From 12904c3f2596d7d7adee4673e5378c445df99565 Mon Sep 17 00:00:00 2001
From: Gavin Didrichsen <gavin.didrichsen@gmail.com>
Date: Mon, 31 Mar 2025 17:42:13 +0100
Subject: [PATCH 1/3] Remove old puppet 7 constraint.

Puppetcore only works with ruby >= 3.x, so puppet must also be >= 8.  This is inline with other changes being rolled out across the repositories.

Signed-off-by: Gavin Didrichsen <gavin.didrichsen@gmail.com>
---
 metadata.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/metadata.json b/metadata.json
index 469b07b..5824056 100644
--- a/metadata.json
+++ b/metadata.json
@@ -67,7 +67,7 @@
   "requirements": [
     {
       "name": "puppet",
-      "version_requirement": ">= 7.0.0 < 9.0.0"
+      "version_requirement": ">= 8.0.0 < 9.0.0"
     }
   ],
   "pdk-version": "3.0.1",

From 4c9d322c35352b42a503c74696ec98808582700f Mon Sep 17 00:00:00 2001
From: Gavin Didrichsen <gavin.didrichsen@gmail.com>
Date: Mon, 31 Mar 2025 17:43:36 +0100
Subject: [PATCH 2/3] !feature

Add puppetcore switch to Gemfile.

This ensures that when the PUPPET_FORGE_TOKEN is set, then the puppetcore gems are used. If this variable is not set, the bundle install will still work as normal with the public puppet and facter gems. NOTE, however, that the corresponding tests will only pass if the puppetcore gems are present on CI and used.

Signed-off-by: Gavin Didrichsen <gavin.didrichsen@gmail.com>
---
 Gemfile                             | 17 +++++++++----
 spec/integration/puppetcore_spec.rb | 39 +++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 5 deletions(-)
 create mode 100644 spec/integration/puppetcore_spec.rb

diff --git a/Gemfile b/Gemfile
index 2096095..7e6ef28 100644
--- a/Gemfile
+++ b/Gemfile
@@ -52,13 +52,20 @@ facter_version = ENV['FACTER_GEM_VERSION']
 hiera_version = ENV['HIERA_GEM_VERSION']
 
 gems = {}
+puppet_version = ENV.fetch('PUPPET_GEM_VERSION', nil)
+facter_version = ENV.fetch('FACTER_GEM_VERSION', nil)
+hiera_version = ENV.fetch('HIERA_GEM_VERSION', nil)
 
-gems['puppet'] = location_for(puppet_version)
-
-# If facter or hiera versions have been specified via the environment
-# variables
+# If PUPPET_FORGE_TOKEN is set then use authenticated source for both puppet and facter, since facter is a transitive dependency of puppet
+# Otherwise, do as before and use location_for to fetch gems from the default source
+if !ENV['PUPPET_FORGE_TOKEN'].to_s.empty?
+  gems['puppet'] = ['~> 8.11', { require: false, source: 'https://rubygems-puppetcore.puppet.com' }]
+  gems['facter'] = ['~> 4.11', { require: false, source: 'https://rubygems-puppetcore.puppet.com' }]
+else
+  gems['puppet'] = location_for(puppet_version)
+  gems['facter'] = location_for(facter_version) if facter_version
+end
 
-gems['facter'] = location_for(facter_version) if facter_version
 gems['hiera'] = location_for(hiera_version) if hiera_version
 
 gems.each do |gem_name, gem_params|
diff --git a/spec/integration/puppetcore_spec.rb b/spec/integration/puppetcore_spec.rb
new file mode 100644
index 0000000..a6c005a
--- /dev/null
+++ b/spec/integration/puppetcore_spec.rb
@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'bundler'
+
+RSpec.describe 'Gemfile.lock verification' do
+  let(:parser) { Bundler::LockfileParser.new(Bundler.read_file(Bundler.default_lockfile)) }
+  let(:private_source) { 'https://rubygems-puppetcore.puppet.com/' }
+
+  # Helper method to get source remotes for a specific gem
+  def get_gem_source_remotes(gem_name)
+    spec = parser.specs.find { |s| s.name == gem_name }
+    return [] unless spec
+
+    source = spec.source
+    return [] unless source.is_a?(Bundler::Source::Rubygems)
+
+    source.remotes.map(&:to_s)
+  end
+
+  context 'when the environment is configured with a valid PUPPET_FORGE_TOKEN' do
+    it 'returns puppet from puppetcore' do
+      remotes = get_gem_source_remotes('puppet')
+      expect(remotes).to eq([private_source]),
+                         "Expected puppet to come from puppetcore, got: #{remotes.join(', ')}"
+    end
+
+    it 'returns facter from puppetcore' do
+      remotes = get_gem_source_remotes('facter')
+      expect(remotes).to eq([private_source]),
+                         "Expected facter to come from puppetcore, got: #{remotes.join(', ')}"
+    end
+
+    it 'has PUPPET_FORGE_TOKEN set' do
+      expect(ENV.fetch('PUPPET_FORGE_TOKEN', nil)).not_to be_nil,
+                                                          'Expected PUPPET_FORGE_TOKEN to be set'
+    end
+  end
+end

From b637e934ba555cbdcaf5ae10ae98b158d1793f7e Mon Sep 17 00:00:00 2001
From: Gavin Didrichsen <gavin.didrichsen@gmail.com>
Date: Mon, 31 Mar 2025 17:47:30 +0100
Subject: [PATCH 3/3] New re-usable module_ci.yml

One of the cat-github-actions re-usable workflows has been updated to switch on the puppetcore.  For reference see <https://github.com/puppetlabs/cat-github-actions/pull/129>.  This means a minor admustment is required on any modules that also need to run against puppetcore.  One, `ruby_version` must be passed in and be >= 3.1; and two, the `PUPPET_FORGE_TOKEN` must be a secret on the repository.

Signed-off-by: Gavin Didrichsen <gavin.didrichsen@gmail.com>
---
 .github/workflows/ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fa9ff3f..071004a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,4 +12,5 @@ jobs:
     with:
       # This line enables shellcheck to be run on this repository
       run_shellcheck: true
+      ruby_version: '3.1'
     secrets: "inherit"