r10k 3.10.0 → 3.11.0

data/lib/r10k/git.rb

@@ -135,6 +135,9 @@ module R10K
 
     def_setting_attr :private_key
     def_setting_attr :oauth_token
+    def_setting_attr :github_app_id
+    def_setting_attr :github_app_key
+    def_setting_attr :github_app_ttl
     def_setting_attr :proxy
     def_setting_attr :username
     def_setting_attr :repositories, {}

data/lib/r10k/git/rugged/credentials.rb

@@ -1,6 +1,10 @@
 require 'r10k/git/rugged'
 require 'r10k/git/errors'
 require 'r10k/logging'
+require 'json'
+require 'jwt'
+require 'net/http'
+require 'openssl'
 
 # Generate credentials for secured remote connections.
 #
@@ -62,15 +66,29 @@ class R10K::Git::Rugged::Credentials
 
   def get_plaintext_credentials(url, username_from_url)
     per_repo_oauth_token = nil
+    per_repo_github_app_id = nil
+    per_repo_github_app_key = nil
+    per_repo_github_app_ttl = nil
+
     if per_repo_settings = R10K::Git.get_repo_settings(url)
       per_repo_oauth_token = per_repo_settings[:oauth_token]
+      per_repo_github_app_id = per_repo_settings[:github_app_id]
+      per_repo_github_app_key = per_repo_settings[:github_app_key]
+      per_repo_github_app_ttl = per_repo_settings[:github_app_ttl]
     end
 
+    app_id = per_repo_github_app_id || R10K::Git.settings[:github_app_id]
+    app_key = per_repo_github_app_key || R10K::Git.settings[:github_app_key]
+    app_ttl = per_repo_github_app_ttl || R10K::Git.settings[:github_app_ttl]
+
     if token_path = per_repo_oauth_token || R10K::Git.settings[:oauth_token]
       @oauth_token ||= extract_token(token_path, url)
 
       user = 'x-oauth-token'
       password = @oauth_token
+    elsif app_id && app_key && app_ttl
+      user = 'x-access-token'
+      password = github_app_token(app_id, app_key, app_ttl)
     else
       user = get_git_username(url, username_from_url)
       password = URI.parse(url).password || ''
@@ -125,4 +143,63 @@ class R10K::Git::Rugged::Credentials
 
     user
   end
+
+  def github_app_token(app_id, private_key, ttl)
+    raise R10K::Git::GitError, _('Github App id contains invalid characters.') unless app_id =~ /^\d+$/
+    raise R10K::Git::GitError, _('Github App token ttl contains invalid characters.') unless ttl =~ /^\d+$/
+    raise R10K::Git::GitError, _('Github App key is missing or unreadable') unless File.readable?(private_key)
+
+    begin
+      ssl_key = OpenSSL::PKey::RSA.new(File.read(private_key).strip)
+      unless ssl_key.private?
+        raise R10K::Git::GitError, _('Github App key is not a valid SSL private key')
+      end
+    rescue OpenSSL::PKey::RSAError
+      raise R10K::Git::GitError, _('Github App key is not a valid SSL key')
+    end
+
+    logger.debug2 _("Using Github App id %{app_id} with SSL key from %{key_path}") % { key_path: private_key, app_id: app_id }
+
+    jwt_issue_time = Time.now.to_i - 60
+    jwt_exp_time = (jwt_issue_time + 60) + ttl.to_i
+    payload = { iat: jwt_issue_time, exp: jwt_exp_time, iss: app_id }
+    jwt = JWT.encode(payload, ssl_key, "RS256")
+
+    get = URI.parse("https://api.github.com/app/installations")
+    get_request = Net::HTTP::Get.new(get)
+    get_request["Authorization"] = "Bearer #{jwt}"
+    get_request["Accept"] = "application/vnd.github.v3+json"
+    get_req_options = { use_ssl: get.scheme == "https", }
+    get_response = Net::HTTP.start(get.hostname, get.port, get_req_options) do |http|
+      http.request(get_request)
+    end
+
+    unless (get_response.class < Net::HTTPSuccess)
+      logger.debug2 _("Unexpected response code: #{get_response.code}\nResponse body: #{get_response.body}")
+      raise R10K::Git::GitError, _("Error using private key to get Github App access token from url")
+    end
+
+    access_tokens_url = JSON.parse(get_response.body)[0]['access_tokens_url']
+
+    post = URI.parse(access_tokens_url)
+    post_request = Net::HTTP::Post.new(post)
+    post_request["Authorization"] = "Bearer #{jwt}"
+    post_request["Accept"] = "application/vnd.github.v3+json"
+    post_req_options = { use_ssl: post.scheme == "https", }
+    post_response = Net::HTTP.start(post.hostname, post.port, post_req_options) do |http|
+      http.request(post_request)
+    end
+
+    unless (post_response.class < Net::HTTPSuccess)
+      logger.debug2 _("Unexpected response code: #{post_response.code}\nResponse body: #{post_response.body}")
+      raise R10K::Git::GitError, _("Error using private key to generate access token from #{access_token_url}")
+    end
+
+    token = JSON.parse(post_response.body)['token']
+
+    raise R10K::Git::GitError, _("Github App token contains invalid characters.") unless valid_token?(token)
+
+    logger.debug2 _("Github App token generated, expires at: %{expire}") % {expire: JSON.parse(post_response.body)['expires_at']}
+    token
+  end
 end

