From 6eb20fbcd482b4ccaf19bf0a0c44f3babc18d831 Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Thu, 18 Sep 2025 11:15:28 +0100 Subject: [PATCH 1/8] (CAT-2379) Puppetcore update A set of changes dedicated to implementing puppetcore into our modules. This update, amongst other changes, removes Puppet 7 support. --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 83f8720a..10c2006a 100644 --- a/metadata.json +++ b/metadata.json @@ -55,7 +55,7 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 7.0.0 < 9.0.0" + "version_requirement": ">= 8.0.0 < 9.0.0" } ], "pdk-version": "3.2.0", From 6d6934bd8082f99edd26a81b3296c5382d290f9f Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Thu, 18 Sep 2025 11:17:02 +0100 Subject: [PATCH 2/8] PDK update --- .puppet-lint.rc | 8 +++++ .rubocop.yml | 2 +- Gemfile | 89 +++++++++++++++++++++++++++++++------------------ Rakefile | 9 +++++ metadata.json | 4 +-- 5 files changed, 76 insertions(+), 36 deletions(-) diff --git a/.puppet-lint.rc b/.puppet-lint.rc index cc96ece0..9e15c6e0 100644 --- a/.puppet-lint.rc +++ b/.puppet-lint.rc @@ -1 +1,9 @@ +--fail-on-warnings --relative +--no-80chars-check +--no-140chars-check +--no-class_inherits_from_params_class-check +--no-autoloader_layout-check +--no-documentation-check +--no-single_quote_string_with_variables-check +--ignore-paths=.vendor/**/*.pp,.bundle/**/*.pp,pkg/**/*.pp,spec/**/*.pp,tests/**/*.pp,types/**/*.pp,vendor/**/*.pp diff --git a/.rubocop.yml b/.rubocop.yml index 439ea84e..47b1aadb 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -5,7 +5,7 @@ require: AllCops: NewCops: enable DisplayCopNames: true - TargetRubyVersion: '2.6' + TargetRubyVersion: 3.1 Include: - "**/*.rb" Exclude: diff --git a/Gemfile b/Gemfile index 2d8e1608..4e7de031 100644 --- a/Gemfile +++ b/Gemfile @@ -1,65 +1,86 @@ -source ENV['GEM_SOURCE'] || 'https://rubygems.org' +# frozen_string_literal: true -def location_for(place_or_version, fake_version = nil) - git_url_regex = %r{\A(?(https?|git)[:@][^#]*)(#(?.*))?} - file_url_regex = %r{\Afile:\/\/(?.*)} +# For puppetcore, set GEM_SOURCE_PUPPETCORE = 'https://rubygems-puppetcore.puppet.com' +gemsource_default = ENV['GEM_SOURCE'] || 'https://rubygems.org' +gemsource_puppetcore = if ENV['PUPPET_FORGE_TOKEN'] + 'https://rubygems-puppetcore.puppet.com' +else + ENV['GEM_SOURCE_PUPPETCORE'] || gemsource_default +end +source gemsource_default + +def location_for(place_or_constraint, fake_constraint = nil, opts = {}) + git_url_regex = /\A(?(?:https?|git)[:@][^#]*)(?:#(?.*))?/ + file_url_regex = %r{\Afile://(?.*)} + + if place_or_constraint && (git_url = place_or_constraint.match(git_url_regex)) + # Git source → ignore :source, keep fake_constraint + [fake_constraint, { git: git_url[:url], branch: git_url[:branch], require: false }].compact + + elsif place_or_constraint && (file_url = place_or_constraint.match(file_url_regex)) + # File source → ignore :source, keep fake_constraint or default >= 0 + [fake_constraint || '>= 0', { path: File.expand_path(file_url[:path]), require: false }] - if place_or_version && (git_url = place_or_version.match(git_url_regex)) - [fake_version, { git: git_url[:url], branch: git_url[:branch], require: false }].compact - elsif place_or_version && (file_url = place_or_version.match(file_url_regex)) - ['>= 0', { path: File.expand_path(file_url[:path]), require: false }] else - [place_or_version, { require: false }] + # Plain version constraint → merge opts (including :source if provided) + [place_or_constraint, { require: false }.merge(opts)] + end +end + +# Print debug information if DEBUG_GEMS or VERBOSE is set +def print_gem_statement_for(gems) + puts 'DEBUG: Gem definitions that will be generated:' + gems.each do |gem_name, gem_params| + puts "DEBUG: gem #{([gem_name.inspect] + gem_params.map(&:inspect)).join(', ')}" end end group :development do - gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) - gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "racc", '~> 1.4.