ephor
diff --git a/‎.dockerfile_lint/default_rules.yaml
Lines changed: 173 additions & 0 deletions b/‎.dockerfile_lint/default_rules.yaml
Lines changed: 173 additions & 0 deletions
diff --git a/‎.dockerfile_lint/github_actions.yaml
Lines changed: 138 additions & 0 deletions b/‎.dockerfile_lint/github_actions.yaml
Lines changed: 138 additions & 0 deletions
diff --git a/‎.github/main.workflow
Lines changed: 43 additions & 0 deletions b/‎.github/main.workflow
Lines changed: 43 additions & 0 deletions
diff --git a/‎LICENSE
Lines changed: 22 additions & 0 deletions b/‎LICENSE
Lines changed: 22 additions & 0 deletions
@@ -0,0 +1,173 @@
+# https://github.com/projectatomic/dockerfile_lint
+---
+  profile:
+    name: "Default"
+    description: "Default Profile. Checks basic syntax."
+  line_rules:
+    LABEL:
+       paramSyntaxRegex: /.+/
+       defined_namevals:
+           Name:
+             valueRegex: /[\w]+/
+             message: "Label 'name' is missing or has invalid format"
+             level: "error"
+             required: true
+           Version:
+             valueRegex: /[\w.${}()"'\\\/~<>\-?\%:]+/
+             message: "Label 'version' is missing or has invalid format"
+             level: "error"
+             required: true
+           Maintainer:
+             valueRegex: /[\w]+/
+             message: "Label 'maintainer' is missing or has invalid format"
+             level: "error"
+             required: true
+
+    FROM: 
+      paramSyntaxRegex: /^[\w./\-:]+(:[\w.]+)?(-[\w]+)?( as \w+)?$/i
+      rules: 
+        - 
+          label: "is_latest_tag"
+          regex: /latest/
+          level: "error"
+          message: "base image uses 'latest' tag"
+          description: "using the 'latest' tag may cause unpredictable builds. It is recommended that a specific tag is used in the FROM line or *-released which is the latest supported release."
+          reference_url: 
+            - "https://docs.docker.com/engine/reference/builder/"
+            - "#from"
+        - 
+          label: "no_tag"
+          regex: /^[:]/
+          level: "error"
+          message: "No tag is used"
+          description: "lorem ipsum tar"
+          reference_url: 
+            - "https://docs.docker.com/engine/reference/builder/"
+            - "#from"
+    RUN:
+      paramSyntaxRegex: /.+/
+      rules: 
+        - 
+          label: "no_yum_clean_all"
+          regex: /yum(?!.+clean all|.+\.repo|-config|\.conf)/g
+          level: "warn"
+          message: "yum clean all is not used"
+          description: "the yum cache will remain in this layer making the layer unnecessarily large"
+          reference_url: 
+            - "http://docs.projectatomic.io/container-best-practices/#"
+            - "_clear_packaging_caches_and_temporary_package_downloads"
+        - 
+          label: "yum_update_all"
+          regex: /yum(.+update all|.+upgrade|.+update|\.config)/
+          level: "info"
+          message: "updating the entire base image may add unnecessary size to the container"
+          description: "update the entire base image may add unnecessary size to the container"
+          reference_url: 
+            - "http://docs.projectatomic.io/container-best-practices/#"
+            - "_clear_packaging_caches_and_temporary_package_downloads"
+        -
+          label: "no_dnf_clean_all"
+          regex: /dnf(?!.+clean all|.+\.repo)/g
+          level: "warn"
+          message: "dnf clean all is not used"
+          description: "the dnf cache will remain in this layer making the layer unnecessarily large"
+          reference_url: 
+            - "http://docs.projectatomic.io/container-best-practices/#"
+            - "_clear_packaging_caches_and_temporary_package_downloads"
+        -
+          label: "no_rvm_cleanup_all"
+          regex: /rvm install(?!.+cleanup all)/g
+          level: "warn"
+          message: "rvm cleanup is not used"
+          description: "the rvm cache will remain in this layer making the layer unnecessarily large"
+          reference_url: 
+            - "http://docs.projectatomic.io/container-best-practices/#"
+            - "_clear_packaging_caches_and_temporary_package_downloads"
+        -
+          label: "no_gem_clean_all"
+          regex: /gem install(?!.+cleanup|.+\rvm cleanup all)/g
+          level: "warn"
+          message: "gem cleanup all is not used"
+          description: "the gem cache will remain in this layer making the layer unnecessarily large"
+          reference_url: 
+            - "http://docs.projectatomic.io/container-best-practices/#"
+            - "_clear_packaging_caches_and_temporary_package_downloads" 
+        -
+          label: "no_apt-get_clean"
+          regex: /apt-get install(?!.+clean)/g
+          level: "warn"
+          message: "apt-get clean is not used"
+          description: "the apt-get cache will remain in this layer making the layer unnecessarily large"
+          reference_url: 
+            - "http://docs.projectatomic.io/container-best-practices/#"
+            - "_clear_packaging_caches_and_temporary_package_downloads" 
+        -
+          label: "privileged_run_container"
+          regex: /privileged/
+          level: "warn"
+          message: "a privileged run container is allowed access to host devices"
+          description: "Does this run need to be privileged?"