data/lib/r10k/git/stateful_repository.rb

@@ -93,6 +93,7 @@ class R10K::Git::StatefulRepository
   # @api private
   def sync_cache?(ref)
     return true if !@cache.exist?
+    return true if ref == 'HEAD'
     return true if !([:commit, :tag].include? @cache.ref_type(ref))
     return false
   end

data/lib/r10k/initializers.rb

@@ -56,6 +56,9 @@ module R10K
         with_setting(:proxy) { |value| R10K::Git.settings[:proxy] = value }
         with_setting(:repositories) { |value| R10K::Git.settings[:repositories] = value }
         with_setting(:oauth_token) { |value| R10K::Git.settings[:oauth_token] = value }
+        with_setting(:github_app_id) { |value| R10K::Git.settings[:github_app_id] = value }
+        with_setting(:github_app_key) { |value| R10K::Git.settings[:github_app_key] = value }
+        with_setting(:github_app_ttl) { |value| R10K::Git.settings[:github_app_ttl] = value }
       end
     end
 

data/lib/r10k/module/base.rb

@@ -35,6 +35,10 @@ class R10K::Module::Base
   #   @return [String] Where the module was sourced from. E.g., "Puppetfile"
   attr_accessor :origin
 
+  # @!attribute [rw] spec_deletable
+  #   @return [Boolean] set this to true if the spec dir can be safely removed, ie in the moduledir
+  attr_accessor :spec_deletable
+
   # There's been some churn over `author` vs `owner` and `full_name` over
   # `title`, so in the short run it's easier to support both and deprecate one
   # later.
@@ -52,6 +56,9 @@ class R10K::Module::Base
     @path = Pathname.new(File.join(@dirname, @name))
     @environment = environment
     @overrides = args.delete(:overrides) || {}
+    @spec_deletable = true
+    @exclude_spec = args.delete(:exclude_spec)
+    @exclude_spec = @overrides[:modules].delete(:exclude_spec) if @overrides.dig(:modules, :exclude_spec)
     @origin = 'external' # Expect Puppetfile or R10k::Environment to set this to a specific value
 
     @requested_modules = @overrides.dig(:modules, :requested_modules) || []
@@ -64,6 +71,36 @@ class R10K::Module::Base
     path.to_s
   end
 
+  # Delete the spec dir if @exclude_spec has been set to true and @spec_deletable is also true
+  def maybe_delete_spec_dir
+    if @exclude_spec
+      if @spec_deletable
+        delete_spec_dir
+      else
+        logger.info _("Spec dir for #{@title} will not be deleted because it is not in the moduledir")
+      end
+    end
+  end
+
+  # Actually remove the spec dir
+  def delete_spec_dir
+    spec_path = @path + 'spec'
+    if spec_path.symlink?
+      spec_path = spec_path.realpath
+    end
+    if spec_path.directory?
+      logger.debug2 _("Deleting spec data at #{spec_path}")
+      # Use the secure flag for the #rm_rf method to avoid security issues
+      # involving TOCTTOU(time of check to time of use); more details here:
+      # https://ruby-doc.org/stdlib-2.7.0/libdoc/fileutils/rdoc/FileUtils.html#method-c-rm_rf
+      # Additionally, #rm_rf also has problems in windows with with symlink targets
+      # also being deleted; this should be revisted if Windows becomes higher priority.
+      FileUtils.rm_rf(spec_path, secure: true)
+    else
+      logger.debug2 _("No spec dir detected at #{spec_path}, skipping deletion")
+    end
+  end
+
   # Synchronize this module with the indicated state.
   # @param [Hash] opts Deprecated
   def sync(opts={})

