cfengine · olehermanse · May 20, 2026 · Apr 30, 2026 · Apr 15, 2026 · Apr 17, 2026
diff --git a/.github/workflows/cfengine_lint.yml b/.github/workflows/cfengine_lint.yml
@@ -0,0 +1,20 @@
+name: Lint policy with CFEngine CLI
+on:
+  workflow_call:
+permissions:
+  contents: read
+jobs:
+  lint:
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.14"
+      - name: Checkout masterfiles
+        uses: actions/checkout@v4
+      - name: Install CFEngine CLI
+        run: pipx install cfengine
+      - name: Run cfengine lint
+        run: |
+          cfengine lint --strict no ./
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -9,8 +9,10 @@ on:
 jobs:
   style_check:
     uses: ./.github/workflows/style_check.yml
+  cfengine_lint:
+    uses: ./.github/workflows/cfengine_lint.yml
   bootstrap_policy_run_check:
-    needs: style_check
+    needs: [style_check, cfengine_lint]
     uses: ./.github/workflows/bootstrap_policy_run_check.yml
   tests:
     needs: bootstrap_policy_run_check

diff --git a/cfbs.json b/cfbs.json
@@ -1,5 +1,5 @@
 {
-  "name": "Masterfiles",
+  "name": "masterfiles",
   "description": "Official CFEngine Masterfiles Policy Framework (MPF)",
   "type": "module",
   "provides": {

diff --git a/cfe_internal/CFE_cfengine.cf b/cfe_internal/CFE_cfengine.cf
@@ -18,22 +18,21 @@ bundle common cfe_internal_management_file_control
 # @brief Define policy input dependancies
 {
   vars:
-
-      "inputs" slist => { };
+    "inputs" slist => {};
 
     cfengine_recommendations_enabled::
       "input[cfengine_recommendations]"
         string => "$(this.promise_dirname)/recommendations.cf";
 
     any::
-      "inputs" slist => getvalues( input );
+      "inputs" slist => getvalues(input);
 }
 
 body file control
 # @brief Include policy input dependancies
 {
-    cfengine_recommendations_enabled::
-      inputs => { @(cfe_internal_management_file_control.inputs) };
+  cfengine_recommendations_enabled::
+    inputs => { @(cfe_internal_management_file_control.inputs) };
 }
 
 bundle agent cfe_internal_management
@@ -59,20 +58,15 @@ bundle agent cfe_internal_management
       "bundles" slist => getindices(policy);
 
       "recommendation_bundles"
-        slist => sort( bundlesmatching( ".*", "cfengine_recommends" ), lex);
+        slist => sort(bundlesmatching(".*", "cfengine_recommends"), lex);
 
   methods:
+    # CFEngine internals
+    "CFEngine_Internals" usebundle => "$(bundles)";
 
-      #
-      # CFEngine internals
-      #
-
-      "CFEngine_Internals"
-        usebundle => "$(bundles)";
-
-      "CFEngine Recommendations"
-        usebundle => $(recommendation_bundles),
-        if => isvariable( recommendation_bundles );
+    "CFEngine Recommendations"
+      usebundle => $(recommendation_bundles),
+      if => isvariable(recommendation_bundles);
 
   reports:
     DEBUG|DEBUG_cfe_internal_management::

diff --git a/cfe_internal/enterprise/CFE_hub_specific.cf b/cfe_internal/enterprise/CFE_hub_specific.cf
@@ -607,7 +607,7 @@ bundle agent log_cfengine_enterprise_license_utilization
 
 }
 
-bundle agent cfe_internal_enterprise_HA_classes
+bundle agent cfe_internal_enterprise_ha_classes
 {
   classes:
       # NOTE The `hub_active` class is a hard class defined by the ha_plugin in
@@ -645,7 +645,7 @@ bundle agent cfe_internal_enterprise_maintenance
 
     enterprise_edition::
       "HA classes"
-        usebundle => "cfe_internal_enterprise_HA_classes",
+        usebundle => "cfe_internal_enterprise_ha_classes",
         comment => "Set the HA-related classes for the maintenance bundles";
 
       "Enterprise Maintenance"

diff --git a/cfe_internal/enterprise/federation/federation.cf b/cfe_internal/enterprise/federation/federation.cf
@@ -809,9 +809,9 @@ bundle agent ensure_feeders
         arglist => {
                      "cfdb",
 @if minimum_version(3.24)
-                     "select ensure_feeders($(feeders_arg));"
+                     "select ensure_feeders($(feeders_arg));",
 @else
-                     `"select ensure_feeders($(feeders_arg));"`
+                     `"select ensure_feeders($(feeders_arg));"`,
 @endif
                    },
         classes => psql_wrapper_exit_codes,

diff --git a/cfe_internal/enterprise/ha/ha_info.json b/cfe_internal/enterprise/ha/ha_info.json
@@ -1,15 +1,12 @@
 {
- "192.168.100.10":
- {
-  "sha": "PLACE KEY HERE",
-  "internal_ip": "192.168.100.10",
-  "is_in_cluster" : true,
- },
- "192.168.100.11":
- {
-  "sha": "PLACE KEY HERE",
-  "internal_ip": "192.168.100.11",
-  "is_in_cluster" : true,
- }
+  "192.168.100.10": {
+    "sha": "PLACE KEY HERE",
+    "internal_ip": "192.168.100.10",
+    "is_in_cluster": true
+  },
+  "192.168.100.11": {
+    "sha": "PLACE KEY HERE",
+    "internal_ip": "192.168.100.11",
+    "is_in_cluster": true
+  }
 }
-
diff --git a/cfe_internal/recommendations.cf b/cfe_internal/recommendations.cf
@@ -1,4 +1,4 @@
-bundle agent MPF_class_recommendations
+bundle agent mpf_class_recommendations
 {
   meta:
     (policy_server|am_policy_hub).enterprise_edition::

diff --git a/inventory/README.md b/inventory/README.md
@@ -183,7 +183,7 @@ R: inventory_lsb: OS = Ubuntu, codename = trusty, release = 14.04, flavor = Ubun
 
