.fixtures.yml

@@ -2,7 +2,6 @@ fixtures:
   repositories:
     stdlib: https://github.com/puppetlabs/puppetlabs-stdlib.git
     ruby: https://github.com/puppetlabs/puppetlabs-ruby.git
-    pe_gem: https://github.com/puppetlabs/puppetlabs-pe_gem.git
     inifile: https://github.com/puppetlabs/puppetlabs-inifile.git
     vcsrepo: https://github.com/puppetlabs/puppetlabs-vcsrepo.git
     git: https://github.com/puppetlabs/puppetlabs-git.git

.github/workflows/ci.yml

@@ -6,6 +6,10 @@ name: CI
 
 on: pull_request
 
+concurrency:
+  group: ${{ github.head_ref }}
+  cancel-in-progress: true
+
 jobs:
   setup_matrix:
     name: 'Setup Test Matrix'

.msync.yml

@@ -2,4 +2,4 @@
 # Managed by modulesync - DO NOT EDIT
 # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
 
-modulesync_config_version: '4.2.0'
+modulesync_config_version: '5.1.0'

.puppet-lint.rc

@@ -1 +1,3 @@
---no-quoted_booleans-check
+--fail-on-warnings
+--no-parameter_documentation-check
+--no-parameter_types-check

CHANGELOG.md

@@ -4,6 +4,27 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not affect the functionality of the module.
 
+## [v10.2.0](https://github.com/voxpupuli/puppet-r10k/tree/v10.2.0) (2022-06-20)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-r10k/compare/v10.1.1...v10.2.0)
+
+**Implemented enhancements:**
+
+- Add Gentoo support [\#576](https://github.com/voxpupuli/puppet-r10k/pull/576) ([bastelfreak](https://github.com/bastelfreak))
+- Allow defining mcollective policies on the r10k agent [\#572](https://github.com/voxpupuli/puppet-r10k/pull/572) ([optiz0r](https://github.com/optiz0r))
+
+**Closed issues:**
+
+- Docs wrong for mcollective "deploy" command? [\#573](https://github.com/voxpupuli/puppet-r10k/issues/573)
+- Enhancement Request: Support ignore\_branch\_prefixes in config hash / seperate [\#556](https://github.com/voxpupuli/puppet-r10k/issues/556)
+
+**Merged pull requests:**
+
+- Arch Linux: Disable acceptance tests for webhook [\#577](https://github.com/voxpupuli/puppet-r10k/pull/577) ([bastelfreak](https://github.com/bastelfreak))
+- Fix mco r10k deploy command in docs to match actual behaviour [\#574](https://github.com/voxpupuli/puppet-r10k/pull/574) ([optiz0r](https://github.com/optiz0r))
+- puppet-lint: fix top\_scope\_facts warnings [\#569](https://github.com/voxpupuli/puppet-r10k/pull/569) ([bastelfreak](https://github.com/bastelfreak))
+- Add additional curl example for environment prefixes [\#508](https://github.com/voxpupuli/puppet-r10k/pull/508) ([DLeich](https://github.com/DLeich))
+
 ## [v10.1.1](https://github.com/voxpupuli/puppet-r10k/tree/v10.1.1) (2021-08-27)
 
 [Full Changelog](https://github.com/voxpupuli/puppet-r10k/compare/v10.1.0...v10.1.1)

Gemfile

@@ -4,7 +4,7 @@
 source ENV['GEM_SOURCE'] || "https://rubygems.org"
 
 group :test do
-  gem 'voxpupuli-test', '~> 2.5',   :require => false
+  gem 'voxpupuli-test', '~> 5.0',   :require => false
   gem 'coveralls',                  :require => false
   gem 'simplecov-console',          :require => false
   gem 'puppet_metadata', '~> 1.0',  :require => false
@@ -21,7 +21,7 @@ end
 
 group :release do
   gem 'github_changelog_generator', '>= 1.16.1',  :require => false if RUBY_VERSION >= '2.5'
-  gem 'voxpupuli-release', '>= 1.0.2',            :require => false
+  gem 'voxpupuli-release', '>= 1.2.0',            :require => false
   gem 'puppet-strings', '>= 2.2',                 :require => false
 end
 

README.md

@@ -218,7 +218,7 @@ mco r10k synchronize
 You can sync an individual environment using:
 
 ```shell
-mco r10k deploy environment <environment>
+mco r10k deploy <environment>
 ```
 Note: This implies `-p`
 