data/lib/r10k/module/forge.rb

@@ -68,6 +68,7 @@ class R10K::Module::Forge < R10K::Module::Base
       when :mismatched
         reinstall
       end
+      maybe_delete_spec_dir
     end
   end
 

data/lib/r10k/module/git.rb

@@ -86,6 +86,7 @@ class R10K::Module::Git < R10K::Module::Base
   def sync(opts={})
     force = opts[:force] || @force
     @repo.sync(version, force) if should_sync?
+    maybe_delete_spec_dir
   end
 
   def status

data/lib/r10k/module/svn.rb

@@ -80,6 +80,7 @@ class R10K::Module::SVN < R10K::Module::Base
       when :outdated
         update
       end
+      maybe_delete_spec_dir
     end
   end
 

data/lib/r10k/module_loader/puppetfile.rb

@@ -1,13 +1,17 @@
+require 'r10k/logging'
+
 module R10K
   module ModuleLoader
     class Puppetfile
 
+      include R10K::Logging
+
       DEFAULT_MODULEDIR = 'modules'
       DEFAULT_PUPPETFILE_NAME = 'Puppetfile'
       DEFAULT_FORGE_API = 'forgeapi.puppetlabs.com'
 
       attr_accessor :default_branch_override, :environment
-      attr_reader :modules, :moduledir,
+      attr_reader :modules, :moduledir, :puppetfile_path,
         :managed_directories, :desired_contents, :purge_exclusions
 
       # @param basedir [String] The path that contains the moduledir &
@@ -30,7 +34,7 @@ module R10K
 
         @basedir     = cleanpath(basedir)
         @moduledir   = resolve_path(@basedir, moduledir)
-        @puppetfile  = resolve_path(@basedir, puppetfile)
+        @puppetfile_path  = resolve_path(@basedir, puppetfile)
         @forge       = forge
         @overrides   = overrides
         @environment = environment
@@ -41,11 +45,14 @@ module R10K
         @managed_directories = []
         @desired_contents = []
         @purge_exclusions = []
+
+        logger.info _("Using Puppetfile '%{puppetfile}'") % {puppetfile: @puppetfile_path}
+        logger.debug _("Using moduledir '%{moduledir}'") % {moduledir: @moduledir}
       end
 
       def load
         dsl = R10K::ModuleLoader::Puppetfile::DSL.new(self)
-        dsl.instance_eval(puppetfile_content(@puppetfile), @puppetfile)
+        dsl.instance_eval(puppetfile_content(@puppetfile_path), @puppetfile_path)
 
         validate_no_duplicate_names(@modules)
         @modules
@@ -64,7 +71,7 @@ module R10K
         }
 
       rescue SyntaxError, LoadError, ArgumentError, NameError => e
-        raise R10K::Error.wrap(e, _("Failed to evaluate %{path}") % {path: @puppetfile})
+        raise R10K::Error.wrap(e, _("Failed to evaluate %{path}") % {path: @puppetfile_path})
       end
 
 
@@ -103,11 +110,14 @@ module R10K
 
         module_info[:overrides] = @overrides
 
+        spec_deletable = false
+
         if install_path = module_info.delete(:install_path)
           install_path = resolve_path(@basedir, install_path)
           validate_install_path(install_path, name)
         else
           install_path = @moduledir
+          spec_deletable = true
         end
 
         if @default_branch_override
@@ -116,6 +126,7 @@ module R10K
 
         mod = R10K::Module.new(name, install_path, module_info, @environment)
         mod.origin = :puppetfile
+        mod.spec_deletable = spec_deletable
 
         # Do not save modules if they would conflict with the attached
         # environment

data/lib/r10k/puppetfile.rb

@@ -30,10 +30,6 @@ class Puppetfile
   #   @return [String] The base directory that contains the Puppetfile
   attr_reader :basedir
 
-  # @!attrbute [r] puppetfile_path
-  #   @return [String] The path to the Puppetfile
-  attr_reader :puppetfile_path
-
   # @!attribute [r] environment
   #   @return [R10K::Environment] Optional R10K::Environment that this Puppetfile belongs to.
   attr_reader :environment
@@ -68,21 +64,20 @@ class Puppetfile
 
