Merge branch 'master' into enc_escape_fix

Author: jhongturney

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "bundler" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/main.yml

@@ -1,25 +1,6 @@
 name: CI
 on: [push, pull_request, workflow_dispatch]
 jobs:
-  puppet-3-8-7:
-    env:
-      PUPPET_VERSIONS: "3.8.7"
-      PUPPET_VERSION: "3.8.7"
-      RUBOCOP_TEST: false
-      RSPEC_TEST: true
-    runs-on: ubuntu-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        ruby-version: ["2.0", "2.1"]
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v1
-      - name: Build container
-        run: docker build . --file Dockerfile --tag octocatalog-diff:ruby${{matrix.ruby-version}} --build-arg RUBY_VERSION=${{matrix.ruby-version}}
-      - name: Tests
-        run: docker run -e PUPPET_VERSION -e PUPPET_VERSIONS -e RSPEC_TEST -e RUBOCOP_TEST -e ENFORCE_COVERAGE octocatalog-diff:ruby${{matrix.ruby-version}} /app/script/cibuild
-
   puppet-4-10-10:
     env:
       PUPPET_VERSIONS: "4.10.10"
@@ -30,31 +11,31 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby-version: ["2.1", "2.2", "2.3"]
+        ruby-version: ["2.6"]
     steps:
       - name: Checkout code
         uses: actions/checkout@v1
       - name: Build container
-        run: docker build . --file Dockerfile --tag octocatalog-diff:ruby${{matrix.ruby-version}} --build-arg RUBY_VERSION=${{matrix.ruby-version}}
+        run: docker build . --file Dockerfile --tag octocatalog-diff:ruby${{matrix.ruby-version}} --build-arg RUBY_VERSION=${{matrix.ruby-version}} --build-arg PUPPET_VERSION=${{env.PUPPET_VERSION}}
       - name: Tests
         run: docker run -e PUPPET_VERSION -e PUPPET_VERSIONS -e RSPEC_TEST -e RUBOCOP_TEST -e ENFORCE_COVERAGE octocatalog-diff:ruby${{matrix.ruby-version}} /app/script/cibuild
 
-  puppet-5-5-8:
+  puppet-5-5-22:
     env:
-      PUPPET_VERSIONS: "5.5.8"
-      PUPPET_VERSION: "5.5.8"
+      PUPPET_VERSIONS: "5.5.22"
+      PUPPET_VERSION: "5.5.22"
       RUBOCOP_TEST: false
       RSPEC_TEST: true
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
-        ruby-version: ["2.4", "2.5", "2.6"]
+        ruby-version: ["2.6"]
     steps:
       - name: Checkout code
         uses: actions/checkout@v1
       - name: Build container
-        run: docker build . --file Dockerfile --tag octocatalog-diff:ruby${{matrix.ruby-version}} --build-arg RUBY_VERSION=${{matrix.ruby-version}}-stretch
+        run: docker build . --file Dockerfile --tag octocatalog-diff:ruby${{matrix.ruby-version}} --build-arg RUBY_VERSION=${{matrix.ruby-version}} --build-arg PUPPET_VERSION=${{env.PUPPET_VERSION}}
       - name: Tests
         run: docker run -e PUPPET_VERSION -e PUPPET_VERSIONS -e RSPEC_TEST -e RUBOCOP_TEST -e ENFORCE_COVERAGE octocatalog-diff:ruby${{matrix.ruby-version}} /app/script/cibuild
 
@@ -68,20 +49,14 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        ruby-version: ["2.5", "2.6"]
+        ruby-version: ["2.6"]
     steps:
       - name: Checkout code
         uses: actions/checkout@v1
       - name: Build container
-        run: docker build . --file Dockerfile --tag octocatalog-diff:ruby${{matrix.ruby-version}} --build-arg RUBY_VERSION=${{matrix.ruby-version}}-stretch
+        run: docker build . --file Dockerfile --tag octocatalog-diff:ruby${{matrix.ruby-version}} --build-arg RUBY_VERSION=${{matrix.ruby-version}} --build-arg PUPPET_VERSION=${{env.PUPPET_VERSION}}
       - name: Tests
         run: docker run -e PUPPET_VERSION -e PUPPET_VERSIONS -e RSPEC_TEST -e RUBOCOP_TEST -e ENFORCE_COVERAGE octocatalog-diff:ruby${{matrix.ruby-version}} /app/script/cibuild
-      - name: Rubocop and Coverage
-        run: docker run -e PUPPET_VERSION -e PUPPET_VERSIONS -e RSPEC_TEST -e RUBOCOP_TEST -e ENFORCE_COVERAGE octocatalog-diff:ruby${{matrix.ruby-version}} /app/script/cibuild
-        if: matrix.ruby-version == '2.6'
-        env:
-          RUBOCOP_TEST: true
-          ENFORCE_COVERAGE: true
 