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "deep_merge", '~> 1.2.2', require: false gem "voxpupuli-puppet-lint-plugins", '~> 5.0', require: false - gem "facterdb", '~> 2.1', require: false + gem "facterdb", '~> 2.1', require: false if Gem::Requirement.create(['< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "facterdb", '~> 3.0', require: false if Gem::Requirement.create(['>= 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "metadata-json-lint", '~> 4.0', require: false - gem "rspec-puppet-facts", '~> 4.0', require: false + gem "json-schema", '< 5.1.1', require: false + gem "rspec-puppet-facts", '~> 4.0', require: false if Gem::Requirement.create(['< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) + gem "rspec-puppet-facts", '~> 5.0', require: false if Gem::Requirement.create(['>= 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup)) gem "dependency_checker", '~> 1.0.0', require: false gem "parallel_tests", '= 3.12.1', require: false gem "pry", '~> 0.10', require: false gem "simplecov-console", '~> 0.9', require: false - gem "puppet-debugger", '~> 1.0', require: false + gem "puppet-debugger", '~> 1.6', require: false gem "rubocop", '~> 1.50.0', require: false gem "rubocop-performance", '= 1.16.0', require: false gem "rubocop-rspec", '= 2.19.0', require: false gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "rexml", '>= 3.3.9', require: false + gem "bigdecimal", '< 3.2.2', require: false, platforms: [:mswin, :mingw, :x64_mingw] end group :development, :release_prep do gem "puppet-strings", '~> 4.0', require: false - gem "puppetlabs_spec_helper", '~> 7.0', require: false + gem "puppetlabs_spec_helper", '~> 8.0', require: false + gem "puppet-blacksmith", '~> 7.0', require: false end group :system_tests do - gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] + gem "puppet_litmus", '~> 2.0', require: false, platforms: [:ruby, :x64_mingw] if !ENV['PUPPET_FORGE_TOKEN'].to_s.empty? + gem "puppet_litmus", '~> 1.0', require: false, platforms: [:ruby, :x64_mingw] if ENV['PUPPET_FORGE_TOKEN'].to_s.empty? gem "CFPropertyList", '< 3.0.7', require: false, platforms: [:mswin, :mingw, :x64_mingw] gem "serverspec", '~> 2.41', require: false end -puppet_version = ENV['PUPPET_GEM_VERSION'] -facter_version = ENV['FACTER_GEM_VERSION'] -hiera_version = ENV['HIERA_GEM_VERSION'] - gems = {} +puppet_version = ENV.fetch('PUPPET_GEM_VERSION', nil) +facter_version = ENV.fetch('FACTER_GEM_VERSION', nil) +hiera_version = ENV.fetch('HIERA_GEM_VERSION', nil) -gems['puppet'] = location_for(puppet_version) - -# If facter or hiera versions have been specified via the environment -# variables - -gems['facter'] = location_for(facter_version) if facter_version -gems['hiera'] = location_for(hiera_version) if hiera_version +gems['puppet'] = location_for(puppet_version, nil, { source: gemsource_puppetcore }) +gems['facter'] = location_for(facter_version, nil, { source: gemsource_puppetcore }) +gems['hiera'] = location_for(hiera_version, nil, {}) if hiera_version +# Generate the gem definitions +print_gem_statement_for(gems) if ENV['DEBUG'] gems.each do |gem_name, gem_params| gem gem_name, *gem_params end @@ -67,12 +88,14 @@ end # Evaluate Gemfile.local and ~/.gemfile if they exist extra_gemfiles = [ "#{__FILE__}.local", - File.join(Dir.home, '.gemfile'), + File.join(Dir.home, '.gemfile') ] extra_gemfiles.each do |gemfile| - if File.file?(gemfile) && File.readable?(gemfile) - eval(File.read(gemfile), binding) - end + next unless File.file?(gemfile) && File.readable?(gemfile) + + # rubocop:disable Security/Eval + eval(File.read(gemfile), binding) + # rubocop:enable Security/Eval end # vim: syntax=ruby diff --git a/Rakefile b/Rakefile index abdadc7c..857cfd09 100644 --- a/Rakefile +++ b/Rakefile @@ -8,3 +8,12 @@ require 'puppet-strings/tasks' if Gem.loaded_specs.key? 'puppet-strings' require 'puppet-strings/tasks' PuppetLint.configuration.send('disable_relative') +PuppetLint.configuration.send('disable_80chars') +PuppetLint.configuration.send('disable_140chars') +PuppetLint.configuration.send('disable_class_inherits_from_params_class') +PuppetLint.configuration.send('disable_autoloader_layout') +PuppetLint.configuration.send('disable_documentation') +PuppetLint.configuration.send('disable_single_quote_string_with_variables') +PuppetLint.configuration.fail_on_warnings = true +PuppetLint.configuration.ignore_paths = [".vendor/**/*.pp", ".bundle/**/*.pp", "pkg/**/*.pp", "spec/**/*.pp", "tests/**/*.pp", "types/**/*.pp", "vendor/**/*.pp"] + diff --git a/metadata.json b/metadata.json index 10c2006a..c34c0015 100644 --- a/metadata.json +++ b/metadata.json @@ -58,7 +58,7 @@ "version_requirement": ">= 8.0.0 < 9.0.0" } ], - "pdk-version": "3.2.0", + "pdk-version": "3.5.0", "template-url": "https://github.com/puppetlabs/pdk-templates#main", - "template-ref": "tags/3.2.0.4-0-g5d17ec1" + "template-ref": "heads/main-0-g19976cd" } From 717928a59db28ddb9c60bfc6fca84bb7c8c64d67 Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Thu, 18 Sep 2025 11:18:40 +0100 Subject: [PATCH 3/8] Unsafe Rubocop autocorrection --- spec/lib/helpers.