).
+
+Container images built with this project include third party materials. See
+[THIRD_PARTY_NOTICE.md](THIRD_PARTY_NOTICE.md) for details.
diff --git a/THIRD_PARTY_NOTICE.md b/THIRD_PARTY_NOTICE.md
new file mode 100644
index 0000000..458548f
--- /dev/null
+++ b/THIRD_PARTY_NOTICE.md
@@ -0,0 +1,5 @@
+# Third Party Notices and Information
+
+Container images built with this project include third party materials.
+
+Notwithstanding any other terms, you may reverse engineer this software to the extent required to debug changes to any libraries licensed under the GNU Lesser General Public License for your own use.
diff --git a/action.yml b/action.yml
new file mode 100644
index 0000000..a426806
--- /dev/null
+++ b/action.yml
@@ -0,0 +1,9 @@
+name: 'puppet-parser-validate-action'
+author: 'Ira W. Snyder '
+description: 'GitHub Action to run "puppet parser validate" syntax check'
+runs:
+ using: 'docker'
+ image: 'Dockerfile'
+branding:
+ icon: 'share-2'
+ color: 'orange'
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..c98c608
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -euo pipefail
+
+echo "ARGUMENTS: $@"
+exec /opt/puppetlabs/bin/puppet parser validate "$@"