   puppet-7-3-0:
     env:
@@ -93,13 +68,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        # 2.7 and 3.0 fail at the moment
-        # ruby-version: ["2.5", "2.6", "2.7", "3.0"]
-        ruby-version: ["2.5", "2.6"]
+        ruby-version: ["2.6"]
     steps:
       - name: Checkout code
         uses: actions/checkout@v1
       - name: Build container
-        run: docker build . --file Dockerfile --tag octocatalog-diff:ruby${{matrix.ruby-version}} --build-arg RUBY_VERSION=${{matrix.ruby-version}}-buster
+        run: docker build . --file Dockerfile --tag octocatalog-diff:ruby${{matrix.ruby-version}} --build-arg RUBY_VERSION=${{matrix.ruby-version}} --build-arg PUPPET_VERSION=${{env.PUPPET_VERSION}}
       - name: Tests
         run: docker run -e PUPPET_VERSION -e PUPPET_VERSIONS -e RSPEC_TEST -e RUBOCOP_TEST -e ENFORCE_COVERAGE octocatalog-diff:ruby${{matrix.ruby-version}} /app/script/cibuild

.github/workflows/release.yml

@@ -0,0 +1,42 @@
+name: Release
+on:
+  push:
+    tags:
+      - '*.*.*'
+  workflow_dispatch:
+
+jobs:
+  build:
+    name: Build and Release
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '2.6'
+      - run: bundle install
+
+      - name: Publish to GPR
+        env:
+          GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}"
+        run: |
+          mkdir -p $HOME/.gem
+          touch $HOME/.gem/credentials
+          chmod 0600 $HOME/.gem/credentials
+          printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+          gem build *.gemspec
+          if [ ${{ github.ref_type }} == "tag" ]; then
+            gem push --verbose \
+              --key github \
+              --host https://rubygems.pkg.github.com/${{ github.repository_owner }} \
+              *.gem
+          fi
+      - name: Upload gem as action artifact
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+        if: ${{ always() }}
+        with:
+          path: ./*.gem

.rubocop.yml

@@ -57,6 +57,8 @@ Style/Documentation:
   Enabled: false
 
 # To fix later
+Style/FormatStringToken:
+  Enabled: false
 Style/PercentLiteralDelimiters:
   Enabled: false
 Style/VariableNumber:
@@ -73,7 +75,13 @@ Style/EmptyMethod:
   Enabled: false
 Style/SymbolArray:
   Enabled: false
-Style/IndentHeredoc:
+Style/YodaCondition:
+  Enabled: false
+Layout/HeredocIndentation:
+  Enabled: false
+Layout/ExtraSpacing:
+  Enabled: false
+Performance/Caller:
   Enabled: false
-Style/ExtraSpacing:
+Style/WordArray:
   Enabled: false

.travis.yml

@@ -8,6 +8,8 @@ RUN sed -i'' -e 's/CipherString = DEFAULT@SECLEVEL=2/CipherString = DEFAULT@SECL
 RUN sed -i'' -e 's/MinProtocol = TLSv1.2/MinProtocol = TLSv1/g' /etc/ssl/openssl.cnf
 
 FROM scratch AS app
+ARG PUPPET_VERSION
+ENV PUPPET_VERSION="${PUPPET_VERSION}"
 COPY --from=ruby / /
 WORKDIR /app
 ENV LANG="C.UTF-8"

Dockerfile

@@ -1,12 +1,4 @@
 [
-  {
-    "minimum_version": "3.0.0",
-    "maximum_version": "3.99.99",
-    "additional_gems": [
-      { "name": "safe_yaml", "version": "~> 1.0.4" },
-      { "name": "puppetdb-terminus", "version": "3.2.4" }
-    ]
-  },
   {
     "minimum_version": "4.0.0",
     "maximum_version": "4.99.99",