@@ -697,6 +697,16 @@ curl -d '
   }' http://puppet-master.example:8088/payload
 ```
 
+If you are utilizing environment prefixes, you'll need to specify the full environment title (including the prefix) in the 'ref' parameter:
+
+```bash
+curl -d '
+  {
+    "repository": {"name": "bar", "owner": {"login": "foo"}},
+    "ref": "bar_production"
+  }' http://puppet-master.example:8088/payload
+```
+
 ### Troubleshooting
 
 If you're not sure whether your webhook setup works:

Rakefile

@@ -1,7 +1,7 @@
 # Managed by modulesync - DO NOT EDIT
 # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
 
-# Attempt to load voxupuli-test (which pulls in puppetlabs_spec_helper),
+# Attempt to load voxpupuli-test (which pulls in puppetlabs_spec_helper),
 # otherwise attempt to load it directly.
 begin
   require 'voxpupuli/test/rake'

lib/facter/r10k_environment.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'puppet'
 Facter.add('r10k_environment') do
   setcode do

lib/facter/r10k_path.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 Facter.add(:r10k_path) do
   confine :kernel => :linux # rubocop:disable Style/HashSyntax
   setcode do

manifests/install.pp

@@ -13,7 +13,7 @@
   if $package_name == '' {
     case $provider {
       'openbsd': {
-        if (versioncmp("${::kernelversion}", '5.8') < 0) { #lint:ignore:only_variable_string
+        if (versioncmp("${facts['kernelversion']}", '5.8') < 0) { #lint:ignore:only_variable_string
           $real_package_name = 'ruby21-r10k'
         } else {
           $real_package_name = 'ruby22-r10k'
@@ -29,7 +29,7 @@
     'bundle': {
       include r10k::install::bundle
     }
-    'puppet_gem', 'gem', 'openbsd', 'pkgng', 'pacman': {
+    'puppet_gem', 'gem', 'openbsd', 'pkgng', 'pacman', 'portage': {
       if $provider == 'gem' {
         class { 'r10k::install::gem':
           manage_ruby_dependency => $manage_ruby_dependency,

manifests/install/bundle.pp

@@ -21,6 +21,6 @@
     cwd     => '/tmp/r10k',
     require => [Package["${module_name}-bundle"], Vcsrepo["${module_name}-r10k-github"]],
     unless  => 'bundle list | grep -q " r10k "',
-    path    => $::path,
+    path    => $::facts['path'],
   }
 }

manifests/install/puppet_gem.pp

@@ -1,6 +1,6 @@
 # This class links the r10k binary for Puppet FOSS 4.2 and up
 class r10k::install::puppet_gem {
-  if versioncmp("${::puppetversion}", '4.2.0') >= 0 { #lint:ignore:only_variable_string
+  if versioncmp("${::facts['puppetversion']}", '4.2.0') >= 0 { #lint:ignore:only_variable_string
     file { '/usr/bin/r10k':
       ensure  => link,
       target  => '/opt/puppetlabs/puppet/bin/r10k',

manifests/mcollective.pp

@@ -4,6 +4,7 @@
   $server            = true,
   $client            = true,
   $http_proxy        = '',
+  $policies          = [],
 ) inherits r10k::params {
   include mcollective
   mcollective::module_plugin { 'mcollective_agent_r10k':
@@ -24,5 +25,6 @@
     client_files  => [
       'application/r10k.rb',
     ],
+    policies      => $policies,
   }
 }

manifests/params.pp

@@ -7,6 +7,7 @@
 
   $provider = $facts['os']['name'] ? {
     'Archlinux' => 'pacman',
+    'Gentoo'    => 'portage',
     default     => 'puppet_gem',
   }
 
@@ -32,7 +33,7 @@
   $forge_settings            = {}
   $deploy_settings           = {}
   # Git configuration
-  $git_server = $::settings::ca_server
+  $git_server = $::settings::ca_server #lint:ignore:top_scope_facts
   $repo_path  = '/var/repos'
   $remote     = "ssh://${git_server}${repo_path}/modules.git"
 

manifests/webhook.pp

@@ -90,7 +90,7 @@
   # Only managed this file if you are using mcollective mode
   # We don't remove it as its part of PE and this is legacy
   if $use_mcollective {
-    if $is_pe_server and versioncmp("${::puppetversion}", '3.7.0') >= 0 { #lint:ignore:only_variable_string
+    if $is_pe_server and versioncmp("${facts['puppetversion']}", '3.7.0') >= 0 { #lint:ignore:only_variable_string
       # 3.7 does not place the certificate in peadmin's ~
       # This places it there as if it was an upgrade
       file { 'peadmin-cert.pem':

metadata.json

@@ -2,7 +2,7 @@
   "author": "Vox Pupuli",
   "license": "Apache-2.0",
   "name": "puppet-r10k",
-  "version": "10.1.1",