+          reference_url: 
+            - "http://docs.docker.com/engine/reference/run/#"
+            - "runtime-privilege-and-linux-capabilities"
+        -
+          label: "installing_ssh"
+          regex: /openssh-server/
+          level: "warn"
+          message: "installing SSH in a container is not recommended"
+          description: "Do you really need SSH in this image?"
+          reference_url: "https://github.com/jpetazzo/nsenter"	
+        - 
+          label: "no_ampersand_usage"
+          regex: / ; /
+          level: "warn"
+          message: "using ; instead of &&"
+          description: "RUN do_1 && do_2: The ampersands change the resulting evaluation into do_1 and then do_2 only if do_1 was successful."
+          reference_url:
+            - "http://docs.projectatomic.io/container-best-practices/#"
+            - "#_using_semi_colons_vs_double_ampersands"
+    EXPOSE: 
+      paramSyntaxRegex: /^[\d-\s\w/\\]+$/
+      rules: []
+    ENV:
+      paramSyntaxRegex: /.+/
+      rules: []
+    ADD: 
+      paramSyntaxRegex: /^~?([\w-.~:/?#\[\]\\\/*@!$&'()*+,;=.{}"]+[\s]*)+$/
+    COPY: 
+      paramSyntaxRegex: /.+/
+      rules: []
+    ENTRYPOINT: 
+      paramSyntaxRegex: /.+/
+      rules: []
+    VOLUME:
+      paramSyntaxRegex: /.+/
+      rules: []
+    USER: 
+      paramSyntaxRegex: /^[a-z0-9_][a-z0-9_]{0,40}$/
+      rules: []
+    WORKDIR: 
+      paramSyntaxRegex: /^~?[\w\d-\/.{}$\/:]+[\s]*$/
+      rules: []
+    ONBUILD: 
+      paramSyntaxRegex: /.+/
+      rules: []
+  required_instructions:
+    -
+      instruction: "ENTRYPOINT"
+      count: 1
+      level: "info"
+      message: "There is no 'ENTRYPOINT' instruction"
+      description: "None"
+      reference_url:
+        - "https://docs.docker.com/engine/reference/builder/"
+        - "#entrypoint"
+    -
+      instruction: "CMD"
+      count: 1
+      level: "info"
+      message: "There is no 'CMD' instruction"
+      description: "None"
+      reference_url:
+        - "https://docs.docker.com/engine/reference/builder/"
+        - "#cmd"
@@ -0,0 +1,138 @@
+# https://github.com/projectatomic/dockerfile_lint
+profile:
+  name: "GitHub Actions"
+  description: "Checks for GitHub Actions."
+  includes:
+    - default_rules.yaml
+general:
+  # It appears these get duplicated rather than overriding.  The hope was to use this as a counter to the
+  # `required_instructions` section, but perhaps it defines the `line_rules` map.  It would be great to either be able
+  # to set `required_instructions` to a 0 value or have an `invalid_instructions` section?
+  valid_instructions:
+    - FROM
+    - RUN
+    - CMD
+    - LABEL
+    - ENV
+    - ADD
+    - COPY
+    - ENTRYPOINT
+    - WORKDIR
+    - ONBUILD
+    - ARG
+    - STOPSIGNAL
+    - SHELL
+line_rules:
+  # Invalid Lines
+  ADD:
+    paramSyntaxRegex: /.+/
+    rules:
+    -
+      label: "add_antipattern"
+      regex: /.+/
+      level: "info"
+      message: "Avoid using ADD"
+      description: "It is generally an anti-pattern to us ADD, use COPY instead."
+  EXPOSE:
+    paramSyntaxRegex: /.+/
+    rules:
+    -
+      label: "expose_invalid"
+      regex: /.+/
+      level: "error"
+      message: "There should not be an 'EXPOSE' instruction"
+      description: "Actions should not expose ports."