     @force           = deprecated_force_arg     || options.delete(:force)           || false
     @moduledir       = deprecated_moduledir_arg || options.delete(:moduledir)       || File.join(basedir, 'modules')
-    @puppetfile_name = deprecated_name_arg      || options.delete(:puppetfile_name) || 'Puppetfile'
-    @puppetfile_path = deprecated_path_arg      || options.delete(:puppetfile_path) || File.join(basedir, @puppetfile_name)
+    puppetfile_name = deprecated_name_arg      || options.delete(:puppetfile_name) || 'Puppetfile'
+    puppetfile_path = deprecated_path_arg      || options.delete(:puppetfile_path)
+    @puppetfile = puppetfile_path || puppetfile_name
     @environment     = options.delete(:environment)
 
     @overrides       = options.delete(:overrides) || {}
     @default_branch_override = @overrides.dig(:environments, :default_branch_override)
 
-    logger.info _("Using Puppetfile '%{puppetfile}'") % {puppetfile: @puppetfile_path}
-
     @forge   = 'forgeapi.puppetlabs.com'
 
     @loader = ::R10K::ModuleLoader::Puppetfile.new(
       basedir: @basedir,
       moduledir: @moduledir,
-      puppetfile: @puppetfile_path,
+      puppetfile: @puppetfile,
       forge: @forge,
       overrides: @overrides,
       environment: @environment
@@ -106,8 +101,8 @@ class Puppetfile
     if self.loaded?
       return @loaded_content
     else
-      if !File.readable?(@puppetfile_path)
-        logger.debug _("Puppetfile %{path} missing or unreadable") % {path: @puppetfile_path.inspect}
+      if !File.readable?(puppetfile_path)
+        logger.debug _("Puppetfile %{path} missing or unreadable") % {path: puppetfile_path.inspect}
       else
         self.load!(default_branch_override)
       end
@@ -156,6 +151,10 @@ class Puppetfile
     @loader.moduledir
   end
 
+  def puppetfile_path
+    @loader.puppetfile_path
+  end
+
   def environment=(env)
     @loader.environment = env
     @environment = env

data/lib/r10k/settings.rb

@@ -42,6 +42,22 @@ module R10K
                     Only used by the 'rugged' Git provider."
         }),
 
+        Definition.new(:github_app_id, {
+          :desc => "The Github App id for Git SSL remotes.
+                    Only used by the 'rugged' Git provider."
+        }),
+
+        Definition.new(:github_app_key, {
+          :desc => "The Github App private key for Git SSL remotes.
+                    Only used by the 'rugged' Git provider."
+        }),
+
+        Definition.new(:github_app_ttl, {
+          :desc => "The ttl expiration for SSL tokens.
+                    Only used by the 'rugged' Git provider.",
+          :default => "120",
+        }),
+
         URIDefinition.new(:proxy, {
           :desc => "An optional proxy server to use when interacting with Git sources via HTTP(S).",
           :default => :inherit,
@@ -65,6 +81,24 @@ module R10K
               :default => :inherit
             }),
 
+            Definition.new(:github_app_id, {
+              :desc => "The Github App id for Git SSL remotes.
+                        Only used by the 'rugged' Git provider.",
+              :default => :inherit
+            }),
+
+            Definition.new(:github_app_key, {
+              :desc => "The Github App private key for Git SSL remotes.
+                        Only used by the 'rugged' Git provider.",
+              :default => :inherit
+            }),
+
+            Definition.new(:github_app_ttl, {
+              :desc => "The ttl expiration for Git SSL tokens.
+                        Only used by the 'rugged' Git provider.",
+              :default => :inherit
+            }),
+
             URIDefinition.new(:proxy, {
               :desc => "An optional proxy server to use when interacting with Git sources via HTTP(S).",
               :default => :inherit,
@@ -161,7 +195,15 @@ module R10K
             end
           end
         }),
-      ])
+        Definition.new(:exclude_spec, {
+          :desc => "Whether or not to deploy the spec dir of a module. Defaults to false.",
+          :default => false,
+          :validate => lambda do |value|
+            unless !!value == value
+              raise ArgumentError, "`exclude_spec` can only be a boolean value, not '#{value}'"
+            end
+          end
+        })])
     end
 