+  "version": "10.2.0",
   "operatingsystem_support": [
     {
       "operatingsystem": "RedHat",
@@ -37,6 +37,9 @@
     },
     {
       "operatingsystem": "Archlinux"
+    },
+    {
+      "operatingsystem": "Gentoo"
     }
   ],
   "project_page": "https://github.com/voxpupuli/puppet-r10k",

spec/acceptance/basic_webhook_spec.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 require 'spec_helper_acceptance'
 
-describe 'System Ruby with No SSL, Not protected, No mcollective' do
+describe 'System Ruby with No SSL, Not protected, No mcollective', unless: default[:platform] =~ %r{archlinux} do
   context 'with basics parameters' do
     hosts_as('agent').each do |agent|
       it 'applies with no errors and idempotently' do
@@ -28,22 +30,28 @@ class {'r10k::webhook':
         it { is_expected.to be_enabled }
         it { is_expected.to be_running }
       end
+
+      # rubocop:disable RSpec/RepeatedExampleGroupBody
       describe command('/usr/bin/curl -d \'{ "repository": { "name": "puppetlabs-stdlib" } }\' -H "Accept: application/json" "http://localhost:8088/module" -k -q') do
         its(:stdout) { is_expected.not_to match %r{.*You shall not pass.*} }
         its(:exit_status) { is_expected.to eq 0 }
       end
+
       describe command('/usr/bin/curl -X POST -d \'{ "repository": { "full_name": "puppetlabs/puppetlabs-stdlib", "name": "PuppetLabs : StdLib" } }\' "http://localhost:8088/module" -k -q') do
         its(:stdout) { is_expected.not_to match %r{.*You shall not pass.*} }
         its(:exit_status) { is_expected.to eq 0 }
       end
+
       describe command('/usr/bin/curl -d \'{ "ref": "refs/heads/production" }\' -H "Accept: application/json" "http://localhost:8088/payload" -k -q') do
         its(:stdout) { is_expected.not_to match %r{.*You shall not pass.*} }
         its(:exit_status) { is_expected.to eq 0 }
       end
+
       describe command('/usr/bin/curl -X POST -d \'%7b%22ref%22%3a%22maste%r22%7d\' "http://localhost:8088/payload" -q') do
         its(:stdout) { is_expected.not_to match %r{.*You shall not pass.*} }
         its(:exit_status) { is_expected.to eq 0 }
       end
+
       describe command('/usr/bin/curl -X POST -d \'{ "push": { "changes": [ { "new": { "name": "production" } } ] } }\' "http://localhost:8088/payload" -q') do
         its(:stdout) { is_expected.not_to match %r{.*You shall not pass.*} }
         its(:exit_status) { is_expected.to eq 0 }
@@ -61,5 +69,6 @@ class {'r10k::webhook':
       #        end
       #      end
     end
+    # rubocop:enable RSpec/RepeatedExampleGroupBody
   end
 end

spec/acceptance/gitlab_token_webhook_spec.rb

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 require 'spec_helper_acceptance'
 require 'openssl'
 
-describe 'GitLab Secret Token Enabled, System Ruby with No SSL, Not protected, No mcollective' do
+describe 'GitLab Secret Token Enabled, System Ruby with No SSL, Not protected, No mcollective', unless: default[:platform] =~ %r{archlinux} do
   context 'default parameters' do
     pp = %(
       class { 'r10k':
@@ -22,9 +24,11 @@ class {'r10k::webhook':
     it 'applies with no errors' do
       apply_manifest(pp, catch_failures: true)
     end
+
     it 'is idempotent' do
       apply_manifest(pp, catch_changes: true)
     end
+
     describe service('webhook') do
       it { is_expected.to be_enabled }
       it { is_expected.to be_running }
@@ -38,6 +42,7 @@ class {'r10k::webhook':
         its(:exit_status) { is_expected.to eq 0 }
       end
     end
+
     context 'supports Gitlab style payloads via payload end point with token in header' do
       token = 'secret'
 

spec/acceptance/prefix_webhook_spec.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 require 'spec_helper_acceptance'
 
-describe 'Prefix Enabled,System Ruby with No SSL, Not protected, No mcollective' do
+describe 'Prefix Enabled,System Ruby with No SSL, Not protected, No mcollective', unless: default[:platform] =~ %r{archlinux} do
   context 'default parameters' do
     pp = %(
       file {'/usr/local/bin/prefix_command.rb':
@@ -50,29 +52,36 @@ class {'r10k::webhook':
     it 'applies with no errors' do
       apply_manifest(pp, catch_failures: true)
     end