+  HEALTHCHECK:
+    paramSyntaxRegex: /.+/
+    rules:
+    -
+      label: "healthcheck_invalid"
+      regex: /.+/
+      level: "error"
+      message: "There should not be a 'HEALTHCHECK' instruction"
+      description: "Actions should not require HEALTHCHECKs."
+  MAINTAINER:
+    paramSyntaxRegex: /.+/
+    rules:
+      -
+        label: "maintainer_deprecated"
+        regex: /.+/
+        level: "info"
+        message: "the MAINTAINER command is deprecated"
+        description: "MAINTAINER is deprecated in favor of using LABEL since Docker v1.13.0"
+        reference_url:
+          - "https://github.com/docker/cli/blob/master/docs/deprecated.md"
+          - "#maintainer-in-dockerfile"
+  SHELL:
+    paramSyntaxRegex: /.+/
+    rules:
+    -
+      label: "shell_invalid"
+      regex: /.+/
+      level: "info"
+      message: "There should not be a 'SHELL' instruction"
+      description: "Actions generally rely on sh and setting an alternative shell may have unexpected consequences."
+  USER:
+    paramSyntaxRegex: /.+/
+    rules:
+    -
+      label: "user_discouraged"
+      regex: /.+/
+      level: "warn"
+      message: "'USER' instruction exists"
+      description: "Actions don't expect a USER to be set."
+  VOLUME:
+    paramSyntaxRegex: /.+/
+    rules:
+    -
+      label: "volume_invalid"
+      regex: /.+/
+      level: "error"
+      message: "There should not be a 'VOLUME' instruction"
+      description: "Actions do not support volumes."
+
+  # Required Labels
+  LABEL:
+    paramSyntaxRegex: /.+/
+    defined_namevals:
+      com.github.actions.name:
+        valueRegex: /[\w]+/
+        message: "Label 'com.github.actions.name' is missing or has invalid format"
+        level: "error"
+        required: true
+      com.github.actions.description:
+        valueRegex: /[\w]+/
+        message: "Label 'com.github.actions.description' is missing or has invalid format"
+        level: "error"
+        required: true
+      com.github.actions.icon:
+        valueRegex: /[\w]+/
+        message: "Label 'com.github.actions.icon' is missing or has invalid format"
+        level: "error"
+        required: true
+      com.github.actions.color:
+        valueRegex: /[\w]+/
+        message: "Label 'com.github.actions.color' is missing or has invalid format"
+        level: "error"
+        required: true
+
+
+required_instructions:
+  -
+    instruction: "ENTRYPOINT"
+    count: 1
+    level: "error"
+    message: "There is no 'ENTRYPOINT' instruction"
+    description: "Actions require that a default ENTRYPOINT be set"
+    reference_url:
+    - "https://docs.docker.com/engine/reference/builder/"
+    - "#entrypoint"
+  -
+    instruction: "CMD"
+    count: 1
+    level: "info"
+    message: "There is no 'CMD' instruction"
+    description: "In most cases it is helpful to include reasonable defaults for CMD"
+    reference_url:
+    - "https://docs.docker.com/engine/reference/builder/"
+    - "#cmd"
@@ -0,0 +1,43 @@
+workflow "Build and Publish" {
+  on = "push"
+  resolves = "Publish"
+}
+
+action "Lint" {
+  uses = "actions/action-builder/shell@master"
+  runs = "make"
+  args = "lint"
+}
+
+action "Test" {
+  uses = "actions/action-builder/shell@master"
+  runs = "make"
+  args = "test"
+}
+
+action "Build" {
+  needs = ["Lint", "Test"]
+  uses = "actions/action-builder/docker@master"
+  runs = "make"
+  args = "build"
+}
+
+action "Publish Filter" {
+  needs = ["Build"]
+  uses = "actions/bin/filter@master"
+  args = "branch master"
+}
+
+action "Docker Login" {
+  needs = ["Publish Filter"]
+  uses = "actions/docker/login@master"
+  secrets = ["DOCKER_USERNAME", "DOCKER_PASSWORD"]
+}
+
+action "Publish" {
+  needs = ["Docker Login"]
+  uses = "actions/action-builder/docker@master"
+  runs = "make"
+  args = "publish"
+}
+
@@ -0,0 +1,22 @@
+
+The MIT License (MIT)
+
+Copyright (c) 2018 GitHub, Inc. and contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.