     def self.global_settings
@@ -180,7 +222,7 @@ module R10K
         }),
 
         Definition.new(:postrun, {
-          :desc => "The command r10k should run after deploying environments.",
+          :desc => "The command r10k should run after deploying environments or modules.",
           :validate => lambda do |value|
             if !value.is_a?(Array)
               raise ArgumentError, "The postrun setting should be an array of strings, not a #{value.class}"

data/lib/r10k/settings/definition.rb

@@ -90,7 +90,7 @@ module R10K
       def resolve
         if !@value.nil?
           @value
-        elsif @default
+        elsif !@default.nil?
           if @default == :inherit
             # walk all the way up to root, starting with grandparent
             ancestor = parent

data/lib/r10k/version.rb

@@ -2,5 +2,5 @@ module R10K
   # When updating to a new major (X) or minor (Y) version, include `#major` or
   # `#minor` (respectively) in your commit message to trigger the appropriate
   # release. Otherwise, a new patch (Z) version will be released.
-  VERSION = '3.10.0'
+  VERSION = '3.11.0'
 end

data/locales/r10k.pot

@@ -6,11 +6,11 @@
 #, fuzzy
 msgid ""
 msgstr ""
-"Project-Id-Version: r10k 3.9.3-10-gfedc81a\n"
+"Project-Id-Version: r10k 3.9.3-75-ge9bdb69\n"
 "\n"
 "Report-Msgid-Bugs-To: docs@puppetlabs.com\n"
-"POT-Creation-Date: 2021-07-07 21:13+0000\n"
-"PO-Revision-Date: 2021-07-07 21:13+0000\n"
+"POT-Creation-Date: 2021-08-13 23:48+0000\n"
+"PO-Revision-Date: 2021-08-13 23:48+0000\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
 "Language: \n"
@@ -31,31 +31,31 @@ msgstr ""
 msgid "Reason: %{write_lock}"
 msgstr ""
 
-#: ../lib/r10k/action/deploy/environment.rb:112
+#: ../lib/r10k/action/deploy/environment.rb:113
 msgid "Environment(s) \\'%{environments}\\' cannot be found in any source and will not be deployed."
 msgstr ""
 
-#: ../lib/r10k/action/deploy/environment.rb:145
+#: ../lib/r10k/action/deploy/environment.rb:146
 msgid "Environment %{env_dir} does not match environment name filter, skipping"
 msgstr ""
 
-#: ../lib/r10k/action/deploy/environment.rb:153
+#: ../lib/r10k/action/deploy/environment.rb:154
 msgid "Deploying environment %{env_path}"
 msgstr ""
 
-#: ../lib/r10k/action/deploy/environment.rb:156
+#: ../lib/r10k/action/deploy/environment.rb:157
 msgid "Environment %{env_dir} is now at %{env_signature}"
 msgstr ""
 
-#: ../lib/r10k/action/deploy/environment.rb:160
+#: ../lib/r10k/action/deploy/environment.rb:161
 msgid "Environment %{env_dir} is new, updating all modules"
 msgstr ""
 
-#: ../lib/r10k/action/deploy/module.rb:81
+#: ../lib/r10k/action/deploy/module.rb:98
 msgid "Only updating modules in environment(s) %{opt_env} skipping environment %{env_path}"
 msgstr ""
 
-#: ../lib/r10k/action/deploy/module.rb:83
+#: ../lib/r10k/action/deploy/module.rb:100
 msgid "Updating modules %{modules} in environment %{env_path}"
 msgstr ""
 
@@ -63,15 +63,15 @@ msgstr ""
 msgid "Syntax OK"
 msgstr ""
 
-#: ../lib/r10k/action/runner.rb:54 ../lib/r10k/deployment/config.rb:42
+#: ../lib/r10k/action/runner.rb:57 ../lib/r10k/deployment/config.rb:42
 msgid "Overriding config file setting '%{key}': '%{old_val}' -> '%{new_val}'"
 msgstr ""
 
-#: ../lib/r10k/action/runner.rb:91
+#: ../lib/r10k/action/runner.rb:99
 msgid "Reading configuration from %{config_path}"
 msgstr ""
 
-#: ../lib/r10k/action/runner.rb:94
+#: ../lib/r10k/action/runner.rb:102
 msgid "No config file explicitly given and no default config file could be found, default settings will be used."
 msgstr ""
 