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/lib/helpers.rb b/spec/lib/helpers.rb index b4c06d87..e6b80ec6 100644 --- a/spec/lib/helpers.rb +++ b/spec/lib/helpers.rb @@ -1,7 +1,7 @@ # frozen_string_literal: true module Helpers - TEST_DIR = "#{Pathname.new(__FILE__).parent}.." + TEST_DIR = "#{Pathname.new(__FILE__).parent}..".freeze TYPES = { pv: :physical_volume, From ae29ea70b3845b58d7a0b5e39b2b40293321596a Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Thu, 18 Sep 2025 11:18:58 +0100 Subject: [PATCH 4/8] Remove outdated pin --- .fixtures.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.fixtures.yml b/.fixtures.yml index a2e2eb2f..5fd0d6cb 100644 --- a/.fixtures.yml +++ b/.fixtures.yml @@ -4,6 +4,5 @@ fixtures: provision: "https://github.com/puppetlabs/provision.git" puppet_agent: repo: 'https://github.com/puppetlabs/puppetlabs-puppet_agent.git' - ref: v4.21.0 stdlib: "https://github.com/puppetlabs/puppetlabs-stdlib.git" mount_core: "https://github.com/puppetlabs/puppetlabs-mount_core.git" From bd302aa615ddb13ba15817c5f76a5039d4e5c326 Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Thu, 18 Sep 2025 11:24:29 +0100 Subject: [PATCH 5/8] Update outdated workflows --- .github/workflows/ci.yml | 93 ++--------------------------------- .github/workflows/nightly.yml | 87 ++------------------------------ 2 files changed, 8 insertions(+), 172 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0852f057..97811fe9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,94 +9,11 @@ on: jobs: Spec: uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" - with: - runs_on: "ubuntu-24.04" secrets: "inherit" - setup_matrix: - name: "Setup Test Matrix" - needs: Spec - runs-on: "ubuntu-24.04" - outputs: - matrix: ${{ steps.get-matrix.outputs.matrix }} - - steps: - - name: "Checkout" - uses: "actions/checkout@v3" - with: - ref: ${{ github.event.pull_request.head.sha }} - - - name: "Setup ruby" - uses: "ruby/setup-ruby@v1" - with: - ruby-version: "3.1" - bundler-cache: true - - - name: Setup Test Matrix - id: get-matrix - run: | - bundle exec matrix_from_metadata_v2 --provision-service - Acceptance: - name: "Acceptance tests (${{matrix.platforms.label}}, ${{matrix.collection}})" - needs: setup_matrix - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} - - env: - PUPPET_GEM_VERSION: '~> 7.24' - FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set? - - steps: - - name: "Install Twingate" - uses: "twingate/github-action@v1" - with: - service-key: ${{ secrets.TWINGATE_PUBLIC_REPO_KEY }} - - - name: "Checkout" - uses: "actions/checkout@v3" - with: - ref: ${{ github.event.pull_request.head.sha }} - - - name: "Setup ruby" - uses: "ruby/setup-ruby@v1" - with: - ruby-version: "3.1" - bundler-cache: true - - - name: "Bundle environment" - run: | - bundle env - - - name: "Provision environment" - run: | - bundle exec rake "litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]" - # Redact password - FILE='spec/fixtures/litmus_inventory.yaml' - sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true - - - name: "Install Puppet agent" - run: | - bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' - - - name: "Install module" - run: | - bundle exec rake 'litmus:install_module' - - - name: "Authenticate to GCP" - run: | - echo '${{ secrets.GCP_CONNECTION }}' >> creds.json - bundle exec bolt file upload creds.json creds.json -t ssh_nodes -i spec/fixtures/litmus_inventory.yaml - bundle exec bolt command run "gcloud auth activate-service-account --key-file creds.json" -t ssh_nodes -i spec/fixtures/litmus_inventory.yaml - - - name: "Run acceptance tests" - run: | - bundle exec rake 'litmus:acceptance:parallel' - - - name: "Remove test environment" - if: ${{ always() }} - continue-on-error: true - run: | - bundle exec rake 'litmus:tear_down' + needs: Spec + uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" + with: + flags: "--latest-agent" + secrets: "inherit" diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 14d71a6d..1b06c471 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -8,90 +8,9 @@ on: jobs: Spec: uses: "puppetlabs/cat-github-actions/.github/workflows/module_ci.yml@main" - with: - runs_on: "ubuntu-24.04" secrets: "inherit" - setup_matrix: - name: "Setup Test Matrix" - needs: Spec - runs-on: "ubuntu-24.04" - outputs: - matrix: ${{ steps.get-matrix.outputs.matrix }} - - steps: - - name: "Checkout" - uses: "actions/checkout@v3" - - - name: "Setup ruby" - uses: "ruby/setup-ruby@v1" - with: - ruby-version: "3.1" - bundler-cache: true - - - name: Setup Test Matrix - id: get-matrix - run: | - bundle exec matrix_from_metadata_v2 --provision-service - Acceptance: - name: "Acceptance tests (${{matrix.platforms.label}}, ${{matrix.collection}})" - needs: setup_matrix - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: ${{fromJson(needs.setup_matrix.outputs.matrix)}} - - env: - PUPPET_GEM_VERSION: '~> 7.24' - FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main' # why is this set? - - steps: - - name: "Install Twingate" - uses: "twingate/github-action@v1" - with: - service-key: ${{ secrets.TWINGATE_PUBLIC_REPO_KEY }} - - - name: "Checkout" - uses: "actions/checkout@v3" - - - name: "Setup ruby" - uses: "ruby/setup-ruby@v1" - with: - ruby-version: "3.1" - bundler-cache: true - - - name: "Bundle environment" - run: | - bundle env - - - name: "Provision environment" - run: | - bundle exec rake "litmus:provision[${{matrix.platforms.provider}},${{ matrix.platforms.image }}]" - # Redact password - FILE='spec/fixtures/litmus_inventory.yaml' - sed -e 's/password: .*/password: "[redacted]"/' < $FILE || true - - - name: "Install Puppet agent" - run: | - bundle exec rake 'litmus:install_agent[${{ matrix.collection }}]' - - - name: "Install module" - run: | - bundle exec rake 'litmus:install_module' - - - name: "Authenticate to GCP" - run: | - echo '${{ secrets.GCP_CONNECTION }}' >> creds.json - bundle exec bolt file upload creds.json creds.json -t ssh_nodes -i spec/fixtures/litmus_inventory.yaml - bundle exec bolt command run "gcloud auth activate-service-account --key-file creds.json" -t ssh_nodes -i spec/fixtures/litmus_inventory.yaml - - - name: "Run acceptance tests" - run: | - bundle exec rake 'litmus:acceptance:parallel' - - - name: "Remove test environment" - if: ${{ always() }} - continue-on-error: true - run: | - bundle exec rake 'litmus:tear_down' + needs: Spec + uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" + secrets: "inherit" From 70da5533582dd0571a0496551b873cc64a42fdef Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Thu, 18 Sep 2025 12:05:37 +0100 Subject: [PATCH 6/8] prefer GCP provisioner --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 97811fe9..5aa34237 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,5 +15,5 @@ jobs: needs: Spec uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" with: - flags: "--latest-agent" + flags: "--latest-agent --provision-prefer provision_service" secrets: "inherit" From 45c4a1199cd8851b302e3a5fb3f59ae3be320726 Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Thu, 18 Sep 2025 12:25:13 +0100 Subject: [PATCH 7/8] exclude scientific 7 --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5aa34237..ac0c2b00 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,5 +15,5 @@ jobs: needs: Spec uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" with: - flags: "--latest-agent --provision-prefer provision_service" + flags: "--latest-agent --provision-prefer provision_service --exclude-platform scientific-7" secrets: "inherit" From 05ab65b950d8994fc273e2f37e2938cff4cdc869 Mon Sep 17 00:00:00 2001 From: Lukas Audzevicius Date: Fri, 19 Sep 2025 09:15:46 +0100 Subject: [PATCH 8/8] typo --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ac0c2b00..61af1ce4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,5 +15,5 @@ jobs: needs: Spec uses: "puppetlabs/cat-github-actions/.github/workflows/module_acceptance.yml@main" with: - flags: "--latest-agent --provision-prefer provision_service --exclude-platform scientific-7" + flags: "--latest-agent --provision-prefer provision_service --platform-exclude scientific-7" secrets: "inherit"