Merge pull request #98 from voxpupuli/ghostbuster

feat: add ghostbuster

Author: rwaffen

.github/workflows/build_container.yml

@@ -50,6 +50,7 @@ jobs:
             RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli-acceptance }}
             RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli-release }}
             RUBYGEM_VOXPUPULI_TEST=${{ matrix.rubygem_voxpupuli-test }}
+            RUBYGEM_PUPPET_GHOSTBUSTER=${{ matrix.rubygem_puppet-ghostbuster }}
           build_arch: linux/amd64
           docker_username: voxpupulibot
           docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
@@ -83,6 +84,7 @@ jobs:
             RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli-acceptance }}
             RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli-release }}
             RUBYGEM_VOXPUPULI_TEST=${{ matrix.rubygem_voxpupuli-test }}
+            RUBYGEM_PUPPET_GHOSTBUSTER=${{ matrix.rubygem_puppet-ghostbuster }}
           build_arch: linux/arm64
           docker_username: voxpupulibot
           docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}

.github/workflows/ci.yaml

@@ -55,6 +55,7 @@ jobs:
             RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli-acceptance }}
             RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli-release }}
             RUBYGEM_VOXPUPULI_TEST=${{ matrix.rubygem_voxpupuli-test }}
+            RUBYGEM_PUPPET_GHOSTBUSTER=${{ matrix.rubygem_puppet-ghostbuster }}
 
       - name: Clone voxpupuli/puppet-example repository
         uses: actions/checkout@v4
@@ -63,18 +64,15 @@ jobs:
 
       - name: Test container
         run: |
-          # get ids from runner user
-          RUNNER_UID=$(id -u)
-          RUNNER_GID=$(id -g)
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile -T
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile lint
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile metadata_lint
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile strings:validate:reference
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile rubocop
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile syntax
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile spec
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile r10k:syntax
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile r10k:dependencies
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile -T
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile lint
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile metadata_lint
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile r10k:dependencies
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile r10k:syntax
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile rubocop
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile spec
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile strings:validate:reference
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile syntax
 
   build-ARM-container:
     name: 'Build ARM CI container'
@@ -108,6 +106,7 @@ jobs:
             RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli-acceptance }}
             RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli-release }}
             RUBYGEM_VOXPUPULI_TEST=${{ matrix.rubygem_voxpupuli-test }}
+            RUBYGEM_PUPPET_GHOSTBUSTER=${{ matrix.rubygem_puppet-ghostbuster }}
 
       - name: Clone voxpupuli/puppet-example repository
         uses: actions/checkout@v4
@@ -116,18 +115,15 @@ jobs:
 
       - name: Test container
         run: |
-          # get ids from runner user
-          RUNNER_UID=$(id -u)
-          RUNNER_GID=$(id -g)
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile -T
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile lint
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile metadata_lint
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile strings:validate:reference
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile rubocop
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile syntax
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile spec
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile r10k:syntax
-          docker run --user ${RUNNER_UID}:${RUNNER_GID} --rm  -v $(pwd):/repo ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile r10k:dependencies
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile -T
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile lint
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile metadata_lint
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile r10k:dependencies
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile r10k:syntax
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile rubocop
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile spec
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile strings:validate:reference
+          docker run --rm -v $PWD:/repo:Z ci/voxbox:${{ matrix.rubygem_puppet }} -f /Rakefile syntax
 
   tests:
     needs:

.github/workflows/security_scanning.yml

@@ -56,6 +56,7 @@ jobs:
             RUBYGEM_VOXPUPULI_ACCEPTANCE=${{ matrix.rubygem_voxpupuli-acceptance }}
             RUBYGEM_VOXPUPULI_RELEASE=${{ matrix.rubygem_voxpupuli-release }}
             RUBYGEM_VOXPUPULI_TEST=${{ matrix.rubygem_voxpupuli-test }}
+            RUBYGEM_PUPPET_GHOSTBUSTER=${{ matrix.rubygem_puppet-ghostbuster }}
 
       - name: Scan image with Anchore Grype
         uses: anchore/scan-action@v6

Dockerfile

@@ -42,6 +42,9 @@ ENV RUBYGEM_ONCEOVER=${RUBYGEM_ONCEOVER:-4.0.0}
 ARG RUBYGEM_RSPEC_JUNIT_FORMATTER
 ENV RUBYGEM_RSPEC_JUNIT_FORMATTER=${RUBYGEM_RSPEC_JUNIT_FORMATTER:-0.6.0}
 
+ARG RUBYGEM_PUPPET_GHOSTBUSTER
+ENV RUBYGEM_PUPPET_GHOSTBUSTER=${RUBYGEM_PUPPET_GHOSTBUSTER:-1.2.1}
+
 COPY voxbox/Gemfile /
 
 RUN apk update \

README.md

@@ -256,6 +256,30 @@ If you want to execute curl change the entrypoint to `curl` and pass a query/par
 podman run -it --rm -v $PWD:/repo:Z --entrypoint curl ghcr.io/voxpupuli/voxbox:8 --help
 ```
 
+## puppet-ghostbuster
+
+If you want to execute puppet-ghostbuster change the entrypoint to `ash` and pass the command to the container.
+Ghostbuster needs a connection to the puppetdb, so you have to provide the environment variables.
+You can find them in the documentation of the [puppet-ghostbuster](https://github.com/voxpupuli/puppet-ghostbuster) repository.
+
+Ghostbuster supports the following checks:
+
+- ghostbuster_classes
+- ghostbuster_defines
+- ghostbuster_facts
+- ghostbuster_files
+- ghostbuster_functions
+- ghostbuster_hiera_files
+- ghostbuster_templates
+- ghostbuster_types
+
+They can be combined with `--only-checks` and listed in a comma separated list.
+
+```shell
+podman run -it --rm -v $PWD:/repo:Z --entrypoint ash ghcr.io/voxpupuli/voxbox:8
+find . -type f -exec puppet-lint --only-checks ghostbuster_classes,ghostbuster_facts {} \+
+```
+
 ## Example Gitlab CI configuration
 
 see [.gitlab-ci.yml](.gitlab-ci.yml)

build_versions.yaml

@@ -15,3 +15,4 @@ include:
     rubygem_voxpupuli-acceptance: '3.2.0'
     rubygem_voxpupuli-release: '3.1.0'
     rubygem_voxpupuli-test: '9.2.0'
+    rubygem_puppet-ghostbuster: '1.2.1'

voxbox/Gemfile

@@ -14,7 +14,7 @@ gem 'voxpupuli-test',        ENV['RUBYGEM_VOXPUPULI_TEST']
 gem 'rubocop-performance',   ENV['RUBYGEM_RUBOCOP_PERFORMANCE']
 gem 'onceover',              ENV['RUBYGEM_ONCEOVER']
 gem 'rspec_junit_formatter', ENV['RUBYGEM_RSPEC_JUNIT_FORMATTER']
-
+gem 'puppet-ghostbuster',    ENV['RUBYGEM_PUPPET_GHOSTBUSTER']
 # CVE fixes
 gem 'cgi', '~> 0.4.1'             # cgi 0.1.0 has CVEs - remove default and install upstream replacement
 gem 'stringio', '~> 3.1'          # stringio 0.1.0 has CVEs - remove default and install upstream replacement