+
     it 'is idempotent' do
       apply_manifest(pp, catch_changes: true)
     end
+
     describe service('webhook') do
       it { is_expected.to be_enabled }
       it { is_expected.to be_running }
     end
 
+    # rubocop:disable RSpec/RepeatedExampleGroupBody
     describe command('/usr/bin/curl -d \'{ "ref": "refs/heads/production", "repository": { "name": "puppet-control" , "url": "https://github.com/webteam/somerepo.git"} }\' -H "Accept: application/json" "http://localhost:8088/payload" -k -q') do
       its(:stdout) { is_expected.not_to match %r{.*You shall not pass.*} }
       its(:exit_status) { is_expected.to eq 0 }
     end
+
     describe command('/usr/bin/curl -d \'{ "ref": "refs/heads/production", "repository": { "name": "puppet-control" , "url": "https://github.com/secteam/someotherrepo.git"} }\' -H "Accept: application/json" "http://localhost:8088/payload" -k -q') do
       its(:stdout) { is_expected.not_to match %r{.*You shall not pass.*} }
       its(:exit_status) { is_expected.to eq 0 }
     end
+
     describe command('/usr/bin/curl -d \'{ "ref": "refs/heads/production", "repository": { "name": "puppet-control" , "url": "https://github.com/customprefix/repo.git"} }\' -H "Accept: application/json" "http://localhost:8088/payload" -k -q') do
       its(:stdout) { is_expected.not_to match %r{.*You shall not pass.*} }
       its(:exit_status) { is_expected.to eq 0 }
     end
+
     describe command('/usr/bin/curl -d \'{ "ref": "refs/heads/production", "repository": { "name": "puppet-control" , "url": "https://github.com/noprefix/repo.git"} }\' -H "Accept: application/json" "http://localhost:8088/payload" -k -q') do
       its(:stdout) { is_expected.not_to match %r{.*You shall not pass.*} }
       its(:exit_status) { is_expected.to eq 0 }
     end
+    # rubocop:enable RSpec/RepeatedExampleGroupBody
   end
 end

spec/acceptance/signature_webhook_bitbucket_spec.rb

@@ -1,7 +1,9 @@
+# frozen_string_literal: true
+
 require 'spec_helper_acceptance'
 require 'openssl'
 
-describe 'BitBucket Secret Enabled, System Ruby with No SSL, Not protected, No mcollective' do
+describe 'BitBucket Secret Enabled, System Ruby with No SSL, Not protected, No mcollective', unless: default[:platform] =~ %r{archlinux} do
   context 'default parameters' do
     pp = %(
       class { 'r10k':
@@ -22,26 +24,29 @@ class {'r10k::webhook':
     it 'applies with no errors' do
       apply_manifest(pp, catch_failures: true)
     end
+
     it 'is idempotent' do
       apply_manifest(pp, catch_changes: true)
     end
+
     describe service('webhook') do
       it { is_expected.to be_enabled }
       it { is_expected.to be_running }
     end
 
     context 'supports style BitBucket payloads via module end point with signature in header' do
-      HMAC_DIGEST = OpenSSL::Digest.new('sha256')
-      signature = 'sha1=' + OpenSSL::HMAC.hexdigest(HMAC_DIGEST, 'secret', '{ "repository": { "name": "puppetlabs-stdlib" } }')
+      hmac_digest = OpenSSL::Digest.new('sha256')
+      signature = "sha1=#{OpenSSL::HMAC.hexdigest(hmac_digest, 'secret', '{ "repository": { "name": "puppetlabs-stdlib" } }')}"
 
       describe command("/usr/bin/curl -d '{ \"repository\": { \"name\": \"puppetlabs-stdlib\" } }' -H \"Accept: application/json\" \"http://localhost:8088/module\" -H \"X-Hub-Signature: #{signature}\" -k -q") do
         its(:stdout) { is_expected.not_to match %r{.*You shall not pass.*} }
         its(:exit_status) { is_expected.to eq 0 }
       end
     end
+
     context 'supports style BitBucket payloads via payload end point with signature in header' do
-      HMAC_DIGEST = OpenSSL::Digest.new('sha256')
-      signature = 'sha1=' + OpenSSL::HMAC.hexdigest(HMAC_DIGEST, 'secret', '{ "ref": "refs/heads/production" }')
+      hmac_digest = OpenSSL::Digest.new('sha256')
+      signature = "sha1=#{OpenSSL::HMAC.hexdigest(hmac_digest, 'secret', '{ "ref": "refs/heads/production" }')}"
 
       describe command("/usr/bin/curl -d '{ \"ref\": \"refs/heads/production\" }' -H \"Accept: application/json\" -H \"X-Hub-Signature: #{signature}\" \"http://localhost:8088/payload\" -k -q") do
         its(:stdout) { is_expected.not_to match %r{.*You shall not pass.*} }