@@ -207,54 +207,106 @@ msgstr ""
 msgid "Rugged versions prior to 0.24.0 do not support pruning stale branches during fetch, please upgrade your \\'rugged\\' gem. (Current version is: %{version})"
 msgstr ""
 
-#: ../lib/r10k/git/rugged/credentials.rb:24
+#: ../lib/r10k/git/rugged/credentials.rb:28
 msgid "Authentication failed for Git remote %{url}."
 msgstr ""
 
-#: ../lib/r10k/git/rugged/credentials.rb:48
+#: ../lib/r10k/git/rugged/credentials.rb:52
 msgid "Using per-repository private key %{key} for URL %{url}"
 msgstr ""
 
-#: ../lib/r10k/git/rugged/credentials.rb:51
+#: ../lib/r10k/git/rugged/credentials.rb:55
 msgid "URL %{url} has no per-repository private key using '%{key}'."
 msgstr ""
 
-#: ../lib/r10k/git/rugged/credentials.rb:53
+#: ../lib/r10k/git/rugged/credentials.rb:57
 msgid "Git remote %{url} uses the SSH protocol but no private key was given"
 msgstr ""
 
-#: ../lib/r10k/git/rugged/credentials.rb:57
+#: ../lib/r10k/git/rugged/credentials.rb:61
 msgid "Unable to use SSH key auth for %{url}: private key %{private_key} is missing or unreadable"
 msgstr ""
 
-#: ../lib/r10k/git/rugged/credentials.rb:84
+#: ../lib/r10k/git/rugged/credentials.rb:102
 msgid "Using OAuth token from stdin for URL %{url}"
 msgstr ""
 
-#: ../lib/r10k/git/rugged/credentials.rb:87
+#: ../lib/r10k/git/rugged/credentials.rb:105
 msgid "Using OAuth token from %{token_path} for URL %{url}"
 msgstr ""
 
-#: ../lib/r10k/git/rugged/credentials.rb:89
+#: ../lib/r10k/git/rugged/credentials.rb:107
 msgid "%{path} is missing or unreadable, cannot load OAuth token"
 msgstr ""
 
-#: ../lib/r10k/git/rugged/credentials.rb:93
+#: ../lib/r10k/git/rugged/credentials.rb:111
 msgid "Supplied OAuth token contains invalid characters."
 msgstr ""
 
-#: ../lib/r10k/git/rugged/credentials.rb:117
+#: ../lib/r10k/git/rugged/credentials.rb:135
 msgid "URL %{url} includes the username %{username}, using that user for authentication."
 msgstr ""
 
-#: ../lib/r10k/git/rugged/credentials.rb:120
+#: ../lib/r10k/git/rugged/credentials.rb:138
 msgid "URL %{url} did not specify a user, using %{user} from configuration"
 msgstr ""
 
-#: ../lib/r10k/git/rugged/credentials.rb:123
+#: ../lib/r10k/git/rugged/credentials.rb:141
 msgid "URL %{url} did not specify a user, using current user %{user}"
 msgstr ""
 
+#: ../lib/r10k/git/rugged/credentials.rb:148
+msgid "Github App id contains invalid characters."
+msgstr ""
+
+#: ../lib/r10k/git/rugged/credentials.rb:149
+msgid "Github App token ttl contains invalid characters."
+msgstr ""
+
+#: ../lib/r10k/git/rugged/credentials.rb:150
+msgid "Github App key is missing or unreadable"
+msgstr ""
+
+#: ../lib/r10k/git/rugged/credentials.rb:155
+msgid "Github App key is not a valid SSL private key"
+msgstr ""
+
+#: ../lib/r10k/git/rugged/credentials.rb:158
+msgid "Github App key is not a valid SSL key"
+msgstr ""
+
+#: ../lib/r10k/git/rugged/credentials.rb:161
+msgid "Using Github App id %{app_id} with SSL key from %{key_path}"
+msgstr ""
+
+#: ../lib/r10k/git/rugged/credentials.rb:178
+msgid ""
+"Unexpected response code: #{get_response.code}\n"
+"Response body: #{get_response.body}"
+msgstr ""
+
+#: ../lib/r10k/git/rugged/credentials.rb:179
+msgid "Error using private key to get Github App access token from url"
+msgstr ""
+
+#: ../lib/r10k/git/rugged/credentials.rb:194
+msgid ""
+"Unexpected response code: #{post_response.code}\n"
+"Response body: #{post_response.body}"
+msgstr ""
+
+#: ../lib/r10k/git/rugged/credentials.rb:195
+msgid "Error using private key to generate access token from #{access_token_url}"
+msgstr ""
+
+#: ../lib/r10k/git/rugged/credentials.rb:200
+msgid "Github App token contains invalid characters."
+msgstr ""
+
+#: ../lib/r10k/git/rugged/credentials.rb:202
+msgid "Github App token generated, expires at: %{expire}"
+msgstr ""
+
 #: ../lib/r10k/git/rugged/thin_repository.rb:85 ../lib/r10k/git/shellgit/thin_repository.rb:65
 msgid "Updated repo %{path} to include alternate object db path %{objects_dir}"
 msgstr ""
@@ -319,27 +371,39 @@ msgstr ""
 msgid "Module %{name} with args %{args} doesn't have an implementation. (Are you using the right arguments?)"
 msgstr ""
 
