From 7654112f04fefb9a1ec8c40b0a017cd22483eefe Mon Sep 17 00:00:00 2001 From: Rick Gardner Date: Tue, 9 May 2023 11:10:04 -0400 Subject: [PATCH 1/2] Removes puppet 6 from .gitlab-ci.yml This patch moves puppet 6 refs to 7, puppet 7 refs to 8. Then we manually update all spec nodesets to point to sicura oel boxes. The patch enforces a standardized asset baseline using simp/puppetsync, and may also apply other updates to ensure conformity. --- .github/workflows/pr_tests.yml | 22 ++--- .gitlab-ci.yml | 92 +++++++++---------- Gemfile | 2 +- spec/acceptance/nodesets/oel.yml | 38 ++++---- .../suites/security_modules/nodesets/oel.yml | 54 +++++------ 5 files changed, 99 insertions(+), 109 deletions(-) diff --git a/.github/workflows/pr_tests.yml b/.github/workflows/pr_tests.yml index 4a2fd1f..ec9bb33 100644 --- a/.github/workflows/pr_tests.yml +++ b/.github/workflows/pr_tests.yml @@ -27,7 +27,7 @@ on: types: [opened, reopened, synchronize] env: - PUPPET_VERSION: '~> 6' + PUPPET_VERSION: '~> 7' jobs: puppet-syntax: @@ -38,7 +38,7 @@ jobs: - name: "Install Ruby ${{matrix.puppet.ruby_version}}" uses: ruby/setup-ruby@v1 # ruby/setup-ruby@ec106b438a1ff6ff109590de34ddc62c540232e0 with: - ruby-version: 2.5 + ruby-version: 2.7 bundler-cache: true - run: "bundle exec rake syntax" @@ -50,7 +50,7 @@ jobs: - name: "Install Ruby ${{matrix.puppet.ruby_version}}" uses: ruby/setup-ruby@v1 with: - ruby-version: 2.5 + ruby-version: 2.7 bundler-cache: true - run: "bundle exec rake lint" - run: "bundle exec rake metadata_lint" @@ -65,7 +65,7 @@ jobs: - name: "Install Ruby ${{matrix.puppet.ruby_version}}" uses: ruby/setup-ruby@v1 with: - ruby-version: 2.5 + ruby-version: 2.7 bundler-cache: true - run: | bundle show @@ -76,10 +76,10 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: 'Install Ruby 2.5' + - name: 'Install Ruby 2.7' uses: ruby/setup-ruby@v1 with: - ruby-version: 2.5 + ruby-version: 2.7 bundler-cache: true - run: bundle exec rake check:dot_underscore - run: bundle exec rake check:test_file @@ -92,7 +92,7 @@ jobs: - name: 'Install Ruby ${{matrix.puppet.ruby_version}}' uses: ruby/setup-ruby@v1 with: - ruby-version: 2.5 + ruby-version: 2.7 bundler-cache: true - name: 'Tags and changelogs' run: | @@ -109,12 +109,12 @@ jobs: strategy: matrix: puppet: - - label: 'Puppet 6.22 [SIMP 6.6/PE 2019.8]' - puppet_version: '~> 6.22.1' - ruby_version: '2.5' - label: 'Puppet 7.x' - puppet_version: '~> 7.0' + puppet_version: '~> 7.21.0' ruby_version: '2.7' + - label: 'Puppet 8.x' + puppet_version: '~> 8.0' + ruby_version: '3.2' env: PUPPET_VERSION: '${{matrix.puppet.puppet_version}}' steps: diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4450f3a..02b13f0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -232,20 +232,6 @@ variables: # Puppet Versions #----------------------------------------------------------------------- -.pup_6_x: &pup_6_x - image: 'ruby:2.5' - variables: - PUPPET_VERSION: '~> 6.0' - BEAKER_PUPPET_COLLECTION: 'puppet6' - MATRIX_RUBY_VERSION: '2.5' - -.pup_6_pe: &pup_6_pe - image: 'ruby:2.5' - variables: - PUPPET_VERSION: '6.22.1' - BEAKER_PUPPET_COLLECTION: 'puppet6' - MATRIX_RUBY_VERSION: '2.5' - .pup_7_x: &pup_7_x image: 'ruby:2.7' variables: @@ -253,6 +239,20 @@ variables: BEAKER_PUPPET_COLLECTION: 'puppet7' MATRIX_RUBY_VERSION: '2.7' +.pup_7_pe: &pup_7_pe + image: 'ruby:2.7' + variables: + PUPPET_VERSION: '7.21.0' + BEAKER_PUPPET_COLLECTION: 'puppet7' + MATRIX_RUBY_VERSION: '2.7' + +.pup_8_x: &pup_8_x + image: 'ruby:3.2' + variables: + PUPPET_VERSION: '~> 8.0' + BEAKER_PUPPET_COLLECTION: 'puppet8' + MATRIX_RUBY_VERSION: '3.2' + # Testing Environments @@ -302,7 +302,7 @@ variables: #======================================================================= releng_checks: - <<: *pup_6_x + <<: *pup_7_x <<: *setup_bundler_env stage: 'validation' tags: ['docker'] @@ -325,23 +325,23 @@ releng_checks: # different Puppet versions won't accomplish anything. pup-lint: - <<: *pup_6_x + <<: *pup_7_x <<: *lint_tests # Unit Tests #----------------------------------------------------------------------- -pup6.x-unit: - <<: *pup_6_x +pup7.x-unit: + <<: *pup_7_x <<: *unit_tests <<: *with_SIMP_SPEC_MATRIX_LEVEL_2 -pup6.pe-unit: - <<: *pup_6_pe +pup7.pe-unit: + <<: *pup_7_pe <<: *unit_tests -pup7.x-unit: - <<: *pup_7_x +pup8.x-unit: + <<: *pup_8_x <<: *unit_tests # ------------------------------------------------------------------------------ @@ -354,82 +354,82 @@ pup7.x-unit: # Repo-specific content # ============================================================================== -pup6.x: - <<: *pup_6_x +pup7.x: + <<: *pup_7_x <<: *acceptance_base <<: *with_SIMP_ACCEPTANCE_MATRIX_LEVEL_2 script: - 'bundle exec rake beaker:suites[default,default]' -pup6.pe: - <<: *pup_6_pe +pup7.pe: + <<: *pup_7_pe <<: *acceptance_base script: - 'bundle exec rake beaker:suites[default,default]' -pup6.pe-fips: - <<: *pup_6_pe +pup7.pe-fips: + <<: *pup_7_pe <<: *acceptance_base script: - 'BEAKER_fips=yes bundle exec rake beaker:suites[default,default]' -pup6.pe-oel: - <<: *pup_6_pe +pup7.pe-oel: + <<: *pup_7_pe <<: *acceptance_base script: - 'bundle exec rake beaker:suites[default,oel]' -pup6.pe-amzn2: - <<: *pup_6_pe +pup7.pe-amzn2: + <<: *pup_7_pe <<: *acceptance_base script: - 'bundle exec rake beaker:suites[default,amzn2]' -pup6.pe-oel-fips: - <<: *pup_6_pe +pup7.pe-oel-fips: + <<: *pup_7_pe <<: *acceptance_base <<: *with_SIMP_ACCEPTANCE_MATRIX_LEVEL_3 script: - 'BEAKER_fips=yes bundle exec rake beaker:suites[default,oel]' -pup6.pe-security-modules: - <<: *pup_6_pe +pup7.pe-security-modules: + <<: *pup_7_pe <<: *acceptance_base <<: *with_SIMP_ACCEPTANCE_MATRIX_LEVEL_3 script: - 'bundle exec rake beaker:suites[security_modules,default]' -pup6.pe-security-modules-fips: - <<: *pup_6_pe +pup7.pe-security-modules-fips: + <<: *pup_7_pe <<: *acceptance_base <<: *with_SIMP_ACCEPTANCE_MATRIX_LEVEL_3 script: - 'BEAKER_fips=yes bundle exec rake beaker:suites[security_modules,default]' -pup6.pe-security-modules: - <<: *pup_6_pe +pup7.pe-security-modules: + <<: *pup_7_pe <<: *acceptance_base <<: *with_SIMP_ACCEPTANCE_MATRIX_LEVEL_3 script: - 'bundle exec rake beaker:suites[security_modules,default]' -pup6.pe-security-modules-oel: - <<: *pup_6_pe +pup7.pe-security-modules-oel: + <<: *pup_7_pe <<: *acceptance_base <<: *with_SIMP_ACCEPTANCE_MATRIX_LEVEL_3 script: - 'BEAKER_fips=yes bundle exec rake beaker:suites[security_modules,oel]' -pup7.x: - <<: *pup_7_x +pup8.x: + <<: *pup_8_x <<: *acceptance_base script: - 'bundle exec rake beaker:suites[default,default]' # # Compliance -pup6_compliance: - <<: *pup_6_x +pup7_compliance: + <<: *pup_7_x <<: *compliance_base allow_failure: true script: diff --git a/Gemfile b/Gemfile index 3e01af1..73906ba 100644 --- a/Gemfile +++ b/Gemfile @@ -11,7 +11,7 @@ ENV['PDK_DISABLE_ANALYTICS'] ||= 'true' gem_sources.each { |gem_source| source gem_source } group :test do - puppet_version = ENV['PUPPET_VERSION'] || '~> 6.22' + puppet_version = ENV['PUPPET_VERSION'] || '~> 7' major_puppet_version = puppet_version.scan(/(\d+)(?:\.|\Z)/).flatten.first.to_i gem 'rake' gem 'puppet', puppet_version diff --git a/spec/acceptance/nodesets/oel.yml b/spec/acceptance/nodesets/oel.yml index 0672aa5..ebe51f6 100644 --- a/spec/acceptance/nodesets/oel.yml +++ b/spec/acceptance/nodesets/oel.yml @@ -1,30 +1,24 @@ -<% - if ENV['BEAKER_HYPERVISOR'] - hypervisor = ENV['BEAKER_HYPERVISOR'] - else - hypervisor = 'vagrant' - end --%> +--- HOSTS: oel8: roles: - - client - platform: el-8-x86_64 - box: generic/oracle8 - hypervisor: vagrant - + - client + platform: el-8-x86_64 + box: generic/oracle8 + hypervisor: "<%= ENV.fetch('BEAKER_HYPERVISOR', 