 * lives in: `any.cf`
 * runs `inventory_control.lldpctl_exec` through a Perl filter
-* provides variables: `cfe_autorun_inventory_LLDP.K` for each `K` returned by the LLDB executable
+* provides variables: `cfe_autorun_inventory_lldp.K` for each `K` returned by the LLDB executable
 
 ## mtab
 

diff --git a/inventory/aix.cf b/inventory/aix.cf
@@ -4,8 +4,7 @@ bundle agent inventory_aix
 # This agent bundle is for AIX inventory work.
 {
   methods:
-    "oslevel"
-      usebundle => inventory_aix_oslevel;
+    "oslevel" usebundle => inventory_aix_oslevel;
 }
 
 bundle agent inventory_aix_oslevel
@@ -14,65 +13,57 @@ bundle agent inventory_aix_oslevel
 # for up to 1 day before re-discovering.
 {
   vars:
-
     "oslevel"
-      string => ifelse( isvariable( "paths.oslevel" ), $(paths.oslevel),
-                        "/usr/bin/oslevel" );
+      string => ifelse(
+        isvariable("paths.oslevel"), $(paths.oslevel), "/usr/bin/oslevel"
+      );
 
   commands:
-
     aix::
-
       "$(oslevel)"
         handle => "cache_aix_oslevel_s",
         args => "-s > $(sys.statedir)/aix-oslevel-s",
-        if => not( fileexists( "$(sys.statedir)/aix-oslevel-s" ) ),
+        if => not(fileexists("$(sys.statedir)/aix-oslevel-s")),
         contain => in_shell,
         comment => "We cache the highest service pack reached to avoid
                     unnecessary command executions.";
 
       "$(oslevel)"
         handle => "cache_aix_oslevel_r",
         args => "-r > $(sys.statedir)/aix-oslevel-r",
-        if => not( fileexists( "$(sys.statedir)/aix-oslevel-r" ) ),
+        if => not(fileexists("$(sys.statedir)/aix-oslevel-r")),
         contain => in_shell,
         comment => "We cache the highest technology level reached to avoid
                     unnecessary command executions.";
 
   files:
-
     aix::
-
       "$(sys.statedir)/aix-oslevel-r"
         handle => "cache_expire_aix_oslevel_r",
         delete => tidy,
-        file_select => days_old( 1 ),
+        file_select => days_old(1),
         comment => "We regularly clear the cache to avoid stale data";
 
       "$(sys.statedir)/aix-oslevel-s"
         handle => "cache_expire_aix_oslevel_s",
         delete => tidy,
-        file_select => days_old( 1 ),
+        file_select => days_old(1),
         comment => "We regularly clear the cache to avoid stale data";
 
- vars:
-
+  vars:
     aix::
-
-     "oslevel_s"
-       string => readfile("$(sys.statedir)/aix-oslevel-s", 1K ),
-       if => fileexists("$(sys.statedir)/aix-oslevel-s"),
-       meta => { "inventory", "attribute_name=Highest Service Pack" };
-
-     "oslevel_r"
-       string => readfile("$(sys.statedir)/aix-oslevel-r", 1K),
-       if => fileexists("$(sys.statedir)/aix-oslevel-r"),
-       meta => { "inventory", "attribute_name=Highest Technology Level" };
-
- reports:
-
-   DEBUG::
-
-     "Highest Service Pack: $(oslevel_s)";
-     "Highest Technology Level: $(oslevel_r)";
+      "oslevel_s"
+        string => readfile("$(sys.statedir)/aix-oslevel-s", 1K),
+        if => fileexists("$(sys.statedir)/aix-oslevel-s"),
+        meta => { "inventory", "attribute_name=Highest Service Pack" };
+
+      "oslevel_r"
+        string => readfile("$(sys.statedir)/aix-oslevel-r", 1K),
+        if => fileexists("$(sys.statedir)/aix-oslevel-r"),
+        meta => { "inventory", "attribute_name=Highest Technology Level" };
+
+  reports:
+    DEBUG::
+      "Highest Service Pack: $(oslevel_s)";
+      "Highest Technology Level: $(oslevel_r)";
 }
diff --git a/inventory/any.cf b/inventory/any.cf
@@ -37,7 +37,7 @@ bundle agent inventory_autorun
 {
   methods:
     !disable_inventory_LLDP::
-      "LLDP" usebundle => cfe_autorun_inventory_LLDP(),
+      "LLDP" usebundle => cfe_autorun_inventory_lldp(),
       handle => "cfe_internal_autorun_inventory_LLDP";
 
     !disable_inventory_package_refresh::
@@ -1066,7 +1066,7 @@ bundle agent cfe_autorun_inventory_dmidecode
       "DEBUG $(this.bundle): Obtained Physical memory (MB) = '$(total_physical_memory_MB)'";
 }
 
-bundle agent cfe_autorun_inventory_LLDP
+bundle agent cfe_autorun_inventory_lldp
 # @brief Do LLDP-based inventory
 #
 # This agent bundle runs lldpctl to discover information.  See