-#: ../lib/r10k/module/base.rb:75
+#: ../lib/r10k/module/base.rb:80
+msgid "Spec dir for #{@title} will not be deleted because it is not in the moduledir"
+msgstr ""
+
+#: ../lib/r10k/module/base.rb:92
+msgid "Deleting spec data at #{spec_path}"
+msgstr ""
+
+#: ../lib/r10k/module/base.rb:100
+msgid "No spec dir detected at #{spec_path}, skipping deletion"
+msgstr ""
+
+#: ../lib/r10k/module/base.rb:112
 msgid "Deploying module to %{path}"
 msgstr ""
 
-#: ../lib/r10k/module/base.rb:78
+#: ../lib/r10k/module/base.rb:115
 msgid "Only updating modules %{modules}, skipping module %{name}"
 msgstr ""
 
-#: ../lib/r10k/module/base.rb:134
+#: ../lib/r10k/module/base.rb:171
 msgid "Module name (%{title}) must match either 'modulename' or 'owner/modulename'"
 msgstr ""
 
-#: ../lib/r10k/module/forge.rb:89
+#: ../lib/r10k/module/forge.rb:90
 msgid "The module %{title} does not appear to have any published releases, cannot determine latest version."
 msgstr ""
 
-#: ../lib/r10k/module/forge.rb:92 ../lib/r10k/module/forge.rb:121
+#: ../lib/r10k/module/forge.rb:93 ../lib/r10k/module/forge.rb:122
 msgid "The module %{title} does not exist on %{url}."
 msgstr ""
 
-#: ../lib/r10k/module/forge.rb:196
+#: ../lib/r10k/module/forge.rb:197
 msgid "Forge module names must match 'owner/modulename', instead got #{title}"
 msgstr ""
 
@@ -355,30 +419,34 @@ msgstr ""
 msgid "Could not read metadata.json"
 msgstr ""
 
-#: ../lib/r10k/puppetfile.rb:73
+#: ../lib/r10k/module_loader/puppetfile.rb:49
 msgid "Using Puppetfile '%{puppetfile}'"
 msgstr ""
 
-#: ../lib/r10k/puppetfile.rb:87
-msgid "Puppetfile %{path} missing or unreadable"
+#: ../lib/r10k/module_loader/puppetfile.rb:50
+msgid "Using moduledir '%{moduledir}'"
 msgstr ""
 
-#: ../lib/r10k/puppetfile.rb:100
+#: ../lib/r10k/module_loader/puppetfile.rb:74
 msgid "Failed to evaluate %{path}"
 msgstr ""
 
-#: ../lib/r10k/puppetfile.rb:114
+#: ../lib/r10k/module_loader/puppetfile.rb:149
 msgid "Puppetfiles cannot contain duplicate module names."
 msgstr ""
 
-#: ../lib/r10k/puppetfile.rb:116
+#: ../lib/r10k/module_loader/puppetfile.rb:151
 msgid "Remove the duplicates of the following modules: %{dupes}"
 msgstr ""
 
-#: ../lib/r10k/puppetfile.rb:285
+#: ../lib/r10k/module_loader/puppetfile/dsl.rb:32
 msgid "unrecognized declaration '%{method}'"
 msgstr ""
 
+#: ../lib/r10k/puppetfile.rb:105
+msgid "Puppetfile %{path} missing or unreadable"
+msgstr ""
+
 #: ../lib/r10k/settings/collection.rb:77
 msgid "Validation failed for '%{name}' settings group"
 msgstr ""