config/puppet-versions.json

@@ -32,6 +32,7 @@ The following settings can be used in a [configuration file](/doc/configuration.
 | --- | --- |
 | `settings[:puppetdb_url]` | PuppetDB URL settings. If this is a string, it will set a single PuppetDB URL. If it is an array, it will set multiple URLs, which will be tried in a random order until one responds. |
 | `settings[:puppetdb_ssl_ca]` | Path to the certificate of the CA that signed PuppetDB's certificate. This file should contain only the public certificate, so it is safe to distribute to developer workstations or CI environments. |
+| `settings[:puppetdb_ssl_crl]` | Path to the Certificate Revocation List provided by Puppetserver.
 | `settings[:puppetdb_ssl_client_cert]` | TEXT of the certificate of the client SSL keypair used to authenticate to PuppetDB. Note: This variable is not set to a file path, which means you will likely want to use `File.read(...)` if you are configuring this to be read from a file. |
 | `settings[:puppetdb_ssl_client_key]` | TEXT of the private key of the client SSL keypair used to authenticate to PuppetDB. Note: This variable is not set to a file path, which means you will likely want to use means you will likely want to use `File.read(...)` if you are configuring this to be read from a file. |
 | `settings[:puppetdb_ssl_client_pem]` | Concatenation of the text of `puppetdb_ssl_client_key` and `puppetdb_ssl_client_cert` as previously described. This is a good alternative if your certificate chain is complex and it's easier just to put everything in a single place. Note: this option is second in precedence; if `settings[:puppetdb_ssl_client_cert]` and `settings[:puppetdb_ssl_client_key]` are both set, this will be ignored. |
@@ -46,6 +47,7 @@ The following arguments can be used on the command line.
 | --- | --- |
 | --puppetdb-url https://puppetdb.example.net:8081 | PuppetDB URL. The argument should match the `server_urls` configuration setting as described previously. Please note that only one URL is supported via the command line method, so if you have multiple `server_urls` URLs specified, you can only choose one. To use multiple URLs for failover purposes, please configure via configuration files. |
 | --puppetdb-ssl-ca FILENAME | Path to the certificate of the CA that signed PuppetDB's certificate. This file should contain only the public certificate, so it is safe to distribute to developer workstations or CI environments. |
+| --puppetdb-ssl-crl FILENAME | Path to the Certificate Revocation List of the CA that signed PuppetDB's certificate. |
 | --puppetdb-ssl-client-cert FILENAME | Path to the certificate of the client SSL keypair. |
 | --puppetdb-ssl-client-key FILENAME | Path to the private key of the client SSL keypair. |
 | --puppetdb-ssl-client-password PASSWORD_STRING | Plain text string containing the password to unlock the private key. For keys generated by the Puppet Master CA, this is not required. |

doc/configuration-puppetdb.md

@@ -106,6 +106,7 @@ Usage: octocatalog-diff [command line options]
         --puppetdb-token-file PATH   Path containing token for PuppetDB API, relative or absolute
         --puppetdb-url URL           PuppetDB base URL
         --puppetdb-ssl-ca FILENAME   CA certificate that signed the PuppetDB certificate
+        --puppetdb-ssl-crl FILENAME  Certificate Revocation List of the CA that signed PuppetDB's certificate.
         --puppetdb-ssl-client-cert FILENAME
                                      SSL client certificate to connect to PuppetDB
         --puppetdb-ssl-client-key FILENAME
@@ -1440,6 +1441,19 @@ matches the name you are using to connecting. (<a href="../lib/octocatalog-diff/
     </td>
   </tr>
 
+  <tr>
+    <td valign=top>
+      <pre><code>--puppetdb-ssl-crl FILENAME</code></pre>
+    </td>
+    <td valign=top>
+      Certificate Revocation List that is supplied by Puppetserver
+    </td>
+    <td valign=top>
+      Specify the Certificate Revocation List file.
+      (<a href="../lib/octocatalog-diff/cli/options/puppetdb_ssl_crl.rb">puppetdb_ssl_crl.rb</a>)
+    </td>
+  </tr>
+
   <tr>
     <td valign=top>
       <pre><code>--puppetdb-ssl-client-cert FILENAME</code></pre>

doc/optionsref.md

@@ -92,10 +92,19 @@ def self.config
       #   If you don't specify this, SSL will still work, but the tool won't verify the certificate
       #   of the puppetdb server it's connecting to.
       #   More: https://github.com/github/octocatalog-diff/blob/master/doc/configuration-puppetdb.md
+      #
       ##############################################################################################
 
       # settings[:puppetdb_ssl_ca] = '/etc/puppetlabs/puppet/ssl/certs/ca.pem'
 
+      ##############################################################################################
+      # puppetdb_ssl_crl
+      #   Certificate Revocation List provided by Puppetserver. You can specify an absolute path starting with `/`, or a relative path.
+      #
+      ##############################################################################################
+
+      # settings[:puppetdb_ssl_crl] = '/etc/puppetlabs/puppet/ssl/crl.pem'
+
       ##############################################################################################
       # puppetdb_ssl_client_key
       # puppetdb_ssl_client_password