'vagrant') %>" + family: sicura-image-build/oracle-linux-8 + gce_machine_type: n1-standard-2 oel7: roles: - - default - - master - - client - platform: el-7-x86_64 - box: generic/oracle7 - hypervisor: vagrant - + - default + - master + - client + platform: el-7-x86_64 + box: generic/oracle7 + hypervisor: "<%= ENV.fetch('BEAKER_HYPERVISOR', 'vagrant') %>" + family: sicura-image-build/oracle-linux-7 + gce_machine_type: n1-standard-2 CONFIG: -<% if ENV['BEAKER_PUPPET_COLLECTION'] -%> - puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %> -<% end -%> log_level: verbose type: aio + puppet_collection: "<%= ENV.fetch('BEAKER_PUPPET_COLLECTION', 'puppet7') %>" diff --git a/spec/acceptance/suites/security_modules/nodesets/oel.yml b/spec/acceptance/suites/security_modules/nodesets/oel.yml index b248bb8..651bd49 100644 --- a/spec/acceptance/suites/security_modules/nodesets/oel.yml +++ b/spec/acceptance/suites/security_modules/nodesets/oel.yml @@ -1,37 +1,33 @@ -<% - if ENV['BEAKER_HYPERVISOR'] - hypervisor = ENV['BEAKER_HYPERVISOR'] - else - hypervisor = 'vagrant' - end --%> +--- HOSTS: oel7-server: roles: - - default - platform: el-7-x86_64 - box: generic/oracle7 - hypervisor: <%= hypervisor %> - + - default + platform: el-7-x86_64 + box: generic/oracle7 + hypervisor: "<%= ENV.fetch('BEAKER_HYPERVISOR', 'vagrant') %>" + family: sicura-image-build/oracle-linux-7 + gce_machine_type: n1-standard-2 oel7-client: - platform: el-7-x86_64 - box: generic/oracle7 - hypervisor: <%= hypervisor %> - + platform: el-7-x86_64 + box: generic/oracle7 + hypervisor: "<%= ENV.fetch('BEAKER_HYPERVISOR', 'vagrant') %>" + family: sicura-image-build/oracle-linux-7 + gce_machine_type: n1-standard-2 oel8-server: - platform: el-8-x86_64 - box: generic/oracle8 - hypervisor: <%= hypervisor %> - + platform: el-8-x86_64 + box: generic/oracle8 + hypervisor: "<%= ENV.fetch('BEAKER_HYPERVISOR', 'vagrant') %>" + family: sicura-image-build/oracle-linux-8 + gce_machine_type: n1-standard-2 oel8-client: - platform: el-8-x86_64 - box: generic/oracle8 - hypervisor: <%= hypervisor %> - + platform: el-8-x86_64 + box: generic/oracle8 + hypervisor: "<%= ENV.fetch('BEAKER_HYPERVISOR', 'vagrant') %>" + family: sicura-image-build/oracle-linux-8 + gce_machine_type: n1-standard-2 CONFIG: - log_level: verbose - type: aio + log_level: verbose + type: aio vagrant_memsize: 256 -<% if ENV['BEAKER_PUPPET_COLLECTION'] -%> - puppet_collection: <%= ENV['BEAKER_PUPPET_COLLECTION'] %> -<% end -%> + puppet_collection: "<%= ENV.fetch('BEAKER_PUPPET_COLLECTION', 'puppet7') %>" From 3abfcb6d075bf50975fe7b71efe60b6ba53e7f09 Mon Sep 17 00:00:00 2001 From: Rick Gardner Date: Mon, 22 May 2023 14:26:38 -0400 Subject: [PATCH 2/2] Removes puppet 6 from .gitlab-ci.yml This patch moves puppet 6 refs to 7, puppet 7 refs to 8. Then we manually update all spec nodesets to point to sicura oel boxes and comment out all pup8 tests. The patch enforces a standardized asset baseline using simp/puppetsync, and may also apply other updates to ensure conformity. --- .gitlab-ci.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 02b13f0..ec4609d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -340,9 +340,9 @@ pup7.pe-unit: <<: *pup_7_pe <<: *unit_tests -pup8.x-unit: - <<: *pup_8_x - <<: *unit_tests +#pup8.x-unit: +# <<: *pup_8_x +# <<: *unit_tests # ------------------------------------------------------------------------------ # NOTICE: **This file is maintained with puppetsync** @@ -420,11 +420,11 @@ pup7.pe-security-modules-oel: script: - 'BEAKER_fips=yes bundle exec rake beaker:suites[security_modules,oel]' -pup8.x: - <<: *pup_8_x - <<: *acceptance_base - script: - - 'bundle exec rake beaker:suites[default,default]' +#pup8.x: +# <<: *pup_8_x +# <<: *acceptance_base +# script: +# - 'bundle exec rake beaker:suites[default,default]' # # Compliance